6416c53a10a95cb37ecee748836c7e933b861b4a0e51c48711b9f420ae7a324c

Analysis

max time kernel
124s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10-10-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

302e4a471bef588aecd4b30e259072cd_JaffaCakes118.apk
Size

190KB
MD5

302e4a471bef588aecd4b30e259072cd
SHA1

80f6207bf8d91d80c303718902ae444ba5499399
SHA256

6416c53a10a95cb37ecee748836c7e933b861b4a0e51c48711b9f420ae7a324c
SHA512

6ac563788e4fcc69683d8a28ffa62d9e63da7656628eb05841d6fcee6a4b7042391b4c02baf5eb4065cb9e18dfacdcd950b52b9d21f2869ec32d22b779ccb498
SSDEEP

3072:6ZtbOdV8GSR9T+KqPC5+kAMEJG8G/GF17IctXT+H/xCmMeUZzUwzMToTevfsaH:ebOdCRYKVfF86G1ttXafcRzUwgTie0S

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ekdrjuhjaih.qyofplge

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ekdrjuhjaih.qyofplge

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ekdrjuhjaih.qyofplge

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ekdrjuhjaih.qyofplge

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ekdrjuhjaih.qyofplge

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ekdrjuhjaih.qyofplge

ekdrjuhjaih.qyofplge
1⤵
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/wss11.dat

Filesize
112B

MD5
72793b9c10f4c4746e23ec76fcf00f4a

SHA1
2268f65d6bbb2223acc55ce9b2d9c4a2aa63d204

SHA256
e25abb98cfda8f23a77a4cacd02c89b435eea88532fcdf4e2c271e1cdb7ca346

SHA512
5ac1540ff945ad2fbc22b89482ebf808ef2768fe051df81e8d78c24af11510f49164eb2f5efd3abe6058a1ed1bfcfa6915e7b77394ffa1be0ebfbcbb3ae4c395

Download Submit
/storage/emulated/0/wss11.dat

Filesize
144B

MD5
5c48daf71dc5ebbfab42d6a0e3500fe4

SHA1
3c67b4ae0290253728958b902abb1685252fd81d

SHA256
fd4351bd874d69f2b90bdd932330f4714872109a4cab952ebea0b3f9f0482435

SHA512
b50f1f3f60d7e191df03fa9f30968d2f8588ec7a7b54a7cda4b431abf5a68a5cd84e11f31b4309bc113fd585b818a7a32ef7a8a16bc396d62060427724ac14c8

Download Submit
/storage/emulated/0/wss11.dat

Filesize
192B

MD5
8cfdb8e08ca50882eb6e8c3aeab3c047

SHA1
044e52cf7a453292716351208443a3d19486cba6

SHA256
d98f53aa3cc5554851099aa88719189216e79ab36618020c29148f536ec325eb

SHA512
6e5b82102d6d5b1d708c08f2a3b8f34a9ecd727711ffefafd747d4504ba36870bbc137ffff1e30b5efcfbf7489f2675287fa3619b315933d39c7afec94393ae0

Download Submit
/storage/emulated/0/wss11.dat

Filesize
240B

MD5
45df8a4770414b316dea83b9875aea0d

SHA1
ee9743fb12de2342f97a88177281ced290079bce

SHA256
0795bb6a05c3ccde70ef2d6ceec1b1b3dc736c3d11824de144125876a44b14e7

SHA512
b4e0b513091ffad98b4c7b4b45fb885e10922f2be758f62dc87b3e8c9db1f6122ea9a11a13cd24627a8e2431fa20bb036b40a4029b155a82707ffba3601531a8

Download Submit
/storage/emulated/0/wss11.dat

Filesize
288B

MD5
a46c503bfb0904d0c4f16a76682397b7

SHA1
90fcfef2a6aed58ca71af8dde6657b2188b4e388

SHA256
68a1bedde14a576d9762f0a86183315d6c444ea4e8a4bee71bd00f5d512365ea

SHA512
4a6286ae323bb893250358f1f8ca073d225c663cbc2e22b99005f391050a40db5a26b4f20d208d254ec4210a012a386470fbc5fd85117155da1129ee236371ec

Download Submit
/storage/emulated/0/wss11.dat

Filesize
400B

MD5
e61940c095e27bf7b27791d2f09addc4

SHA1
7c205e5bb87871deaf75e1a8a2fbb17f1eb14b11

SHA256
58334922ef2ef6342c8e979d8cd830196a0c0c5c1c05d82c06b3a04b79cc6447

SHA512
ef533c00775dd9687e60df87bbdfd74914aef0bce05c37e347ab73b424f2ec11d18879800f3e4d10255896672826e4f1bd81ecbeab2030fec087bbfaf1f7d270

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads