8265b2e8bcfe0422faedcfcbca4b93b98a62ce4b63b0c048d34f64a8e0046974

Analysis

max time kernel
8s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-10-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f23a41f5e69cc67da24e829a3b798a4_JaffaCakes118.apk
Size

1.5MB
MD5

6f23a41f5e69cc67da24e829a3b798a4
SHA1

8a3d2c9a6abbe6d7a8f495310fdda05cfe6f3f4d
SHA256

8265b2e8bcfe0422faedcfcbca4b93b98a62ce4b63b0c048d34f64a8e0046974
SHA512

fa526660f6f41a8b021868a973812f63dcc0b208e916812fedf54174a715c0a7fc69b79c1f01a9e66f3765908c3ce7f5b64a02ac76d55d0335eb2fd105f86476
SSDEEP

24576:RDrDqhGPmOFJkDUHc+gxvnJm9VPNsJdE0Jl1jMzp2PGHTBbbg+ZaifIdzi4tBjCQ:RDr+GPmOFJcU8JxPJwVG00Jl1jMzp2e6

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

info.rhmipkj.ihijtk.sptvs

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo info.rhmipkj.ihijtk.sptvs
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

info.rhmipkj.ihijtk.sptvs

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone info.rhmipkj.ihijtk.sptvs
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

info.rhmipkj.ihijtk.sptvs

description ioc process

Framework service call android.app.IActivityManager.registerReceiver info.rhmipkj.ihijtk.sptvs
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

info.rhmipkj.ihijtk.sptvs

description ioc process

Framework API call javax.crypto.Cipher.doFinal info.rhmipkj.ihijtk.sptvs

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	info.rhmipkj.ihijtk.sptvs

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	info.rhmipkj.ihijtk.sptvs

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	info.rhmipkj.ihijtk.sptvs

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	info.rhmipkj.ihijtk.sptvs

info.rhmipkj.ihijtk.sptvs
1⤵
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4991

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads