5f4aec9d9283f491a5ba5a0cbf448bf25de49712eef79d68044b016160b5ae7e

Analysis

max time kernel
48s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
17/06/2024, 03:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b68f88b32b11311a1b6066fd25a2e763_JaffaCakes118.apk
Size

30.9MB
MD5

b68f88b32b11311a1b6066fd25a2e763
SHA1

549fa4157a9e0983ef7ff120c771942e7e69e0df
SHA256

5f4aec9d9283f491a5ba5a0cbf448bf25de49712eef79d68044b016160b5ae7e
SHA512

978e6efd8c0296e85ba6e72c4031c3155c6ffd1419d130503205d5f7276690c91596abe8e71ab6f5a08e45ff99f3059bb0db24f62eac2c3571258b9b804b5c45
SSDEEP

786432:mX+/usfnqG/awrTlVYWT7ibLi4rtkgxGQquod3dhwJ4tigHjWZ:mu7fP/hrTleWTO/ietkgxGQq9ThwitiP

Score

7^/10

banker collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.huicaiwang.H58569DD6

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.huicaiwang.H58569DD6

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.huicaiwang.H58569DD6

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.huicaiwang.H58569DD6

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.huicaiwang.H58569DD6

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.huicaiwang.H58569DD6

com.huicaiwang.H58569DD6
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4677

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.huicaiwang.H58569DD6/shared_prefs_ext/test_app

Filesize
24B

MD5
44aaeb06c5d8c9db715d1904baf76820

SHA1
5408328f32584b089153c3d8989525dd4cd0004b

SHA256
97f924d1cc31ae256fc4d448caeade409eb7709e9ed8d31392a69a0030605dad

SHA512
4f86a5d02ffe4222b9726ad9bd3cece1828628a94d09cf87eccce368ac628cefd89d71c81a49800ce9612801e95459d460fbf06e5bac86aae62cde3f1c269afd

Download Submit
/data/user/0/com.huicaiwang.H58569DD6/files/cnc3ejE6/eje3cnc

Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
cc3930ec38715cb6fadd586627fbfec3

SHA1
f95c7879beab7d22a122b62e52c1914c82c4417a

SHA256
760dad84bbaa8a12654b0d3c9bee804166976857ace178841b80bda787623553

SHA512
e86aea1c02e7bda14298be1282192c4d66aa1ebe682ff8d465c700626331d383e2f88dbd20ffb57d1079e0ff607b29ab41c7ec4f8682d2dd49ddce82aa7909af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads