b2bbae152af3e34b5dabd716cf49715774d2fac9e2848b7d98c1a7f97cc12624

General

Target

fbee7c1047658878603901d96d1dd3d7_JaffaCakes118.apk
Size

2.2MB
MD5

fbee7c1047658878603901d96d1dd3d7
SHA1

509e04c0bf1f44ed10a0878554539b0c9561e62a
SHA256

b2bbae152af3e34b5dabd716cf49715774d2fac9e2848b7d98c1a7f97cc12624
SHA512

d9ac2d02bb3151267190b84e19717427aa800d8901d95bfb0f88d75df219ecc4188eb0c038aa9a74e0c9175957c162cba5fcf4813832e1fbebd14424423e3565
SSDEEP

49152:K3DMdvKn8XOXH0pTIdvvqT3dbn3GvWbpvtvsj0bVlIid5:KzRnsO3SSqTh9bXvsjIeid5

Score

7^/10

banker collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	osb.xsgj

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	osb.xsgj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	osb.xsgj

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	osb.xsgj

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	osb.xsgj

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	osb.xsgj

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	osb.xsgj

osb.xsgj
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5033

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

2

T1426

System Network Configuration Discovery

3

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/osb.xsgj/databases/StudentManager

Filesize
32KB

MD5
f5963561b8f274e0710060259767c93b

SHA1
e86bc5be149691e1f4eed6d2cd21f98c88e33e76

SHA256
143e22a079074a45f7b75329fd1a7be184c2c9de4f14382d5fc91ab20e6ec86d

SHA512
2d62e865c5762278a102a7926a1d3ada42e726d58d6fec0fa6528e64376d2289ade2f05915c3910c06570e64da2134f12cd8f020fa190f1516be2e6c13449098

Download Submit
/data/data/osb.xsgj/databases/StudentManager-journal

Filesize
512B

MD5
26367e3dea3001cd5b9eadc1baea36f4

SHA1
a428eba3ffc61074bbfcceb74b633b026370f464

SHA256
29bb1fbec7bfd1584b4ed380787cf015d8242c7682994420b93e8284a0f4225a

SHA512
dfc54cb0653a97abd70cd8b0fb1fa1091cd9173af33df8ab9723b30f9ca7bfd57ed551e7c5f0eb9526912b091a47c708c6c7c3bdb1f70b750e9cafc2531021ad

Download Submit
/data/data/osb.xsgj/databases/StudentManager-journal

Filesize
8KB

MD5
909369ff3e5dcc8c5d307122ba21c373

SHA1
1816eddf461ea52e57d56a60a8a8c1680651b777

SHA256
2fce6fa6410b8b0f22ccb7d2107f3de656a55daaa706651d0aa49143465da459

SHA512
bfa4cff8a53f3d1cd8ba1b803aae7cd571d91cb8fcf53a36a622e55913cd168125c6468ef99611966d8a650e89de87d1d9019961e7f299fd7a9568cc3fa5cda5

Download Submit
/data/data/osb.xsgj/databases/StudentManager-journal

Filesize
8KB

MD5
afcc3eaeb3f354f15082756a88efa39e

SHA1
ebc5cb41171b43cb76569b1df75fd52a851520d5

SHA256
5350e7f485134478bc8f31acae401d2dd25f0a416bee711d62711dc57c691ffb

SHA512
a04990eb5c963bc421950a495d2a4958d5a3a3f65e2c443bced33d738898d471924144396842fab03bbc70d1bf86468be480bcbf134780597227b487c4b0b8b1

Download Submit
/storage/emulated/0/Android/custom.dat

Filesize
32B

MD5
3503a8c1e4284e241ee887dc4673382f

SHA1
69ad231b936f82398ec88eea6e1cff8a3c21ed8e

SHA256
1b6b2ac1d0abcfef80adcb9607882667f3f177f2102711dc9463a10e03e908e5

SHA512
57005c3568fdccc4c13b77818318361fb3f4def0914250e0568d0f0300f59412dae4fec09a13880c017b6deaaf7a4a7df7a0d5b4f1a46aada45a557c193dbea7

Download Submit
/storage/emulated/0/Android/data/cache/AppPackage.dat

Filesize
9B

MD5
878bbfdc843316d2d96701030b735881

SHA1
b19850af36982a320266c18a9ab31e2a19d7f1e6

SHA256
5c04113292666bcdf35f44341100ef2966b80c95562887b853946c41587cdcbe

SHA512
fea8cb84c6266000f0741a552363aa90ea7209dbc2ce2c8d760ee1341a50b72e806b030ce72348374e3aa767ef0514f4052027be57169eda087624ae00fc10fa

Download Submit
/storage/emulated/0/Android/data/cache/CacheTime.dat

Filesize
13B

MD5
18c0d5051fa938a4751a1c4013a5df30

SHA1
8d8a6561b6a71a444a36824dbc6916bd038c5857

SHA256
7ef32cd7df5d1bd1ab90a2228e8559776179cf3b6c9c5ccadd50f62485fdf2b9

SHA512
f4585a2c271bf68b7b6e002db949b48c0161e2eb9a21ad850830cd389b89c114f71a4552682acee54f0e60dbaf5a6da696c21ab3dc45a5a5916a69455efd7290

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads