023ce9a368ece43992682377d3d341b75b7b54452bad1dc90419a86fd97c980f

Analysis

max time kernel
123s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-10-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31060115e0b126d878cc8c28ab072fa8_JaffaCakes118.apk
Size

1.9MB
MD5

31060115e0b126d878cc8c28ab072fa8
SHA1

f4aeec239475633000386d500f551dd1e57025b7
SHA256

023ce9a368ece43992682377d3d341b75b7b54452bad1dc90419a86fd97c980f
SHA512

9be7b981b20b9efd1529ee789b3f90eda6895cee4da627bb8401771a3db9979dd42f69da374bcdf7c82c1be5c04f7c494e9fa185b5730a7d77d15102fee8eb44
SSDEEP

24576:+8TnIAQH318QfU3zkEriqUfgMpULJHx+zz7uHIA9giY00+QLxe99IqDAFjQGPfU3:+82lMjrOBYSU9H0zkIAChFxIVm0KC

Score

7^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
31	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.szds217

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.szds217

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.szds217

com.szds217
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4627

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.szds217/files/mobclick_agent_cached_com.szds217

Filesize
100B

MD5
7a021eb99971063690ddf118687da5ba

SHA1
90f300a56464b5033936dcbfe6409b024f2160d3

SHA256
23a48b651e6ae393b1ee4824bb290b8bc9d7607bbda13a72c8abe85daca3ec26

SHA512
28acf8ed3a741be11ba1ae7beef1c0908f4967e0e7b1c615e781893d2eac914a59b379578c6270abb77af9358f326edf8834423e2665c6b4f8c64107d42ce1d6

Download Submit
/storage/emulated/0/apkB/b.apk

Filesize
982KB

MD5
e6658f97192b31a14f9142cdca67f54e

SHA1
900971b86950af115dd829b925fc42d51773d0b5

SHA256
e2cb52fcd8a17d6854c048d44a22f28c45e2f7d20e6f2914f735c7f268988383

SHA512
942d2b2f56c4dbb3acbad8176852426e3e461fe1b4e0689ec023fc8b59e4b41b674e62d11e385cf16eb6853f191589c5be71ed5750c5aff017e74b1c89f193f3

Download Submit
/storage/emulated/0/apkB/readme.html

Filesize
1KB

MD5
9d3aa42ed6e7a379823ddc7f347da4f4

SHA1
c05a1f06b7fc0a4a4e64c9a74a556e26a9801ba0

SHA256
bf6a8cfa0e013c49b3809d4607235319dab24466a01d55970f6c686fdc34af35

SHA512
b951b1424e2bd221cea73fa347d670e0d655acb7e369be134aa0a437ed7af311e78174765d3d6f0f8193bba2460248c4be023d27a8de319aebf6a6f756cbb7b4

Download Submit
/storage/emulated/0/apkB/yizan.html

Filesize
1KB

MD5
f7e1a18c70f3e778e9d4286ef843e9ca

SHA1
78b1bcc6a11388333188a99df5d2935310b3bc22

SHA256
923031db4a7331ae56a78d31221c8e8202fb04224861c309eaa224fd41b5e098

SHA512
e242fcd677e62b3d0ea97e4507dd91a9524d1ee9772b9393c14a93772f4b1fde497a8ac9047c065494d8af416a83fa1189111ec5be64c092989ffb95772ed3bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads