cc6198dc7db6485a66de7feb7ffd968702b7f995a9a3ceff24a3418a66d4698e

Analysis

max time kernel
4s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13/07/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fed4e34dae11f0adbbceb41af4d0a1d_JaffaCakes118.apk
Size

24.0MB
MD5

3fed4e34dae11f0adbbceb41af4d0a1d
SHA1

78b4448d72908a3473a66b48208fbe1c67d7fa34
SHA256

cc6198dc7db6485a66de7feb7ffd968702b7f995a9a3ceff24a3418a66d4698e
SHA512

ca536253cd6d9b25924667eacd0e5980900aacb6dbdae2dfea4057cd6f976c07addb7d594b686246c36b59e4a06e3f988382e3d2fa9a1692bf9713e50575d7d8
SSDEEP

786432:4L/pMQ7TX9hxk+LCIlbhEhsDk/4V7tVt/ZA1:4DpfHvxkoCIlbuhQNLt/Za

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.willscar.cardv
/system/xbin/su	com.willscar.cardv
/system/xbin/su	ls -l /system/xbin/su

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.willscar.cardv

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.willscar.cardv

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.willscar.cardv

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.willscar.cardv

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.willscar.cardv

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.willscar.cardv

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.willscar.cardv

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.willscar.cardv

com.willscar.cardv
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4308
- ls -l /system/xbin/su
  2⤵
  - Checks if the Android device is rooted.
  PID:4411