2ef5987328452adc8fcaba01311ad55f5db5248b9e1a90806a6239d8c8a086ba

Analysis

max time kernel
6s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08/10/2024, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

271e02d49482f17dd59fa2d9fd2aaf3f_JaffaCakes118.apk
Size

4.6MB
MD5

271e02d49482f17dd59fa2d9fd2aaf3f
SHA1

274f6f347f31b991bb2fe6fc852f1533baa4b76c
SHA256

2ef5987328452adc8fcaba01311ad55f5db5248b9e1a90806a6239d8c8a086ba
SHA512

e9d1ab1534945b095418dc9512227290748a333640edfbf48a86738eb9e09e2c9a9730fb1d6c92d6b5816df36c51168809b72ceb305dd295d19e552f4d163a7a
SSDEEP

98304:pYeLd/1i589M+t9fcKhpPXsKkpCBKwMn1HXXguZUKh/Iz6weYDCn4r6D9:pn/I5It9fFhhlkcBKTHjZUKV86w7w4G5

Score

7^/10

banker discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/storage/emulated/0/Android/data/ed/cd.zip	4272	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/ed/cd.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/ed/oat/x86/cd.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/ed/cd.zip	4208	com.android.limited

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.android.limited
1⤵
- Loads dropped Dex/Jar
PID:4208
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/ed/cd.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/ed/oat/x86/cd.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4272

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/ed/cd.zip

Filesize
4.4MB

MD5
03db337b15fe3801746557d98ec931c7

SHA1
df9e88b2bceaf3727bd71055a4fdd498c352ad25

SHA256
301f399ae1ae63576f03b0446f5da242d136e7bbd4a227214d9ea6f729f0eabf

SHA512
526fdc681719aa5d740e83aae98912dff21afb595921312e77b84d9ea0ecf2ddc563728e8bc283560c8bd3d50716ad06fad6c77311aa76389550af0762f5c935

Download Submit
/storage/emulated/0/Android/data/ed/cd.zip

Filesize
2.1MB

MD5
0e670f5ae0a2fea879d1308aba7548c9

SHA1
08763cafd6bf652bd68cf0e7d2c5afd728a41e5f

SHA256
a3d333a2bc9251d734540253fb0901189ea7dfbb9da7baf9d9ff39aff855e4c2

SHA512
f96c946b6bbaaa9f275a8b8921aae3c77d8ee20651ede833cf99cce7345d9691f77ea070a1cd4c1964bb6c4c728b02dddcff97e2910f12029ab0af4a9337e6f1

Download Submit