975a86001a67846180169011ed23c6c0f98cbe9c3413d42d7ece92baf8463c5f

General

Target

56500a265643b42b8333737053255c0d_JaffaCakes118.apk
Size

999KB
MD5

56500a265643b42b8333737053255c0d
SHA1

e2b61809b040b9cbf17dbacc6b556bf0c343dd4c
SHA256

975a86001a67846180169011ed23c6c0f98cbe9c3413d42d7ece92baf8463c5f
SHA512

d29bd6a195eb086525344ec6c0f2d433f24ec2aed5df9acb7e9c18653233751d24659797d25815fc99a05874ddce72c2c1e8603140be0ace78ec7948d1e63ffd
SSDEEP

24576:w2uo+x0fweBUWQhVO9dth0KjuiJEfTAcSqVDby7MJ7KfuSh/X2bGy/:mo+kD+DSZjNkUcSqkisuq+r/

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.noPoint.activity

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.noPoint.activity

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.noPoint.activity

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.noPoint.activity

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.noPoint.activity

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.noPoint.activity

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.noPoint.activity

com.noPoint.activity
1⤵
- Queries information about the current nearby Wi-Fi networks
- Reads the content of the SMS messages.
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4220

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

1

T1627

Geofencing

1

T1627.001

Hide Artifacts

1

T1628

User Evasion

1

T1628.002

Credential Access

Discovery

Location Tracking

1

T1430

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Location Tracking

1

T1430

Protected User Data

1

T1636

SMS Messages

1

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.noPoint.activity/files/Data.Index

Filesize
41KB

MD5
d0b3fdfa1f952d6e6cf4e08a0eee7086

SHA1
74eb7c2040bef7f18220ed1a13471f9518daede6

SHA256
9f9450065da898b605346aa4e5e83125e2d986a35dd8e7fe45993bfa47021b1d

SHA512
fa3985a8e05da008733f1c542c9b6e93161243a20b2be86c43def910b80f8d4a20a034f189cadb44f421139f058e00c8de76aedb1f3c908a07ba4f5898209b7f

Download Submit
/data/data/com.noPoint.activity/files/Data.Index

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/data/com.noPoint.activity/files/Data.Index

Filesize
68B

MD5
77731055735c8fbc576baac5575d5608

SHA1
08cf6c02898b1f0f0cebfe40d249e210ae214d87

SHA256
7ceabbf9109e450c61fbb5902a6e66468d9d6176f29d7d64925f8ad9675b5584

SHA512
b0ed869b5acf581d6f24f659491d6991bc1e0b4aaa7788ed9a436c4abb79fc0a1cffbcadbc4f4f94c305082f5ae30fa207b5e9dc965c2eb9b120045f12e00c70

Download Submit
/data/data/com.noPoint.activity/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
c6f75c1488c290e4fbc3b0e0b2d17c12

SHA1
5e6458862e58dfcc728a9aae2f9105d4007a5f6e

SHA256
dff89f0a627dd6ad09988d1d38171f954379b431fd30e5a4924c42a51cfd7493

SHA512
95c5355d70bb5c2e8a4b575daef96fda3c8f0be398ad848aea6eba4507d4dfe127f0f8e25b21defabe69e1695f45b1732a4008e1aac59e6f1d7a89f364950a21

Download Submit
/data/data/com.noPoint.activity/files/Grid.ca

Filesize
2KB

MD5
bec9e8e26939309c95de826e60e4ff57

SHA1
a2fb5f07eb2b07cb24b99bab34296958f06a2e37

SHA256
7f843610bffe92d37df261310d03ac82b62578c2fe23980bca1b5c0f66277499

SHA512
9aec4832b567a49aa195df5c09a8f9e00b03ad45cfd9930e42251d89a06f98e1c54e82e50d531524feea0fd1f9ce3cb43ad67b507414194e5eba5b74eab282ad

Download Submit
/data/data/com.noPoint.activity/files/Satllite.ca

Filesize
2KB

MD5
0cb132cde7a68b60c8b75e548295a85a

SHA1
08f6f2f2baf967c66da9d62c21966f808cc0bb80

SHA256
790f2c47983f272b693bc640e8fa8682f63a4849323d2b3e58325012733b3976

SHA512
9496a52c20d0333aa45c588938fc094907f8ddaa1a1e5c3e82670efa976a742effe73e7013625058b671632e05a414beae2593b0f916084c60b54055cacf65ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads