Overview

overview

7

Static

static

6

3ba4ca30b9...18.apk

android-9-x86

7

Analysis

  • max time kernel
    66s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    12/10/2024, 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ba4ca30b92c73a46bdf54ba0c88a014_JaffaCakes118.apk

  • Size

    782KB

  • MD5

    3ba4ca30b92c73a46bdf54ba0c88a014

  • SHA1

    cb5d93c4238dc834b9109e98b422ec8253806235

  • SHA256

    4296bfed85e0f2e89eb4073b181fd4a5f873e41d75145d7d36abd4cfe490f984

  • SHA512

    909c0007a5a2f0a13fa49580774ac233a6f8ac808c85df03ca06ab27fbc0ae258ea21710d5ba706030e5cc1d65fb9b5feccb024b4394ce6e31c1a0fe05b0a5ba

  • SSDEEP

    24576:KjBkrTMjL1W1OYuB8b+j8Sf5qdP4pldf6:KjsTMjL1W1OYuB8ldgrdf6

Score
7/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.supe.xboost
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4218
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.supe.xboost/files/jZsAzDtrpiTWJBnNbootloader.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.supe.xboost/files/oat/x86/jZsAzDtrpiTWJBnNbootloader.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4278
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.supe.xboost/files/RLhKdVeQpSqZxDgxsa.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.supe.xboost/files/oat/x86/RLhKdVeQpSqZxDgxsa.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4302
  • com.supe.xboost:haha.phoenix_process
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4392

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.supe.xboost/files/RLhKdVeQpSqZxDgxsa.jar
    Filesize

    198KB

    MD5

    2ed3a8d06eb47bc1d87e28b9139bc3b2

    SHA1

    312a6fc6348563f3df56731b86353b3263d85a55

    SHA256

    f7b964ed3eb656c2f8349dab30538cc345fabc5c526f38bebb6f9aa2b32e023e

    SHA512

    4e3fe8497f6e82ad8a91c1e33107a93580820fff151eef27cd16a8dd245304a2eed7b1ebb6aa8eab5beec6b4203dcbe55d8791f5ca6042d08eb92ae1bd5bf4c4

    Download Submit

  • /data/data/com.supe.xboost/files/jZsAzDtrpiTWJBnNbootloader.jar
    Filesize

    6KB

    MD5

    a7bb88d0d95d623f1be055fe7f72efb5

    SHA1

    d7d129fbe3f2c421268bd11a82c6aa91c94dd027

    SHA256

    125a8e68733ee008629728400a5edf884291364b7b0051bed5c664d3c2d905ba

    SHA512

    8fdcf0bf73c18b32ddafec64b0199be8951fe5cd2eb1610752810ae35097ed2bf5938f3cb7451db29661321300e0f781a037fa6d75e1faed0be09d0aacd73a94

    Download Submit

  • /data/data/com.supe.xboost/files/librEMKayiwUmcTNRxebootstrap.so
    Filesize

    17KB

    MD5

    bf2232f2ab840523c4aa82c16ba1176e

    SHA1

    895b96224dc2999a594e048ca48e21e7a5f2a754

    SHA256

    7a0674bf1832b0b157f055b1817bdbb226c1dc506d2ef13b5fb127f857dd7fd0

    SHA512

    871bbd37e0928d0f23ced5dd0970a0c3f1807c29f1fb97361846df91aec15377381bbb4b0ab5fe0b352fec888ed2fa7fec279ec41c2aff502f9a0eaed784563a

    Download Submit

  • /data/data/com.supe.xboost/files/wDTUdWfhadXFVgVPdaemon.so
    Filesize

    25KB

    MD5

    25220268331ec9692306c31027124772

    SHA1

    d40d1eddebd62eed5a79925f5f99a0a19b097e7f

    SHA256

    3f4ba2f70da3a6b4a0d2beccb59aa239fe3e9c95c111940610b2088ae5048673

    SHA512

    30d300c555a5c7e9efcad872a3b60cf4f27bd4f14c2df6bf4cc0809e2f0940c56600518f499d4b8de7f23224470f96e5c98a754882d81f93e24473b9d47c44e5

    Download Submit

  • /data/user/0/com.supe.xboost/files/RLhKdVeQpSqZxDgxsa.jar
    Filesize

    583KB

    MD5

    3a4c1897405e98c32547fe15a6ffc24b

    SHA1

    8119e5b4184a8feb7b806a036a9b4bfe00ee409c

    SHA256

    51e0119d52fa731327021fdde8781847d3597aedf96b45a5a5c3603c9b9dfe54

    SHA512

    b7da4814fe29b03b778b24d1a023145404c83e76bdde659b68846041b026b11a35b62f6d46469b71c833e7f46ae0961f505b517fc2f54b262bb2b0204c184a0a

    Download Submit

  • /data/user/0/com.supe.xboost/files/RLhKdVeQpSqZxDgxsa.jar
    Filesize

    583KB

    MD5

    0e17f299682025e0ed1f01027957f719

    SHA1

    6d885257a553ada2e319d7548fde020106e14fda

    SHA256

    71bd07d5303576b7e8b9a4a3b4fe15c85502f2175bd276da750db7dcb8a8e7b9

    SHA512

    c5eb550d0dd127c4f635c5dbae4a79c262b53dfd06021290b190c4ffabf7219018454b927af5ea943a6fd0d1fda171d633d74efc0b09ca9097bee5ae75c04e9d

    Download Submit

  • /data/user/0/com.supe.xboost/files/jZsAzDtrpiTWJBnNbootloader.jar
    Filesize

    12KB

    MD5

    2f2328797c995dfe20af0fb7d56ee09b

    SHA1

    bbe1554ff2c75cce8172782d7d6a1b7aa602aa81

    SHA256

    ba31d8bad9b504e6e3d1e3d205a0927613f50d28c7baeea3c1ac6e887a7d6a0a

    SHA512

    8fece49b882c96dcfebe4c9f82fd9bb39c4c3b8084378d08651719c78591f5950f0c9c04be821294410fd3f81bf3af032e8b85236d7ec2c7e4b0ee47fd0a2246

    Download Submit

  • /data/user/0/com.supe.xboost/files/jZsAzDtrpiTWJBnNbootloader.jar
    Filesize

    12KB

    MD5

    1a9f37f7efbb11b07212d74ca793b7d1

    SHA1

    b29fb5a70b719ebc70b0756b27d0af07571cd234

    SHA256

    ad96d4e8643cc84135fdb595e2d5a0e866678b5e52da975ec8a66e9aaabe9440

    SHA512

    38f6ec90a6a72cbcf46b6fdae3486a19cf69567b81848a30c7745c2047e8a47ff7aaed001f1f41559b1b9d3fbc2d3cd146d3d17521887c49bb8222310914b8bb

    Download Submit