Overview

overview

8

Static

static

6

b4500d97be...18.apk

android-9-x86

8

b4500d97be...18.apk

android-10-x64

8

b4500d97be...18.apk

android-11-x64

8

Analysis

  • max time kernel
    177s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    16-06-2024 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4500d97beb41fe730f118546977a77e_JaffaCakes118.apk

  • Size

    263KB

  • MD5

    b4500d97beb41fe730f118546977a77e

  • SHA1

    2c506133161eeb55cf37920ea285e1a7d5cf269c

  • SHA256

    91580dec4d188d56132b7e26202df4451e7b57abd0f7da8478fa983871495c25

  • SHA512

    2adc20d8b31b1869bd710d272100bc963209dff8763e0889978f778404b42ed66fa9db160564f450316aafcad99fc44a3f16973f2d0ee66e1bd54d192ea7ae64

  • SSDEEP

    6144:WEPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNw:3i6tQIwsBFa/IvcR9Uw

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.bangkok.bqupmorm.fhjqstiv
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:5043
  • com.bangkok.bqupmorm.fhjqstiv:RemoteProcess
    1⤵
      PID:5088
    • com.bangkok.bqupmorm.fhjqstiv:guard
      1⤵
      • Schedules tasks to execute at a specified time
      PID:5436

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.bangkok.bqupmorm.fhjqstiv/app_tfile/fields.jar
      Filesize

      138KB

      MD5

      cceb8db3b057d24673d49eda229e9892

      SHA1

      b18f6353b2156410249079a3b7b86ef3a530e8ee

      SHA256

      e900cb4c3fe9d8f45196a7457e9645c65b0f3cde820f4161950252cff67a4d97

      SHA512

      4a42cde3165a706e823caa1362001ed8aa647caf22325a4f2554c64fc4ebcd79afe44fe5eab5474221806f26e7aca9d2901026de6e597ef62fe867f123e4bd57

      Download Submit
    • /data/data/com.bangkok.bqupmorm.fhjqstiv/app_tfile/oat/fields.jar.cur.prof
      Filesize

      369B

      MD5

      6de41202d76cfb91657a014430e7f33d

      SHA1

      1c066a98ee1dae3493881522b42a6978ef72ffee

      SHA256

      51491488aa5999f64c4d74c50676559497e9890b2a3978cdc8f07dc782e945ec

      SHA512

      765ef4f4ca7a832af8677b8cb38b705a5cf809b6d321f7d86bcb03471d5e55d8c9b8dc04dbad9f89b10febd5e87b29d29e1bd36fa91259ba00ea863ad1225236

      Download Submit
    • /data/data/com.bangkok.bqupmorm.fhjqstiv/databases/tbcom.bangkok.bqupmorm.fhjqstiv
      Filesize

      36KB

      MD5

      ae8aa93151da27ce1348c21d6ea98a45

      SHA1

      d187ce29f387717ea0c7d2919a77945a6f04a954

      SHA256

      b5023c1c2354845e52c945166be1111d7565a000e57ea18d8ce2943c73580e81

      SHA512

      7bc212292c6dd5192e2d714d1e06c3109f133bf0f5bddb4dd4113a4b9ab3a8db3ba7e1cab4a7da44724361b8d7d53cdde3d50506cf7264fb00d7b4521014c85a

      Download Submit
    • /data/data/com.bangkok.bqupmorm.fhjqstiv/databases/tbcom.bangkok.bqupmorm.fhjqstiv-journal
      Filesize

      512B

      MD5

      1d9b0f6744e70463100c32bb83a90ed3

      SHA1

      d9fb92ebc0b475dba2ac76fb877366c5eaff10d6

      SHA256

      f156a1e8559151fbbd9f25aeeffce94e0c4ec6f98cff381ee8c9a67ca09b5dd1

      SHA512

      88de6b06bc6989bccaec93d247dbf1acb9e3dc6da561ed0d00cd15f04f41dceaeb75a163ec50632364d24114b6f0c32ca71759e6a8dfe659ffd3ea2166ae021f

      Download Submit
    • /data/data/com.bangkok.bqupmorm.fhjqstiv/databases/tbcom.bangkok.bqupmorm.fhjqstiv-journal
      Filesize

      8KB

      MD5

      120afa94fabd54538735d3181699a4d6

      SHA1

      ce59b0428e236f3ddf1d346a2de276ceeadcb0c9

      SHA256

      1e2289b7b8262a36c59be1dc642dd2937cf6597a573cae9e7f6c550440edeb7c

      SHA512

      9e6edccf49f507813ea3ca65214ed67e9aa7dff8397d47362de6b2acca54be3efd0f6f39ec72ce49a6a988dae5b808d3cb1daf7d0439a24501f38f18c301112a

      Download Submit
    • /data/data/com.bangkok.bqupmorm.fhjqstiv/databases/tbcom.bangkok.bqupmorm.fhjqstiv-journal
      Filesize

      8KB

      MD5

      485d9848a41f51452aad5a813ab72ff8

      SHA1

      29f8cbd651741c796ae2380a3ecb61845780d37b

      SHA256

      9546661b08daf58a61a3ffce0a9bf772d37b1ca0508c7f7dece3c5a10b196c9b

      SHA512

      f9274c7b6e413a08cbee337e4cd5fa4ee6d62cd93365414ac4e11d5da3f33d5fa2a3cf9ba07eae4586cdb42d45bd8053fd6451a779374a74094d37f34b26aacd

      Download Submit
    • /data/user/0/com.bangkok.bqupmorm.fhjqstiv/app_tfile/fields.jar
      Filesize

      281KB

      MD5

      73b11c4c10150bbd4f29ad012dc11dde

      SHA1

      65c83ad32c29f9811c32eda75d7fcdc92ef42dda

      SHA256

      52132037e9b950a9cb48d6374ee2c6747a6bfe776e13a726395771f1b40ee9da

      SHA512

      3e53b1ee22a00e60896da86d2695195e0965c93d190c4d1c0dba2eb5c611d670ee7693a9f8756858255e2b170cb82a753719dd4d6a827af437309b7a1dcc6f01

      Download Submit
    • /storage/emulated/0/Download/sdsid
      Filesize

      4B

      MD5

      b8c37e33defde51cf91e1e03e51657da

      SHA1

      dd01903921ea24941c26a48f2cec24e0bb0e8cc7

      SHA256

      fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

      SHA512

      e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

      Download Submit