f82a77356698e5cd018fe6126d2fde996d37399dc14a6b7a95c41ba1dfdef829

Analysis

max time kernel
144s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25/09/2024, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f67377b5bfc63639b5785b40ba54b3f3_JaffaCakes118.apk
Size

16.7MB
MD5

f67377b5bfc63639b5785b40ba54b3f3
SHA1

c7d76afd1bf4530dff87a7f65e7f7d601b63da56
SHA256

f82a77356698e5cd018fe6126d2fde996d37399dc14a6b7a95c41ba1dfdef829
SHA512

2d17d3276a27dc89619b8c963bb9b107208b3187712a58f6a192eee1f8cb872f31d3f70ea6b3fe804cccc2c9b7d3ffddb9f8d27f523bc671b04ec305349bf577
SSDEEP

393216:L6lsqOujpU3qRDQmOifgzsmzqlK7BgjdbUZC9b3/RJv:Glsdul8WxfgAmzqIGbUZC9r/Dv

Score

7^/10

banker discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar	4287	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.upbaa.android/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar	4260	com.upbaa.android
/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar	4322	com.upbaa.android:pushservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.upbaa.android:pushservice

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.upbaa.android
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.upbaa.android:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.upbaa.android
Framework service call	android.app.IActivityManager.registerReceiver	com.upbaa.android:pushservice

com.upbaa.android
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4260
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.upbaa.android/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4287

com.upbaa.android:pushservice
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.upbaa.android/app_push_lib/plugin-deploy.jar

Filesize
374KB

MD5
3d9d88035ee5ae7a169fa74e87245c63

SHA1
98c7799d4b1a9543cf616a32f75ade531644546f

SHA256
7528fed30b06d9eea3d15ffcf9a35d9e60de0da3a7e50f2c5f007670b2294b45

SHA512
b37eb78732f9bd76f3fa9692a35cd7348640a0d2ce59a5c19f0efaf32a2dcea1949cccbc6185dc5bbf9134ddf61c4ced90ad573cedc01ec3071881040bb0affb

Download Submit
/data/data/com.upbaa.android/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
1f6496d47a5e58b50390712a570bc186

SHA1
80b2da5fb6f3af5d7036d0d4cfd7213d2d182f0e

SHA256
f73fa1d327d2c6c1bcadf013630f4a6167a309270509976112955842cceda5dc

SHA512
3df7355f2fbebee36f9ac3ca710a2db75af04e0652f41c192be3877f20cc5ba76f285d78e2d09d48bebdf861835d877b598039091fe369506dccf074a31d24b1

Download Submit
/data/data/com.upbaa.android/databases/pushsdk.db-journal

Filesize
512B

MD5
2387d9bfe05bfcf8f408bd05c0d6112b

SHA1
ee4d0492dbffbd4e19f736043dd61bee0a280def

SHA256
0d49b7b95e57a74f342642f303aa56026d44a97940d5fa2af2a0e61e3e4cf65a

SHA512
1c54d0ca23118e78f736bbc3850b6093bc0b036dd39ed169a39ec91dd19fdb9bffcf9f30e2dd8c89e10240b174824fe92dcf92a85b85d3fa28df1503449eb3a6

Download Submit
/data/data/com.upbaa.android/databases/xUtils.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.upbaa.android/databases/xUtils.db-journal

Filesize
512B

MD5
5ef4f93211f4b4016e227ecc61ced76e

SHA1
25bb5496093f3b4cd1550402f33e034f65b5235a

SHA256
64e3d51cffe59181ef82201ca06c1dfb0e0e3c17e02a0fcef348d069477bf77f

SHA512
ad61d4f7ded9c400109b99c37dca24b4147aa0e0e7c6f7ca003091954853824f1b61f1206bb84e6da5cd924ceee6ce55d029085817e2bf822b6b229dd536bb19

Download Submit
/data/data/com.upbaa.android/databases/xUtils.db-wal

Filesize
40KB

MD5
77e165f3414287ee9cbbe083d53ddc92

SHA1
fd725c5743b0cfd990de89324796d45fb2711894

SHA256
f9bd220f91816b95b6cd662a3be755fdc26019690ff4f3a4a30510c5cce9d500

SHA512
51ea04da10612a1ea8c0b77f69fa26cd3ea68f6e4e6bde0912d3696ea224de2b75849ce90a1342f494c575f60c00153e1cd2caf4aac9e9567406323ca52f6317

Download Submit
/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar

Filesize
744KB

MD5
049e03f06b60576823b7bf2ef37070b8

SHA1
b1ea66c5d4fac5893105c5215bca6802f16a52be

SHA256
d1d2f9273a8a17606406a10d597f4c2054b8af98e72c4158fc85b3caed4a3ae8

SHA512
f20c56425035c531e79cfb06bbb32fbcbd80f3faa16d8998605e21e026fab10e15ec2d676d5fb22bf8ff53c4337229fad326ccb660edaa3f9391fb1ace11359e

Download Submit
/data/user/0/com.upbaa.android/app_push_lib/plugin-deploy.jar

Filesize
744KB

MD5
08d32c9ec18348ccb72971c95ae6c14a

SHA1
6744f4af3a10d92186c8f73732a5895dbc971c5a

SHA256
e05661c3c96e08be497a7565e712dbc45e58e66f34a0d0a8432b2a6809ba9bb6

SHA512
369bb38ac981b92af23d38e639f05dcdf789cb94670a3b21a5cca4939c984832cf91bd3a02609a946d7d2069b582e3128206a2059c76e9d3ca2b74b4d46f713d

Download Submit
/storage/emulated/0/.com.baidu.frontia/frontia.db

Filesize
32KB

MD5
e67e9eb2a4b06283cc3df033863d8da6

SHA1
43d977a0b3099a00597cb44d06d205f4b2a3a1ce

SHA256
83ec258b6bb380d54504285fdfb980d694bdc4488bc9a0e4f07080a13f097926

SHA512
14611b9a2264160e5b61c765df874f4ccacbde8bb433c7a76dd70373b10bb63fe26b60faebe37e6e7d7d396e1bb7c1dee7d9fd01c3f72138521f3c274e09e97b

Download Submit
/storage/emulated/0/.com.baidu.frontia/frontia.db-journal

Filesize
92KB

MD5
e56de00d00acbcc9249aa528e572099e

SHA1
e2f34ee19f3a98cd10b8d1784409a0b8ac9d07fc

SHA256
8e7ad5a9fe7aa848ff9187caf67ddc018189664ab071b0ef94e2ddee6cfb0ce3

SHA512
603fdd30fadf0ab5be0f133af9d3dd0413112c516a5795780304f4f2626a89878c39998b8a344d2dacab1c661a92188ce8a8ea2df97ca2b8af4674a087086f68

Download Submit
/storage/emulated/0/.com.baidu.frontia/frontia.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/.com.baidu.frontia/frontia.db-wal

Filesize
36KB

MD5
4166443fddb942d2ca5f137e9e18a4b6

SHA1
65a7595ec31e89bbd4e9ce83b4b72983fab52e0c

SHA256
9c01094d79a445d662c4253170813958154805b95bd94c76226fa93b6842392a

SHA512
bfecca3c83aaf9480855b7ffa07b7767d6c8f4e36fc121410bd56f4ec7e2155e05ed27d3e93fa681a0143e4a6575290e5574c5b2ce6c7495500411508c2b4299

Download Submit