69d6e1903a69efcc2fbcd36a4aa822e29aa600049a2a4d796506f3a60f55078a

Analysis

max time kernel
145s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-10-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

309fcea9b0d2bb9b434e548e1a721bbf_JaffaCakes118.apk
Size

645KB
MD5

309fcea9b0d2bb9b434e548e1a721bbf
SHA1

418e95eec86d3fbdc7badfc84b015dd061eedd92
SHA256

69d6e1903a69efcc2fbcd36a4aa822e29aa600049a2a4d796506f3a60f55078a
SHA512

210f9bea05ab9cae41d461238d6a8cc5ebcc0b9a555387c1bac9f5ecb8bb2dfeefa30671d9afbb62e83ead12ff492b8271e0e56b420abb877d108c09042ba036
SSDEEP

12288:Tq4GI+ToiBey1biPo1cH6QNclngREhhBCm5aZeFN9RIpkpf:G4GIYlBeTA1Y6QNclhwZKmpu

Score

7^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.ca/oTpiBCh.jar	4659	BETnfi.IXOvv.cNyavJL

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	BETnfi.IXOvv.cNyavJL

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
31	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	BETnfi.IXOvv.cNyavJL

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	BETnfi.IXOvv.cNyavJL

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	BETnfi.IXOvv.cNyavJL

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	BETnfi.IXOvv.cNyavJL

BETnfi.IXOvv.cNyavJL
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
- Checks memory information
PID:4659

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
34eecf31d658a416d0cd5d42bf3fc388

SHA1
9e686b328d3e5d6837774cd51d100282b52d4113

SHA256
1b4d54384669b1051e09bf303393f0810b29fc601885617d3bc003a0331c2279

SHA512
078ab7f8f6afd6107312faf5962c3727122673ce56610807c4975e08694f9c32c67afdf7b630a9b6e2534588044e1a00413fa2e043c0bdd3213a8232aac1a6e8

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
6f424fbd89521b683f7a17776041d728

SHA1
2c6e8d1bf87e8a986afebe6a61822a9ec89526db

SHA256
031c2e666a04a602556bdfd61fcbe91f28a5717988e10b461bb79972336a5e9d

SHA512
30610621e51e0158527c4f1ff63c3d87e7b1f9701a25bd98622c4f523404e6059d8d075999713fbccbc37b11b0e641de4401c9ecef46b6bc6520af707717d290

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
12KB

MD5
de2152f4d1e6ac2fb41594e7393821fa

SHA1
006868f3cb134281cd5a09d2e147d53749ae47b2

SHA256
8327382aab06ff0cafe6f420d37ab2f7481cb61d1713e11f037260cfa839d5ae

SHA512
0f440e8bf95bbd29c731d72896d495009cc979892a618497ca6b5d141a9bde9793a26bffe77702fc785d42229340bf53ba6436085c85d9109375e8256055952d

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
512B

MD5
1e73a5f1ea28e8078822a6e159b38ee3

SHA1
dd320ec3a425313a3bbbd96d2e3a8921371f37b1

SHA256
b0cca5227be6adf82b5fe343e089ad0c253c58c87ac074959286eb1cc0cacbc4

SHA512
8ea7851ae4a3944ffea9b2a04dbdd318f52952d82d23390296ac4393ac71fe3358be8895825c8bac22baa46678c46556887bd3ed649cab2d610e25e847686d08

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
0e37844a259becabfb016615a0756763

SHA1
654f3b12242fdfa2edd7999833bab4ffa7d722dd

SHA256
36f106272296abb69a234e3cc201ad0df6188cf12d7d6430b7c1826e15dbc3de

SHA512
b7d3d63fa3c6dc0e54de652135c46db9c3ff1f1505f057ff0109937f1d56d22acfd45694eae2da0027186a10056d68faf54f7bdd16991677338fedffa556f9f4

Download Submit
/data/data/BETnfi.IXOvv.cNyavJL/databases/cc/cc.db-journal

Filesize
8KB

MD5
68bb84371dcee39cdb9965ba6b22802d

SHA1
e4c398a2e7013717e46e08daab53079ee531a215

SHA256
53e8ff9c6253cb83c040996949b7a19848c5dc46ca473491f451024230df6cc6

SHA512
0fd69db3c91fe5fab02227d3cfb1ef514d27613dc078dfd0e53e005a8d9f24cf963333f2f7f6e5f4f8986b5d816c8a023141a71ef1be94a4bcfcaf2e41147ed4

Download Submit
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.ca/oTpiBCh.jar

Filesize
136KB

MD5
da400e664ffe188af1a8b4b816b13e05

SHA1
8ea021f6b29ec591e2e405760430b9177b8d8ce9

SHA256
bebb732971c524415c51c9c26505faae9ffafc78d861b13e63eeb762aa5d8f3d

SHA512
19f79d0eadd410fa1e055cfd20c94992f59c2d69bd1e46539d197d315fd40c81e811a2a99a8fcc31c7f2024d56f0b172666774085b80f7f01a13199c332f647f

Download Submit
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.ca/oTpiBCh.jar

Filesize
322KB

MD5
d44aeaef68de95cdf62ea164966321d3

SHA1
84baf39cb6ea7143d17aa70fb2efb2139761ce5f

SHA256
3ca53073d7e0800ba56edd33417dc8da9148975e91a3264338f64c6bd480eca4

SHA512
ba04f28a1128819c34eebc236497cf2a11ce031b3be486dff2f0d0f2987ca9fe545d142a9a9bd272657bacb4f125ac85ea29f8dee79a455cd1b175b8b3a43f48

Download Submit
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.um/um_cache_1728574706462.env

Filesize
1019B

MD5
dcef38b637ab46ad5f2412d890609484

SHA1
bed30d5d7b85dcd26c9c392caa349d4e19478dd5

SHA256
130e93779d3854ec13ef399b2d5cf189ba0bdd1db964235b45798d800af510a8

SHA512
9a685d47f94d868ac6b7ee1158be5e0b6143676088288d53c0f006c32f94c5d4163cdcc8f1af149f40c7a94e26425466bc72a5cf2adc5dbde16b9ec94009eaf3

Download Submit
/data/user/0/BETnfi.IXOvv.cNyavJL/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3ad2f0b6e179130b0de3b3e06c33b229

SHA1
4353b0288ab027dfbb865e13633486241d55ffd8

SHA256
04780a6fba7ad9bad401931950beef894a6b4a6d8a16fc732ea5a2a8ea12838a

SHA512
511cdf86d3c19193746b9b1415759ca1ef8c2da83910b60e5d5e62c916470bbfe457f5a5bc6e7a50ebde1c06a56fa6d0928604630963c2b58687903d78a0522d

Download Submit
/data/user/0/BETnfi.IXOvv.cNyavJL/files/umeng_it.cache

Filesize
352B

MD5
6ea0134e0fce224a1caa49661386bb8c

SHA1
22e7d82dfac4231e86460a9bca745a45ef34b76d

SHA256
e79f21c06f94d04e5afda6e18479da3f6e784b8cea29bb6da17cdd645e595b8b

SHA512
05f4f2f4785d8dbe90c5a3d547ebb6f14717b3f213523f2732eb371873a7382874391291367a69ed5a15f0666a24110478f36f4e2a51b45281b2ac75d2e7bfc8

Download Submit
/storage/emulated/0/Download/channel_conf

Filesize
5B

MD5
03c5f1129f771ef9352c95d0bdad5049

SHA1
1dae85e1d84617b1cbd6412d40db03f64c6e25ee

SHA256
4e69104b1d79e3943577df4af5b6f983b9b24904d3d0f54d0595eba87b63e12f

SHA512
58dafd5b8f00f175954f177a2dfb449f9f4e125a9248f47db6ae0006f7eb6c7fea747c6bceaac0d561642f2baf7c0b6a74f338a3763e224a640eb1cd1c863d69

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads