Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    19-10-2024 23:11

General

  • Target

    5f2a21c5569b01486fb791784aff7005_JaffaCakes118.apk

  • Size

    3.1MB

  • MD5

    5f2a21c5569b01486fb791784aff7005

  • SHA1

    5c674b4543573ddc6008e9d013fbf5001fd3b923

  • SHA256

    9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906

  • SHA512

    155a1b34bc78cd55fe4bb10dc8b5bafa65e23e6be4ee01a6139fc5bfb4b4ae9008fe2960b2ad4c5c9faa4ae4a8805c1e07edd790d745d5ede5ca766729ee653a

  • SSDEEP

    98304:ozQtjfDm3PO06zgBr3XlEY2P/nfyF3wBlAVI:oMhm/6z6T1EYWfyy

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.lxqbcgkl.uzkzdvx
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4260
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4288

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/tmp-base.apk.classes8740677427164440178.zip

    Filesize

    378KB

    MD5

    5c3f18fabc8a15521d28e2593cc9398a

    SHA1

    b645b9a66a492bc8ffab125c3b16ff0d8e3f27ee

    SHA256

    08278db78ac09ffbfe5d0c13f09055d32ce449fcf1e4a8de11c45586fbebb73b

    SHA512

    d521589acdc996ac546fe9065eeada58af775659712d9937a832025bad7582751817b7121b6a774625ffcba4c0a3cd9903fb67d3cdf88e9abefec34f39efcef7

  • /data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    7195b1299806d409d6dd8e0218f5f0ae

    SHA1

    773ecdbf524f3f1d25b9150907318f79702c2db9

    SHA256

    669fb2a207c8c7cc76b19faa3516fccb689bd2f6fb730234aeef8b4fcdadde29

    SHA512

    294d0beb255bb0ee83ce00f6839b8f7a285c0c797661a9bf5fbd96dd4c4da69fff3f46cd712dcdcdf89b60d75c09c95ab44118b8fe72c1b17d9a2baba219b577

  • /data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    70dea65e5b97b54ee38d507bc3832747

    SHA1

    8b5db2666a7c5317989c441e0819c988c76ad0ae

    SHA256

    6e8d99f6dfbb9b7eff88dea1a3ecbb1a71c0a15e80f345516f1f9071b9be1def

    SHA512

    cfa330cd7f8945fe78a477787e058d2cf50313e5af8a60aec735c2314e27c6c1cb275f0d5fb9c3fbe11d1aa8b2b25ed42c69ba5a3e3a17813436511750bccbb4