8749f3c2068d333c72c926a6cab5220fdf384ea5545ee772ddbe3a1c9718ff34

Analysis

max time kernel
147s
max time network
149s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
23-10-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70259b128faa91bbf8da935f4158ece8_JaffaCakes118.apk
Size

5.3MB
MD5

70259b128faa91bbf8da935f4158ece8
SHA1

340f698dedf86d491297097b77f9a390d91bd115
SHA256

8749f3c2068d333c72c926a6cab5220fdf384ea5545ee772ddbe3a1c9718ff34
SHA512

c678e33bc41ecb7f5cf8f5b02507148aa4867126455f78154e912a26b5673863d55142d06aced539d11281cdce2e64ac5332fffd6c209c0558fe4459a46e0d23
SSDEEP

98304:4WANnHx/+RymhCsE205Y/9gnmJo2SSWa0gtHyrHr34egmIPNgJu:JAdR/NXZnm1SSVveLLlIP2g

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

skydownloaderv7.tubemate.stt28.ua81333146v1

pid process

4338 skydownloaderv7.tubemate.stt28.ua81333146v1
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

skydownloaderv7.tubemate.stt28.ua81333146v1

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses skydownloaderv7.tubemate.stt28.ua81333146v1
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

14 ipinfo.io

pid	process
4338	skydownloaderv7.tubemate.stt28.ua81333146v1

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	skydownloaderv7.tubemate.stt28.ua81333146v1

flow	ioc
14	ipinfo.io

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

skydownloaderv7.tubemate.stt28.ua81333146v1

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	skydownloaderv7.tubemate.stt28.ua81333146v1

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

skydownloaderv7.tubemate.stt28.ua81333146v1
1⤵
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
PID:4338

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/skydownloaderv7.tubemate.stt28.ua81333146v1/files/gaClientId

Filesize
36B

MD5
96a56e3f38ca389dafa551a2519065d0

SHA1
98af8a3feca23ef5a01a870f0e0501b249d6cc39

SHA256
3328d76c1128964e43b8dadee919352960ecd4d6fd11b9bab2a967203120f01b

SHA512
eb39406a4dc8ab8c0f8eb8e20b11575294e46e60dd31107831a2ee2cb75d3ee5222043f38116a29ba8682c5490bac1978e6ba0e8ddbdeae73653daefa964d5c8

Download Submit
/storage/emulated/0/Android/data/skydownloaderv7.tubemate.stt28.ua81333146v1/cache/-1754499780.tmp

Filesize
18KB

MD5
77e0586b42d5b16e2b5eb14d7703b506

SHA1
fbb62fae3aa0489fb6e01ca74d07656f3d0106de

SHA256
ecdb52df2f2dd99f37ae393bf781e0bc343eb7effc1621396255319bdd57ebb8

SHA512
0a3f4210c835bf451eedb3ac5ef5af7e3eee7e09195b9dff3f51b930426155e67951db7f4aacef07cab8e35ada37366b71c1b4752568317199ceaca50e3d58e7

Download Submit
/storage/emulated/0/Android/data/skydownloaderv7.tubemate.stt28.ua81333146v1/cache/-1754499780.tmp

Filesize
18KB

MD5
5d57f5f3004b3e55b1a204dac23b80d9

SHA1
76d93b78401c3185186384a69c837e81532ae2be

SHA256
a8d44313a4484acea859ccf7631b4b9b8322b7890a36a909e467c9ef9f1811c0

SHA512
05a522ec9ff7918612d5bcee80a36bc3d1c1de536b76add35f770d0c720d3ed8fb847c01d7e6236c6188f6ab887aef4fee14929c9b78ac31b55a2563d9c451f3

Download Submit
/storage/emulated/0/Android/data/skydownloaderv7.tubemate.stt28.ua81333146v1/cache/-1754499780.tmp

Filesize
18KB

MD5
4b1bf8e76f3038bb9af79ec032284ebb

SHA1
403d61671561f96610bde68f4bf99ce906250cea

SHA256
3dde9af54117612295cb74b46493987f98f44be8fbaf10e1d5037186eda4f4cc

SHA512
ac946e1ddbd733bf754486efc434a46becca5a935ca0a7c21bb8e74a4f71266afb2cbe200b66c3cc5188c36b5433350fd61e3ea78b19dc1a97080bac57b18db6

Download Submit
/storage/emulated/0/Android/data/skydownloaderv7.tubemate.stt28.ua81333146v1/cache/-1754499780.tmp

Filesize
18KB

MD5
1bb7a74f6881b35e32cfa37411a29391

SHA1
84d6e9ad18898ebbce70003fd615b7573d53a226

SHA256
a472c3633a69b4dcf093e421a8d2a64f40541c0fd337f272e0ad69714388392e

SHA512
b2a7129ca58d93f2fc06ee8e531b28014a0807e48a9acbbe835db95c05cc7478f13d9b30ed7a2f5247bb10cff958afb1e744367ecb780e73c3b2e9f006b64d9c

Download Submit
/storage/emulated/0/Android/data/skydownloaderv7.tubemate.stt28.ua81333146v1/cache/-619060238.tmp

Filesize
18KB

MD5
d91ecd97f6747063c83fe1add831f327

SHA1
4714da7b3487f15ed1462d166d1450c4dc6fb731

SHA256
5f118fd05ae61f7020cab042dc4b5a1336c2f56269f292598c397be3db4033b6

SHA512
3828e1e9fba598e58b7331bba779e4d963ebd4a560e993a40ac5620a8e62989f860722449bdec5508f33b42f88f35d09fc8ee09b19aad3e573acadcf69d66946

Download Submit
/storage/emulated/0/temp/com.hermes.superb.booster.tmp

Filesize
2.5MB

MD5
bb818155f8c88a2883d52a1b1dd78e81

SHA1
d21ddf05ee1ebdd4972f24759448bf890b0364f7

SHA256
fbd1f055d71e7de66e09e83deba4c33ba61c91ab096c0939a157123309a9c49a

SHA512
ffde8074ce8db61b04bba996addaa7647be7d0a5074719ecb0712784b48b20f792274aa4c72141cfe7a46345b3cc8889fe009a626de606a951eca3ef5cf3e0b5

Download Submit