2264017b8c56ee52211adf85fbe2cc533bf3d332cf735748b7a3b810ec095271

Analysis

max time kernel
7s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15/05/2024, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

487c3dc55744268d10041bb39c3c0541_JaffaCakes118.apk
Size

6.4MB
MD5

487c3dc55744268d10041bb39c3c0541
SHA1

24e2d31a8920a7666192bcec44a958485f0ab413
SHA256

2264017b8c56ee52211adf85fbe2cc533bf3d332cf735748b7a3b810ec095271
SHA512

53cdacd8c2fa3b1e8f332bc1128883b1953fa1a47c3554b21bb7811084c1f8950b7d026d6344f80635b30a75cb70a2a82c0f5643bf438d10714500b7f2b2d26a
SSDEEP

196608:iOSOvxO7YONznc2o/R2te47OPoH0JMEpN2bdjucfkw:i0O7Yinc2oJCniBMEP2bdjucfR

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.ques.countdedele
/system/xbin/su	com.ques.countdedele

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ques.countdedele

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ques.countdedele

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ques.countdedele

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ques.countdedele

com.ques.countdedele
1⤵
- Checks if the Android device is rooted.
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ques.countdedele/databases/00792395803e2fe5cf6128cc2e906167

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ques.countdedele/databases/00792395803e2fe5cf6128cc2e906167-journal

Filesize
512B

MD5
2a0ea53332895dd67d8453666e0037af

SHA1
ed91adeb5cd6e58927c615f48b04450a17bc7009

SHA256
faf9534ee3f04de9ddc5ecac0ffc3d9ed38364c27e5c0e709b4ef13b15a5fa66

SHA512
82555b688df52b8b9798d390aa1fed2b69c7e7bc665bc8248ee4ea93fda3d976f471dafe7cb3160d6394e71bea7cc3020a8fa9e00d7e9c8b774c59c71e109d20

Download Submit
/data/data/com.ques.countdedele/databases/00792395803e2fe5cf6128cc2e906167-wal

Filesize
32KB

MD5
74c8518d7023d449d84d981c9081e1ad

SHA1
f593c7b236cd28d16cab805a76c1b3a7c8149015

SHA256
eb52e271a217c8853f9a220778602bb9e5d6fb592a31c04fef14909bd8ae718a

SHA512
6f0ccfd4a2c65fa7d636fbd83d81f52ba37ff92b60960ece1f7fe7ead3ca3bdb3be2267994449cc66643a2323a34896bab94005f2687ac040a024a2f45fe0c85

Download Submit
/data/data/com.ques.countdedele/databases/09e9c43f3e285d9f85f5b14327c71b65

Filesize
24KB

MD5
6c217ed0bac8d2f91b30b79d439f229a

SHA1
9ba63c2aff1bb2c70250a9dec1f4893d2ecf827d

SHA256
344d6a8d8632f380bc914af9dc9f0296429a0e9fc273e68e57870032bded5720

SHA512
fa9386f1a267171f8c80095633baa7aaad145986608f9bdf15c6708b2b50ed19359f98f9b9ff395ad26e361a85cc9e26495b23ccbc1befcdb03aacaf167d58f6

Download Submit
/data/data/com.ques.countdedele/databases/09e9c43f3e285d9f85f5b14327c71b65-journal

Filesize
512B

MD5
278064a06c3b31ff1afa03bf0fa70b3e

SHA1
770c779f5da6046f8dd26c1f26d02c398d39da30

SHA256
617d0961837a5123f7e3526d99c926fe8bbddf7761556f563078d810d0954a7c

SHA512
ec9c9a41edb31afd655ee2e5c5d0b1e4a2e9b3ea1804ffc31f30e003023725cf3d8d4ba349f5382e936b2c6ed70bb2091f3e83f58ab846841154170609a20b14

Download Submit
/data/data/com.ques.countdedele/databases/09e9c43f3e285d9f85f5b14327c71b65-wal

Filesize
36KB

MD5
5719972756cb4c3d742bc6537eb775ab

SHA1
43424591c99836a9614a39fe289d826c55b5fd7c

SHA256
33b3ec4cf6156e02d8e372ea2b5d60a8e7936bfc876dc9933d750e8f54975d4b

SHA512
30e3df80d5ea0471bb0e51d2b83a1699b29ea4ddb327898765a0649e0881b7161fff8b20133698afd1f17b14d2167d2b90e827402aced90ab3a0a9691c9684ab

Download Submit
/data/data/com.ques.countdedele/databases/P15pKIjsm64m

Filesize
24KB

MD5
032abd6bc70ad7c9484f10a7daf57bc7

SHA1
12e3c03375192814883d5fd1671e2b0c64b0ae43

SHA256
9cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976

SHA512
aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f

Download Submit
/data/data/com.ques.countdedele/databases/P15pKIjsm64m-journal

Filesize
512B

MD5
8dea71355e7615659c79c08b1e00d9f1

SHA1
2c7ee77555380825eda5fe0f75771a62ce2f1360

SHA256
bb2eb5e16de2e872736f62e69743eb9e54d4dc08b30b879625142f9f4e3bfc6f

SHA512
c4a20a12c4dc034ebaf7f42fd9b9a3f90cd5c3b73a36389c975fd6d31554c0f63b53c93cba42e23000167572f23c9b66f0a6262c5a054126288bf699bab45001

Download Submit
/data/data/com.ques.countdedele/databases/P15pKIjsm64m-wal

Filesize
36KB

MD5
b2a9366632d44c91459e84b579dedea2

SHA1
90f0624fd9fe904e60381766e0f577c861e17394

SHA256
ac4065993f7a7d6aa76a0bc4697a891af5692d8e06db947cd4b5ad6121178509

SHA512
0d9597efd6f594ee308973a8c990d532c2a079c1ad393a5a64acbd525a886aa37203fa2b4c73533e51f32497e7429fcf9b71a40e33e763e3471ed03242be3fbf

Download Submit
/data/data/com.ques.countdedele/databases/T1oX0rhhuXWt

Filesize
24KB

MD5
59413190ea19211285b5c0fed44c19c8

SHA1
ee67b7590047c3c17309f6e6eed48556aabe4c92

SHA256
3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d

SHA512
6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e

Download Submit
/data/data/com.ques.countdedele/databases/T1oX0rhhuXWt-journal

Filesize
512B

MD5
6f729edc77b394c4bac92a39576b1b8c

SHA1
ff7984e1b77cb87db50f174824d6a9d88936637f

SHA256
e32ae5dd224b5caea69e6076761bdd203f723b3c9f08f3b78a759f1ed25ee166

SHA512
9f51236c1ad827fad55370ed2e797d0dac6d6577be10bd50df5c32b4c00393805f5aabc8c82d9521efaf4f76d0fba0ce21534924e870b19204d437cf01de3350

Download Submit
/data/data/com.ques.countdedele/databases/T1oX0rhhuXWt-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ques.countdedele/databases/T1oX0rhhuXWt-wal

Filesize
36KB

MD5
dd945e33733ac71963f562d8bdaa23fd

SHA1
ff6615e7f6b7dce4f94e67b8d123af598223c3a1

SHA256
2bb6905a96c7a2541e981916f1c3e848bd4156c777b4477153da91102a7fe445

SHA512
42a26417b7211bb9e9823a38b5b7d4d059ec366fa34e01449b1060c91a0b38b439c01fe87133907ab63b4990c9f73848e635a64ca5cec99030f05bbe615558a7

Download Submit
/data/data/com.ques.countdedele/databases/XKwVoK0huy3R-journal

Filesize
512B

MD5
18dc2626c112bfd111b259a56c64b8ee

SHA1
3c93b2695e38e4e000e7943ad16f1988707720f6

SHA256
1aedab81787892098840c7dbbb017478ecb5c178fd51beed23dd4947c31ccb70

SHA512
88c2e60993655ac00f9ed0423aa49b4cbc48e67a79442cc0a7aedcdf0e335198dc83c71bb75e49aaed16678fd386e5236e13a3c0590a5f4327b3162619b4b0a0

Download Submit
/data/data/com.ques.countdedele/databases/XKwVoK0huy3R-wal

Filesize
36KB

MD5
ae85d29c3aeeffcd50f256fe2467c9fe

SHA1
a9d6e472b3250845d04a41b070a97ad26556e344

SHA256
33f40d1a40b115ede9ebc6cf50648e563c2828e2d6b34ca38ab2cadb26fec728

SHA512
6efed93e259f78f4ded14a23590e8b71240599d0449e5bd8d747d9495615ae130bad8ed398d6cdaf825b98e16a349425fa0f0e668910d7d7f9aeabaec5ed659d

Download Submit
/data/data/com.ques.countdedele/databases/de3b446f26444a8e6d6c1ba99c27bdaa

Filesize
20KB

MD5
b1c1eea2cb20040b9fbf7770f9167780

SHA1
78b67070ae1f91e43005bf56f878d3570d190891

SHA256
a23810b4bd43fab48ff0e03f71a73462ad04b8ca7779ed8a5601cde528c13cff

SHA512
f31f9356c69147f140e41412e386f0457932848342e36c80f232ac1653bd8ceeb3b8bec132c25ceff4cdab73ad5c9449060699fe93b55ad43f254de4563ba98f

Download Submit
/data/data/com.ques.countdedele/databases/de3b446f26444a8e6d6c1ba99c27bdaa-journal

Filesize
512B

MD5
ab1c331ce05f63b930dc46225823c69d

SHA1
89b98a6b0dd13443e9b1d453474cd4c8ee779536

SHA256
c171dea485fe9add99fd6e8b13b9517f750216ab51a50aea3e3a2407b5fdca90

SHA512
e99fa234616e0229472c798d7e4fc9575c41ef401593cb382d95a0bebe10d6af0176685ed4ef96d89dfeff9f3be50a27ea889189210740a381b0a1e6781df96c

Download Submit
/data/data/com.ques.countdedele/databases/de3b446f26444a8e6d6c1ba99c27bdaa-wal

Filesize
32KB

MD5
abe7c93b63861ba2781c1b776d1758c2

SHA1
229fe29fbd8ff01a8ea91f5981dfdf81042b74ea

SHA256
07fe9fa1c3ffec13617c09e30388bd13de438294ca2604ef34bde5aadd56bc60

SHA512
b75cdd18b54cf3c4cad6e976eeb2f3154e39194ceef6ebcfe5e67b1209284e17729ab1306260bb9c8317b35eef6aec80ed6ff028dd7d0f928772e5f4fa33a20b

Download Submit
/data/data/com.ques.countdedele/databases/jqIqJYOT3JpT

Filesize
24KB

MD5
9c37108c041a67252d4fb5059436eb9f

SHA1
f65bdd652f9b2a098993d2aca0be2578e8eed20a

SHA256
f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55

SHA512
d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548

Download Submit
/data/data/com.ques.countdedele/databases/jqIqJYOT3JpT

Filesize
24KB

MD5
da661adc13009ca3405088bb42417195

SHA1
be52f5654fc83b8194ac02cd64e976feaf45ba50

SHA256
eafe88c2dbbe9e1246a68931f729b785c078f9f7f0a42da6bb492fbb9a6a882b

SHA512
dc384b386e39f1fc805c10fe936a054122def3c19e5dca9ad10811f240f0029b3cae7a407a9232dacb14eabcda11df7fc8d1a708a6afc264ae58c444e4901848

Download Submit
/data/data/com.ques.countdedele/databases/jqIqJYOT3JpT-journal

Filesize
512B

MD5
c5858a79e0a7c95acc9a3d7751bae808

SHA1
a10bde183d833b679fc8ce9e4ad6d2fcc69bc627

SHA256
42516dd44da92c8b5b9e5e5e967597d65da5eeed470320cac797169092145831

SHA512
7c9790f87d09b519c0b57b88d14572abb09fe25dcbd2f96bcbe1b2e184e0c57bd81b957cd43d532b9d8c9325785c418290c53c546c984f52c388ef0a6eec5cf5

Download Submit
/data/data/com.ques.countdedele/databases/jqIqJYOT3JpT-wal

Filesize
36KB

MD5
958370c6bab66c10530aad0b208edd20

SHA1
d7e701ccfe1b79cfb7377c372737444dd3af3cc8

SHA256
30d4e518fca0c9ddc609a6c218d2188cd469f3f8cac918032e7f0dae55e47cfe

SHA512
84ebfcf843999c5ca0fbbb90d65c6a950ed49c63742fa0721343af78984c59657e20df17b2afec5f249c6acc3539b8cfd64c000e7b7ec37479acde1f278cdf82

Download Submit
/data/data/com.ques.countdedele/databases/jqIqJYOT3JpT-wal

Filesize
12KB

MD5
8cdf50fab2776f36ae14f507b6fe0343

SHA1
372771938057cb376f7f4190aa03deb0eca9e0d3

SHA256
fabc027279fd079cc188b659561d128b9dbc10ebf35a5ced45d0fe04db618c6c

SHA512
e20cbb9507da0bc07d4ae8e2d008df5ecc56a4f0541e2c539d31228416b4e081952e516c44428dbdb77d3fdf61cee70b06fa50c029b79b3a94658ef71d4bc4d9

Download Submit
/data/data/com.ques.countdedele/databases/wIU6pTyUBYWX

Filesize
24KB

MD5
3f46387c5a9161a06c35918e4715e9e4

SHA1
f03b4527b29495a3f50be85d6afba301e9e3f1c1

SHA256
687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9

SHA512
614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef

Download Submit
/data/data/com.ques.countdedele/databases/wIU6pTyUBYWX-journal

Filesize
512B

MD5
8de75c15f7bce2b75303cb03d8d4940d

SHA1
804473e3eec295f1f9eb9f00f63c4adcde8b287c

SHA256
7d3c608c128c959e2ead96530f2b9d6d43e705bbe8ada77528de1042f6cc366b

SHA512
dc93f2af6615d0490ea8371408026dde6598d1233039cf32651bd2f049d6234228a5985822532f87e0944cf1de79db241f05719c75556a662ed0aecdeaf590f6

Download Submit
/data/data/com.ques.countdedele/databases/wIU6pTyUBYWX-wal

Filesize
36KB

MD5
4ccc20c5f9a71e85c64a483e59d0c2c7

SHA1
c5486334cb0223153b705bdc673633040450fec2

SHA256
985d22370eda53df985b2c28474aabfb64402c139a5db72a0d10f3c253c9deb1

SHA512
6614ab850693ae89a53da15aa4153bf380924f8a5135486074311aa897d51f7a40d2b24c1bebe178ac91434f85a60dac2d08b1c04c192916dc857bf16c0ba064

Download Submit
/data/data/com.ques.countdedele/databases/wsUL1uCdKvjD-journal

Filesize
512B

MD5
6de067162d7679b5e64f7d9444f1aa26

SHA1
fe8e2b9d2290fcd7c8c1d88630b8db44c704e84d

SHA256
197353b5153d1baa1bfc80dd2654cecf47d5cf96fa6729fe6fc529e8c6e6ddca

SHA512
6f347dd7e215804d3a7bcdb0fbd640ee40d15edb3ff1d5195e4d7beb64625a1169b636a234babcbfcc031eae621a65b41d29efb1d67ffbae5126469f24ad0ec5

Download Submit
/data/data/com.ques.countdedele/databases/wsUL1uCdKvjD-wal

Filesize
36KB

MD5
1e78bdf8e3413ee23c56c1acd6f8038a

SHA1
7092bb0d220c105f9f93931774fff1e10495ccd4

SHA256
6b69d078e9d22658c055a7b2f73042d5ef56cb22326b0c07a727cd92ef92fc77

SHA512
e619a08bbbed315d8d5a99425b0719ac975545767fae3687d7eadf9b180840a1372ae61b3bec84d66a2c88def7aa12b4b1437b69f04f1258340d2f6827e230a6

Download Submit
/storage/emulated/0/Android/data/.dataycache/i42d45df023jnkdd93la483f9xGFKXI

Filesize
26B

MD5
3c33e392d0bcb15294b1ad95f8c63ebb

SHA1
c421f448ddb928f9dc78f160cfb642b12cca03dd

SHA256
ec795dcf5ce8a6cbccc2078f0a90725cc74b4aaabca0a9535e99d752235d0e81

SHA512
1790a4d4303d805dfa8a6a3a5eaace03abe0cee255fc62b603c283901e46fedb36bc3fe466fb34f0cb181d4221043133a061e498b8c433513f315791e51d121e

Download Submit
/storage/emulated/0/Android/data/.dataycache/m929bb76e8110d1a70260af57b446ebc

Filesize
22B

MD5
b59f7f521008e55e9592aafa4ce3ae36

SHA1
3696a3e25428639f58fdca352138b57cd796589d

SHA256
00dae9faab5a999144141684ab00fe0d34136bf967b8be2573ef1027e6f3bc72

SHA512
aaf6505afd366e58af9e9e9811e67f7784e7d1258e962d81b9e83bd8e8b507bd840644364f34bfd2a21537efc71c8d00e460810ef73ffe6c258e7f83498e5bb4

Download Submit
/storage/emulated/0/Android/data/.dataycache/s92TjjdfoP2n3o9dfji2l9s1olkjf0p

Filesize
26B

MD5
95058d3fa3076e4fdbc058e18d566e0d

SHA1
f6082f93a9c0ce4565c1228e61099d1b3b4f1c6b

SHA256
a079ab1b81730bd46de6049424ff404e37db84d47c48c5dae619911c9647f299

SHA512
2bee197091f0e83989094b48f1fbcda3d9af8f9f5bdeb2716f3d659f99e97167e3863d1cd2e4b5e1537b866860ba016f4d7f9005e03e3f2d0c1dc3b2a0b264bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads