70a04cc83ff92c98074f9d6780a928b31213c7ae9c376a7bc58f223d1f92afb7

Analysis

max time kernel
4s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02/10/2024, 11:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a6837bb31efd91ec8df1419587bfb5d_JaffaCakes118.apk
Size

2.7MB
MD5

0a6837bb31efd91ec8df1419587bfb5d
SHA1

8eb24fe20470acac40b3ae406824ca12b4ca68a7
SHA256

70a04cc83ff92c98074f9d6780a928b31213c7ae9c376a7bc58f223d1f92afb7
SHA512

46ee83478c5feb17e5d395297f998ca758734ef655dea047255aeaac5ea42eb7588d49559c47997781f4646459a93dbea9fde159630d8653b0f78213b4452fa2
SSDEEP

49152:2t3LexIoht0RJBKAIINRO8/m4JWvGoZB41CjP6/JreBjYqhtSLjOR:2RJohiIINz+4EuoZi62sjYqhtSLjOR

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.witskies.yoyogo/files/1727868236898.apk	4268	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.witskies.yoyogo/files/1727868236898.apk --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.witskies.yoyogo/files/oat/x86/1727868236898.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.witskies.yoyogo/files/1727868236898.apk	4217	com.witskies.yoyogo

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.witskies.yoyogo

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.witskies.yoyogo

com.witskies.yoyogo
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4217
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.witskies.yoyogo/files/1727868236898.apk --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.witskies.yoyogo/files/oat/x86/1727868236898.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4268

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact