144d82104db0a7558613942f43bb36778bc0d3df7d7bb0a28b9fe78f63250ce9

Analysis

max time kernel
133s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30-11-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4f0335e6459a5f0fe7125605f5ce216_JaffaCakes118.apk
Size

1.9MB
MD5

b4f0335e6459a5f0fe7125605f5ce216
SHA1

c4ee74bb341c29fea84e3c10cdac84f07f8ca3e2
SHA256

144d82104db0a7558613942f43bb36778bc0d3df7d7bb0a28b9fe78f63250ce9
SHA512

8475dbc0ee178c46c21087ed57661445b9fc472a151570f94fe138f63f7d2b87a4983ba2c46636e29ba6041d4f730f85847b8d30b24f80e44b9a6743e139714d
SSDEEP

24576:C2u4AEK+CDj3WWBrhpbN0SC1ZE25iWo4BN2Fb/w0YkwFVB94mCcMr2TJ5K1A1IM2:ZyD6yE1Oyo40KlVUmCjeIFxZaU

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.sby.glxcry/files/zt/jMBAXQ.jar	4245	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sby.glxcry/files/zt/jMBAXQ.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sby.glxcry/files/zt/oat/x86/jMBAXQ.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.sby.glxcry/files/zt/jMBAXQ.jar	4188	com.sby.glxcry

com.sby.glxcry
1⤵
- Loads dropped Dex/Jar
PID:4188
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sby.glxcry/files/zt/jMBAXQ.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sby.glxcry/files/zt/oat/x86/jMBAXQ.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sby.glxcry/files/zt/jMBAXQ.jar

Filesize
955KB

MD5
a272fefd22ed1a2f96808e0af27fdee0

SHA1
9f015c7e58f1a06e5a1431958fcc2d003d1b264c

SHA256
69899d180399be870a149bc9b91b394aaa8c6304e443a0ae819c9625e59cfad0

SHA512
279963b7aaadd8b3acaf606bf99f4853b97c7239820bc0ab9e83e634ee2960487834630b08cd949a55dbb883783fad9ce2c2cb4efed09add7b9dfdf46c7b6a6f

Download Submit
/data/user/0/com.sby.glxcry/files/zt/jMBAXQ.jar

Filesize
2.3MB

MD5
3a5b8bd11f46933d55763908ef8a4fda

SHA1
b82be48d0dfc5b93f382c94680cf0603ca628f5a

SHA256
54a4d0dcaee90fe95c168286f8eb71f5953996ec75cd037d7bc38de92456594b

SHA512
483c3588db881dc4a0df017c0ea67ccd9e657b8f2e051a3f2eaebe36bfe22adaa08ee5630832b3ce19e5f134bd8fa1306651f7241efffe748073b739695382cc

Download Submit
/data/user/0/com.sby.glxcry/files/zt/jMBAXQ.jar

Filesize
2.3MB

MD5
df0d6633f657cd37e5cf1d695756bef9

SHA1
e729e14088e21c8311f851e80a3fb7d1ecba6389

SHA256
b6f9852f9acee269be3eb5ea4c55456e71e24f3f709c394cc8383b53aa21ce16

SHA512
7366bb6e5fd8c3c1558e2d63b2e6758d9148a3e5ec4220ca2e26e6d7966de86a62ad872f1ce4947367b2e708297daab2e293afb918674ee34be49277a076edc0

Download Submit