8ca74dd641e225165e5cfe400c5556a6037e4f8c3a4b9a6681100703d0bde23a

General

Target

a7c83d22ac36f99f3902303ab4620704_JaffaCakes118.apk
Size

1.4MB
MD5

a7c83d22ac36f99f3902303ab4620704
SHA1

77f040683043c9f399ebd012e50a3bfb34fa9fd9
SHA256

8ca74dd641e225165e5cfe400c5556a6037e4f8c3a4b9a6681100703d0bde23a
SHA512

bd85aa47be388f708d704e5d7dfba910940340b4537689991a7818db582f69878d01a44f3c188569d3567a109d87e0c58de78db341b2954528e71b97229d46b1
SSDEEP

24576:mPEaFmFN9v46flH0UIbxMeh+CYIgHBxsoMHuvDm8P0JORSAireJP:mEaFmL9AcaJYJH/pMOvDicS0JP

Score

8^/10

banker collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.bjin.gamemaster_main

pid process

5084 com.bjin.gamemaster_main
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.bjin.gamemaster_main

ioc pid process

/data/user/0/com.bjin.gamemaster_main/app_ttmp/t.jar 5084 com.bjin.gamemaster_main
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.bjin.gamemaster_main

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.bjin.gamemaster_main
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.bjin.gamemaster_main

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.bjin.gamemaster_main
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.bjin.gamemaster_main

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.bjin.gamemaster_main
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.bjin.gamemaster_main

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.bjin.gamemaster_main
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.bjin.gamemaster_main

description ioc process

File opened for read /proc/meminfo com.bjin.gamemaster_main

pid	process
5084	com.bjin.gamemaster_main

ioc	pid	process
/data/user/0/com.bjin.gamemaster_main/app_ttmp/t.jar	5084	com.bjin.gamemaster_main

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.bjin.gamemaster_main

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.bjin.gamemaster_main

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.bjin.gamemaster_main

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.bjin.gamemaster_main

description	ioc	process
File opened for read	/proc/meminfo	com.bjin.gamemaster_main

com.bjin.gamemaster_main
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bjin.gamemaster_main/app_ttmp/oat/t.jar.cur.prof
Filesize
525B

MD5
483bd630641b50146dd116b5eff62f0e

SHA1
365f45da142e96fece36a43a02e3cee8359fd0ee

SHA256
610fd316fb0923b8347e9a9f1c78a0cceff927ef5b54d21250728f5ae3d0d616

SHA512
9abdff8ad9a9193abb7b51db0be7bdb3c95cb6c120c4cf0bde2e4b0293c78aa6aec01a2b0fb83327ab78c15dffcbb882e4eed57788ecceb11be779793bd87d43

Download Submit
/data/data/com.bjin.gamemaster_main/app_ttmp/t.jar
Filesize
276KB

MD5
9aaea567e0c93e51718ba7eade0e83df

SHA1
0005116aad1779361b70093db00fed5ac090ae23

SHA256
b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec

SHA512
2aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890

Download Submit
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb
Filesize
72KB

MD5
b41401fa7f54e7d7bbf4f8f8ac002e38

SHA1
5f0f7722831d7aed2bb89a5fb58c25f7d8e46ca9

SHA256
dfa278db4620794953d4d2dbdb39560e41d430bdd6108dc237b9a2f751777567

SHA512
2810844a47bb26a64a440d95bbe95a61136eb238154f82eb0e5f68508026cdb289e05b7b25bc7b0a2d5077c1b52961912cc24d55bf29b303577e7098cc0fb032

Download Submit
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journal
Filesize
512B

MD5
d617c33d53f13c7a4422e8a7182b17ff

SHA1
8aa1b8b67456d3481182cdd79c7e270771c6017a

SHA256
1e7ba29bbffb59ce4253d775ed4d3b5b073d0834e16da7300c8781d001096c9c

SHA512
4a78a66f0577b30083c8c0b6506af5074b628e220ec13cbcf5f6abcd024c3441ffc4fd958fb748cc67471b3f25024d3fa290ee9a8d95a2170a77fcd7a6b97b91

Download Submit
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journal
Filesize
8KB

MD5
2e58eb56ae90c264691a05edfa23f804

SHA1
7bf22d61dca2553e983d3a69769f29037300aaf1

SHA256
6b17802cfb05248c808db2b4be57e329aa776a61fa9dc258b665a0868cc5b7d1

SHA512
1c925979ad11cf31bfe7316220febf229bc37b1160b0969841656818ab6665152613ba51348a7576a762d9c3ebd31790c77563156ff5db7f9b634e097eb1368c

Download Submit
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journal
Filesize
8KB

MD5
c38f15d2a87d6f48019667b718ad9619

SHA1
2e3b82a2df9baf05cbf86ae673ecc9c819291487

SHA256
fe2286ca7e8db0a86b80fcbd64bc9e87baa268bae4b070958764ad937625dd4a

SHA512
6b3aae70405325071f889dd0b7177c0920a6316c5764d09af233ef9540fbc148901ef2209280a10f0b7dddba4a3593ee67153e312105ba4019d10131c9b45aa3

Download Submit
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journal
Filesize
12KB

MD5
d04d250fb726476e656ea3a2c1a5b93f

SHA1
fbc733a43cd4ba8c361d39f4aa3c058c431fa1c4

SHA256
5f9197ac46643996e7c83944ce04df2e8e04b5766133e70c4ebadd7be6cd857f

SHA512
3890aa76cde5b9cd9790f17548803dab4e281876322704230f5918bd941519b4534b67592da0195e9d78b88b4ea7b1641336eb133f0a19701cfb77e34493d8fb

Download Submit
/data/user/0/com.bjin.gamemaster_main/app_ttmp/t.jar
Filesize
587KB

MD5
f72c3d07507c3e26d317e9117ba757d1

SHA1
cdede4739e9dd9fd95243aab5e44c24f93f825c3

SHA256
1c65834d9ca018c6496a8b9957589d0e94657911b6635dc21a448d78f9238887

SHA512
3420714252e7503abc13c99274d767b0bc08671d769460dc61823ab9470e145fb75c5dfaadc617d3a05cf251ed5ecf38ea7e8c1d7b343bca4d7e8296f1b805d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads