34eef95886ff6cad97c863d1e867817291e36dd22624cf748de04f7fb5452af0

Analysis

max time kernel
144s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29/09/2024, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe10dd5dbe35b393838946ffcfe5bad9_JaffaCakes118.apk
Size

15.9MB
MD5

fe10dd5dbe35b393838946ffcfe5bad9
SHA1

e3acb3170b86dfb59df9b6c5fed3d1bcdc56a231
SHA256

34eef95886ff6cad97c863d1e867817291e36dd22624cf748de04f7fb5452af0
SHA512

3dee42348e560bef64e6c1d174a5835a1c59bb0d27d6bd7960a50fa690ade9430d20a90061019efa02282c02ab6ff9c1502d6d279a89e9017dff743595a44865
SSDEEP

393216:YmLLvHjEzXCy8wrPX+Ag616tjjnFHpTYbFSW4EXjkqJi2bqQmb/:df5y8wDuAry7TYboWVig+/

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.newmustpay.purse
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.newmustpay.purse:pushcore

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.newmustpay.purse
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.newmustpay.purse:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.newmustpay.purse:pushcore

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.newmustpay.purse:pushcore
Framework API call	javax.crypto.Cipher.doFinal	cn.newmustpay.purse

cn.newmustpay.purse
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4267

cn.newmustpay.purse:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact