accc965650aa56ea04effd535b253a4d212ab989dcf9d31eb333014f111bfc40

Analysis

max time kernel
179s
max time network
159s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02-08-2024 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82ece1a940756268ba1b368c94f43e4c_JaffaCakes118.apk
Size

26.8MB
MD5

82ece1a940756268ba1b368c94f43e4c
SHA1

b3cefa0c5df64a18194d731ef0ae584bde9eefc0
SHA256

accc965650aa56ea04effd535b253a4d212ab989dcf9d31eb333014f111bfc40
SHA512

035b2bf8a5a5783a35ab0caf3c37283070077fd640dd5c37d256509225d98fefb8757721896a330f211f4665188dfe0df13f0f1c3b7304b5a864a21d341b2686
SSDEEP

786432:wI8yS5tJzSBPe0lfSeC7ggJnqUbYN3dMEhEcMIIt6khCdz:wE8t1SBfSesJnqGYPMBcMIcdCF

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.spryfox.roadnottaken

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.spryfox.roadnottaken:clservice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.spryfox.roadnottaken

com.spryfox.roadnottaken
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4947

com.spryfox.roadnottaken:clservice
1⤵
- Schedules tasks to execute at a specified time
PID:4983

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/tencent/.cllock

Filesize
38B

MD5
dd49d6134b27d096a7fabf6409e2b73e

SHA1
dc59f61a62089a9ae4d1006963ef69157f401b4c

SHA256
b1a3d57d9abb29dba79e8649c500f45373d338fa7045ab76650284c2bbfd610b

SHA512
0d2f8f240e120381cb62df1a4194c7894588c21c0772009b197359d874dbe0eae4840d37b8371c73b0e5bf830c11fbb37d73ec14a01ea8dc561edf3df232a8a4

Download Submit
/storage/emulated/0/tencent/.cllock

Filesize
38B

MD5
6228a2401f380675a36baa858d850ef2

SHA1
49c1e36918623958f99499b212e314db46a8b7fa

SHA256
5f64d1ed06b21d2c25d3bc0321f7108500f2834a5ed507d9fea1e32bcb5fe34c

SHA512
05e55d2e256eccaf3a5c89aaa947cf5ae580a8f1df95f803773dbee45830589405a3178765ec1aa7ca03eeb8273c9f46ce434458059e612b4f609df3601cba20

Download Submit
/storage/emulated/0/tencent/.cllog

Filesize
161B

MD5
f42760b9a22366bb4033861e4eae1b81

SHA1
8bb1e2f769e1fd9497e059071ce2ae0e31ba0397

SHA256
96913b3e9d4499c65c90cbc3e2eab1b1b7eef7c7fec8da267e8945a59f367553

SHA512
762c976a1cf4dcd65ada6dd37fec397557e3e58b13cff5820db26d453827d0fd6e9e8c944e7dd8647625d2ba12cc4152829a75ba6fa19209fcd1db24ce7f4be2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads