d71d7680ad9e75f3f65e52ae47ce9f646eb77108f5dca5b5ecb9281be07f18f8

Analysis

max time kernel
149s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02-10-2024 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09b0b89f5afba38a52f627894e1caa5c_JaffaCakes118.apk
Size

479KB
MD5

09b0b89f5afba38a52f627894e1caa5c
SHA1

ac03bb8b067bc4a2f369217fa2094e3ca7e99d8d
SHA256

d71d7680ad9e75f3f65e52ae47ce9f646eb77108f5dca5b5ecb9281be07f18f8
SHA512

bf2d17dcb61faab33e4f8e1b638a5796b4289391acef1a7c207839f227d50aacf011d1095f6dceab32b1e7620f5f85a898266470240823d9a0cb73c1c918dae7
SSDEEP

12288:QsDX4Sg7aRM9tcRRZZ5c09xP7ufmh607YjCGOJDXzsYAqsu:V4SkaRqcjDy09FYApNGRu

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4637	com.android.market

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.market

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.android.market

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.market

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.android.market
1⤵
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
PID:4637

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads