Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    12-12-2024 09:50

General

  • Target

    e5d247675ac5a1326fead1be2d22cf16_JaffaCakes118.apk

  • Size

    3.0MB

  • MD5

    e5d247675ac5a1326fead1be2d22cf16

  • SHA1

    2c384fdaa45c5496fc649ae227fa7b5e9ae3e363

  • SHA256

    2ba94628cffefb0fc52a5bc61982b5e8dfd2f8afa03bd86030b200ff1c7c1c67

  • SHA512

    70c8a9084ce41b0ee48e95f761ec51b870aae2c93c0a492c20b043e659d410623360ab80aafb0590792fdcc7a5efd1a8920f0ee5bd289e5eb701de5f234d4fba

  • SSDEEP

    49152:ZZ3Fhu5v+oeX7tQ0gYZ1r6svkRQYGdHgMjVwAf6BwGf6fkPiK2pFd4MfXqiDo/Jz:ZTYtAZQ4wR7G5g4VbfOVu9FdhvWmkv

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Hydra family
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.yifjjlyw.mbqtimw
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4249
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yifjjlyw.mbqtimw/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yifjjlyw.mbqtimw/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4277

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yifjjlyw.mbqtimw/code_cache/secondary-dexes/tmp-base.apk.classes8774582081934643242.zip

    Filesize

    378KB

    MD5

    0e030f478a541ec401d1a56529d1d63f

    SHA1

    86e6a81d10e3f71c923c88e18b1376d241e8b69e

    SHA256

    545e0b970d1d73b80e928bbe3dd96b793e7289ac1d182d3c79ab062f54443c9a

    SHA512

    60b9a4159882dd5aa060ec3ac6a663072f1770dcb8555334960cc7e4da39faa68aa94720e46f299202602209401a085fb865b756b9d17dcfe2aaf1e7a37a24dd

  • /data/user/0/com.yifjjlyw.mbqtimw/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    ca464b7b9c757be391d96f538799d390

    SHA1

    74b10e3645ca1c0ea8ab1b8deacac38ad0f9ec6e

    SHA256

    40fbbc8243c0203ed20582e3df70cc642ac68b674a96c149db7119604d08f15a

    SHA512

    7314830a7ecb6c812e0b284c3efc3cd3f565661172549a9ca947e343d9393da6fd67d15c34f543985ed82f9236a27a5d3a2e7a1f79d77590ea751132942ffbc2

  • /data/user/0/com.yifjjlyw.mbqtimw/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    6760c9bc32517de556353c07a9e838ce

    SHA1

    5c45721646cea792bcb13e45300a5eeb31e8c9de

    SHA256

    fc9dbc1817960c0702dba102270ffd3678e2e635c0988985e4045e6731ec5df9

    SHA512

    71c33a5810ce6812154595dc0b394d50fd072afcd1845618d493aacfc983e80290b7050e096d6975a3363cf40ae614d8736049f319c3e0c2b77435b3be3ca5c0