03f41b4d33b28dcd96af5b18cae2ec4a76d37c5b86c7cacea7e6bef85381663d

Analysis

max time kernel
149s
max time network
144s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04/10/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13402b42985c06a335e8412921b7ba16_JaffaCakes118.apk
Size

8.0MB
MD5

13402b42985c06a335e8412921b7ba16
SHA1

3c0fcd2d3bd5027b1e20e772e2e3725aec83113f
SHA256

03f41b4d33b28dcd96af5b18cae2ec4a76d37c5b86c7cacea7e6bef85381663d
SHA512

769142daa90d0746871f01ff250fd411a0c2158fce9b55202685b59f8939aa0893098c2fbe7a14effa03186d1442166621945067a2d65877d4fd74afbbb17d9b
SSDEEP

196608:PX6WPBj1LxT/25Zid0VmFRMnqWsI0BqEyg85jS:PKWpj1FQ02mFMsZoEygYS

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	net.daum.android.mail
/system/xbin/su	net.daum.android.mail

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.daum.android.mail
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.daum.android.mail:remote

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.daum.android.mail

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.daum.android.mail
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.daum.android.mail:remote

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.daum.android.mail

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.daum.android.mail
Framework service call	android.app.IActivityManager.registerReceiver	net.daum.android.mail:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.daum.android.mail
Framework API call	javax.crypto.Cipher.doFinal	net.daum.android.mail:remote

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.daum.android.mail

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.daum.android.mail

net.daum.android.mail
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4252
- ps -p 4252
  2⤵
  PID:4386
- ps -p 1676
  2⤵
  PID:4405
- ps -p 4252
  2⤵
  PID:4424
- ps -p 1676
  2⤵
  PID:4443
- ps -p 4252
  2⤵
  PID:4463
- ps -p 1676
  2⤵
  PID:4482

net.daum.android.mail:remote
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4334

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.daum.android.mail/databases/daummail.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/net.daum.android.mail/databases/daummail.db-journal

Filesize
512B

MD5
38a838f9dd4b34f52af228599aa821bd

SHA1
0d314d9c7957a82a5f7ce67b9e2d2863d3864bba

SHA256
315b6228b318f258e2cad49cff56a26c8807bda631770f4db62c1f6fbe1093d5

SHA512
25182557b261c71e433afea02b72700f9f9999c84e882620dc49396d03007be11bafff65822ee22d8d124e69acd1a615e439cd90aa366e59122616b41bb69dd0

Download Submit
/data/data/net.daum.android.mail/databases/daummail.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.daum.android.mail/databases/daummail.db-wal

Filesize
217KB

MD5
d6cd1bb2f68ed52bcc06274cffbd7655

SHA1
60abeea15666ea8e5dd4590e5f87eabfedf08c80

SHA256
4f7b4b5bdc86309fb4aab9590a13578f11b6b07be12f6920454a72a10fb9f8a5

SHA512
d409ae6bd2cd69271a1c836f98432c20b647b6ab6dccb2c999a1799268a3772e7ea72def9f50ef0aa5c8dc1f0ae14fd104585067552c899f4d595b930050095e

Download Submit
/data/data/net.daum.android.mail/files/AppEventsLogger.persistedsessioninfo

Filesize
420B

MD5
81b2c9cc27d935eb76b5219b0d73dfd8

SHA1
7858e203cee99d3e0ee48b9090d574e7fcfc9188

SHA256
e0c77fa97d55a9a619778e3e799cc7f87c8eea3e8bfba30f28ef145df7878d64

SHA512
52d6b5d08b16ec5bbf835c3f002b71c556621e0d1eb2f280b589d4fdb8b2a6823deb0f7a139ec7aad9ec3fab9686ea64868996be4d7371a8a268019c59ce2f33

Download Submit
/data/data/net.daum.android.mail/files/MOBILE_REPORT_LIBRARY_INSTALLATION

Filesize
36B

MD5
88ad0cc81a5478fdb9018a9e573ef4aa

SHA1
54ee04f971887d30f28b0a22f10761b146aae3f2

SHA256
a39ff8e1c7b8885957c0ce69e61ba8362e309c1effd03a4c3e64c26440f6d206

SHA512
2e83576617d578f2a0cdf9457d0b255369179c0f8b0db5504577e3f5f4628bc148791608e8181bf142a08a3796d12bb03f28aef0156dd605d1263fcf01424a69

Download Submit
/data/data/net.daum.android.mail/files/com.crashlytics.sdk.android/66FFD728035A-0001-109C-D8FD1E666245BeginSession.cls_temp

Filesize
76B

MD5
0532d23806f5a35dfa974bad8f95c899

SHA1
c8cb6db98804551b861fac946958cec959fc1706

SHA256
13dc4d4dae6c2964c04865c5e5f34a1cef44541464588b2d8dd5bf83dde58b64

SHA512
02ee015143292bbf2e3e68cc2f8b96bbfc7ea85dde82c138232354fbec466e29488f5007a7c5e4308aa369b733c04dba15433fd0e7eef734eecf8a8ba232a607

Download Submit
/data/data/net.daum.android.mail/files/com.crashlytics.sdk.android/66FFD728035A-0001-109C-D8FD1E666245SessionDevice.cls_temp

Filesize
101B

MD5
42a603527fdd4c6a86252bfe8d170dfc

SHA1
e18696d33c4be461abafa634cbbd519f2546c65c

SHA256
02e5570d63e51c7aa66138eba7b0b850431045e12123ff80f7d7b234ef88c7ef

SHA512
e72b9323322fe9665ff3f976a55865476c8c7a50e6d7ce5de889d5046e4f60a296e0b5cc7ee8716827218ea27b3433f8f67ace66890b343a72756e2f53c85525

Download Submit
/data/data/net.daum.android.mail/files/com.crashlytics.sdk.android/66FFD728035A-0001-109C-D8FD1E666245SessionEvent0000000000.cls_temp

Filesize
11KB

MD5
729663b02da7984f08d83129bde8728c

SHA1
bb74c29283ba8c7e30653c2658a2f068f65f5f33

SHA256
318ab9f5b1502d287c045aa2bdd956e0b823a115510c223283ffed12af7d84db

SHA512
bc9e40832ff0ed80146ff8e928b9e34e084e2eb96dc90abd5935c87e3f52ed4d872d103828ee3b6d09844f8b19dd7c7913286bf18fa72479d93ca2ec0c2ce1dc

Download Submit
/data/data/net.daum.android.mail/files/com.crashlytics.sdk.android/66FFD728035A-0001-109C-D8FD1E666245SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/net.daum.android.mail/files/com.crashlytics.sdk.android/invalidClsFiles/66FFD728035A-0001-109C-D8FD1E666245SessionApp.cls_temp

Filesize
198B

MD5
0f10bcc8546857ffa6e1be7977ebdae1

SHA1
339740ec94983eb419a92c587e92312a6f0fe0a2

SHA256
e777c31b22dd5319f31337e80baa8ca68bf013d736af3055c91477c44777a7b6

SHA512
9062d55c3548cb11fbda9a4c9ba51ef48f16fce20d108c4648f079822b9432959ddb856e4ebf5d197278f0d24a3dbebf587bbbd74bb8c3de416e1ec2125ac156

Download Submit
/data/data/net.daum.android.mail/files/crashlytics-userlog-92a4cb14-18e3-4437-9ccd-bc325c5131db.temp (deleted)

Filesize
47B

MD5
7a349440ddbde226d02be591b32182aa

SHA1
2135a913986b3d5f0fcd6f74b3adef67fc48e99a

SHA256
11ab096c37bf3180fc7455fef39028df79f760bd5219b1a5562211afb26570df

SHA512
52385174e20d942a870c8e22ec3b59e9ce035e3a6bbbdf7e6295d75aece280da934068182f4067211d36cd3f4d5f0ed1dea4247c5775a65f911f573493339653

Download Submit
/data/data/net.daum.android.mail/files/crashlytics-userlog-92a4cb14-18e3-4437-9ccd-bc325c5131db.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/net.daum.android.mail/files/gaClientId

Filesize
36B

MD5
b508ecd3a0941d4e6dc8ac87768a0829

SHA1
0c583828249cbf590f8bc188ac9ac04cd24a031d

SHA256
58def5b3066b14c8551a8c69ea97f5570f9a4ba03ea93b5bc7c9c31cb69ae8e7

SHA512
a05b0feb39c7453524b8f42f26c6f9de7cde8387e5f8f8ac1b90f6f5f9ce94d7588458fae70ee1456c2093a8463a20dc3e88c3e28873ab421d2f262eedf662be

Download Submit
/data/data/net.daum.android.mail/files/solMail.log

Filesize
3KB

MD5
0c0d633b3168aa22542173adc79d2711

SHA1
c48e9bdcfd3ea9c7f5a4264e9f7dcb60ffec85b6

SHA256
3775f31d881fd2a0cdbfc58ee6434ca313c271e016449ac40dcef2420e709abc

SHA512
0ebbac086fd14e44c481c05df55ed1e828ea9fcbe2cc7f8e46c05fd38238430a1ad27ec88da466e6114d25dcc6f718ecefac445651f76c91eba6788760603a1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads