Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    30-04-2024 23:03

General

  • Target

    0a9c2b27370ca332513f9630a1a5847a_JaffaCakes118.apk

  • Size

    463KB

  • MD5

    0a9c2b27370ca332513f9630a1a5847a

  • SHA1

    9a034bbe00b7a7e57c3ad719f3a539f8cee20dfe

  • SHA256

    4a7e8cf62827d7212eb5dca53de54680e93a5e8394e5ae6c3f33a502d90f9c6a

  • SHA512

    caaaac81dd0de48116a9900a2832b1b98178ac5aad17ceea717772c18304b9265ded69a4d481369121412ac14d1a4ad3905f87a7f6038d3f4d635f5420b3db87

  • SSDEEP

    12288:hWSnB65djQU5AO51rF4kOJyqkTNNIt4eFUm3RVns:9BOQN0rF4TyqqvaHUmBJs

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.googleplay.service.provider.v5617
    1⤵
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5026

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.googleplay.service.provider.v5617/databases/bdownloaders.db
    Filesize

    16KB

    MD5

    3e7444d23ad67cadc0bfaa54c29e2d74

    SHA1

    33abfa6698ec9428e74b2a2d0da68b4d2a7e8bb0

    SHA256

    feca3300496070211ad435b6896204cc93cc223102117ae2bbc08ad4a5bf6436

    SHA512

    1a5c64cc392a7873bc0c6b2e28277201a384606095c2df5d72d3ce7a82071fbaa30283b332caee48f8796efd51209600b0cd13f7af7e3ab6fa199ae710d399d2

  • /data/data/com.googleplay.service.provider.v5617/databases/bdownloaders.db-journal
    Filesize

    512B

    MD5

    1f0253d9388f81495c0e127d4f26f667

    SHA1

    69692ca053d4c28cf4cd6913507f6577f2b8e5b2

    SHA256

    e7164f08bf2bcda06dc1c12630e1e885269204caef0d6a8127839d25eea7569c

    SHA512

    9785998a966e09328fbe3d0b1a3379833c20eb28d22cea8ef7fbd15516794b75e4af32039120b19a5e174547fe5b251fb6dd7618d2a022f74e4d973677e1119f

  • /data/data/com.googleplay.service.provider.v5617/databases/bdownloaders.db-journal
    Filesize

    8KB

    MD5

    19883bb5b699633403915eacda9da7fc

    SHA1

    7509b6fc6e42f157cce0e7515ad27165cac85c33

    SHA256

    dd5333ce5b809c3fe3eab7eae4f97ec76bb0d3a8695da822ca12eeccd17366c4

    SHA512

    d421104739cd8283a1207c7494934066a2c265b27ae5e07ce87185e93501929263921683086ff08618b89445a6b9e78fbbfc92c39751a51fe076f9591a56e55b

  • /data/data/com.googleplay.service.provider.v5617/databases/bdownloaders.db-journal
    Filesize

    8KB

    MD5

    c9f9768cd0ed06cb25919cc8083c257c

    SHA1

    31ed0c0252f2d51bb48fb1eff47c3e1ec50c2dc5

    SHA256

    3a8a71c716169201376cb1179e3f788bcb59c29ec12848437790f80400994455

    SHA512

    812bf6f96b121a8d1014da5f8eb94f55fedcd3905c8c5a5e4968c57302c813532c7cea842972f2b0c8d76a3b04be76c54b043bcbceb287a5c6391a9f5b57c5c0

  • /data/data/com.googleplay.service.provider.v5617/databases/bugly_db_
    Filesize

    32KB

    MD5

    71f4a99e280e2b9aebf3e9399f62069d

    SHA1

    aedc43d37337752ec7af5de75a6a8d22b7830958

    SHA256

    8e69a9dd8baef20dd8c0a80df2949c2878abff969ae02c6965cfd9a148f66758

    SHA512

    2dcd8d7d2505cfc2d882062f703f482caf9c52980eb145f05fb1a815a168aa25382c9dbe8c2ed7b451588d75e21e95bc3840803a0a57d3eccd8face38ecca488

  • /data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    64bc915423d0197f82ae70b506a0f00b

    SHA1

    5c56a9310aa21cb2cc5082fff97d6a1b6ff27b33

    SHA256

    ed85b8cec43333057713b586c18de53373daeba90232a8b96592187c88c20c92

    SHA512

    644a39ffb5ca5a549e2f5adc22816d7065347aec506673aaa089febca10c1ca2e7cffc8530f17b18eb0f73eccf9477836eafcdb386fea9b1b0abcfd63010691f

  • /data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    03c064a91244be2f30590ad65070a51a

    SHA1

    040c3de8bc74011a12eea96b8987e44d003479af

    SHA256

    fb702628cb1fe8439a3e8ba208a9c9aa5b5540ffa33c9b2af74dcb14899f8409

    SHA512

    9ee08efc3742e39375cf65286b0b7fe1d58c8f88c97c5d1d7e0266e6d62778116a7129044ba5fa68abc68a068da6eb6cca5dabf7418e3996e99649f3973aed79

  • /data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    e3c08663d4b53c012e16bf5389253fe7

    SHA1

    134e0edd038fb7b1ac97dc6e2f023fc2e5b1c920

    SHA256

    509f7692cde9d1ef25b2e5212f10203455e533a78ac28a9cb462ab6c379e2da6

    SHA512

    7cfc97b39254a6934f98b829a338c91e6c452e76c9c2b657d3f8b6d3eb3cb6f603f2c92d5aa78256057f8db19560facf42bcc80bab07f9a9d000454101913817

  • /data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    7ae770e3961c16728fd4c3cf0d377a9c

    SHA1

    cce84b15cfc0f2a3128326c645ab79ab58e2371d

    SHA256

    b9f7cdc0ebbf88d4741e134b8296151da9a16d83ab659f1fc6f0b4d465fb0da1

    SHA512

    7fba77b7655e3ff9d1f3ef65126327c9ce22bb01928790a9669cef7e5f990167daf2634b5ed8d5e469b0c63e90f9db62e9a30e87c37473d112ab5c8beec99a61

  • /data/data/com.googleplay.service.provider.v5617/files/100/1001/10011.data
    Filesize

    86KB

    MD5

    5d271452f9ff2bc45c9ac44af38288fb

    SHA1

    41c53f59cb54f6f4c0dc7ef2795445c26c927e62

    SHA256

    dc387923937652e43657287d58e9ffe5af00ba6e180d51e9de4ecc88088e2737

    SHA512

    09e86673ae1da7fd9690b54cfb0827bad88f4baa57d81bbea320ff42e471ecef707e81510a5a7117ebe53c3b4849f1c129a39b8e3f07a948509934313b3ba020

  • /data/data/com.googleplay.service.provider.v5617/files/200/1001/110011.data
    Filesize

    183KB

    MD5

    82fda9202d4d4f8ba6ce9d9b0fb1f480

    SHA1

    3e82fcf3407e58c5af4c4ca5a3ba8e2b1d54d410

    SHA256

    84632e252fea8efd281c1c36c465081f65e9dd5c2b81cabbf66e9a4aa0c2b20c

    SHA512

    b58ad0cb08487eff87edc2020ee377fab44c738360a36a370127244218b34330197e3983cae17895d6d2d6fcabf6b063f90471cde9fd8bd02904e3feb1290279

  • /data/data/com.googleplay.service.provider.v5617/files/native_service
    Filesize

    13KB

    MD5

    03558622c30d827bb46680bd559e6c9a

    SHA1

    4a17de061b4235e9c17ecd75296a501373957d04

    SHA256

    472abf6c6e704203b79189945e922d24f393a387f5809d151aeef91c90585345

    SHA512

    b2a238ddc0806254f2a4aab0485006e7d623e22a54e8ca9e7f2bb7036b14b9b4d99b119fba812b9545f10a1047bae87379bab8ffd3aa6eed970ea0f018e8d632

  • /data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230411909.apk
    Filesize

    186KB

    MD5

    2f79b55c3cdbc5339793d9699bd910ee

    SHA1

    f587b0b624c1b4f35c837293b1c42d6f30264f1b

    SHA256

    1b6f1d63fb7973958ee65de2b8d03d7ef475db5a5bcc1eb92ae9dba740e09904

    SHA512

    f81356f61f690ff059251f079a124737731c6812892b3d14179a0476557660379a33715d014e8324a8a210db919590ffebb21b48fc32a38ff3f84adb6c9c62c0

  • /data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404438.apk
    Filesize

    374KB

    MD5

    2bf5d41f909ae3c95ff91ebc16f5b07d

    SHA1

    a909d8572c64dc4cb25be92b619098ad364032a3

    SHA256

    8cbe5d5e95c878c67f445f950c5f7270e6fd81a8b930c05803ea11e38a2e86f9

    SHA512

    29a3abda3d4b242f80d9881efa7f8a6993a8e5e527633b1c007aac18fc1d866295a13812e27321a81905ae1744b0feed1f8a77b07f5704f8b456ecd69c98e31a