5b7f0d49cbee6864471297997b38c8aa3be1340e5d680478b9d5fcab630ad8c7

Analysis

max time kernel
5s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
17-06-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b88c68fb1b8371690790754e86174c4d_JaffaCakes118.apk
Size

4.6MB
MD5

b88c68fb1b8371690790754e86174c4d
SHA1

7060f14dd89debe05b9aaf0af0553fdc6d1aa491
SHA256

5b7f0d49cbee6864471297997b38c8aa3be1340e5d680478b9d5fcab630ad8c7
SHA512

22086a355bf6ed3debca2ba5685571efead1c2038153a29ec2627f4746de9cf6dc5180c6573de33c76864417214f6057d9cbd08faf0b76e62a9b182b92729d7b
SSDEEP

98304:S4I0D0zsxRduGVNU5uKE7Hd1U9Nxl8EuW5wdq9FPTLHet6Or5iAzP08sGK:S4bwAHdjVK5uKETbU9NxlUW5wY9FP2tU

Score

7^/10

banker discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/storage/emulated/0/Android/data/am/cm.zip	4291	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/am/cm.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/am/oat/x86/cm.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/am/cm.zip	4229	com.android.uam

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.android.uam
1⤵
- Loads dropped Dex/Jar
PID:4229
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/am/cm.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/am/oat/x86/cm.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4291

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/am/cm.zip

Filesize
4.4MB

MD5
cb1ab377075311a5356d63bcc8ae67fe

SHA1
c23a8fdf959a0b861893382b3a81c6b4253c751a

SHA256
65a3e37ee062d2524ea1f97a742d13783d3499ce83aa575a9c9527a2af65749f

SHA512
1342c9286724948e4395696623972f683ce4dc3ec89adb2669276b6db35de5106d0adbcec145a3b8d84624fabeca29ee9f7e066f8619dcf32adc778bd172e3a3

Download Submit
/storage/emulated/0/Android/data/am/cm.zip

Filesize
1.7MB

MD5
bf18939bd1f7192f9fbcf5f0c5d6ed79

SHA1
31546bcd7e77786ddaf680f1c5d6d3b299aca82e

SHA256
c751b312d820c637e867f8c09609f74ccbd3cc7871de0141b7fd8425b026b89a

SHA512
d0698ef58ed1c18496e6cfcd06cb73a1505ec7e643ce090692755d74c0e5a32779374856bfa54f33f880a8050e35fefb3b42c3243521c65b3fa856d9055ddf81

Download Submit