ffddef5f1b6d3e9d2fa6da987fbc78c53adb21b91528b0bd2490b7ef29f0bca7

Analysis

max time kernel
148s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23-10-2024 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Size

2.2MB
MD5

6fdf34d17f3a3775b82c1dd5fdf01db7
SHA1

38fe5652102703168d23ed58db9f9f9846df6214
SHA256

ffddef5f1b6d3e9d2fa6da987fbc78c53adb21b91528b0bd2490b7ef29f0bca7
SHA512

790bb21b90a530437c3f758dc82b255cfeaa9c0242f5c7d9d6609e9057ce7ff9f0145933fc979ae01cb956547a20147ba81d3905d26484918bebbe2c49dd70bb
SSDEEP

49152:APoTtBnmh+HpT7E7WkTcTJLTna1YiYNK4ziBBnmPJ:APatBmh+HpTYpTuLTMHYNKkeBmPJ

Score

8^/10

banker collection credential_access discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.main.haha

pid process

4455 com.main.haha
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.main.haha

ioc pid process

/data/user/0/com.main.haha/app_ttmp/t.jar 4455 com.main.haha
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.main.haha

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.main.haha
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.main.haha

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.main.haha
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.main.haha

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.main.haha
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.main.haha

description ioc process

File opened for read /proc/meminfo com.main.haha

pid	process
4455	com.main.haha

ioc	pid	process
/data/user/0/com.main.haha/app_ttmp/t.jar	4455	com.main.haha

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.main.haha

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.main.haha

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.main.haha

description	ioc	process
File opened for read	/proc/meminfo	com.main.haha

com.main.haha
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4455

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.main.haha/app_ttmp/t.jar

Filesize
187KB

MD5
8b2fab499ed1ae4e6a65b81db8843644

SHA1
75e1d393281ff9b62af50bd2ad51a3bb01641517

SHA256
17106cb4686d5eeac9246cb1d219b202f2b1f3958eac1551b205c599924a971a

SHA512
ba3d57a0df75f9fe069994e755f8057dbd5895cdf157900390a9a7e2bf51f9f77b04a4a24a68186c9afd2af278158b9733d29e966cec82db447acf4db7be432c

Download Submit
/data/user/0/com.main.haha/app_ttmp/t.jar

Filesize
187KB

MD5
205fe9ba67b46c4c369adc1e689f05bc

SHA1
8a6d40ee4e6fd890d6ba79e38a2265cbe3363ef2

SHA256
76bf2a99ee9ffbd6d424ce55243e06ead91725832b543778215dd1e2dcaaecd6

SHA512
3c5703da2be0c9d401c118e9a6576e8cf18cd05d726f8b5087ee1aebc9f234e1bcfd12bb3453a3b4cdc9de78f6a9be476e4bc32baa9591cad9492afc80619be5

Download Submit
/data/user/0/com.main.haha/app_ttmp/t.jar

Filesize
398KB

MD5
6433e446614644586fe9259d11acb08a

SHA1
a456afdd1fa81c878d0d2b69ec609baa1f29265a

SHA256
7b67244da231d8d026aeb4a877dbafa0915b6afc96ee36d1d1f2da49007360f8

SHA512
3362ffcc1838d7b3d282473abee63e653b6705901719cf03fba75f9e9f375d64895b7469dbc8928fd519febedf1b1a767515cbc474fdf2055c44ec63a41ff08c

Download Submit
/data/user/0/com.main.haha/databases/com.main.hahab

Filesize
72KB

MD5
47a6c3566901810acbffd0c79bb1e71f

SHA1
0832d476bd80fcf94cebd7d6263f7f1c6e7141d9

SHA256
79a8bafc13e3b88a1a73767cd74860bc20b4e5ca4fe3749d59197c83bd9b52b9

SHA512
8a359fb114f64bce7321529fc3b57adcb675c5b99a4217acfb278b6d0057f0799bace39ca40bde4af601d65fad22128127cd6182d103a3448d85a658ab478ec5

Download Submit
/data/user/0/com.main.haha/databases/com.main.hahab-journal

Filesize
512B

MD5
78fe32b5cde7e3530deebbbb9fbd4302

SHA1
6e873948c47691db82658a9a38314347126257ea

SHA256
64f61c215878f032bb401b9ec996151dbcf47c6a960dacce6c69e5bab3ed3c7d

SHA512
3ae9535b35d0ad894f29c37ab8c0c50a8e092e058bf190314e696dff244213d59715c4da100c06e19b62f4db7ae52b6cb1ea0afd476c009fabdf2b81c7453a2a

Download Submit
/data/user/0/com.main.haha/databases/com.main.hahab-journal

Filesize
8KB

MD5
d7d2f500202f0a2ecd704f6749a433fa

SHA1
c86ff6735ca688204f456cb0d933c01ac429ba15

SHA256
6f0c8200b74ad20dcb238517d266ad8c7e72e57e75c8898ea6638dcf6ce33e90

SHA512
823414b9296bf53695e377f9b557610a3da518f1ff8c5d2d9f8787918a88c1a92f6ca01d94d0a943b789e64f6b8528c5d1c5197cf06d43bbb105c69eb2ac7e48

Download Submit
/data/user/0/com.main.haha/databases/com.main.hahab-journal

Filesize
8KB

MD5
64868fe3cea921fb79b6e437240901bd

SHA1
2ac76ba2d585e87aea445d45d46d296bbc225237

SHA256
39a8444c3dea767b794bc8b46598c4bde633e9da78659c88730931c3d12a9b22

SHA512
f3920b5810dc4d2440d210a1caceca8dbd274ebf990268234d81abf57f84d39a64a8b15d7a778adfa64be8fa20f5437a0cc616b56fa33b6aac010b5c7671d6f4

Download Submit
/data/user/0/com.main.haha/databases/com.main.hahab-journal

Filesize
12KB

MD5
df8e784e5e0bc46599495f6761e5bea8

SHA1
bfb880b7a340021bf88394b55253bc773859e81c

SHA256
494c32494bd9aabcd35b2a2c10a402f484d7df368823f9b2281097c8d68fd7d6

SHA512
2e7823651b3e74480b2bef05906f6d8e09765bef1144119293b43b79e1117deec6e884aecc65fb6f70fe42760acd07a39d7fb95b7eee05ea29cae7d3441d16f1

Download Submit
/data/user/0/com.main.haha/databases/com.main.hahab-journal

Filesize
12KB

MD5
0fcdff76b2c3392cb5131917d3d16f3f

SHA1
99ba7db9a92e6edaa776e062a1970460fc5f483d

SHA256
ec9ec124734787ac6c7998dac801bac73ddefe9072f4cbaf546e8200ecadb56e

SHA512
f2f94c803577e3c4d2e1561d713ea97d24584feda5a85e79ff13b2d7e813d8d99a213d265d159875ceb62fbe91f2cb4b95681712a700d4e3bd548580d7dc1862

Download Submit