b66cdf1b39f6e567ac9502f84214006ab654006f6d59125c43af5beb94996493

General

Target

aa2e0ce1661bef7f7316f196f2ec81e4_JaffaCakes118.apk
Size

1.7MB
MD5

aa2e0ce1661bef7f7316f196f2ec81e4
SHA1

bf22d1868245f8faa7696af29d3ee011fe8b69f2
SHA256

b66cdf1b39f6e567ac9502f84214006ab654006f6d59125c43af5beb94996493
SHA512

d89eeda5f9e23b347ce0fc8dfc0cb3a6d3cc5d1f5f2c9650cf4833bce23107cabe69d02534bcbfffcd4246cdf48e70b466b9f712bc74e7a7f55c576c5bf412fe
SSDEEP

24576:M4AE0JWSGf3sZ2lCDbh2rLF15U9KpRdlX+CDjAO02OZGpUgWN10PUH:V0sSGfa2lWdoF1e9KlZDEHZXgWNePa

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.waq.lsnxel/files/str/OgHRY.jar	4310	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.waq.lsnxel/files/str/OgHRY.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.waq.lsnxel/files/str/oat/x86/OgHRY.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.waq.lsnxel/files/str/OgHRY.jar	4272	com.waq.lsnxel

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.waq.lsnxel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.waq.lsnxel

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Required to be able to access the camera device.	android.permission.CAMERA

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.waq.lsnxel

com.waq.lsnxel
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4272
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.waq.lsnxel/files/str/OgHRY.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.waq.lsnxel/files/str/oat/x86/OgHRY.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4310

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

System Information Discovery

1

T1426

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.waq.lsnxel/files/Plugin2.apk

Filesize
99KB

MD5
3d216f8fddb9705a6720a285475837f1

SHA1
f053d23b284bfe2faf6e76d353ff052471e2de2c

SHA256
de7bf40574754a5144fa5cf3bc5e97f7adc7f5abebb18c41e8f0631917db4c0c

SHA512
38be39da8f96abc87109cfd57b2d63ddfa72971f023024a5b4ce1f97cd905a96a94e19eea19ae9b745f28d02c6689a4473627ce57ec85dce2018a77e699620cb

Download Submit
/data/data/com.waq.lsnxel/files/str/OgHRY.jar

Filesize
790KB

MD5
a982145c3a468b80c093b7de07e681f7

SHA1
7c3db6ccb7fb9f81a84c3b1a932efa63aa5634d1

SHA256
4da7c22e5b543d0be5ee064a7a8f44a2676a3ed8b548491f3e8550fd7e217353

SHA512
b5a6a976af377d25fec8c82717a892c67b43abac65c3741fbbbcbd2142093eb0039fa9d038ae83734fa167eb7517833002c2d3ec340432cbc44deb12224f2651

Download Submit
/data/data/com.waq.lsnxel/files/umeng_it.cache

Filesize
310B

MD5
e238b6f20786b1a0469ecdcf825eecdf

SHA1
55ce1948d32d3c1ab25dde050c73820f557e3cfb

SHA256
8a98ab6ba09a99989c4660cd9a050dc599ea45a90bc3877de2ece243fd732cf2

SHA512
46c3cfdd08a864c6b84782d1772558a61fa57080e32567ac5ed1e03a5d429dad61617148d69e0d9f57c9c7a0b337418c52e781c9a48bab4a9b834c72478e0dbf

Download Submit
/data/user/0/com.waq.lsnxel/files/str/OgHRY.jar

Filesize
1.9MB

MD5
36943d8d9fc38443a5e3e5784a257806

SHA1
70e7df8b7b9bc6d3a6b2d904e70e6502a5ad2bcc

SHA256
70b0c8ed5d6c15539c2c454ebb66b7477618212e2ac50d108d55f3728eb6e696

SHA512
407521bd4d826c28b184c8a3947cf4f19f7ca7eef1eb09d6b5c9ffe449731de78265ece51a84dd06ae495b315473759d55ec829076eadd86a3f7965853f273a2

Download Submit
/data/user/0/com.waq.lsnxel/files/str/OgHRY.jar

Filesize
1.9MB

MD5
b9bda77b99bd23f9c7ed0c0f1fc981ef

SHA1
58a515dd01065a5942fbda190117915a8aff33a0

SHA256
838e40a335e76e027e982c9b7eaf40b0046883ed3b22c571bbb4bcf4ddc5ec4f

SHA512
1e852049f9a1d7ab9aa562fe2953210c9d4df1c2be05e824a818e826b8741d266cdb3f552788d37797529ed1890135c65ecb50f2301586d559727eba59dfd286

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads