2bee7630e1dbbffb1831928a2140e7b095ed08647b0b367a85b5134127a67e9c

Analysis

max time kernel
12s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
22-07-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63dd5f1f72bed8febf48c1351095bc92_JaffaCakes118.apk
Size

2.3MB
MD5

63dd5f1f72bed8febf48c1351095bc92
SHA1

05608082d004cdb9a1c636d0e3dc64240d2f5abe
SHA256

2bee7630e1dbbffb1831928a2140e7b095ed08647b0b367a85b5134127a67e9c
SHA512

bb58cc278d4b189cb358459a9822340526c93799fa35d8957f44b6f64753dfd00a5065521ed82e6390cfe28e4cc0012449a6c0b5e111bd5eda12f04676a0f6b2
SSDEEP

49152:A7x4j/jX2dQ1HEwVeK0EUmTX/Moa9KidQBey7PRVL8yM:A7x0/jX2dyVP0EUiX0oaoidNU3M

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.gijgjf.amtalee

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gijgjf.amtalee

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gijgjf.amtalee

com.gijgjf.amtalee
1⤵
- Requests cell location
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4959

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gijgjf.amtalee/databases/advideo.db

Filesize
16KB

MD5
628be2a6f625115fa6f0b4886c996257

SHA1
87c5937e057f4c5b9365ec9dc41687d10a215985

SHA256
717ff950e18481517fa9676341e23c6d0fcedffe69f941cb0f589cab803a1c68

SHA512
45f0f8b3c826eb343094fc11e7894cc76c1675dd598faff08b3f31a7c7e10ef411591d0c5ea0c97e42bd4ca2302f6b8a1098b1bc3509520cf626bd3028164d0e

Download Submit
/data/data/com.gijgjf.amtalee/databases/advideo.db-journal

Filesize
512B

MD5
eb10e72ab0a2033a5e0949650dd56cf0

SHA1
c09a1c196fb10ff893170def0b0af690ed76753c

SHA256
3792e511676e849e87d02423dd75e7b21c6efaf402791c77f146976ec5863530

SHA512
9bac1b290e447c33e613ff2421cabceb8fcbc9c012728373f84d8997cdaf5e9b6928b221c62453cb7d09bcbf65c376e57fde03fff1c78c52c8c13bcab4738344

Download Submit
/data/data/com.gijgjf.amtalee/databases/advideo.db-journal

Filesize
8KB

MD5
5dcb1b5a1bda2ac8fa621c2e8fa7889d

SHA1
4ecca4b232c67752813b9156a1f0bf1f046d19ca

SHA256
7ed27a0bc580650e76f401ea90d9bb8a2f861d4ad09496bc3ad2497edec74c02

SHA512
d4105d9827202656e1f534870263493c998f9c68161992caa7934710551f0c7fd5bb5faf7f94b577b4b0235218585c27ee88d1daf04f328380f14fab3b360c2b

Download Submit
/data/data/com.gijgjf.amtalee/databases/advideo.db-journal

Filesize
8KB

MD5
313c73bf1d1d2653c8973cdee42cb7d7

SHA1
a6cfc1a9196c127e4e702337b5b98faec6f02dfd

SHA256
c932504c7c96596f398b328b062c8fcb488e7b2620fe5aff3dbbbb18fdcc3579

SHA512
1deefa856f95dea423cc06f8b021658e0010c19d5040031b45207f828da50ac0704187d912dd75dcbeedd3afc1ea92daa25b716ca507bc7c58d1fa68c43edcd7

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads

Filesize
16KB

MD5
c6aaa4f863ecf344e5b2d8f089e2c8ab

SHA1
864dbd72dd750d017092af8043de00dc7b4ea492

SHA256
0a5c55867d3998b91573358e211750eeea4556bbb64ac7ec0bb23cb8bcb759f3

SHA512
c144a94c6030b59c7f987e9133c4fd48ca70fb683d248f1fa9ae2ac87cbe514a32107b44c454cfa1adb2210f67732cce76c1ae6cdf80df80aed560f9a497d191

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads-journal

Filesize
512B

MD5
3f4a8adbcedd41ab00681c9a05e96211

SHA1
54881debb27d10bca43620154e9efac97386dd7a

SHA256
0f9eff905d540a41b16843c612b5f846f6c2aec20f29c40414a0c781fc96fc4b

SHA512
e5fc097494f2a26cbc24cea22b5f3418ef1df45bda4db7b9a68be535936adebf54ba867c45af2c901433f39ade8a6462d640dd37df7db21025afe3d3f5057703

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads-journal

Filesize
8KB

MD5
3db43df4e4419dabd5040c353f53cba5

SHA1
67b8a0da9084523e6c0e658e3d150697899779ab

SHA256
7d3ce0e186d94b125557bf300dd1b28c9cafd6514915de22aea1334b098c5c2d

SHA512
02c6c5ae6407b99249b7870e3617d78b2777f572ff65ff9ba5246c71d05f75748714f14102877329618a629c19665b2d2416dca4df948545e58839f01b9f2b79

Download Submit
/data/data/com.gijgjf.amtalee/databases/downloads-journal

Filesize
8KB

MD5
7337dec9427818a531221aee70d2e835

SHA1
c7b473daf4b1c703ac9693636f2c1860390e596a

SHA256
b2de9c7f63a4dc594be0524a31848004503c29ba9e2d63546319ca4f5baabfe8

SHA512
315d0a304776e60c9f2a5b71ed60f66b4d0415ef72e391d4280c47ccf0e7d98dacc23305e1d5da687f6df22483a33059f631cc529aa04978eece480fe596ffb2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads