Analysis

  • max time kernel
    14s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    28-04-2024 00:09

General

  • Target

    03f138980d666f1c8a915978c1432497_JaffaCakes118.apk

  • Size

    455KB

  • MD5

    03f138980d666f1c8a915978c1432497

  • SHA1

    6303b9ea8f7cdab5d99d631aee585e39db0e6661

  • SHA256

    48b2f3b117cad1ba76ee0d8cb04db6418e84c20be1ec3411dc01633c0e360fed

  • SHA512

    b4d86c55fd22d1939d22f2ea15d2b92a372aba600e186be8114997162d8ea0a2de60276ac3c3578bca87e6368d552dd1b6c9e18ada8b05e726034c8cba3ea532

  • SSDEEP

    6144:8KxjvU5o4muUy+NII+d9FxnL9GvWqaMx+/sYCi0qvfH/0bQOg0aU9u27X6kC9Yt2:9Ph6Fu9L8pN/Gg+9u2AKMzN

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Tries to add a device administrator. 2 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.yxhoandw.rtkwext
    1⤵
    • Loads dropped Dex/Jar
    • Tries to add a device administrator.
    PID:4448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    379KB

    MD5

    0cf390161e48fbd7f179aec30d5f458f

    SHA1

    1e3e40a4c903e0261d216b4847565666eb823f85

    SHA256

    e9c140f302cae2ae048bb751cb8b3d624d9b1921e165822bbdc79a3521f270af

    SHA512

    130a74a5ebe02596ec37dc30759fe35b83edcae426b264c11be83ca23e87da47887a29463f648b1c100de3a6794a2959a6d9b83cb2454766e4dc105e65731920

  • /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    906KB

    MD5

    dcffe5ea86d188e5b54b29b5516c3ced

    SHA1

    58ceae1e00da5803f01eb76657e0f6017c65aeb9

    SHA256

    5fcadb0f007273beb6fdbd28668b076441cbf12a4630b6fb4ff7daf0160fcece

    SHA512

    4c8b35386f8ad401db49914b3bf2c12be9d6ccdc31223e736dbceea3b3b01a169f770fa051f15f40e7e8410d1bd936481f42b62ad2ad10541a2e77bdaa54b5eb

  • /data/user/0/com.yxhoandw.rtkwext/databases/a
    Filesize

    24KB

    MD5

    09a1c65be08d5478432c8a2c4c699a06

    SHA1

    19f8db07639eab80eb0b3d757112bd47076bfb96

    SHA256

    e4f66f1058ded1727a16c604ec745de9f81950e9b1d79d937ae3f12be2023b2f

    SHA512

    1703e390f1b373cf02f9ba92cf6e22b7ed4cc4e553e13278e36eb30aae43b28211d1b3c76ae690e8a972dbbf6d7e634c98d8bfc7333258a19950c30d82aec429

  • /data/user/0/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    512B

    MD5

    870743a98f7f052c1d20b89de3671f4c

    SHA1

    68318a83a7b420dc26f6672cf1791516dc950790

    SHA256

    33eaeb4277f769f75d1ff04029582eb243dcd1b4f03502f3c504f96a5e59f31a

    SHA512

    35dd9fd2b4ab283b3d7fbfc6d4103cfc0f5533d5dd0e144b307f687b5ac85d099cacb9248f901f25e4cf73d222ecfeaf9c2df21a2b21989519937289e3f63c21

  • /data/user/0/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    8KB

    MD5

    cb59b3447608676e752b6aab6c69ba95

    SHA1

    9c101e25dda3c3c79a34f78e875dab6d1273fe97

    SHA256

    e630865f09630a0df17086eea516befe6710aa395e11e9c1a387908ce44423c6

    SHA512

    81af79773aa4bd662a7cebb171c305222a38d2f502136cb0a54f6082c77dac5e4018318d2fd2de20ca2ba53655bc9f7c829218d97f57287f89644a5713646e7a

  • /data/user/0/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    8KB

    MD5

    53a230955116ae89a25ff4becbf8527b

    SHA1

    c695a98ded768793dbc347b6b8bf0cae1bab0a93

    SHA256

    5d0157b29c7c907b39522421091e0e80121db43cf3298cd4834bdc3bb7864ba9

    SHA512

    1a9e34e813ff4a6acd6785c5fbac62cdf7e537c41ba9312f4c394cd091eb01ec5808ca2be103b3baf635adbf1e6bd4a15372dd2370eddaa5d85731daee76ad8d

  • /data/user/0/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    0b06c6a1c8ef6fd7a9ed22fd52d4af62

    SHA1

    11376ac020b2ae76dd31103d365d26456604bff9

    SHA256

    aafcb370dd991facbb248a7784a222a5396414534585c7feb3a73b8fca23ed1d

    SHA512

    4dab05496ce72a3ef9e4a21ed9f74102911da36a17816a8f4dad5f61cde812592f6edee44eec61ccb5f733ca0b21ce74590468a99a9ab00b5bec2f0d2ec9fa5b

  • /data/user/0/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    a2545a13e0e02c2a595b93a4ad524f83

    SHA1

    8dfe7cef12f7303d5b5079bb9382bd8c51178fbf

    SHA256

    fd1c0c9c6c887d7a97d6a007077ed29e92f3bfa08bbec02b918bec9c75574cae

    SHA512

    6057f45e90f2969166642e3c9ab09f0b31d0fcef2464ebd0c33a5350d729b499ccf95100b9c1d09dce5bbab4d23ad18a5fc2d3dca484a805d032a927dbb1e63b

  • /data/user/0/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    ab6a873684dde109e93f552bbc4bd536

    SHA1

    3a87ffdc242e0a44cf51df0a2ea93f204fdd532d

    SHA256

    ed3cdf87602f5789cb7e9d4fd382548ca038e62908ae8db8176c444d0e675469

    SHA512

    f403b13cc2ce6d11b4714fcfd5b570cbc85947b0b9a805ce95d1dfb6eb78d25c62d443219329575e4a10d187101de572c4d361bcf65afb3ef20454dcc823bd5c

  • /data/user/0/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    b419a5b416de70fca02ce6a3601760c1

    SHA1

    a71370f5000440ec6c1eee370f67018110d62f10

    SHA256

    e19cfd30d4d4af56b5f0b510a0b75fefe80e11cd2289d1c54893d2435a938f3f

    SHA512

    572069d666867ae72a7dce2e665239047f0c5202c1c98d347cae1a21cd19a940499cc7a034d247f0fb418bfceb6bdcb1e84155c9bf2027092441b253e8c5a745

  • /data/user/0/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    512B

    MD5

    fbef6a8b5af9a7cb09731b9fd7c75f8c

    SHA1

    86d5b20fb5df44af1f95d1e8554af9c383e68403

    SHA256

    faa19949a95ba3f292f9869e60aa5b02fed26377213be0b77109afc05e550081

    SHA512

    594ae059538f170840667f130a94e73dec64494ceb05c90bc7a69c336c8f0f4201f3f6dde20ecd55c526b453514d7186ce340a558677136762426ff6bd038ed9

  • /data/user/0/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    869461ed8d9b912037c3472119d3bfaa

    SHA1

    ce1206532e94a0e602514744148ecddba5fb2937

    SHA256

    7c816551d9d9b09f5ded17a0777c6d739eb20d4ea38d6478d0e3c2d579eca982

    SHA512

    5782316f2b6714178e99619881f5e47e49b52aada3a8922d7f41e5c17a16423003b67926e8b7e6a6da763704675f60b5e91ef32d910ada1b856d1dcc47452174