543793b9fd0be2914cef33883df5cfe5a53b5c8f6f3dbe749506b784a3ccc7fb

Analysis

max time kernel
63s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
30-09-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

037f09965e112a6d75d32929b9c3bafb_JaffaCakes118.apk
Size

8.5MB
MD5

037f09965e112a6d75d32929b9c3bafb
SHA1

fd62c65c4086bb7354b076483d4d25e021cfbb4c
SHA256

543793b9fd0be2914cef33883df5cfe5a53b5c8f6f3dbe749506b784a3ccc7fb
SHA512

5c4943542d62d95d706993704c70265fcf7838aaa627981babd40d74cdf7a623f985e3765b6c8e04c37a959794834d480d4cfa69ca4102a7583571d17297dd5d
SSDEEP

196608:gqS6X4WRXyOeLk/lMrrWjCN762SJEiVwenYE92cMEOUiDayXe:VFX9j/l8oCNc1T9ZyXe

Score

7^/10

collection discovery evasion

Malware Config

Signatures

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dj.zfwx.client.activity

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dj.zfwx.client.activity

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dj.zfwx.client.activity

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dj.zfwx.client.activity

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.dj.zfwx.client.activity
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4996

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dj.zfwx.client.activity/files/__local_stat_cache.json

Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads