482a99ae6b5193b601cd53dd123bb72161f3dc42d89d09b5e39b1c96de0081cf

Analysis

max time kernel
109s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23-10-2024 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f78dfd49d82a125afb7cd72f31fcaab_JaffaCakes118.apk
Size

6.6MB
MD5

6f78dfd49d82a125afb7cd72f31fcaab
SHA1

48cb220bc26916177d1bca087714e999ff51eec3
SHA256

482a99ae6b5193b601cd53dd123bb72161f3dc42d89d09b5e39b1c96de0081cf
SHA512

80b26da67c8fd74a780eee077e8b3f2b7f473d0f88e1292f18c59a4a74792bc83bf744561368b42f6ae3d8e24484b5b058ed93b0a5652bfb1a72d6a72afb306e
SSDEEP

196608:RWqiz/WrdMfB1+ciTkFKPklBjHPc71eafaYDwV:Rliz/WxaB1z7omBjkpSYDo

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.hh.rabbit_public

ioc process

/system/app/Superuser.apk com.hh.rabbit_public
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.hh.rabbit_public

ioc pid process

/data/data/com.hh.rabbit_public/mix.dex 4463 com.hh.rabbit_public
/data/data/com.hh.rabbit_public/mix.dex 4463 com.hh.rabbit_public
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.hh.rabbit_public

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hh.rabbit_public
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.hh.rabbit_public

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hh.rabbit_public
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.hh.rabbit_public

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.hh.rabbit_public
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.hh.rabbit_public

description ioc process

File opened for read /proc/meminfo com.hh.rabbit_public

ioc	process
/system/app/Superuser.apk	com.hh.rabbit_public

ioc	pid	process
/data/data/com.hh.rabbit_public/mix.dex	4463	com.hh.rabbit_public
/data/data/com.hh.rabbit_public/mix.dex	4463	com.hh.rabbit_public

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hh.rabbit_public

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hh.rabbit_public

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.hh.rabbit_public

description	ioc	process
File opened for read	/proc/meminfo	com.hh.rabbit_public

com.hh.rabbit_public
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4463

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hh.rabbit_public/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.hh.rabbit_public/app_bugly/rqd_record.eup

Filesize
362B

MD5
3f7bacb5da9cd11014115477e52c2315

SHA1
f644d9c5ddba3bb9424ea77e5f84c69eaa727b68

SHA256
dbfd47329f19c7baa86748712b2c58235c009a1a7cccdb3427a1f8893aa8b7d7

SHA512
c440b6619b3957f3f0cb278984213e73ff9fa60926ed3897feabb413016d44ffbf705f84fe410805801653b67aef54cbd59fec3398ff78fd6e078c8ae53212a6

Download Submit
/data/user/0/com.hh.rabbit_public/app_bugly/rqd_record.eup

Filesize
1KB

MD5
c354c73ef6ae3bad7aad2cb1d5705a95

SHA1
466a9c04d368f6d660e274eb000718a74288c44e

SHA256
68197abb9d7603b33aabab31d6e95432c474dadaf255a7904da7296bf9525ba8

SHA512
7298db6bcaa02455c31a8366ddf5fc959c6e3d9d0697e1c541935090dd92fedbf532241e36b7590282502ca85c5072bc3b6f92c68bf28ad6a7f145ef96aad271

Download Submit
/data/user/0/com.hh.rabbit_public/app_bugly/tomb_1729694814652.txt

Filesize
23KB

MD5
ad5ca80d62daddec56be8c0a539e7442

SHA1
2b0e691de156938a82ce2d811921cef33586907d

SHA256
45cde5b97c4f0e28f2354c4b979e3157cf041c53814163159fea62dbecbbdb1f

SHA512
fb5fb7924bafea5a698bc2a24268a207723eeca5079161268bab6aac9ed16a4110f7bc2d3b0852b2cc50b280b3eed8b74effb47f758becb5d9c0a2350d359ebd

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu

Filesize
60KB

MD5
601d0a38c437d8d4bab2aa979e1ed2b1

SHA1
c2fb0266a281372d50fd35bfcbdefdfa88bedd92

SHA256
6ef9d01ca3a8eea5c92ac025a7ffb24bcc8aabdb022a75cdeb336b1827cb7d11

SHA512
d2fdba82b8bea5c30e31ba48228ea547069d1fb72a90fc6f4ee5c5732e90fcbf8d2610beb1357f250478c13c92cae3014e3cea7b4de3e1af3340373be5479922

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu-journal

Filesize
12KB

MD5
16a397962ad1a1302ef9149b4f72c77b

SHA1
3f6fad18544959a7a2463a7517436eda90fe94ea

SHA256
66ddd85ca91d08bf0073d597a8c9132a753bf4fcd6ad17501af2cdb389543007

SHA512
515d70e9bb8b91da7cef05d7a46357c11df560a18f2e89711b469c0b8cb88acd3433e65670c31ef76431150b4ba7c48942b4e9e044188cd24cf88ec1e19c7a60

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu-journal

Filesize
512B

MD5
f1d840c6ed6f7a1863fe7ed3898e8d7e

SHA1
33c8e546dfeea3d3418766dc702e99ca27f37721

SHA256
902481a05f885cb0828f7f586e4e6f72804eecc88800f0d1c6efa5400c11684f

SHA512
071d4e2119c4cf40ff4715f90dc7dc34c56695e07f2304598e3dfb07f28b30c1260bc77ef7eff646425d3e6cf3851641c1abdc4f01e432e89e5c159e5d613967

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu-journal

Filesize
8KB

MD5
adfed52db6d8632c2189f4f227053a18

SHA1
05b468aa1a296d5810b1438307d693f7c1bb2be8

SHA256
2679284b7a6a95a2d6a443742eb5be2389bcb25173df1c4c32e95cdd2be9995d

SHA512
ff224d112798403b475a47c995b8a6798bfadd0832b1014d2b9548b4978c9d55a93bb0a81385463ff3c433aa7886661e601b8b7a3e7b1e0f37606c54cf0d6459

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu-journal

Filesize
8KB

MD5
7c18a9a5c2c859ba28b6c2d3ce3099bc

SHA1
ae0b202fa7ff96f47e342e80c0c69a3cb4d03bf9

SHA256
e4d9d8d14c02a1bbcb253cdf122601fad1048c0a61fca7685c9ae7e5ffa61bf9

SHA512
77d9d64db4826492d7700da1e544200a658bf04a65ccc7950f9af300025ea0485f76fa2326e15046c4bb093bab6d9b592a9d3bc6090ae5a91beb6237c4e00677

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu-journal

Filesize
8KB

MD5
a182879f2da572580ee55266e6f026c1

SHA1
66115bf68b9f3fbc07429e3d90a852ce4c58c3ac

SHA256
6eeeaea06b6088794140d275b009769dd083c4e524703853993f4085255ded1b

SHA512
e7039d829f397119d1996856ab441b67c3b53e7e04b04bb0f696abc961cf75634f164a3534b8ca4e26866a3366cfa73fa09a49505098cc28e56dd9fdff06a922

Download Submit
/data/user/0/com.hh.rabbit_public/databases/bugly_db_legu-journal

Filesize
12KB

MD5
3cf4fe9be721666cbbe70342d5506306

SHA1
3fc2ba84f5f566f865ec1cda3fe26b5b5e8555cb

SHA256
9e2a230deedcc1f3c5097da859f404a1af1538a6b1a842f7cbbea0f50f899c29

SHA512
60605338dd0c85dc568c07b51335030eb721f1b3d6b4daccfb3aa8a43531acdb531ae0e8ef5c0f8a32023ce5ee05d8db69d50aa12b9581c57301a2bf2de59dc8

Download Submit