7f444ec0adf1d9c87043842fa84d8454da5524571b24b3db8fde6fc3909ff064

Analysis

max time kernel
5s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02/10/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08d9a95425e9d85164e5c298d41caf64_JaffaCakes118.apk
Size

3.2MB
MD5

08d9a95425e9d85164e5c298d41caf64
SHA1

78e910dbccc886a663792f6aa6052decb60dd6a8
SHA256

7f444ec0adf1d9c87043842fa84d8454da5524571b24b3db8fde6fc3909ff064
SHA512

eb5de3cc4cfade56c48dab08905fdc0c53d0f5480896e875b9c9994e3296dcd1ee1101a36bcc9d9221be558045dafd585d084118bfa3f26dd5204231bf1d0a4c
SSDEEP

49152:uIsQgH84Dl8xRRePFMAKR+Mfa6Ks6gGE9YfN7aUW0oOV6rG1RDl4waejQeqSjRvt:ubXiLkFMA1AxsFandOFDSG7qStXmT2

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	BjoaKX.FAkpXI.tEhr

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/BjoaKX.FAkpXI.tEhr/files/.ca/sdHQm.jar	4624	BjoaKX.FAkpXI.tEhr

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	BjoaKX.FAkpXI.tEhr

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	BjoaKX.FAkpXI.tEhr

BjoaKX.FAkpXI.tEhr
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
PID:4624

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/BjoaKX.FAkpXI.tEhr/app_skypay_newsdk/plugins/com.skymobi.pay.plugin.main.data

Filesize
59KB

MD5
4fe57f0dbc1364a52f9616aca9623ee8

SHA1
d3fbaaafd79ff09ec88ad343e46258cfbda4139b

SHA256
c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49

SHA512
e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d

Download Submit
/data/user/0/BjoaKX.FAkpXI.tEhr/files/.ca/sdHQm.jar

Filesize
1.1MB

MD5
0bfa919a3e6bb1e2e4360d6e9544b84b

SHA1
eda0b2a164e28e41b433a50f6f7fd46401e6871f

SHA256
b310f433e2aecbfe8fa251cc759fa1849b086e00bbf490528a64cc44dd5ccdfb

SHA512
52de0c5f41eef47b68f84c35d8dea00b58693d642f677661e177e8b76af3df47ce4278e620e3606e26474b92d41d27a0de520ae6fac61cb0c9498b38d6a286cf

Download Submit
/data/user/0/BjoaKX.FAkpXI.tEhr/files/.ca/sdHQm.jar

Filesize
3.1MB

MD5
b5c76b8d09ead7666cf8d5db78be27a8

SHA1
ce7bade0967efaa0540176ed86b70b5357aa0881

SHA256
8152af62f3b998b0e8144bb3416e1ec829011a1852cbbdcef8c62529e3c5a67b

SHA512
4a6c1dfc52f66280e6a4aeca0d1dc1ea1c3edeea2d79eccfd273ca77b7818a609f4297670a59fdfd71080fa6af5ac14a3e77781a6e26948812fdc48989f31340

Download Submit
/storage/emulated/0/Download/channel_conf

Filesize
5B

MD5
1fe73dfba86c3b53a3597c79e251ecb2

SHA1
e7a9575a094b4ae88942912fd22c920bdd550963

SHA256
f6324c72a97abf5e38a9661a2ffb4db87ffea8201e0704a7d1d2880a7634980a

SHA512
ccd1ab70d2427c50ad3816f6fc8a9eacd6235f8208ad04511105222f5ad6514f356bcfe1ee8eb847cd0ae81bb5829b84ca54b4ecd35acd5efd668f3637b2a37a

Download Submit