56ea0c846914ba8ae74a1c69a96a625faf5e9d82509959e4b5d431d0cfd8de90

Analysis

max time kernel
2s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27/09/2024, 05:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9c9add43f7b53ea4382200bba5bbb7b_JaffaCakes118.apk
Size

31.8MB
MD5

f9c9add43f7b53ea4382200bba5bbb7b
SHA1

b9cd97679bdea8cc7a17b675f7da36649bab252d
SHA256

56ea0c846914ba8ae74a1c69a96a625faf5e9d82509959e4b5d431d0cfd8de90
SHA512

b9f4bbb83cf73affbc25cced54e12d5897f2ff2c550dc044a717df37445c15030252a10b4ec41d6f4a174c7bcf4411ff79813af8f38a333ecf3e4abb028e742e
SSDEEP

786432:gnBskqvgMr2DPcUt9W08mI6oFKTT0eDGUcLRvS8KOnIX:CS4y2DPcaWjmI6oFKT7C1fKOIX

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 6 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootmode	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.hardware	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.product.device	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.product.model	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.product.name	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.bootloader	com.pafinancialtech.mianyangbank

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.kernel.qemu.gles	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.kernel.qemu	com.pafinancialtech.mianyangbank
Accessed system property	key: init.svc.qemud	com.pafinancialtech.mianyangbank
Accessed system property	key: init.svc.qemu-props	com.pafinancialtech.mianyangbank
Accessed system property	key: qemu.hw.mainkeys	com.pafinancialtech.mianyangbank
Accessed system property	key: qemu.sf.fake_camera	com.pafinancialtech.mianyangbank
Accessed system property	key: ro.kernel.android.qemud	com.pafinancialtech.mianyangbank

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.pafinancialtech.mianyangbank
/dev/qemu_pipe	com.pafinancialtech.mianyangbank

Checks the presence of a debugger
evasion

com.pafinancialtech.mianyangbank
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:4262
- getprop ro.product.cpu.abi
  2⤵
  PID:4289

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pafinancialtech.mianyangbank/files/libexec.so

Filesize
439KB

MD5
6635f7590abe1f3a7e64a1891af3d6b0

SHA1
f28594b83dfdbf2ba9fb2077ff121023de46b3fa

SHA256
4af8514c61e7e83a0ce886f1f4aaff98e4238123af3139a511badcaf46ca0ee5

SHA512
f2297cbfa01e56be15aa04225ae2d8d91acd01ff580bcdefa21c808bb0a99d72155003e7fa482d62a4434f92265fd7564ad0c30b0da808aa49a0a21bb1174287

Download Submit
/data/data/com.pafinancialtech.mianyangbank/files/libexecmain.so

Filesize
5KB

MD5
4c290624198329b6b0ecc7dabc19a691

SHA1
730b7d691c46d45a1245856930d2beb0ca574e6f

SHA256
8111dde98c0c7cc7982592a1acb487a3869165b4c9368e86aa78d4247f57b34f

SHA512
b96091cc5b71d060e43ccb4430f13697c04b5159a1a6e2903c420ad9906d1115da7cec13a62f420da6d45b15369b0b21c116b87aed06c6aa844707a706e77b55

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads