5cede14353a95fe58b868f87d9e16ee64f5fcbabb3119ffdf75cd6001f9352b0

General

Target

a774c64d80ae504daafad64cb819bb03_JaffaCakes118.apk
Size

15.1MB
MD5

a774c64d80ae504daafad64cb819bb03
SHA1

f5962b70031cec10408d6eb6dd2bc708495c9a94
SHA256

5cede14353a95fe58b868f87d9e16ee64f5fcbabb3119ffdf75cd6001f9352b0
SHA512

358514fb4d87e318d9b98ea27787c4111128c5fc1e105e2d8ab8571a5ade1b721d488fa26e300dcfc7a5d977268d6ee8846c04d49b589c5e94f0a3d64497ddfe
SSDEEP

393216:K10hV9QX1Tp3hbYQVjNBQwyAYdKeC0FIndLjEKvXtbTtb8tb6tbq:KlX1T4IROw0d1BKlbZb4bSbq

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/oat/x86/abuddhifymindfulnesstogo.dat.odex --compiler-filter=quicken --class-loader-context=&com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

ioc	pid	process
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar	4287	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/oat/x86/abuddhifymindfulnesstogo.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar	4261	com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

Queries information about active data network 1 TTPs 1 IoCs

discovery

T1421

Processes:

com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

T1422

Processes:

com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

T1624.001

Processes:

com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description ioc process

File opened for read /proc/cpuinfo com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description ioc process

File opened for read /proc/meminfo com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description	ioc	process
File opened for read	/proc/cpuinfo	com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

description	ioc	process
File opened for read	/proc/meminfo	com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo

com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4261

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/oat/x86/abuddhifymindfulnesstogo.dat.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4287

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
Filesize
102KB

MD5
9c31c3705f39733829d8a0df10a28b9b

SHA1
35c36165ddeb2729c264da42c8608fa6af0deb41

SHA256
32f9a25a95a9c3fac4990a63065ff906e533e5dc2a329260c23c6d066f6fc617

SHA512
6f278eee76fe9b8dbb7b068079490b152dd22b665be31e55fe7f719bab60979cc3aaf1cfb747bcaa4e56fdd777335b069837db6e570799c44e14f3e8cecce218

Download Submit
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.YFlurrySenderIndex.info.AnalyticsData_K69G95JC7T5MMWGF62XJ_228
Filesize
88B

MD5
d299e8814be589d157aad2e857b6da32

SHA1
35fc4b79de5763fbd09da8740966cf858930f65c

SHA256
ba3192baac481abf7cd23f4889bea7198c0fe58b77ecf2dbefc33f0c183b735f

SHA512
0b8019178ef04723d15228e0bbca396dbb6e1917cf051b7e60e8b66f34d9c95993e59240ff8f44b10612aa87581f36995e5269ee691472df46710547f0cbfde1

Download Submit
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.YFlurrySenderIndex.info.AnalyticsMain
Filesize
72B

MD5
c83cb890fa8acf1042b3ebfd4c1431d7

SHA1
cd7bf7c86064e2194e70bf4432d3153fc2e3bf08

SHA256
2ecf1acfd0cfe851ddb3cfdb529d7b2bceebe3296401bfa76c5e124e84134f10

SHA512
65317c818c7a4b0546a2be2368b8aa2d6703cc183cab62e40537991606aa548636c88fe5598fd72ac7aa670c92792a303f47daa9723fe5a18fb651c547a7da68

Download Submit
/data/data/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/files/.yflurrydatasenderblock.b43d692f-144f-4e81-8500-f642ae87859e
Filesize
316B

MD5
dc7900efbfdee5273bd90297189695c0

SHA1
7114793509ae99b8ec31a12d2960d967797005d5

SHA256
ad0297017a73ed14c0185226b0200ddd9a2cb9a8672d8ed7e595c741a6e95cc1

SHA512
32aa607c1aff337ddc105be804d1ec9abb80b1acd284251d1906aac56bb7ed2121febcd9cc7d33b20683481fdc634467be9543a7505605ea6b8e3bd1632135fe

Download Submit
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
Filesize
235KB

MD5
4a1b548663d2bb20a34976c20f4c2a1f

SHA1
33603ae27703e743e00048167414d0391c49d4ac

SHA256
6e79bcdf778b78226bf2d27d4f9aa44ae8d77deddb3a432d4b730e6e90f17fd9

SHA512
baa7a6dd4c4440fffc9458555f8a9c0c836f19e97a74ffeef0d6cdb9d39f310557d0ea606002783d5a5eda0e75faead380d1eb916efd6c365fd1098693dd188e

Download Submit
/data/user/0/com.ajt.abuddhifymindfulnesstogot.npqeyj.abuddhifymindfulnesstogo/app_app_apk/abuddhifymindfulnesstogo.dat.jar
Filesize
235KB

MD5
79a253363e7b318eeef0ce07bf11e2b6

SHA1
a1d6052d17bb9f4e147414418ca5c9e9a62f0726

SHA256
5356fb52ce6d7a7a09d25a443dd894093444bc83b4be147a856ace1a122fefaa

SHA512
45ddfea8b919ece45612646a39b91338be7bdb63ef054039abcfe90f958915eb7c0bc6353ff5744144a2285ae6cdf5c8127d6b669e9577ef8da6299c8ee39442

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads