192b40c3d71e04a7698bbe4ef6a274d9cf41de2aceccf2f5ce41ae7404d87b73

Analysis

max time kernel
149s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
26-11-2024 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9edc71364c80c03d102a22dc68072a37_JaffaCakes118.apk
Size

3.4MB
MD5

9edc71364c80c03d102a22dc68072a37
SHA1

6b5f0150e9e9c737a3f6ce94fcdf630a633ab666
SHA256

192b40c3d71e04a7698bbe4ef6a274d9cf41de2aceccf2f5ce41ae7404d87b73
SHA512

df6aafdb6d5074c0983c03eb0f72bfa843bdf058d4c28599f5e07bc42fc61cacd245d4d3a82654146a7a9076ddf8609effb1f0329f6ebf32144ab6e34aaddb0c
SSDEEP

98304:8hWopSUW5PXsk2arQQRCBMwEda0bKI9EC:Z5P8k2arQLBMwEw1oEC

Score

8^/10

banker collection credential_access discovery evasion impact privilege_escalation

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

Processes:

com.monitor.tester15

ioc	Process
/system/app/Superuser.apk	com.monitor.tester15

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.monitor.tester15

ioc	pid	Process
/data/user/0/com.monitor.tester15/app_sl/dex/SLSDK.apk	4516	com.monitor.tester15

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.monitor.tester15

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.monitor.tester15

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.monitor.tester15

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.monitor.tester15

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.monitor.tester15

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.monitor.tester15

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.monitor.tester15

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.monitor.tester15

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.monitor.tester15

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.monitor.tester15

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.monitor.tester15

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.monitor.tester15

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

Processes:

com.monitor.tester15

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.monitor.tester15

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.monitor.tester15

description	ioc	Process
File opened for read	/proc/cpuinfo	com.monitor.tester15

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.monitor.tester15

description	ioc	Process
File opened for read	/proc/meminfo	com.monitor.tester15

com.monitor.tester15
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Checks CPU information
- Checks memory information
PID:4516

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Account Access Removal

T1640

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.monitor.tester15/app_sl/dex/SLSDK.apk

Filesize
551KB

MD5
19df8a31fb37c64cc9c3a7626c1c2a4a

SHA1
caedab35ebb979278623a49121165f2cb1962e49

SHA256
24e625ee70aee9c6c2ee08a0f83ed8f529beaed7ae8d1364f55ee7e3f1bd2137

SHA512
a3214c9d5aa5565410d39571bfe3c66ea0abf551ba66260ab1590110d4de4dd100cadca23260412c54d04c42999913178fd412c5dc24992c960768e20e0e88fa

Download Submit
/data/user/0/com.monitor.tester15/app_sl/dex/SLSDK.apk

Filesize
587KB

MD5
4e92f30bfa63f7885b1c47d3e6c08c80

SHA1
47f7d0d8e225d95fc3b2d63956ab36f5822416f0

SHA256
a6fe70eb21d374eddbb1dae3addc42dbc9d9bb87950e67bb937ae4e912615404

SHA512
c88265ca70980072e92cc612721e189017d59badfff1c09ce61ba9959d74f3b4049ed3562fb111253d5773e1046296f31fa490f12a4bf0cce22e63672a4317fd

Download Submit
/data/user/0/com.monitor.tester15/app_sl/dex/oat/SLSDK.apk.cur.prof

Filesize
838B

MD5
900753949c2eb9558db424a535178805

SHA1
e5ca733a1fe1eed6b3af53373c3d3ff051f84a35

SHA256
a95d3ab8088559d7e0a3ac2feebd68068f9ae5329e5b1cf1df3682581eb3ef0d

SHA512
0ae9f507c454d2cdae52740be030293549240ded3bda66830f31939c28e0c22fe93a36a598b61c6b28ba2fd7ce5a405e96b819ad7bb094207d5c4f1785399cbe

Download Submit
/data/user/0/com.monitor.tester15/files/updevdata.json

Filesize
289B

MD5
680b2737cb5f7f55e0e245a4f430d032

SHA1
46ce7e7b384c7eecf6af8780c2759399862ea92f

SHA256
8a21f740d7050447e4e73aa8d2a82889da1408137161715b518c688dc9e27662

SHA512
1d5996020898f1c26e1577efe7d46289b53fa9c954a73b0243c1442c49aded4d5e7774aba7f445c558a20215dc807705dabc07f411e30568840213350320b390

Download Submit
/data/user/0/com.monitor.tester15/files/upuserdata.json

Filesize
221B

MD5
21a1512876026217b51c27c617eb2e8c

SHA1
03d872bb1ff90ec64b8602ef193577bb6605b246

SHA256
dc8267c1b9e88bbac465f2b9a13acd4d044d1d7b66e1e656b4787cd765fd4b05

SHA512
ee6828a4b5d05266a8c94372dd5434046bee1bd412496911ae82e1f7ed6847f1ff7d030d759122f295a95085437f6ff0a6dbb549d71b01cb1dae70aa7366f38a

Download Submit
/data/user/0/com.monitor.tester15/files/upuserdata.json

Filesize
219B

MD5
7ef02ec3dec16bc5cf205bd02f2dfd12

SHA1
7e829039d5656039b88dd4ce8b1904dca7a95000

SHA256
db5344408b219a63471da5bed27fc51e4c6eebae447bab054a39f5b063dc09d4

SHA512
649948b249af43fa0278f41d88a19e370e38bebf9f1e8915f4feebe5ef31249856afa4a103d88cdc01fa43da3ca3c34c45f93c7b748b7ef69347da27e1e5869d

Download Submit
/storage/emulated/0/data/d.gcx

Filesize
29B

MD5
68eba31471506d02c72f9c85326a95ba

SHA1
8370ca672ab7d4ad0c693f41286d2595fd2541ec

SHA256
136d86e7ac6f30dcfd3b94d5c3f3099c15d936c61007c2d0b976a1f842a50318

SHA512
db96cb313d1f9a09dc739f41c4670114a971e56b6aa6aeebf294f8042fac1ab2bc69bf817a073927818a99db988f6c29df058012ee954b153c9238afa2eb4fc2

Download Submit