Analysis

  • max time kernel
    30s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20240506-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
  • submitted
    11-05-2024 17:34

General

  • Target

    35c0cfd7b03df2e69c6723dadee76533_JaffaCakes118.apk

  • Size

    475KB

  • MD5

    35c0cfd7b03df2e69c6723dadee76533

  • SHA1

    1a781a7218aa659d8472bb05cdc7cfae39ba2975

  • SHA256

    6850afd3cdbd8caf46dba92f9e3451ef6bb276effe669b603ccd0ffe5b0a0da2

  • SHA512

    bede89c8192003621d2e2b6d3c3eab1dbb16d5eace10393f3620b2439098df1c93d38adf67fe8d0a78aee5a38317338f10d46707160410a7768d63a9890fef6d

  • SSDEEP

    12288:Ib3Eixua+5zD+Z3r2jq8zFPXsBZ1S2QMpsSE0q3N7B9:MEiYKZKW0VcBjxPENl9

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.ozrgqa.kvhght
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:5043

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar
    Filesize

    372KB

    MD5

    6f9dbb861c1b2b1d284b4562376c2813

    SHA1

    114e263aad5fbb0da3e7b59777702b2012637e62

    SHA256

    4ca7c3a729b472f8354850eb2aee5447b51e6d1cac791332f75b6b9861b9c03b

    SHA512

    07fbd739cec5747644894a20923c3d20668e514451ba11fd764d01a2ae937cb1af8fdf329c60d863f284a3f5e0c60d6a3e1a83102c5f0bced06a8bb87eae8a2d

  • /data/data/com.ozrgqa.kvhght/databases/a
    Filesize

    24KB

    MD5

    8e5c58d97a70386139008313eb4ba7b5

    SHA1

    7233908909ef42393c4c5128c70d02d62b0e6186

    SHA256

    aefa4cbdcca9d7dbeadbba17a57f44a93ab159cb1d6ed33b5c86b119dd6d52fa

    SHA512

    84d5481a1ee989c00f6564b0b64e092471439ee026099d715f8b622909a442c3b31c5180d2cc5daaae71fee5dd40c02fee015e892caefb7858f89f20320f002b

  • /data/data/com.ozrgqa.kvhght/databases/a-journal
    Filesize

    512B

    MD5

    fba2263e1b398e36ab9a6abd894ba66a

    SHA1

    45f3762a721a23db70ecf3cf6f0e1f7b9b402d7f

    SHA256

    9cfc480b0cffdb98e96b9db3a920bfb465b3e7adb7fa1b8ca827693df36f957e

    SHA512

    38a829bab6eb831de7668244615738e2b09cae74f758c29b35848f283d96d9d88b924845242b38fb04e2ffc4a098f2555e31a99555369da420d85d390262acfe

  • /data/data/com.ozrgqa.kvhght/databases/a-journal
    Filesize

    8KB

    MD5

    d448643029b4b7b2714fa57cb9bfbfa9

    SHA1

    7f8afbd555fdd49627099deea62f75977dbd9800

    SHA256

    439ef681c5c824c3f0b3d507c884236a01285d1bd61367417a59abce101a1eba

    SHA512

    b5fe598086a89804704b5af9686098cb5375e2cd8fee918b483c4122cb517fe328f844abd6b367fb1fcb57b6846e2ad82f5c2c05aaf6d4e8d42a3e7b8bc6fe57

  • /data/data/com.ozrgqa.kvhght/databases/a-journal
    Filesize

    8KB

    MD5

    46c2e98e27ca7c8564bb6055bf6495b2

    SHA1

    a0c6a0a71dba6fc62c3ec21ffb8fd5d3b74e2000

    SHA256

    b52acf42ff2bd8d07b29a5332c2b519b39063e9e85507bd8d17d45f2e1a999ae

    SHA512

    93b460746150c87fbdf2aadc101570bc736448cab295208d49e11d4c12ad00049709c62f257589716bd5514ac3145138b754fffcd9c810c82862797be94a7679

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    755c51b8af50fdcca095bc9b86e49f40

    SHA1

    3b530d22a7b609b6f5c657c571141be753b56fd6

    SHA256

    ac574de452908ffd0b839fdd6f1efa80a05b24e3e2832c560b5569bc5be76301

    SHA512

    dc12ba6ed5529bdfbe3749061aabddaed529c2d1ede56dd65359c5098472906408eaee350615dfe05e7bb60b4425937e1a32d8b38c70a90f5e774fe4002617cb

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    c2d4e717e8f4e150482cc5ad7583d20a

    SHA1

    35bfd5960de6de7fdbc8f0c3795421b4baa01c6b

    SHA256

    d5d824553c65625ecf3522a98251088381a1805d8edbb80da0193631f98a1b5a

    SHA512

    e28bdad00eec392a890c5cbd23764b55d4c15f095167e3991a8bf424af32b9c5becf995171fffb3a864cf27751bd8a120aa674fb5788bbcdff147b0790884828

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    c1a22983a52b354f59f8da101d6eb262

    SHA1

    eb01fd70f25af9c70eec56e18ee4020cebcb4d4b

    SHA256

    44268dcb1fc9c731f2771273306035423f1fa944145b64ead969659afbc05356

    SHA512

    a1bf695cd80ae804822869fe05ced8373ea381a6d0c35ca8540a573eeba21dc22e3b89803a9484c32a698c7d08e531a67b9f5ae7487460b1f031a14d59e40edd

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    7eff7aa0c59f567a4953896094595fcd

    SHA1

    07c0932190acfac0b14277aef37d1508e133369d

    SHA256

    add8f2a0315e242b571bb4d64d66d3e9420abefdd22c54978dcf0fdadbbcf477

    SHA512

    0d3c892038efa81e56eee2b92b0349c69cf166d097dd2417ac0c3dffc2719688784f085790b8411748e073afc40483389cf25a7eff00884eb1694716be2da73a

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-journal
    Filesize

    512B

    MD5

    21ca64c85f24fc0cd73230d500bfba11

    SHA1

    169c762ed77e8020390e6b90fb251810a2efd8bf

    SHA256

    287b813a175f99a47fa6e983b681a54978fbae169b03f86a026b40f63130e6a9

    SHA512

    eb36850fffa42b96d7daf0b7e28ee1462d3ea8857f12f6a01ec1960efe3a55c481f771285d392f5e9ff15f59b1d8bf4d18a89b96c5ccb231189bca047143d518

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-journal
    Filesize

    8KB

    MD5

    f5ffbdb84ce0554a21a595e26c26299d

    SHA1

    e6850e40e023fcf6d5feba4c0afa61034f455aef

    SHA256

    baf4135cc3fda6c3f8fcc2728d1b0d2ba1219039cb4a26ef9e1f52695f01c530

    SHA512

    3085be4766b0869e73641dc847b5d6644adb295f938968f27ecc88c25bad65a0702f030a0873b014ec6855e4762acb5ba8794c7e72d16ea88a98346b1a5dfae7

  • /data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar
    Filesize

    894KB

    MD5

    18334e3e1d663738b4d0f552fdc61014

    SHA1

    6ad97f3ddcb658a4def3359797167388d4d0c126

    SHA256

    df23c4cf0d10a7e8c5c3d83b20976626fa12288db8e57126171a90221c8f24b2

    SHA512

    3eb785672deff89bf475df68810543d6ad742ed68cbe39845788dc87ccfd06ca83a6dc71c1f315b31ead743e4c8855a07ee8428ccf89b2178f09e0f09e841f27