19e20c9809cc61b1d4231cb0c3156b1a12b7ec14f9825e9fa2f8fd1eac359c08

Analysis

max time kernel
177s
max time network
129s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
16-06-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b30c2dc0a49ee95cc1440c2dde85dbe9_JaffaCakes118.apk
Size

2.8MB
MD5

b30c2dc0a49ee95cc1440c2dde85dbe9
SHA1

caf3fe5f599070af1100e98c101ebc67535fec10
SHA256

19e20c9809cc61b1d4231cb0c3156b1a12b7ec14f9825e9fa2f8fd1eac359c08
SHA512

0131587e0808934f97f4ff5f6b4a91ceb29cff12a5d834e6fbed47ccb5f54aaa352772f96bbf040023d395d3d87671abf221e0c79c2d054ff3396de1778a8760
SSDEEP

49152:X3GSCUq7pRJANwwnp/k36IyKYM6qcC6DXMBJBRtpImYuBDgw:XTCPPKBp/C6ktt6DXCJBRtpILogw

Score

8^/10

banker collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cn.zzmain

pid process

5122 com.cn.zzmain
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.cn.zzmain

ioc pid process

/data/user/0/com.cn.zzmain/app_ttmp/t.jar 5122 com.cn.zzmain
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.cn.zzmain

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cn.zzmain
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cn.zzmain

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cn.zzmain
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.cn.zzmain

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cn.zzmain
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.cn.zzmain

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.cn.zzmain
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.cn.zzmain

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cn.zzmain
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cn.zzmain

description ioc process

File opened for read /proc/meminfo com.cn.zzmain

pid	process
5122	com.cn.zzmain

ioc	pid	process
/data/user/0/com.cn.zzmain/app_ttmp/t.jar	5122	com.cn.zzmain

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cn.zzmain

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cn.zzmain

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cn.zzmain

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cn.zzmain

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cn.zzmain

description	ioc	process
File opened for read	/proc/meminfo	com.cn.zzmain

com.cn.zzmain
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5122

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cn.zzmain/app_ttmp/oat/t.jar.cur.prof
Filesize
453B

MD5
ce2e2c0aafcce5115d760c4c6f101b7c

SHA1
41fd44c6d813975c438b95ae401c681586012cba

SHA256
5e5d9a222bebbe7291b674c3ab72f6c3547a5baefaec378a19309c3bd760ee93

SHA512
f155a49a519d991fefbe6ccf9986dcf439a1bc13f51e3c23f1729c9a8b102bb41251e71106b61aeb47243ea0315c33dcc7d2f8cd7ab903d6a9a53f4a648544af

Download Submit
/data/data/com.cn.zzmain/app_ttmp/t.jar
Filesize
172KB

MD5
39f7c5d4a7962708aa7d98bf2fadfc27

SHA1
cb348f750596b2e54705eb7d20b9fb2cc9d8807f

SHA256
e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558

SHA512
55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

Download Submit
/data/data/com.cn.zzmain/app_ttmp/t.jar
Filesize
172KB

MD5
cf9c7fb39d30b43019bfac428a3269ab

SHA1
912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283

SHA256
9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af

SHA512
2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

Download Submit
/data/data/com.cn.zzmain/databases/com.cn.zzmainb
Filesize
64KB

MD5
fa924636b030c0e3f1740fbcaff2554e

SHA1
54d517dbf526000b0e86d28cf8d1a24c5f6381ff

SHA256
bbdd13113ef4d15bdec732a01fe398eb3f45b556b219d067bad5af8172c5c926

SHA512
e747a9f2b9f17bbabc57f66f1ba03cfee9009d5266a78deb57c459a6f176a23a08263639cf03c057b41b3dc6ac839c67666ef261061f5f667fa955781bfe85de

Download Submit
/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
512B

MD5
23dacea7063ca89e3b05704c003e8374

SHA1
054b78a247a9ed012dbb7e6ee9ce690f20734a9a

SHA256
8fc07731da6bd644378791ea291659179166094b66f8035a0ce2df3ba6c78ecc

SHA512
40ece1b9f98773f1f3675127f747d8232e0b6e5d31bf4c2d5555a2844e172222a9d95d895ac96d0410c838ff3fea835902a03329ad393a49d21e08867aed645c

Download Submit
/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
8KB

MD5
a33d9e88b64b7f0426897fd4fb01ebf7

SHA1
d7a3b8d2e6be6a08d62fe6899a917e66153e9838

SHA256
5c2f0cf6132fbc77fa086a86da407feb7ebcc5b62185085b97f4ee7e9724099e

SHA512
bf129483d67ac02461d158b32885f3085c6a9c8c42ee118494b6e1edd2a5e44c4347316521051eb7dd33bf97e743d2848ddeaf7d63beb9fa029c947c6f2cc09b

Download Submit
/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
8KB

MD5
56a7478bad096007bc3c96eb56588df6

SHA1
cef3a995c9db2bbd866e916e1031ed71dd0ca576

SHA256
f9911db848cd13402aad91be90d62aef42548cce834850e7a47297cd6cc2e69b

SHA512
b169c1f224338930267ec096d71ae7b1570ac7f90185ea8eef4464b490be756d7f1179c81fa258eb8c4d0d279dcc9df989a9978191152fccfbffb13d2615a8ce

Download Submit
/data/data/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
12KB

MD5
8df7b0b741aff704ae88666648f8ef7c

SHA1
d33ef0832599995b5f6d4219680d85129d372b6a

SHA256
65c1cf409cc8ac8cd9623235b14e8c3242b5e4a5a49efa45377db41fe2fb1853

SHA512
d86e49ee6cd5a8130cd8fa56992b86a7032bae7fed380ccb453f61497c8102568d74a9f8da143f3fdc2a13ff2037c0f564cc62d28589dafed676854c524bd5a4

Download Submit
/data/user/0/com.cn.zzmain/app_ttmp/t.jar
Filesize
363KB

MD5
71f79ba9526f0b6a04ff423212d75238

SHA1
ff505b3673f566a812ae925acc84157a1b6f34d7

SHA256
ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f

SHA512
b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads