40778e89c5d071440f088173f049bcacbc7887d6544d420077e89fae819f265f

Analysis

max time kernel
4s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-11-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e5b621238957743a367298ba9bfa868_JaffaCakes118.apk
Size

5.0MB
MD5

9e5b621238957743a367298ba9bfa868
SHA1

5de3ef15cf348210675e148cb891dd3cb0c0b0aa
SHA256

40778e89c5d071440f088173f049bcacbc7887d6544d420077e89fae819f265f
SHA512

2e502ffe9ce80332db68cc25ad5530ffb07c17bf8cef157cc8b5b72a160d2cf9d3c26d292f2c512a46e38a5aa4a46d18886545d0784219aa6660869b21a5c837
SSDEEP

98304:Y7qlXKiSandODxfM6DSDSVWNhkS2bGFSIbcOA3SDvA0pYT6lGi72lvdjmDQu0:9XKitulxDtVg+f2SObvjAPT6n29d0Qu0

Score

7^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.vocjl.scidr

ioc pid process

/data/data/com.vocjl.scidr/baea/entrance.jar 4250 com.vocjl.scidr
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Reads the content of the SMS messages. 1 TTPs 1 IoCs
collection

SMS Messages
T1636.004

Processes:

com.vocjl.scidr

description ioc process

URI accessed for read content://sms/ com.vocjl.scidr
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.vocjl.scidr

description ioc process

URI accessed for read content://call_log/calls com.vocjl.scidr
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.vocjl.scidr

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vocjl.scidr
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.vocjl.scidr

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vocjl.scidr
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.vocjl.scidr

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.vocjl.scidr
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.vocjl.scidr

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.vocjl.scidr
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.vocjl.scidr

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.vocjl.scidr
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.vocjl.scidr

description ioc process

File opened for read /proc/cpuinfo com.vocjl.scidr

ioc	pid	process
/data/data/com.vocjl.scidr/baea/entrance.jar	4250	com.vocjl.scidr

description	ioc	process
URI accessed for read	content://sms/	com.vocjl.scidr

description	ioc	process
URI accessed for read	content://call_log/calls	com.vocjl.scidr

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vocjl.scidr

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.vocjl.scidr

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.vocjl.scidr

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.vocjl.scidr

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.vocjl.scidr

description	ioc	process
File opened for read	/proc/cpuinfo	com.vocjl.scidr

com.vocjl.scidr
1⤵
- Loads dropped Dex/Jar
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Protected User Data

T1636

Call Log

T1636.002

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vocjl.scidr/baea/entrance.jar

Filesize
24KB

MD5
b2caa219f1e860c72529c23e70cfcebf

SHA1
152acd0db2e4d512f1af3245d3d947792fda5d61

SHA256
e69b04e047fc1f7af35ca98d345f2f2f0dbfcba30202a2ba5f33701a85fb7cfb

SHA512
f8450be46c6468d224aa4033b12218a9c0909beadb260a67504dbf355b03da724651a4cb090605675150af3ea17d4262a225bb8608b853afce597fc84457c879

Download Submit
/data/data/com.vocjl.scidr/baea/entrance.jar

Filesize
54KB

MD5
2e157e958581e41917f1d9320b57f2c3

SHA1
bbf252d686ca2b87487aa467c2e7c8307a5460b5

SHA256
ce0d3728a447e07be66cee1037caebaf19cd6f6359287bc7153baba582a75807

SHA512
f0defdf5434a9ce5e3e7421accc75b31e0d70283f70ddbfa50339e7168d6579bf571a0858e4d15bf4c8427c93cb7395b5be70956e722d00f17b84044d560cf5c

Download Submit
/data/data/com.vocjl.scidr/baea/mapa.jar

Filesize
74KB

MD5
49a8eee038f443e5af33868d0e3210da

SHA1
a2a38a39e5df3c133aed270d66ecc4bae7fec8be

SHA256
c5f4e71669aaaeab2e925e34e3d8625c58aa48974f5cefc219a5856225912c00

SHA512
46999eb3d9e503a3b0c94217000552fce148fc99b698d7f2c758fc346fc87c79a5969744c3213561daa6e0ac343c561e3a295ec57022e25e54763b315f7b511c

Download Submit
/data/data/com.vocjl.scidr/cache/Analysis/avoscloud-analysis

Filesize
412B

MD5
e03ae0ad33aebcf302626d09b11c3fb7

SHA1
afb4d0f430882c7155541b84643c7ac0a4ee736a

SHA256
c59871908d3b86d62442e749674efabb74873a68c57af2047a32e76c70979e04

SHA512
5f8b00f18954b1489b811394566247919025599430e1ca88d00336604ebdb9543a6a1ca39ef70cadce36ece88875806145ca89f52cdb9db21a5a15460b6fe7cc

Download Submit
/data/data/com.vocjl.scidr/cache/CommandCache/740332741111b1b1e0b15197496c6155

Filesize
988B

MD5
e7f00deddf9d3e9efea06764599e8b1a

SHA1
d1942f0283f8ce80d9ee38ef9ec99a0486dc1378

SHA256
c3b0f4a5969e0f9502ac7241b6fe6e708d902f1dd128d98d333e2ced42419314

SHA512
72cfc45eecb8f434077a10df6e79a0b67b4ac6bd565d89dfc6371c67f74bbec47a6858f4c0977270b2cc2d8e600381311e7dbb474012033ad5ccbd6ac3c7d285

Download Submit