69d6e1903a69efcc2fbcd36a4aa822e29aa600049a2a4d796506f3a60f55078a

Analysis

max time kernel
13s
max time network
141s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-10-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

309fcea9b0d2bb9b434e548e1a721bbf_JaffaCakes118.apk
Size

645KB
MD5

309fcea9b0d2bb9b434e548e1a721bbf
SHA1

418e95eec86d3fbdc7badfc84b015dd061eedd92
SHA256

69d6e1903a69efcc2fbcd36a4aa822e29aa600049a2a4d796506f3a60f55078a
SHA512

210f9bea05ab9cae41d461238d6a8cc5ebcc0b9a555387c1bac9f5ecb8bb2dfeefa30671d9afbb62e83ead12ff492b8271e0e56b420abb877d108c09042ba036
SSDEEP

12288:Tq4GI+ToiBey1biPo1cH6QNclngREhhBCm5aZeFN9RIpkpf:G4GIYlBeTA1Y6QNclhwZKmpu

Score

7^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.ca/oTpiBCh.jar	5047	BETnfi.IXOvv.cNyavJL

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	BETnfi.IXOvv.cNyavJL

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	BETnfi.IXOvv.cNyavJL

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	BETnfi.IXOvv.cNyavJL

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	BETnfi.IXOvv.cNyavJL

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	BETnfi.IXOvv.cNyavJL

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	BETnfi.IXOvv.cNyavJL

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	BETnfi.IXOvv.cNyavJL

BETnfi.IXOvv.cNyavJL
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5047

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db

Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
3c367789d976983b13d556c1a1307ab9

SHA1
b4b6af5607e5726779f678e2de06c095f3a2e9f0

SHA256
7e3601e300b7cae3b5d7435617f59861b09f3aff3d6834c4271242257400afba

SHA512
1aa92d69c832c95859c3c3f499e1c499f9b79740b454c55ae4622be127c4ef176245e636da835dab99c546d7a8c5976b9e82d1af268aa0ab752a6c412ce1fc1e

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
87c26934d6e6d0c6a92849f37ebf6383

SHA1
3dda7b13bbc2a7344b38391978a305df793fe668

SHA256
510fcccfcb590863417515471702096c4c60cf038971d79ae791bf7ce8ea22c6

SHA512
4905f1bd1449517d979f1feed18c2e3e834aedf287b4c50c5fd89deed4e5bf6d4c6cb508e9289e4f85b372a31ae69e255d8abed3bf41cf7530291de4d5392c8e

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
12KB

MD5
54c04133a0bf2916798706d69058c92f

SHA1
a61641b3bf02a7c3ab26ab5aa797bbc2ab253898

SHA256
bfb1a78facc3f00ee39770cb450356d2173dea4d2b887864f1c02ac290de3c92

SHA512
9a945b98549252086170686c3b988462a66b1384544041b0db8d3bd7ca70b520f9e13304d2fab0f7c7b09ee752cd056651f0a47a7f8f47ea8d42267d6de9b170

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
512B

MD5
799a29cb60b59afb13630c084b5087b0

SHA1
87d9f8d6158904a34e36297ba7f1162cd6455f86

SHA256
bc2ece82272b59e733970a0fb3c36e123d590993aa914dedae8d9450d264318b

SHA512
9d3c2bd749dae32c467c7c98fa7b526ead9eb6b0fd53887509ecf6fc3522cc2f4fc2bc1ff2d5c3541ff7b68c73de1c1372fb4443324601868ae7b1e5224fd293

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
aa66d2c933f3f39ce273baf1f36fe811

SHA1
0b967a8584a9408f91ceee08b0d37d6434666c9d

SHA256
44a9afd327fa96a31e952ac2e23fd3b7df6d9f5f02f9d9d405e1b50749d476e0

SHA512
184ca4e4adef3f82d7f833e1bd5424a0b4db0ecfcd2b856f55e71c631d599142ffa60d5f6d6f926b06988164c48b1387fb23e5ac57cd25b1a6e33706061e75ca

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
f7e7cff92e129a3a184835ecc3f0c18d

SHA1
00317ef84fe1045c1995aa0700813268420b6317

SHA256
58378855c69457bd0882033964f8b9cc0d5c122c6c6ba67c760cf6f5e59a2ef6

SHA512
48de66b2d00ecee5fbef695ce3e7d3b1bc99eb3af0d8def8ee4bf69322876ee7d68a701b21be5df51f36077fecac9b7d66556ebee0dd7a9e5b6350aa3cb83d26

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/files/.ca/oTpiBCh.jar

Filesize
136KB

MD5
da400e664ffe188af1a8b4b816b13e05

SHA1
8ea021f6b29ec591e2e405760430b9177b8d8ce9

SHA256
bebb732971c524415c51c9c26505faae9ffafc78d861b13e63eeb762aa5d8f3d

SHA512
19f79d0eadd410fa1e055cfd20c94992f59c2d69bd1e46539d197d315fd40c81e811a2a99a8fcc31c7f2024d56f0b172666774085b80f7f01a13199c332f647f

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e74dadb97c3fa5f8a1dbc5e39014054a

SHA1
3cec527a7ff3877055f93c817b0791c8a8469eee

SHA256
ec303f60329f13066f1a64466be7bf3e86238d3f6887631d60a65edf5333d926

SHA512
970ef507f802692263e14eefd563577a18cc09fe6ce1731f15c5a8abe6dc914a603d86b7ea373f52753f67cc1ab7249042cd7bfedca5cedb29031fa45583e20f

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/files/umeng_it.cache

Filesize
348B

MD5
f1feda6ff2569d1469f5b8d0bdc6497c

SHA1
b1a6282b699426ae15c372aca4bf236ea34cbeeb

SHA256
f5e2c964ab49c6748237b1604b5a80702e58e897219a1a95a71c775293749e8b

SHA512
42676bbac530dcacd884f1c3360cb4d8151a0d3ba0f01f17bd7fb723f5213d50e3dd1bbe663302bf5b6964d55970aeb1965ac891255a9822d66ad341fd894381

Download Submit
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.ca/oTpiBCh.jar

Filesize
322KB

MD5
d44aeaef68de95cdf62ea164966321d3

SHA1
84baf39cb6ea7143d17aa70fb2efb2139761ce5f

SHA256
3ca53073d7e0800ba56edd33417dc8da9148975e91a3264338f64c6bd480eca4

SHA512
ba04f28a1128819c34eebc236497cf2a11ce031b3be486dff2f0d0f2987ca9fe545d142a9a9bd272657bacb4f125ac85ea29f8dee79a455cd1b175b8b3a43f48

Download Submit
/storage/emulated/0/Download/channel_conf

Filesize
5B

MD5
03c5f1129f771ef9352c95d0bdad5049

SHA1
1dae85e1d84617b1cbd6412d40db03f64c6e25ee

SHA256
4e69104b1d79e3943577df4af5b6f983b9b24904d3d0f54d0595eba87b63e12f

SHA512
58dafd5b8f00f175954f177a2dfb449f9f4e125a9248f47db6ae0006f7eb6c7fea747c6bceaac0d561642f2baf7c0b6a74f338a3763e224a640eb1cd1c863d69

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads