6ae4e7bac2d928d6cddf0cc081db2747c0a50eecdd1ebb90cf3c1d1ed254327a

Analysis

max time kernel
149s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-10-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3019cd5558acf3961683cb307fbbf867_JaffaCakes118.apk
Size

730KB
MD5

3019cd5558acf3961683cb307fbbf867
SHA1

367c316b79c4e687208b0e186c226df9e8923477
SHA256

6ae4e7bac2d928d6cddf0cc081db2747c0a50eecdd1ebb90cf3c1d1ed254327a
SHA512

568ada51eaa99d0640b5e712fb8effef632f936e20885f223258e7ddff0a1f7f9206f1f4e2b61c468d24d18dc3f8957896e01a5beff76f0ea10c7c27d45c0927
SSDEEP

3072:Y47shnk1DZtbOdV8GSR9T+KqPC5+kAMEJG8G/GF17IkDLJQHMe3G7pM8PUV+W1hf:Y40ebOdCRYKVfF86G1BJQp3G7QLozw

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ekdrjuhjaih.qyofplge

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ekdrjuhjaih.qyofplge

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ekdrjuhjaih.qyofplge

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ekdrjuhjaih.qyofplge

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ekdrjuhjaih.qyofplge

ekdrjuhjaih.qyofplge
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4462

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/wss11.dat

Filesize
112B

MD5
72793b9c10f4c4746e23ec76fcf00f4a

SHA1
2268f65d6bbb2223acc55ce9b2d9c4a2aa63d204

SHA256
e25abb98cfda8f23a77a4cacd02c89b435eea88532fcdf4e2c271e1cdb7ca346

SHA512
5ac1540ff945ad2fbc22b89482ebf808ef2768fe051df81e8d78c24af11510f49164eb2f5efd3abe6058a1ed1bfcfa6915e7b77394ffa1be0ebfbcbb3ae4c395

Download Submit
/storage/emulated/0/wss11.dat

Filesize
144B

MD5
5c48daf71dc5ebbfab42d6a0e3500fe4

SHA1
3c67b4ae0290253728958b902abb1685252fd81d

SHA256
fd4351bd874d69f2b90bdd932330f4714872109a4cab952ebea0b3f9f0482435

SHA512
b50f1f3f60d7e191df03fa9f30968d2f8588ec7a7b54a7cda4b431abf5a68a5cd84e11f31b4309bc113fd585b818a7a32ef7a8a16bc396d62060427724ac14c8

Download Submit
/storage/emulated/0/wss11.dat

Filesize
192B

MD5
8cfdb8e08ca50882eb6e8c3aeab3c047

SHA1
044e52cf7a453292716351208443a3d19486cba6

SHA256
d98f53aa3cc5554851099aa88719189216e79ab36618020c29148f536ec325eb

SHA512
6e5b82102d6d5b1d708c08f2a3b8f34a9ecd727711ffefafd747d4504ba36870bbc137ffff1e30b5efcfbf7489f2675287fa3619b315933d39c7afec94393ae0

Download Submit
/storage/emulated/0/wss11.dat

Filesize
240B

MD5
45df8a4770414b316dea83b9875aea0d

SHA1
ee9743fb12de2342f97a88177281ced290079bce

SHA256
0795bb6a05c3ccde70ef2d6ceec1b1b3dc736c3d11824de144125876a44b14e7

SHA512
b4e0b513091ffad98b4c7b4b45fb885e10922f2be758f62dc87b3e8c9db1f6122ea9a11a13cd24627a8e2431fa20bb036b40a4029b155a82707ffba3601531a8

Download Submit
/storage/emulated/0/wss11.dat

Filesize
288B

MD5
a46c503bfb0904d0c4f16a76682397b7

SHA1
90fcfef2a6aed58ca71af8dde6657b2188b4e388

SHA256
68a1bedde14a576d9762f0a86183315d6c444ea4e8a4bee71bd00f5d512365ea

SHA512
4a6286ae323bb893250358f1f8ca073d225c663cbc2e22b99005f391050a40db5a26b4f20d208d254ec4210a012a386470fbc5fd85117155da1129ee236371ec

Download Submit
/storage/emulated/0/wss11.dat

Filesize
400B

MD5
ae97fc940e865d0360b869f8c31fe871

SHA1
78fbe9ea3321a97fe9e62cf661dc7bdb8b7dcf02

SHA256
b69ad7c9540cca2cca4c668b95b17b6b429df1b36ea4c4d3c7d55d524f1c6087

SHA512
3d29d3ca622204215e4d533abf1d7848eaa7e8596cf1631b8c989ef422b163401395d838d670ece7a5614ed7affb1fca8ade2fc7c86f5fd854a83e2d28ac2b47

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads