74f3958c32e79e066877cedcb7120e574e9d55a44723decae6dcb9d801c744da

Analysis

max time kernel
179s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14/06/2024, 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaa88468c8f62f809de813505bf9e991_JaffaCakes118.apk
Size

11.7MB
MD5

aaa88468c8f62f809de813505bf9e991
SHA1

6ac7259016a888b81a0a6eaebead52896af6d120
SHA256

74f3958c32e79e066877cedcb7120e574e9d55a44723decae6dcb9d801c744da
SHA512

cb699dc1433b3cc27a7da177bd132a6f54364eb03c96060f58f2a8ed3268453dfd30d9b18b4a81f003b690ddf029834822842e49bb8623caefc41fafb67ede23
SSDEEP

196608:eiu8o0Jg/XUEoCLroCBSZL7p+ShkG0EAKxDTOB6xNe9XuCfWMqZWNMGhkG7GZ4yd:eWpJg/XUEoTP19kG0XKxDTbNe9XuCfWN

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.ydsjws.mobileguard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ydsjws.mobileguard

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.ydsjws.mobileguard

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.ydsjws.mobileguard

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ydsjws.mobileguard

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ydsjws.mobileguard

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ydsjws.mobileguard

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ydsjws.mobileguard

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ydsjws.mobileguard

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ydsjws.mobileguard

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ydsjws.mobileguard

com.ydsjws.mobileguard
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Reads the content of the SMS messages.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4266

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ydsjws.mobileguard/cache/permission_record.data

Filesize
84B

MD5
e025186aba3057a3e5bbdefacf77e0a9

SHA1
7ed9079d54abd2e32d319fa5acf5d5b158e3d59c

SHA256
9e5af57d9991b293c7a348e1584830b00eb3b9bdd56c954c0cc8ee1aca8262bd

SHA512
37967e9f70d2786d0658ae57bc88aabb2c752d853b885d13a161ca2b519b87d75afff343524e023bee59570dfe150ed3968b1b5142cd65f02601f3a8bc331190

Download Submit
/data/data/com.ydsjws.mobileguard/databases/library.db

Filesize
4KB

MD5
d02aa2995ae5730c72eb6e88396f74b7

SHA1
157bcc6f624e58c7c0e02aa4cf96311ba084366c

SHA256
98532d7d4f34945f8e153f1e0ceb85f397cb53668531e05fd93c42a9650d01c3

SHA512
521d7bca783ead50f8837ea73797c38cbd7011960c7570f1a84091767148123cbedf382d2f28ca6168524ddfea2761a9ae27d93ace4f9497e48de9cd3a87107e

Download Submit
/data/data/com.ydsjws.mobileguard/databases/library.db

Filesize
12.1MB

MD5
2a8d1b602e76cd7d580e0abb70e538d3

SHA1
213c7c73f6fc1ac6de8cacf204d2f8d6a92a0347

SHA256
9e733f060fc3be363457527081509a91ea46136f8d6b471eec2b4426f42971c4

SHA512
44a1d39db8b9b839a03fd5f9549b029a69c751da8d48218e6d75f0ef916f44e5fcfe693364dfbfaa2b45d10cd6c236fe6b1910db44c4c8f35c69c94d284e8fa4

Download Submit
/data/data/com.ydsjws.mobileguard/databases/library.db-journal

Filesize
4KB

MD5
92d5718315f1235fe996a06c40dbaed4

SHA1
01cec1858c4dafe5ffedd0144f5ba5dd918e3215

SHA256
27d11595ac1cfb79d6c3d5ad9c52691901129252614ea571832249e04abe28b6

SHA512
2766bda74aa9eb97586b3e46c83b4fca6756a2cfdf1fdf06117062fdc749b56fc9119445413699a95c86b85ca54398be0aa20bcd89a4a35fd926bc82a9858ec1

Download Submit
/data/data/com.ydsjws.mobileguard/databases/mobileguard2.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ydsjws.mobileguard/databases/mobileguard2.db-journal

Filesize
512B

MD5
aaddc747ed1c56abd2a72b899b4c6511

SHA1
23824ebfe0c7dcda725c352c264803daa704ac21

SHA256
583bc28c7a53a72434f57460d74735fa3ead9e22a5234a817b8d0a88bd3b33b7

SHA512
e897a4fec271e3287577bc0bfb512b6ef6a037022102da76ac085ef3e3ec8854c6e5da4d6949d5151966f38d44b87572e6802b4dd97920be85b1024ad1444df3

Download Submit
/data/data/com.ydsjws.mobileguard/databases/mobileguard2.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ydsjws.mobileguard/databases/mobileguard2.db-wal

Filesize
148KB

MD5
9c1bd374104937eda9eff08f266c451c

SHA1
240aeb90ef0fe96f1a64434e6520d3ed9c8d765d

SHA256
c471d67bdc1209f00173ed9d8573b023de17d711d6ab0020a77d80c85d66827e

SHA512
e140dacaf0cfda8987fcefdd7c5c26586a2c7046dd9e4870e4239829677e437fbda9cc7ff486b09d84624081affb534c7a11953e14c67606238b90c12d073174

Download Submit
/data/data/com.ydsjws.mobileguard/databases/regions.db

Filesize
1.9MB

MD5
b0448a2fda403f1d14166e46a1c2be2a

SHA1
02b77b59c9a9d00293816bd694d374b78acc1a2d

SHA256
146eb84bf698dcb1eff691614a45d15b630f9d191cbc402d71c63152a7445278

SHA512
22b4dee093e721e6ab9e9287cd8f1c8bc6e1c8f3210a8e8fadce26e5c9b542c8053d32a91501f169917cc598907c8f0c3e38c1bc18319cbfce4595d2d79192cc

Download Submit
/data/data/com.ydsjws.mobileguard/databases/regions.db

Filesize
1024B

MD5
04fcf9c5150694fb47c7817ff5a9bb1a

SHA1
17c06a29eb09dfabaa50e7f79ae0da33e9179569

SHA256
ff713d5335a484f497bb85ed0c10b3f4450e4d9772930a71b29838b0c5fa37f2

SHA512
0977e1d874487fb6c0cc2ed1ce804f43bffea90cc8cf65bd83ebfa878e07b449a2fb8e577e992dea04fa3f734286d71d1a3dd5867b9e7c11e1474c23fbc64b0a

Download Submit
/data/data/com.ydsjws.mobileguard/databases/regions.db-journal

Filesize
1KB

MD5
2645cb21ec694e87abbdf35a41a04bf5

SHA1
e0ba752e36b0e3f5fc317e209d8fa4836b1d4ac3

SHA256
6d094d0f2f8332a45c3d3c3f4ae7598c33827a021ba16f57ec122ad0071e66db

SHA512
a981538cd73c6c7ba56c19827742712dbc8ba9f7bb37937ab8244f903655c216d6538e3df40bc53d81c4cb258ba54d68943f7c89cf820dd545e3023d1c12ef62

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads