Overview

overview

8

Static

static

6

9edc71364c...18.apk

android-9-x86

8

9edc71364c...18.apk

android-10-x64

8

9edc71364c...18.apk

android-11-x64

8

SLSDK.apk

android-9-x86

1

SLSDK.apk

android-10-x64

1

SLSDK.apk

android-11-x64

1

Analysis

  • max time kernel
    116s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    26-11-2024 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9edc71364c80c03d102a22dc68072a37_JaffaCakes118.apk

  • Size

    3.4MB

  • MD5

    9edc71364c80c03d102a22dc68072a37

  • SHA1

    6b5f0150e9e9c737a3f6ce94fcdf630a633ab666

  • SHA256

    192b40c3d71e04a7698bbe4ef6a274d9cf41de2aceccf2f5ce41ae7404d87b73

  • SHA512

    df6aafdb6d5074c0983c03eb0f72bfa843bdf058d4c28599f5e07bc42fc61cacd245d4d3a82654146a7a9076ddf8609effb1f0329f6ebf32144ab6e34aaddb0c

  • SSDEEP

    98304:8hWopSUW5PXsk2arQQRCBMwEda0bKI9EC:Z5P8k2arQLBMwEw1oEC

Score
8/10
bankercollectioncredential_accessdiscoveryevasionimpactpersistenceprivilege_escalation

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs
  • Tries to add a device administrator. 2 TTPs 1 IoCs
    privilege_escalationimpact
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.monitor.tester15
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests enabling of the accessibility settings.
    • Tries to add a device administrator.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4256
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.monitor.tester15/app_sl/dex/SLSDK.apk --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.monitor.tester15/app_sl/dex/oat/x86/SLSDK.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4284

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Input Injection

1
T1516

Virtualization/Sandbox Evasion

3
T1633

System Checks

3
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

3
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.monitor.tester15/app_sl/dex/SLSDK.apk
    Filesize

    551KB

    MD5

    19df8a31fb37c64cc9c3a7626c1c2a4a

    SHA1

    caedab35ebb979278623a49121165f2cb1962e49

    SHA256

    24e625ee70aee9c6c2ee08a0f83ed8f529beaed7ae8d1364f55ee7e3f1bd2137

    SHA512

    a3214c9d5aa5565410d39571bfe3c66ea0abf551ba66260ab1590110d4de4dd100cadca23260412c54d04c42999913178fd412c5dc24992c960768e20e0e88fa

    Download Submit

  • /data/data/com.monitor.tester15/app_sl/dex/oat/SLSDK.apk.cur.prof
    Filesize

    902B

    MD5

    c3813557b38ece1b7d50c2bc41a60c8b

    SHA1

    b3fb92a38353130196ba392c1e69f2943a2eae60

    SHA256

    259dabdedfb35c1aa32eebf444438eb990a4e5b6a486982812c17a4226d959a1

    SHA512

    54df1b3ae021ece71aab9a2bb5618d06d84f6e9a180f08fdc1c881df689c23a1a7b1542d2d3c30df5f198cbec7eaa1d2f929e59e3f84681faf18ddf60bca462a

    Download Submit

  • /data/data/com.monitor.tester15/files/updevdata.json
    Filesize

    328B

    MD5

    9ca511b14eb2342ca245e8a65d156b69

    SHA1

    86177c02d39bbadc2c4b74624478dc7e4c995ddc

    SHA256

    51070fa1a7136e191aba023cd6abacf579c47f0f2433693f830efedb2b547353

    SHA512

    51ff95c27cb89655086334803ed2107453f9b314a814a11996f4af84c92e8bf131e04e51b5d91cae0eccc096ce8feb753c7acf84a1ee1cf1aefe842ba428f02b

    Download Submit

  • /data/data/com.monitor.tester15/files/upuserdata.json
    Filesize

    221B

    MD5

    00331136ab5321e176c68e5fd5835ac4

    SHA1

    cd3d19a9ea797cfadc6fefc37aaa782a12cd070a

    SHA256

    2995088268bd7321af8b9dc70a008800e270aec1b4fec0772179644829275af9

    SHA512

    66d82cd8ee3c8d491c0f12f56a05fa2d3c5a79571d5b8f7f8840d6f6f0a0a70ceb6a4ab3454d0861779441211d565b67046952749e3c476d8abd1c0db215a943

    Download Submit

  • /data/data/com.monitor.tester15/files/upuserdata.json
    Filesize

    219B

    MD5

    d536e7a30a83d62afacf528b4672b3e0

    SHA1

    815a0ff6f75cc923f45e1eddd8ec2a9cdf28e1e9

    SHA256

    9296ec39527fbd4ab534bfb57743365c8b8b9e44f36f8261b91320d69e400668

    SHA512

    fb23fdbeafcf83f8ee00d12dfd111d101ff702d4ddb8b71e74018e91e96b765482d1205299efd8813998f1e2869d2d3703fa2330292cdc750257752bc2c865cf

    Download Submit

  • /data/user/0/com.monitor.tester15/app_sl/dex/SLSDK.apk
    Filesize

    587KB

    MD5

    c28ed93429f91238a8e0625212074157

    SHA1

    2c9c936d7a6a0decce464c9915e15d5b39ce8ca4

    SHA256

    ef78a6b8a5822c3c44610ec2bcf444db48d3be13679f8b9b1e75a2342b52d48f

    SHA512

    874fb284f7c7c4a764961cb759375245c496b9ec0c0e5fc1f712299f4da25e3ac0a159e4b73f49f06b590cade36bbf72347c250411db8a15ebc16575585b391c

    Download Submit

  • /data/user/0/com.monitor.tester15/app_sl/dex/SLSDK.apk
    Filesize

    587KB

    MD5

    4e92f30bfa63f7885b1c47d3e6c08c80

    SHA1

    47f7d0d8e225d95fc3b2d63956ab36f5822416f0

    SHA256

    a6fe70eb21d374eddbb1dae3addc42dbc9d9bb87950e67bb937ae4e912615404

    SHA512

    c88265ca70980072e92cc612721e189017d59badfff1c09ce61ba9959d74f3b4049ed3562fb111253d5773e1046296f31fa490f12a4bf0cce22e63672a4317fd

    Download Submit

  • /storage/emulated/0/data/d.gcx
    Filesize

    29B

    MD5

    68eba31471506d02c72f9c85326a95ba

    SHA1

    8370ca672ab7d4ad0c693f41286d2595fd2541ec

    SHA256

    136d86e7ac6f30dcfd3b94d5c3f3099c15d936c61007c2d0b976a1f842a50318

    SHA512

    db96cb313d1f9a09dc739f41c4670114a971e56b6aa6aeebf294f8042fac1ab2bc69bf817a073927818a99db988f6c29df058012ee954b153c9238afa2eb4fc2

    Download Submit