bbdd5aeb146a5b078cb3401cd00c7a31873034d349352b9b99d7adedaefaba1a

Resubmissions

25-08-2024 06:54

240825-hn9las1bpf 10

Analysis

max time kernel
3s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
25-08-2024 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c02f2be343893116a210ae1b2e64bf62_JaffaCakes118.apk
Size

30.8MB
MD5

c02f2be343893116a210ae1b2e64bf62
SHA1

53043908731816cda4c8a5bc63f2ff89bd331d2a
SHA256

bbdd5aeb146a5b078cb3401cd00c7a31873034d349352b9b99d7adedaefaba1a
SHA512

9d3053de480138c8b310f46b0f04fa012de488d5dfd9a28903ab0a7e5956cace41ce32e51b6baf62f16f38f34c92805e613c3d3d4312f7dcb41fee1b0eee4868
SSDEEP

786432:yzaUFJL/1SggjVOQKJrUVKqikAQ6mkXDx:w7JsPPurUkcAQ6jX1

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 6 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	cn.mymzt.pay
Accessed system property	key: ro.product.device	cn.mymzt.pay
Accessed system property	key: ro.product.model	cn.mymzt.pay
Accessed system property	key: ro.product.name	cn.mymzt.pay
Accessed system property	key: ro.bootloader	cn.mymzt.pay
Accessed system property	key: ro.bootmode	cn.mymzt.pay

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: qemu.hw.mainkeys	cn.mymzt.pay
Accessed system property	key: qemu.sf.fake_camera	cn.mymzt.pay
Accessed system property	key: ro.kernel.android.qemud	cn.mymzt.pay
Accessed system property	key: ro.kernel.qemu.gles	cn.mymzt.pay
Accessed system property	key: ro.kernel.qemu	cn.mymzt.pay
Accessed system property	key: init.svc.qemud	cn.mymzt.pay
Accessed system property	key: init.svc.qemu-props	cn.mymzt.pay

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	cn.mymzt.pay
/dev/qemu_pipe	cn.mymzt.pay

Checks the presence of a debugger
evasion

cn.mymzt.pay
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:4516

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cn.mymzt.pay/files/libexec.so

Filesize
326KB

MD5
32edcf7f79346df08dfd4d2f4f825f07

SHA1
09835c303f8a0aa7067ef19ace935851c509accf

SHA256
6065baa5d5d83031efc054995739132ee543309d8faf74f9e6cf3c8cf573ea6c

SHA512
9b312b9f1369e66a900ce9bec22dcdfe65351c02163a8a8c52a7beba1581d437cedbe8b6b4f5e40777d457de4156c9c051dbda5bdb1273dc0d72f9d495391600

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads