Analysis

  • max time kernel
    13s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 11:15

General

  • Target

    bba367a7b0717a629f10afaedda34708_JaffaCakes118.apk

  • Size

    13.4MB

  • MD5

    bba367a7b0717a629f10afaedda34708

  • SHA1

    fc7e107212e3a9494d5061bb1647f6ea6ef90cae

  • SHA256

    7ce1f44aa82ec9771593698b0415eb0e5dc5df6d3cc111f9cb50ce308eee9c1b

  • SHA512

    f69919bae3eb7278aeefa99dd2d5b169842c5ab3b70d535b60fb60f600160f46dcccd99f45e76fffc8246399dd3b2239fc1f24ecec9ea84c92e83aaabb763a51

  • SSDEEP

    393216:XG/7SFj7jDal48w2nGDoOWoU5T0PUF3rBZ:E7SF/ClJLxOWoU5TjdZ

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs

Processes

  • com.gunmaker.android
    1⤵
    • Loads dropped Dex/Jar
    PID:4257
    • getprop ro.board.platform
      2⤵
        PID:4293
      • getprop ro.mediatek.platform
        2⤵
          PID:4320
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/user/0/com.gunmaker.android/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4352

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.gunmaker.android/app_plugin_lib/libabcdefgh.so

        Filesize

        61KB

        MD5

        042246eb7c48a8cda97de99465e6a177

        SHA1

        f71816c4a80fbb7b63bfd6425d98db513aecb00a

        SHA256

        9a712cb778e9d43f8f4ea9fa2b9f4b8cc29daf74984d04f0c938dff21c118342

        SHA512

        2d201619998113c5d2990c92c28c973d557872bc4bbde153b5fca39bfe0b799ef0e9bf8c29d1304847f8e6691d55649d04c6a82fe8f03e621c9e8da50c50faa8

      • /data/data/com.gunmaker.android/files/stares/updates/sta.jar

        Filesize

        2.1MB

        MD5

        7219500f857b0c418b074759ba44301e

        SHA1

        07f557bc3d839260caf921852618ac762fef262d

        SHA256

        d8c32e40ba04065dd62cae8495eb47d1c251a6bc830778f80eb06ae07f04563f

        SHA512

        6086cfbeb32e3ded98d89c0f0bc01fac10e6036874e1c8e0ecb41864e62b00df5a32f9a3aa7bf126f6b8f1393db48abaf94ce528cf0686a3946b139bc50c8a68

      • /data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

        Filesize

        3.4MB

        MD5

        1895ebc4a529cfdff88439d2140f1c41

        SHA1

        3db0c02c9734c4e212e1c491a92006281e904034

        SHA256

        c2d2e925a001babc6f5d2a274e1f88664be2a888e8fb689bec2e635f8022cbc8

        SHA512

        61412d92c5077933c63f50adaa0059343ea4d4056598847a69d8d815e9828a7ecb964856c7d3972f2baa813b0b2f979129adf3b2402901c50e55e43811ac0df3

      • /data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

        Filesize

        3.4MB

        MD5

        63425c66f0f75213b749622795186076

        SHA1

        0246e8104a8e5f97ecc2a30ca48b60cb8c10abff

        SHA256

        12279787d7df147ab2112cfa402f93edcb205334f8d08b0ebcf49c19f7ee1507

        SHA512

        28530981b932cef52175db72fa68aeb0d44d852e7aebc13d9b848d6313109d7ece366369eddda264a4ca08b46814b3f966271367ad0205a91d7d67a29862756f

      • /storage/emulated/0/data/.systemid

        Filesize

        36B

        MD5

        abc02bc4e11bcbb8364e341fbf66621d

        SHA1

        94987bc276fa81d5c1de3c818996005dfee3cc89

        SHA256

        3bad04c62e2e912026363e3fa5e1d97d30384141c1f6828e1e81bf6a2fa53a8b

        SHA512

        ff12c886a9717d683eb7340da1d11b6169a21d0dcdc08ec3a1ee7f3ecadbe58ba9ca365c4ff0c2d41226c489d28d409d022908febf0ce85b5ed2379162cab121