8e39f0694ab0d2d8c162cd25738b555e1b7a42c8b29b7386d17e880dfa41750f

Analysis

max time kernel
22s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
23-10-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f6612d138f02c54beafc20b98a4d16c_JaffaCakes118.apk
Size

1.5MB
MD5

6f6612d138f02c54beafc20b98a4d16c
SHA1

3959fbac9bb931835f2d0b389df937dbab0f6a7e
SHA256

8e39f0694ab0d2d8c162cd25738b555e1b7a42c8b29b7386d17e880dfa41750f
SHA512

0a49da912990d9ffcfa86f09fb8e537650461c6001b3b8fe93f8dda58243c6310c48f6fd1fa503ae08b880ab85cc56c4ecbaaa0367d93e625b16ec44a2394293
SSDEEP

24576:C3NUniUTg/FDfY+z+RpHVqFsX9nxOpUPLQcO6bHNQav+APpzjq7inq0:CCEd9KVqFsNxO27PQamAPpz27W

Score

6^/10

discovery persistence

Malware Config

Signatures

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.yybergeanzhi.ruhutianyi

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yybergeanzhi.ruhutianyi
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yybergeanzhi.ruhutianyi

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yybergeanzhi.ruhutianyi
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yybergeanzhi.ruhutianyi

description ioc process

File opened for read /proc/meminfo com.yybergeanzhi.ruhutianyi

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yybergeanzhi.ruhutianyi

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yybergeanzhi.ruhutianyi

description	ioc	process
File opened for read	/proc/meminfo	com.yybergeanzhi.ruhutianyi

com.yybergeanzhi.ruhutianyi
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads