4bbc485e0e2e7cce46124655042322b9a5f7e4f22725ba05cef2547584bcaade

General

Target

111c13be5f87e5da98cee5c9e7bb7c5f_JaffaCakes118.apk
Size

3.6MB
MD5

111c13be5f87e5da98cee5c9e7bb7c5f
SHA1

04d85727953f45e923a46378108802f11169c334
SHA256

4bbc485e0e2e7cce46124655042322b9a5f7e4f22725ba05cef2547584bcaade
SHA512

8782aad0322d1020b4e4bb0683a98fe76745730dc71ca574cc1499fd81540fe8ca43f62b80f0cff59b9fa37fb52a778fbcc6da72d4ccc0d980ae03b956f0e372
SSDEEP

49152:Ho0uOTcTcpGiB0ILUDKRXJBGpiyxszT8kjypq9gZd+IXhIheKc2Jg2Q9iPWc:Ho0Hki3LpxDGpiyxszT8c9gZc/9Jgl6L

Score

7^/10

banker collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	cn.com.JMXK.livewallpaper

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.com.JMXK.livewallpaper

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.com.JMXK.livewallpaper

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.com.JMXK.livewallpaper

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.com.JMXK.livewallpaper

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.com.JMXK.livewallpaper

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.com.JMXK.livewallpaper

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.com.JMXK.livewallpaper

cn.com.JMXK.livewallpaper
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4980

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

2

T1426

System Network Configuration Discovery

4

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.com.JMXK.livewallpaper/isw/strg/app

Filesize
133B

MD5
41e0ae37b9156222f6a78416e0d7cf69

SHA1
517207f540d72bccefd213d43038872b89156c08

SHA256
a43dbad29faac5144d5d4b37b05ff52cc8e74b07f23bde68643357f8eddbd0dc

SHA512
960a1c23985e57e9a7fab464f32334e3974a3b6449959d142d47d8a37fb86046406f65a23a8499e63f0ea28b4fb8dbb3204d5958c7e098e340602fe9898cd728

Download Submit
/data/data/cn.com.JMXK.livewallpaper/isw/strg/localConfig

Filesize
15B

MD5
6ed9d30c609a0f0291167b25f5e7f262

SHA1
248ad16c9c78021c4497a5c9966dbb8ca681cb6b

SHA256
344ab6adc36078d4cb025066d5374d2936e2ee1c2bd26315da74f66010decb35

SHA512
50efb06b56f8545ae6ecd4d8c354ee18413b82ca23ac123de50d79f6aab3bee074b827646bca44ca13025740ee272b4eee1b4c18d5d62584f9220bb6a98c95ed

Download Submit
/data/data/cn.com.JMXK.livewallpaper/isw/strg/localConfig

Filesize
36B

MD5
f1d556441ac45eeb5814bb61a06f9e89

SHA1
d3aae4a4c303bb42aa18f38a561788dc327ee8d0

SHA256
6a303e059525232b723a22a5ef885f314acbb149782a86e3b318f35bcd19e49d

SHA512
24121e8211d54e43392ffee79dfeabd78c7ec9b899bf261c8458d6c00a605bfb19ff20d22f62339bda3aeeb92ee7d59c552fe4bc869938e2855080e46ebdf6ec

Download Submit
/data/data/cn.com.JMXK.livewallpaper/isw/strg/localConfig

Filesize
68B

MD5
387817a1a55e3924501a91a220ed6f6f

SHA1
40e51a0e4f250f8d834079db4642e3b820f43f28

SHA256
1b5e4ea624d56912dc13aced56fff87d40e0ab9ed1a369c6edfcc65d851a5cfc

SHA512
e726b7f65a06a5948cfb0fc6b518702b9e253939cb60487317d38435eb84cec9f41bf4068d7e958c8b3123ab4085aeb8c2cb053639dad20736051a6fed6c7dd7

Download Submit
/storage/emulated/0/Android/custom.dat

Filesize
32B

MD5
14621f8f785086494bd65f0264431fa9

SHA1
e1f81c037d7ac1cd0e6a35f470381f661f47de6b

SHA256
ffc901a0e2efaea23b3a02067e12201f6879eea3225bee8765c8e028423432ec

SHA512
53a9c5872a802027d7d506aa2cc3284c535651f1c0c0205d5fa38865650a3430bd248890dfd974cc59131ae42bc4e95ce59b2c028de245bd4ff75b49287d0547

Download Submit
/storage/emulated/0/Android/data/cache/AppPackage.dat

Filesize
26B

MD5
21a9598116cd2aa2e258610a247d7d42

SHA1
974bc0683070ce796c4c1ecf93028184f9b8cab4

SHA256
e80034e3232f572a2e91c3f75fb5d311e812fb04fb55e81bb12630915f2b3230

SHA512
df7c6519d049f4b9e1288cb94060bd30a5b92e06572ee4a03640e164f76ae9b176e723d8b033c6573c0d0417c98b6a6926b66f64bdc41347fca98fcf4fc382d1

Download Submit
/storage/emulated/0/Android/data/cache/CacheTime.dat

Filesize
13B

MD5
99e48790bb29370028ea82901faaf075

SHA1
e9ad736b72ca80830c543b5dadd0a27f51d20aad

SHA256
599bc67a9f564f88db93676501a9d3a10f0eebf291ca9405f2154a7a9467a43b

SHA512
20aaf2fd64d3019134e5b24839cdb08a9ae1f03297a5840db688a1e93b7d12aefe1cf01697dddad85afd25f6a6ccbcaa3fe493fd59173e3e3830eaadbfa00064

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads