cd032577d1bbda5a9fd2c1b9e0a80157a604d2ece8397f5fa3cb3270115109df

General

Target

9e83e890c4b784e03ed5fdce762dd5b1_JaffaCakes118.apk
Size

20.2MB
MD5

9e83e890c4b784e03ed5fdce762dd5b1
SHA1

f8c8995cad9c5aadc74c635667d1963aea371460
SHA256

cd032577d1bbda5a9fd2c1b9e0a80157a604d2ece8397f5fa3cb3270115109df
SHA512

d657e4c5f8136bec6c70e278b792d8d3515c3d710e83527fdc65d206cbfee4b5daf116dc0868730edfe2029f31d9c8e8a87e68b157a4d118e17af1b7db506f6b
SSDEEP

393216:aabd63dLugs30flGcAxM//3PUHqK+JLBQzbiFAIWVRPwq5h908:aabd86gI0tGc4A/cKKbbcwrw+

Score

7^/10

banker collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.aiiread.app

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aiiread.app

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.aiiread.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aiiread.app

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.aiiread.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.aiiread.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.aiiread.app

com.aiiread.app
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4496

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Process Discovery

1

T1424

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

2

T1426

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aiiread.app/shared_prefs_ext/test_app

Filesize
29B

MD5
f54ff0d70a7da0af31f6fa9cc4846aa4

SHA1
a1b4d570f5c5293045a19d0dc8ebd1d6377ab42d

SHA256
35ed93432e0a075666209a20659d7b7dde80528693e9197aade109b54bf687a7

SHA512
0aca9bf20759133ef793331385bba62764aa66b7e9f6583560dd7407462f4e2163dd697898048c97fbc627b478a14ed6a4344f7511b170cf7983507ecbe3e059

Download Submit
/data/user/0/com.aiiread.app/cache/jsb.version

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/user/0/com.aiiread.app/cache/libweexjsb.so

Filesize
6KB

MD5
6501e0bb0f8e73e3355872692c30de14

SHA1
f646d3dc40536c54905f5eb666d6ab36b0c05fa6

SHA256
f32fad72a4162705c43c0e39346a6467cd48430cd805f910c057a390dd4f78f1

SHA512
73c1ab52e1ec09b1d55c02252b222f54277e40267580e16fb19c338098ba43c9b5ce97740718d1ddc045e0d24370d588e8d3bef9b95c4eb47b083e467ba491f8

Download Submit
/data/user/0/com.aiiread.app/files/cnc3ejE6/eje3cnc

Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
84c27250fc3fabb12cc3ea14c00f826d

SHA1
c015eac0161271cffc810c17cef4b5463882844f

SHA256
6e89720d56286e87da733a7c081afc2697b1fb6f83f440805b80d90904bffa4a

SHA512
86455c7997711d5fbcbb4a4722100518399a08f708cf573c15c28ce37b7271fbb9b990a0f0585df9847b4e49da78e6a34e51637079e94a21b94df9f7f4b13a55

Download Submit
/storage/emulated/0/Android/data/com.aiiread.app/apps/__UNI__E991FF8/temp/1732577130201 (deleted)

Filesize
1.1MB

MD5
3de10b75b4fc0b3631db35fab5fccf44

SHA1
1fac1f9fd09533b3c8899cbbaa46f8ebc5766a56

SHA256
6a543021b51ac4e9cabaaa69f61bb1b08c8fd8dab36463e07f832a5b29304378

SHA512
7936bbc8bc52aca181e1e1816f28a4d4e7676054aedf0f3e22475e2aae4bda930cc4d32890b8eff652fb4f7bca9078420fc89b419c544163626733fa87932e1a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads