19e20c9809cc61b1d4231cb0c3156b1a12b7ec14f9825e9fa2f8fd1eac359c08

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16-06-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b30c2dc0a49ee95cc1440c2dde85dbe9_JaffaCakes118.apk
Size

2.8MB
MD5

b30c2dc0a49ee95cc1440c2dde85dbe9
SHA1

caf3fe5f599070af1100e98c101ebc67535fec10
SHA256

19e20c9809cc61b1d4231cb0c3156b1a12b7ec14f9825e9fa2f8fd1eac359c08
SHA512

0131587e0808934f97f4ff5f6b4a91ceb29cff12a5d834e6fbed47ccb5f54aaa352772f96bbf040023d395d3d87671abf221e0c79c2d054ff3396de1778a8760
SSDEEP

49152:X3GSCUq7pRJANwwnp/k36IyKYM6qcC6DXMBJBRtpImYuBDgw:XTCPPKBp/C6ktt6DXCJBRtpILogw

Score

8^/10

banker collection credential_access discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cn.zzmain

pid process

4646 com.cn.zzmain
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.cn.zzmain

ioc pid process

/data/user/0/com.cn.zzmain/app_ttmp/t.jar 4646 com.cn.zzmain
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.cn.zzmain

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cn.zzmain
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cn.zzmain

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cn.zzmain
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.cn.zzmain

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cn.zzmain
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cn.zzmain

description ioc process

File opened for read /proc/meminfo com.cn.zzmain

pid	process
4646	com.cn.zzmain

ioc	pid	process
/data/user/0/com.cn.zzmain/app_ttmp/t.jar	4646	com.cn.zzmain

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cn.zzmain

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cn.zzmain

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cn.zzmain

description	ioc	process
File opened for read	/proc/meminfo	com.cn.zzmain

com.cn.zzmain
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4646

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cn.zzmain/app_ttmp/oat/t.jar.cur.prof
Filesize
463B

MD5
e9ba5634e5413973e548ea52570e28fb

SHA1
f8e6832cb605dbaf676e1aba86ba3a9ab3e40196

SHA256
8700af2f491dda3fc63ad71f211c81afff7cd077243f2e49948c859968ac7ea5

SHA512
9f19dca87c6962382e0e3881c71d70a7cbb1ebbf1390e58a38edb79d305ec9f336dbacf6a1cbb90f21393a4a5021672053666367447f35f3950b758ed9bddde3

Download Submit
/data/user/0/com.cn.zzmain/app_ttmp/t.jar
Filesize
172KB

MD5
39f7c5d4a7962708aa7d98bf2fadfc27

SHA1
cb348f750596b2e54705eb7d20b9fb2cc9d8807f

SHA256
e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558

SHA512
55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

Download Submit
/data/user/0/com.cn.zzmain/app_ttmp/t.jar
Filesize
172KB

MD5
cf9c7fb39d30b43019bfac428a3269ab

SHA1
912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283

SHA256
9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af

SHA512
2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

Download Submit
/data/user/0/com.cn.zzmain/app_ttmp/t.jar
Filesize
363KB

MD5
71f79ba9526f0b6a04ff423212d75238

SHA1
ff505b3673f566a812ae925acc84157a1b6f34d7

SHA256
ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f

SHA512
b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

Download Submit
/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb
Filesize
64KB

MD5
32f6f1cca78c956b13848ae7d56697c0

SHA1
4f43d196583f67fe6e264b9d17b351bce9531a03

SHA256
b155c2dd93afeb770adda725eeacb1acfcd52afe9dc0dc4eef366d9685584e28

SHA512
cc011646e419eb51ee1eff914f2a73127cfd1caf82144afe71891f682add672fcbc8c26223857075264b1814ce61c5aab1e6d85300b6e8444d9925fd635e7c95

Download Submit
/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
512B

MD5
c042f053d2c0d086ac04e8954d3bafa7

SHA1
d5927c37eb08d8018b412d2d89310f5ec570db44

SHA256
5bd60b5f5a6e64c75de50523450cbbfc1e131c43fdba0828a77af5993bca1165

SHA512
8d0bd94826b4ecc15e385c0ecc83515ae5419ef71f4d0618b1219c7cc232e5e122ef86d7fd04ffd5719e70cf43b6756ac947cfe1637119557f095bc0346f5f60

Download Submit
/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
8KB

MD5
2e57ba2e93e2087ed73e0ff4abe7e159

SHA1
2a6331dac991644225672c6bdb99afd6989d2f82

SHA256
f092e85e2615a8485a4eb042add8adad84fe674a7cac09b476c9a45062151462

SHA512
4f7047fd4f4bceb445fb9c474da796ea82fd7ec89f0f51833238db4faaee971c9739eee706c4b366424cc6f9bc9e3b7c1d7a33d09523775b62eea1a380db23fa

Download Submit
/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
8KB

MD5
d54336050b2b78042fdd6dac4519b98e

SHA1
69ca6b6be765202795738483d3c489c292946c9f

SHA256
35598be03e17d7a4630eb96390712e8ddf8abc0b433027a9160888701540f533

SHA512
4d5c92f1a3ce6ead43e20292efe9b4f371c41b6719e86c8ae80e8fcf12ac8f0bfd122c33e86907551ba43155c6ed9f3708959c056f9850f138ce5069a637be7c

Download Submit
/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
12KB

MD5
01de85d6a58b091f45536f001b957dfe

SHA1
3e7aab94dd24cccc0e45d7295edcd34f88930a65

SHA256
d90819ecd055f9353241357c92b150e45922f9c7420ca59efa063d4c21426040

SHA512
a083c5b6cdd8c874c67653c27da72d8f927f61a42b0bc2e99f0ca0e0c30ec3b84f4c96d8776faafe20aa4f1eda268284ffea61f3c1e1b116dc5138ce8d665c7a

Download Submit
/data/user/0/com.cn.zzmain/databases/com.cn.zzmainb-journal
Filesize
12KB

MD5
1caa05a9f81486f42bf172a5771f359b

SHA1
39c128f5849422d929a5509cf46b00573f84a3af

SHA256
1c99d0ac77fe7a4ccb32ec63f49bb01ffdc0c64537eb630ed81cd4fd473882f6

SHA512
5c48f948b4c39a392ef62f5cf666f0bdf0c47e4a552fe6d0a043c230e9a0abc611f00579cc281cdc538b06ab9887fd7934aa90e3866a41597dbbc674ca1ef02e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads