Analysis

  • max time kernel
    5s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17/10/2024, 18:54

General

  • Target

    532f73a7da3dc050567903cfb83e72b8_JaffaCakes118.apk

  • Size

    2.6MB

  • MD5

    532f73a7da3dc050567903cfb83e72b8

  • SHA1

    2dd491cdcb5a0418027d03c34fdb4d6058a826b5

  • SHA256

    175fc8ad5d12d48a2bec8ba9ac833d8c829f4744bc24aeea0300f2ea678705d6

  • SHA512

    eab879ee34df393f391f84da264ca2cb6f80b136637bccb467f15bd8241810bfa8a80423a6978569bf08957a56db61970dafca575ad150486fae2f3ecb056a86

  • SSDEEP

    49152:R84LjOD2gLUMPv0Cx7nnLjQfKSg6toEchtG4gDF05jFKo7lDg3s/Bd8diZL034Af:m4/OD+Mn0G7nLMiSg6toEcjG4m05jJ7i

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.android.little
    1⤵
    • Loads dropped Dex/Jar
    PID:4251
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/le/ce.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/le/oat/x86/ce.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4278

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /storage/emulated/0/Android/data/le/ce.zip

          Filesize

          2.3MB

          MD5

          4ac58ad990252994badc06da1640a009

          SHA1

          b13b0059cb1bffb518d8ca4d0e8286dea2949e16

          SHA256

          1027583f1cb4eae246fc3ac66eac3c3db44ada98df5bb1490707174d28f3dc8b

          SHA512

          e6e60476216d2f05aa61e10c25aaf0340a75b56165ca6e2481153bbd4df85578d8ead6f05c05e5716263fca3133e4419c86fc7793ac5fe33a97ee781bef42634

        • /storage/emulated/0/Android/data/le/ce.zip

          Filesize

          1.5MB

          MD5

          487577c4f1b2571ea83da4c91819a90c

          SHA1

          3cc5bb808d8faa4d6cc16978937b6c20b7532cdc

          SHA256

          123d78c48044debe7311e6dd1474d0c253ef960e6e74ee115701815f579ab898

          SHA512

          2cbafe3865d919b6399993bed5c3622bbcc8571b291be77dd2cf8593787a30c1ed2e632f92cd977ddecc8cf39bc4543a86e3900f311e772cc69dad9e912078ae