c933ddd319da46d85bc26a7d3afd4595c5afe16aaf38380d4cb7d6debf532c5f

Analysis

max time kernel
6s
max time network
152s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-10-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

302afcaf752e4556ac3538949f0dd671_JaffaCakes118.apk
Size

6.6MB
MD5

302afcaf752e4556ac3538949f0dd671
SHA1

06a7709ad99f3d88063079b8c12ec2c30fef9057
SHA256

c933ddd319da46d85bc26a7d3afd4595c5afe16aaf38380d4cb7d6debf532c5f
SHA512

0368447748fc36682640629037aa9d7b286b70cc8d0339f7098666a6370da1b877894bd04365ecfb51f98f865531db55948d88647d5a73ea5b482ac6e0cd78a1
SSDEEP

196608:Kva4un9zzWcpzg066Wby3wfQ0kFHXBnD6kMSEmYl98VrF:ka4u9zzWog4J32VkFHxD61mYqF

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ru.dx.videopalyer.activity

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ru.dx.videopalyer.activity

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ru.dx.videopalyer.activity

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ru.dx.videopalyer.activity

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ru.dx.videopalyer.activity

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ru.dx.videopalyer.activity

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.dx.videopalyer.activity

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ru.dx.videopalyer.activity

ru.dx.videopalyer.activity
1⤵
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4961