Analysis

  • max time kernel
    49s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    28-04-2024 00:09

General

  • Target

    03f138980d666f1c8a915978c1432497_JaffaCakes118.apk

  • Size

    455KB

  • MD5

    03f138980d666f1c8a915978c1432497

  • SHA1

    6303b9ea8f7cdab5d99d631aee585e39db0e6661

  • SHA256

    48b2f3b117cad1ba76ee0d8cb04db6418e84c20be1ec3411dc01633c0e360fed

  • SHA512

    b4d86c55fd22d1939d22f2ea15d2b92a372aba600e186be8114997162d8ea0a2de60276ac3c3578bca87e6368d552dd1b6c9e18ada8b05e726034c8cba3ea532

  • SSDEEP

    6144:8KxjvU5o4muUy+NII+d9FxnL9GvWqaMx+/sYCi0qvfH/0bQOg0aU9u27X6kC9Yt2:9Ph6Fu9L8pN/Gg+9u2AKMzN

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.yxhoandw.rtkwext
    1⤵
    • Loads dropped Dex/Jar
    PID:5052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    379KB

    MD5

    0cf390161e48fbd7f179aec30d5f458f

    SHA1

    1e3e40a4c903e0261d216b4847565666eb823f85

    SHA256

    e9c140f302cae2ae048bb751cb8b3d624d9b1921e165822bbdc79a3521f270af

    SHA512

    130a74a5ebe02596ec37dc30759fe35b83edcae426b264c11be83ca23e87da47887a29463f648b1c100de3a6794a2959a6d9b83cb2454766e4dc105e65731920

  • /data/data/com.yxhoandw.rtkwext/databases/a
    Filesize

    24KB

    MD5

    c69ef7005c3f91851e4e6fbc49e01083

    SHA1

    ad90dfc9ee0a554d6698dcd1d5c057c2f585effe

    SHA256

    fcb8a9d175b007f341481140c4a4ca394656864a3938d8c0e15ccf18888aa776

    SHA512

    7bf02687ffec137b03b6f646c0db6f9ad5feff73ec5fccfb903a37e0e59c3b9cd1211d8038506fc1abdef6e65eccd1ce6634d3d699f2d0fc636b31648a17716a

  • /data/data/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    512B

    MD5

    31efac112111d48a9a506b0f8f13ca9b

    SHA1

    3216d0d34e3911b8313a798747df31ce1392f0dc

    SHA256

    21a81970e19a213e06dbdd17bfef43788a443499f8c32b6ac9e5d13820e25880

    SHA512

    98c429d5c3c5f98f8ef69f547920e8d0e2457da671995a1077b4a7a3d94e01fe88852be0d82cb3c754725db290932db45651b9949fec76884f9cb74f9a2a278a

  • /data/data/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    8KB

    MD5

    8da10d432a195cd6698804c0a9f7eaf8

    SHA1

    879de96aa4663757ae2d11f917e027d9667cc789

    SHA256

    50184f4cd98ae63ad96900c7a1d04fe2db79a51452e6f2fc0cfa75fca6bbee66

    SHA512

    7958cc5534aa86d7ce1a5b6811a665f6334f7391d0efff42710c82e89bd02e2156d4447e568c547e7f5852b9edbc0eb810ca9815b6787b80be6a2fe220419291

  • /data/data/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    8KB

    MD5

    9f0f89cc2fd7fa26ef6b33cb91c82789

    SHA1

    6ad81e06c83743efe3c9101e43403cc61d87954c

    SHA256

    39188b838e9f40cd2127af3dab30f39a71ce36ad642fe8c929807d2441f8b40e

    SHA512

    e7ce567027d3ee32fc6aeec7cdfe89ba923dc3ab66b4e59c322b72ea2a80db2e636d5c6bb3506750d719d8367c6fccc37a93a7ad86c8eec9e42e98b4b572f32c

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    962c28f4e4a49663c855a87e3727ddb6

    SHA1

    5a37949182c0ea257b9cccaca24ab8e68f2b0a1e

    SHA256

    7b461271783c4be3d911038e385dc51d273c2dfdc05639cce6ca54ea6fbfa7d1

    SHA512

    a7afa17d83542aab0ed1cab09bc459009109cf5fb882850a953878f3b1b07ce91e23f8513004a9b4f437ac6170363680acd68c0fe53501902f81feccb5cb1043

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    005079797833d415d2da822fdfc21442

    SHA1

    77d4200b43708a55501adfee8cb484e53955883e

    SHA256

    a71094954fcd138cba05c219221c6f18cfeb41dc91254fca2d34c49b2a5e4961

    SHA512

    bd6e3fad579cac1fe719fc40b2730b145cd12143d4c672150adb6030c9c355f487c6bf0c4c5f661077a3d7b91a52a6fb54e675777466e63f71ca50e8a9424dd7

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    e5a3061e0888b403d843bfe19a120bd6

    SHA1

    68071aefc26b646029588c8e034da4cfa42f4197

    SHA256

    f81cee5c06d73afd8a4f305940f975256ea0d88570005216f91c9beaec874296

    SHA512

    acd82a97c6565d3ef44a265ef48237348d00320dc4037b1d01faea50a61ffb500931b76fd930a6a5db92fdafbfa12f740a459fbdaab1db85d8e2b8b6500c6268

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    856660a9e6d276a816f3d94816a025e9

    SHA1

    90fd022b7afc3aed7663909765fd3a257615325f

    SHA256

    c2e2d3cac43817815c26c6f4dbb933802012d72d3163c6d20749b854db304108

    SHA512

    c75d8cce634c3d03778bec6029c7145e67f59af0762093d2ef900862cd43fcd266c5414e201c2891ed515c9bd6b66541e3182be2220e90a7f3fb7eb2c113d2f9

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    512B

    MD5

    a0008714b2cd75eedaf1a83fcc9c7284

    SHA1

    2bebb3d28f23d85f71f769e1deeafc6ae652b8ee

    SHA256

    6858d59fc9f0f69927226c9806e0bdd5da3f3db85b694523f34fdf2eb6220fc5

    SHA512

    b9872d59400b8745732003cc9acf5b8e55dce65dd6ed677c7ac0e577b22009974f79f565109d55dda42a47a5f61b0cb82358f72ace1deabb35a9d236137665ab

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    42539983e0bfdf802f59f9896f414248

    SHA1

    e28166095ba8357a39d702cd373efda7b9cd5ccf

    SHA256

    2cbc9c375119d4d476efca5141c18b1286103429da06586576b5094549b231ec

    SHA512

    6a4ecc1d852d4eac19a838ca0dac08da7e3f58a1a07f99e1854a20aaf3c5fd3b858b20f969d8230b1894f92a228fb7af05d3dabe00cc1a01fe668a96ffa23b2f

  • /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    906KB

    MD5

    dcffe5ea86d188e5b54b29b5516c3ced

    SHA1

    58ceae1e00da5803f01eb76657e0f6017c65aeb9

    SHA256

    5fcadb0f007273beb6fdbd28668b076441cbf12a4630b6fb4ff7daf0160fcece

    SHA512

    4c8b35386f8ad401db49914b3bf2c12be9d6ccdc31223e736dbceea3b3b01a169f770fa051f15f40e7e8410d1bd936481f42b62ad2ad10541a2e77bdaa54b5eb