a240359512454fc38f8f1dd932a2989a5f05c9413a29201d5c53f21eecd18284

Analysis

max time kernel
123s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-10-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27463defdd0d0e389c9c8b4a20aae388_JaffaCakes118.apk
Size

3.5MB
MD5

27463defdd0d0e389c9c8b4a20aae388
SHA1

41cef6a466fd53505040dbb43a885df351491022
SHA256

a240359512454fc38f8f1dd932a2989a5f05c9413a29201d5c53f21eecd18284
SHA512

246ef7e992e9860ea770ca47619a237c41f2c23f169f941ee6d8b7d8f2302626e2fa42aea277ca43a5edae8a85bf11cbda4e58a17284fa007458ae973cb6f75f
SSDEEP

49152:oaRAsviAEkl7EwNZagEwNnHblM2A9N2A9oWAyrCZRH9xJhL6nT+j++wQSXXjMfvs:DR9mrNTWnHxMDy5xT+T+JVSnjo265m

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.zc889t.zchx.client1799151

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.zc889t.zchx.client1799151

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.zc889t.zchx.client1799151

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.zc889t.zchx.client1799151

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.zc889t.zchx.client1799151

cn.zc889t.zchx.client1799151
1⤵
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact