2bee7630e1dbbffb1831928a2140e7b095ed08647b0b367a85b5134127a67e9c

Analysis

max time kernel
123s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
22-07-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63dd5f1f72bed8febf48c1351095bc92_JaffaCakes118.apk
Size

2.3MB
MD5

63dd5f1f72bed8febf48c1351095bc92
SHA1

05608082d004cdb9a1c636d0e3dc64240d2f5abe
SHA256

2bee7630e1dbbffb1831928a2140e7b095ed08647b0b367a85b5134127a67e9c
SHA512

bb58cc278d4b189cb358459a9822340526c93799fa35d8957f44b6f64753dfd00a5065521ed82e6390cfe28e4cc0012449a6c0b5e111bd5eda12f04676a0f6b2
SSDEEP

49152:A7x4j/jX2dQ1HEwVeK0EUmTX/Moa9KidQBey7PRVL8yM:A7x0/jX2dyVP0EUiX0oaoidNU3M

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.gijgjf.amtalee

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gijgjf.amtalee

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gijgjf.amtalee

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gijgjf.amtalee

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gijgjf.amtalee

com.gijgjf.amtalee
1⤵
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4242
- logcat -d -v raw -s AndroidRuntime:E -p com.gijgjf.amtalee
  2⤵
  PID:4278

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gijgjf.amtalee/app_jc/b.jar

Filesize
8KB

MD5
53159d695a1526cdf17785054fb8a946

SHA1
e24f978f8aa284a72f54f33626b2461ae76e4916

SHA256
fb0ac299198975e3aff37b4887be77dcf53bfe77a4d1e0dd08c24f6602315051

SHA512
bc2ba38e181549ba624e340c0fd02780b66003a15ed7a7e2fde5c1626477223aec0345e27635cf5e448c8fc1c850a682c1fd793899609b73ec84c04ca4da345e

Download Submit
/data/data/com.gijgjf.amtalee/app_jc/c.jar

Filesize
40KB

MD5
2ef1b67b28ddae6d9f76d0205a5390ad

SHA1
fc18120e4c6054ea2cd83dfe63af27d3bb7726ce

SHA256
f5eef26042ff307ea38e7b5fbe87ce490798dfb4cb3216ee8da5b844180e8824

SHA512
f9315d0f2182288d34661828a72daf86643b3e4e71819c53ab568fa003bf4d74106825c8e8e3e08b10c6bfddb85148ee4622b5f79db9245e00dc631ae7536e75

Download Submit
/data/data/com.gijgjf.amtalee/databases/advideo.db

Filesize
16KB

MD5
db5bc0789f22d958aca0628803ac1c80

SHA1
646957d6ef58f4befd8536341cf87db8fa92dd2e

SHA256
f8248f46e7941e789dc8d65b1907f0e595949778fa8e4a620ccbf4d7fe2523bd

SHA512
b7fc7dcfc00e136e053fc39f9e4b10a99e2b0d43859dcbd2420018c4982fe7ef81a5b5cecffdfec3ba9556630e388af53e00ddfaff38e11f3fee9346ca1c6838

Download Submit
/data/data/com.gijgjf.amtalee/databases/advideo.db-journal

Filesize
512B

MD5
e3822dc1917b1100ef2c7d845a4f9f30

SHA1
31c3c0333abbf4ac5f4223355d41a58c5c4d6271

SHA256
58de7e1b2f5cb452dbf6c9e905bddb0ccd005d681f49b2f0399366e6b19871ec

SHA512
9f8539e591f25643780ee60248a72964aa1f9a042832e060c7a601b6f9703d4abe84d648ccde1c0b4267b9cfaaf70fcc54d193eb8847a2a77a016484d0defed3

Download Submit
/data/data/com.gijgjf.amtalee/databases/advideo.db-wal

Filesize
28KB

MD5
75362c9a73364eb0b9bc43a30df23d54

SHA1
ba206e6e4d1a2fe05e86028e2ec2407e9fc4db05

SHA256
0c32046abf72c625a72b62e4e2ccd3ca9a8c798d5448c062cb2bf70969c81503

SHA512
3b7f46e253fc17b101d9877cc6357e455aca4e8dfe988f6ab4b5860e6c21f64bc3d3456ccab71eb0bd4d5de5719d222350b03a27458aece3e92f69f86aee7d44

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads

Filesize
16KB

MD5
e07b3465c58af2f92d31f2a1ba443bde

SHA1
9b3407e110af63e34bd755451fc471bb230fa8d8

SHA256
cd586187569b203caafc29642918a0505a04cfb8af7f54eeea386311a160b46f

SHA512
06c48ed793e56d923ce20d4683fef4d6b62f24fff7739001ff55fdd4bb7e5d8485be175a8a31ee62a766a7b8d01b8cd9b6e99732a4c6451dba534b4012bbabc3

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads-journal

Filesize
512B

MD5
0d0b1b841f8069cbce8115b97646449a

SHA1
cde6c57370596d465f989303ff58ab56f346caa5

SHA256
a974b6cbf3a8051e1a785f997391481deaee257a25ac69938e8c57e138c0736f

SHA512
03c187498a7b0a84271e68246a2dfb4ce68f5f54aee08cf1956bb53b06e6c358c2f50561c895f6c59e7ff68f1ce7da0d78ee49f54a453cb40ee1ab60d1593850

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads-wal

Filesize
28KB

MD5
005669e9af12ec5d57b66af059f93fd9

SHA1
5c670791b7540d5d7014ed860b8644fa1169dfd6

SHA256
4587a289a2fca0f2a1367a031373e3b5ccd724c1c52f1c481955f413558c2b33

SHA512
b87be88ea237fb4ddf87fdbc6552dc7f08e9e38308b7e6850957c25e284b6c2e64c45a675be17df119ca4c9b4973c558116c9fb4df6fb829a631dbd383e01738

Download Submit
/data/data/com.gijgjf.amtalee/files/mobclick_agent_cached_com.gijgjf.amtalee

Filesize
89B

MD5
9d3e1f87a642080cf9e2b74129583417

SHA1
d3d9558aee88cdecc71650b8fb0790d18b77d2a7

SHA256
b7af3041f031ea6df981e4a73097653dc77988ba6c16a9f49712f99b566ad582

SHA512
cfc5b81ddd6b29063a106ce403157ee24b0aa5f6fa77000048a943dd4c34bd87998a10363de8c5f8c77995ed24a6c9351cc7b2763891c6986c347b727a26a1f8

Download Submit
/storage/emulated/0/.android_/b

Filesize
90B

MD5
0f89cd47751d3b6c53f0caf011cc5633

SHA1
214563c60938e39d0fcb9d48002b1ff3131126bd

SHA256
f36215e8925dccd33ffd15ccb864a5c335b32524924364d5cfd22d62659d66ea

SHA512
773f8afa025ac15fab4297845855b23b4c98ca5b039ef48243e58984bff14c7b85bbab084955058370bf8d64e51cc6a871996cf530e696f43f03252340fc111d

Download Submit
/storage/emulated/0/Download/ads/rt.dat

Filesize
15B

MD5
44be0e5870b890c50d4668a9f8cb1426

SHA1
9b1bc43d305948add386a4b3737b99775df0ceea

SHA256
0ab28185b2f7e2530fa23bbe08a1d16124efde1dc7d8635d5d48814b7799565b

SHA512
55c24a1dbd8494320ba21b1fc0ed39327b4e79648e83f8c2f9df7763e9dc80a623fff25a7d819d74db9a227b77799fe08d0b83a8241ef2a622f29cc95079a74b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads