5715d92386ddf114141721977e1f88bcddfc05d255b3b9de58748a35f54bcd4f

Analysis

max time kernel
64s
max time network
150s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab37604d358e14b04b168958ffee394f_JaffaCakes118.apk
Size

28.4MB
MD5

ab37604d358e14b04b168958ffee394f
SHA1

3d61d8ba1f732f4dbfb3bda0179c2563c598bb53
SHA256

5715d92386ddf114141721977e1f88bcddfc05d255b3b9de58748a35f54bcd4f
SHA512

ebb55787b1ddcf9fbc73448c772ac43c1712c38626269df6e83eb51bc3a8d410d06ee8623b44f83b04698a595e899633b6c66a95784d5e56a1dc7d331f446027
SSDEEP

786432:0lgloSePx7RV70NBwroJ5ELPhBzucnQFzLlCQS:0OpePxVV70LqoJ5MhtbQllCh

Score

7^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zeptolab.cuttheropexmas.google

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zeptolab.cuttheropexmas.google

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zeptolab.cuttheropexmas.google

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zeptolab.cuttheropexmas.google

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zeptolab.cuttheropexmas.google

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zeptolab.cuttheropexmas.google

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zeptolab.cuttheropexmas.google

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zeptolab.cuttheropexmas.google

com.zeptolab.cuttheropexmas.google
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5038

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zeptolab.cuttheropexmas.google/app_cm/176e47f73a7c1af8e2e679e03856ceb1f0e5865a

Filesize
332B

MD5
76e144aac86c4e1e2334a7850613e80c

SHA1
bc1e2d7a5a1b4f2978c6534060991ed52fc11b12

SHA256
4207a947d667ea1d53bc0da01a0016dc122ca896e215a2972c1e08fa19d4900e

SHA512
99aa5c5b45b2ab2359253d56e6afdd7a9cc2e0a179e355712d2b3f8f244907fc70be9ac8ec02338de0c128f3f4939c35e84028c77837db51b63b8dfd67567377

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb

Filesize
20KB

MD5
dd98426488eb9f3ce76c924d7de8ee11

SHA1
a2f3ac13b5eab543e12534a5c5244f2b9584988b

SHA256
90b522a094c0ff860e4f71b36103a5e33a912b1304832eefaa5b0685944fb92a

SHA512
744e3245702e5bc037f5f8ee4595dd20efa12c32b3f130fd25e3ad811735da79b07e6d406471d44e91e3f7f6e67847b36d4052a5747711eb24eaaa8e430ec656

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

Filesize
512B

MD5
a416a9948002b4000debe0d672b3fdd5

SHA1
254b625d16f26b3fa0e8984260043e6b9f7061f9

SHA256
25ecce833d3cdf80505b53f6a6130a5694e57e85ebec4c7724de0d8b540386f3

SHA512
7127c1d17ad4d290e950c6f192c64b1f4c3195c51331ad7e15904c6c3cc7094905c6b63f7930a4f3720cafea4b8f1ee0e0b781f803d57cda9bcc34bb8c8aea4a

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

Filesize
8KB

MD5
c6fb9b30b365e00fe2e59eb556df2c5e

SHA1
638cae9cdb5a71cfb58f42255f5ec79d975f01c9

SHA256
e5f169865e7f0ddb835a991586c125f1dcdbc3691dc2f85bceada9f0f0966cf7

SHA512
086599930a38db0bd59039e8a3ad308a98c73ae3a473be8cfe352bf35f9be46018457cd6ed22c3e0143594ea1d52c010d6c54a188c36d8eb0db63cddccdc0639

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/cookiedb-journal

Filesize
8KB

MD5
41911b7d2e9e25051b9829939d47b4c7

SHA1
c8db2521cb5b174424c75338298abc5666b00572

SHA256
7705b9ffcd5b238a74521064eb20deae47796ec45b59d0ef4d7fbae0dc605c04

SHA512
38ca5f9fd5c5e959e96f9b235bc99f2b0bcbefe3d14ce5d2ae73096e2fb9d1b7c876aae76a8fa390ee6900c458683134139704598386773b38ca5009f3f7f387

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

Filesize
28KB

MD5
caf8df69768c07f3f50f95dad4e9d0d5

SHA1
2106296a9e84fdca64fc029f843b16328ef8299f

SHA256
a2392c518dcb8e1fcf487050bdf26b3011311dbd751bbb5aae25f980a75e4b92

SHA512
e902c31f14eb39421fa2f41d44c0a45a7733e5e81aaa720db0154f057f6c150c6d044c81b335fd6890e886a5bb29aa750d2d1448130bb63249952266696a4e78

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

Filesize
24KB

MD5
f42bce7f3f57d5883d1b7a8d7cc430fb

SHA1
65025e580fa7a10e4f3f44b4f53d478c201b1750

SHA256
b7ef575142c643830bef799bdb78fe5145651eccb64ba6a499d6698d1ca352b9

SHA512
2713a4001be8a4d7d37e0b48aa03b5a30c180c30dbc3d51852f13e699ca9bd9ce9b36248bacaa12319dec69ed087eb42dc35b805ba5b37cec5b3a88c6acf2cad

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

Filesize
24KB

MD5
83e1af1397111808e66eba9bb2639899

SHA1
39981aaf495881b51204f7073bfa435adf2e0130

SHA256
e92887eb7f6716ca3a9c7e0d52974aff57141ebeac9f7fa51575b039386ab8e3

SHA512
178f47dfc8c8748afb7d0f3ce133d4cb019b104e9f7616b8e4bbade9a16cfa75a48ba602ce050bb933d1832ac8349efac1bb4a78da3fb3f7ab19b80cccdd9d75

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

Filesize
24KB

MD5
2e1c75f4e1b347620bff0cfd903ba62b

SHA1
a53be390f20dd7ef641c3b7aa5bddf7266fe80e0

SHA256
18794171e3386fe99b58e0365c507516d5d5b80c845cc7699c4e1a20e2b6e3fc

SHA512
c257091be69440f16ebefcfbeb2d83f2d9fbcf325403392e015b76cfc6f6d8a1a961d9febbb29f338a639f2e39fb141c66a5464181411482f18c50bf9009ca7b

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

Filesize
24KB

MD5
0ec16a6d18bf40a9f517902830bd736b

SHA1
bff0e51e63e916520a570c92f45ce2a9a3b6f9b8

SHA256
da2d0f9aa4533cf9f16ea65fc06d39355dc25b6c8aa78d2a91a6f2119574f17b

SHA512
545da0eead7dc71187aaf5056503570303568680bfd50477f5e4e95e8effc4b9f452ec7bc7e4f6483d17dff4e9ee7052e00d4be63dde4cc3e0dcc98926e7d8b1

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel

Filesize
24KB

MD5
3cb881ef9c5605c9d650adafb653d270

SHA1
0310927fc8efca65d6101fddb766a833bc136570

SHA256
432957b5f4285af4c9fc5f2af63a2749f9e40ab2761174e5d191a1ed9ab6422c

SHA512
f4879bf20ab86bb66cd393a170aaeff71c3977ee589b548aacaa755fc2bc30b014e02d8c9503fa85937defb0f5af89a5a595d81613aec62e8abb9a9517ad0718

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

Filesize
12KB

MD5
07527213c065c4fa29fff399c2206917

SHA1
4e4393fb45628754e3f34dfb446ab4dac05a0719

SHA256
0a6f4b6d92fb58294bbccebfe6e29f2aa796a966dfb0c373be53e7cfbc2423a2

SHA512
dc4a66a0b87634fdc0e447bed71f5e979fa19be108d08a170f540c8103d7ddd60e72bba36ac2e39b3788633b33edaaa850d451ccba0db611592bd58a4429df9b

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

Filesize
512B

MD5
e0ae7209f8a5dc1150ccead620b308a2

SHA1
96839a351aa20ca6148d385e656a35b67294b59a

SHA256
f4b3faa634c2f758f9050eba6743bc70f09d32605e543dd4e09b08ea9daaab8e

SHA512
180f7742e5cc14d462f2f16fd4b93c9d8bd6acbfe375f2af6cafebec7e158cac6fbc5cc42fe52429ab4cf260ff4d050a9b2b126c9095cc0936ccc8ad00511064

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

Filesize
8KB

MD5
86d0e24e4420b09b75d94aee86a6047e

SHA1
14d7d7953637cb80fc833ef1d534a4d5b470d7f4

SHA256
62584b6fa6f04be169e32b6958620a3bc6840b6d2781b0b30357ff3b98705bc4

SHA512
d3c8051e624215aba8e8579b2605ebcf63ea9ea94387f655fa4a57d604cf642ff5dcb7006ae2cdafee4f7c9e4f3c4b1d4e5224e049ef89a64d4a7f0cfca74436

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

Filesize
8KB

MD5
09330fbcc10c6339ea468d76c5a8dd84

SHA1
49d2f9b8a50f279912bb6da794669c4a316ecd1e

SHA256
f0b77bb794d86807fb8de7dd178ac8e766118d8d5d43e420bb44a36cd76b94f4

SHA512
5ec0f3af25b5aeba8fc003cab5ad9afe8632e7ea0c3240590133f8b9aa96a96e4f7db788056b34a14651cc8a791e7a8146a797ee01410bcaf20d756eac907e5a

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

Filesize
12KB

MD5
fb82ac0fa12c56adb39c911154d976d3

SHA1
cf8da5965d8eddfe6582edb1e920292c245c86bd

SHA256
3413974d53792d5f90585e2729e5d7fef2039eb48883779d109a6ca6e96eb99d

SHA512
1c51506edffc84a8c0cd74e41d788ff8ecc38d684752afbf854c013413d88ebca3291cb33279f6873ad5509335da5c33e5cc7c59b63409a482869d479a735edb

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/databases/mixpanel-journal

Filesize
12KB

MD5
920bee8c7318e45e29d0d309910bd939

SHA1
13d82b3573c594085b639e7b082645b4b99d2e45

SHA256
69b18ac5fd9454a868fe859110a49887e098cd250365f0a7773fa65391e2ede0

SHA512
33faa1a530a762c851be758e8d9b40c991522493724edf8f24f77c124839fac3f2832ccba5c1889fb26484673e2cb33d8d751dfee45a5e32a16bb18c8623acf0

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/.FlurrySenderIndex.info.Data_PHYYTKHDJHNTV9TCBZ9S_151

Filesize
42B

MD5
f2fc11447baac900cd2a8b752c184c38

SHA1
af96b7a05be340626b89330bcdea11f3b04a907e

SHA256
6f37702cd79f6ef2a1f3848225433445d26ae490099d5e00a735a42e2930a133

SHA512
040e24d3488e6e368dc1719b0fe88e802b2fc4d4fd92d56ac2503562ecf554ebeda3ee53300d7d983e8838db434df0e1769f84ba14b83fd61a0de4b309719ca9

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/.FlurrySenderIndex.info.Main

Filesize
35B

MD5
787cd6b90d3027909e6ee3046ec26ed3

SHA1
bf04997616b55408e8b398de69cb4daf3c405119

SHA256
fd2382fc946ca5ed140cd441ffeb28e83b55241adcb36b6dd2f00733430be99b

SHA512
4b8e8ec94f5433858998d6e3f3f512b488573186041d931c2ee2582e925b0a56b4f68656768a36934487017a9e08413eef4e7be7674cab1cc933f1ad92fc5eef

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/.flurryagent.432774b3

Filesize
58B

MD5
4a1a27310b6bfe378131cad4d56412bc

SHA1
eb88b34a7be314b76d78576012d74e05bb043208

SHA256
eebe27d3777d4356fcda89958ca9f5f64304651a64001d25d119a1350796183f

SHA512
159cc3f0433c10ac81e5fd6639690db8a2bf24126cc3e1612b51ffe82cecaf571116b6ccb58bade5097207a2e6de7fed2725fcee77733515bd55800d4f68e15b

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/.flurrydatasenderblock.0ea1b744-dbba-47ab-a005-cf11df7d4a9e

Filesize
254B

MD5
79ed5e566fc588e8871ffb2052c925ac

SHA1
1f135f59defffc34c359a838b751084440c367a2

SHA256
c7917f32e0a22e2cb2a4b07c157189fd1874e76a352f63758e8607bc056880e4

SHA512
db5e9ca73e3c71e335abfa3a8da012be340e57dfd0a99ea0c336e3c2778aa3795042a865224db861ba0d26eaf149fb2e3ab7abc7998982f46a825e7d1aaee4c0

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/banner_config.xml

Filesize
35KB

MD5
a09ed443c8c080df3c72d9de3da6cbe1

SHA1
70480bff14bbe2b172c570b968ffba40607d2de9

SHA256
7e805cc2bfefbc50df4ed95e7a2529d2d497fd27e2c4d3be0034f023cb97ff24

SHA512
aad4e574dab25013f0abf2c438c435b76167b59c8328b7e063be9fd8dc9b81a8ece6073a6ee35c29a1deae6bfb6ff25fb668701e6619d8a44016a06670df7f50

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_103241

Filesize
17KB

MD5
853f6bf0517da2f24cd42f194827b03f

SHA1
597bb233a1d5b50b029e82280c37a6eb3ce1ad32

SHA256
d793ef0f402839d2e8d95abd0e6ff6eb5f1826804f4370ac69faaa20f9bd4336

SHA512
c7f3b933a760daa824ae65c6af961677f73316dabfe8cc3affb3334aeaeae71d2398900f255a421d15fc3f74ece5a11a565a8fbeb83020ba606caf45041985f2

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_103311

Filesize
54KB

MD5
da47bb9ece634b4dbacf44d01aa5427e

SHA1
03f4144027b17cabb49702d4851161667ee3bdee

SHA256
2ec51bdccbe16958252ab8a8fc912f323033e981f7f553b6eda8f361145356a2

SHA512
92bedc537c001e8880bd9356138f766060fefb5572182847eda0b14ef150a539e54c617b6987137a39312f11c4ba6d700036337f69c326a8800e318599aafd87

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_103361

Filesize
52KB

MD5
347db3043194e749e1b891eaa7d0241d

SHA1
5b368c1c14b987c0093371c5bec3d56a5f9f8cfe

SHA256
01eb67f42fb95c9b7271bb7730e886b3f025480726c7a4224048d67ed1845004

SHA512
05e25541bf4ed77317bf80e586051704b7996ecde716794d23cc6ed27ffc2f119c1cc94f8a8d14eae4527669e869c9e7a6f9af82de0c5361b4c9d5f08c89b3f0

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_104369

Filesize
224KB

MD5
08033c009d8db602bc999fe5d1066862

SHA1
62b25759b08495cacb61e25b3c825df045d5c8b9

SHA256
24693554f54740eb90070cc049744261f30820893ef7da7473e0bdb872530a5c

SHA512
fb45b23071ad3d4067671d2d096389330f9bd99eef3d861b55528e1e7f5373766c0dca8328606a0c0ac6fb1e32abe4707e832756ed6af043114d1cf6f7641959

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_104423

Filesize
199KB

MD5
f69f5a5cff47b631eb394b9269b45926

SHA1
6d5cf4432880d296cb58beb70dbfa7b4436baea7

SHA256
142a919b4b52b4521d5426f0747f9f2aaca01b9cc411ecbcc5a5eb2ee4dd2626

SHA512
adea76e58b365e4a25e93515f4079b530de4fdf07b03fa577483474a72a2a156f5911bfceed35748cad7ea34826759d34603ea2ac04be13291a9488bcfcca57f

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_15279722

Filesize
68KB

MD5
2789ad24458d5519742cc9cad3c979af

SHA1
1e34686b67700aa86561437bc9eec2dd8ed04563

SHA256
0f6bb083a11a3a165a827a9053ffb5ab907d9b87c92f80474f6f1bcffcfc94ac

SHA512
a8e4edc92d72098d08e4e850abc0943f3ae0c52d6f8aae9331610d021390df33d45408db154275a7295995264f48e13f1f3a798ba27f03f798c42868c0aad4f4

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_16406134

Filesize
356KB

MD5
1dc453fc29c2d73e4b041f9c7493be53

SHA1
bfe69b492721806acf25fa09aea4c2406b12d9a9

SHA256
7e8e14ffc09439229ff6db80bc71e30e4ab823f0bba98fef9d6016a4b54e7da5

SHA512
f98e2f3fc4002e3ad5bac0f2bfa14cb38f3b3576ea8dd3fc9673caff855520cce197c9651974c88e4d9cb05b40d8bc1cad116ed164e876482c59884187dced13

Download Submit
/data/data/com.zeptolab.cuttheropexmas.google/files/bannerimage_25324871

Filesize
122KB

MD5
b0e07fa0671cb9c1a18a62ff94f7d30c

SHA1
eb68ff6a338b60e4a74cd883b1ef206220c93200

SHA256
355dd1f580659a2ef986eaae38c6e4f4cc979e824604bcc188021e57a25241c2

SHA512
f8588d48d9f9057a369a933160876682d26ab07b993d5163834e7b288bceaa88fbb35c69086d63d122e1c91253c3ff229b944cb664ba562ee71a78d4166c4e01

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads