ef332aac877827fc112dae98b4fd904561a27570b54a05a7200095446a3442e3

Analysis

max time kernel
51s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14/06/2024, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa439d574e05ed1296fb1f45a89fd846_JaffaCakes118.apk
Size

7.0MB
MD5

aa439d574e05ed1296fb1f45a89fd846
SHA1

0f02d6ea66ab69d569a37da7ad74bd9c4bbe72f5
SHA256

ef332aac877827fc112dae98b4fd904561a27570b54a05a7200095446a3442e3
SHA512

7105233bfcf6726a212a79b449f6c8c81a7846b84e87528a8f46a8cd8986fd6cb8a0dbc26fe812b6db0c239c6efd1899c5b05ef93ff505ca950e721f04b3901f
SSDEEP

196608:evAcNCDGk0MZQiqDXvvV42ZN4b5TYBLDoevVW0ovVW0XL:4AmkGFMSJXVzO9oge5o5b

Score

7^/10

banker collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	io.dcloud.H59D94B6C

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H59D94B6C

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H59D94B6C

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.H59D94B6C

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H59D94B6C

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H59D94B6C

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	io.dcloud.H59D94B6C

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	io.dcloud.H59D94B6C

io.dcloud.H59D94B6C
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5117

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H59D94B6C/files/cnc3ejE6/eje3cnc

Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit
/data/data/io.dcloud.H59D94B6C/shared_prefs_ext/test_app

Filesize
24B

MD5
39c27456f2f4093f9d19df890031bb0b

SHA1
c42eefc1a7c128ca92b09e54c1ca423f2c13a3cf

SHA256
07c3e8b4414c37b35ecadb4d76f7ae9eabe367ef387c06213a756b3ab6eb9294

SHA512
4bb9dab37b5be5a9c95c6de02ba7404f8ee74e458eb4b1e4ee523f3bae90cc5fff7047e364fbb3dec9ad7e994eeb71a46cc08c547610c4ff929cfb635d02002a

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
68dd1a6ba371c7affde0703c9fe17153

SHA1
46e5a826efeb95e41f19e6d141d208b0d0e34de6

SHA256
67bb0e14b69677c426f7a1ea0569eac3d57e86c722f21a50861835d685894a23

SHA512
47b84a5232e757e2e35d527a3e391f14ec9f0692963deba48988b9dab57f8d9cb12ac704f13f147be8aa59be00f34c6816b1d3e7a4be7a5c201649b61c35a271

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads