Analysis

  • max time kernel
    177s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17/05/2024, 14:57

General

  • Target

    50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118.apk

  • Size

    8.7MB

  • MD5

    50192673ead239a83f5fa78e0eea2b3d

  • SHA1

    395d1f12c4b99d70f54060f7d42677b482c2823d

  • SHA256

    f05c16eb969304b72f9ff3aa0701e4061484ba93734fea92ee3e88f681460442

  • SHA512

    7d056cc4fdeb91b0bbb6530df20c262fe6f36609dafcff1189b543a84853ce49c02219dab4e92b66c5a58a71a126cd14cb7e3458e7e1b2ee693ace4def5c03de

  • SSDEEP

    196608:4mUJezQjeDiGRgUAPeMieU7e0+LEeT5fqcWE/Yqczl6ilobxJS3obxJd:HUJekeVue/emeDLEe15WUazgrq41

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 2 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • ibuger.nnjm
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4315
  • ibuger.nnjm:remote
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4377

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/ibuger.nnjm/databases/bugly_db_

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          108KB

          MD5

          b8e92aadda897e679bc29c8830066dbd

          SHA1

          6c01cc71b8d7def308049ff4010854d4fcafd124

          SHA256

          da452fc67a4f21d80906141f9c0eec972ad1d5f3a662eb56fdb3ea0c3b46c6d2

          SHA512

          5a7f119f54e2d6fdc0dce377e2b4c70f267f502028c4aa2ae6444efebed8ce136bfb64a1c1f3caa7b45c6bab84b9ed1fa784fd2633f90d569827015901b22769

        • /data/data/ibuger.nnjm/databases/bugly_db_-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/ibuger.nnjm/databases/bugly_db_-wal

          Filesize

          104KB

          MD5

          ca7f1ff30e585635ee63546ccad3a2e1

          SHA1

          c1c81080587cb78546cadccc81709ba4490e468a

          SHA256

          9a07eed8370c9b2c1fb951724bcdd0920ff0dbf98c947a52a95d7478d4daacd6

          SHA512

          6cab95192c032ec2b4421ea8a035362f7a076b922f9c9891510431cfe7cf47999c6428527ced9a11db132b36da5f6e970a4f34e39e11cf6e66959da48b978d3f

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

          Filesize

          512B

          MD5

          5066201d8eafca9155df39dd61419835

          SHA1

          22cd396b1415dda33ef4e43f7809942719aa385a

          SHA256

          6d1517dfe268020e11213d034dec4108e0039b4c5c3e018b6a7ce6077df1f592

          SHA512

          a14a0b5d2e1f5c9e0262750087a9c19df34982eec66b01b8bf5fa2d63bd9825390184255b9e560908f74dd1712e61d46a38315ee0bba8293bd18ee25040c5e8a

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm-wal

          Filesize

          36KB

          MD5

          f3a16abbd9176a2ce2e76f3bf323ae29

          SHA1

          8aaf11a29593eb5489811557a733aa007d684f55

          SHA256

          75d276a6eab5b0a50cb9f2891efa3c64faca01197f48217cd4680823f2ef46d3

          SHA512

          4b865445ea3803a8bd3856b2d1e3a719049d6ad86a1cc38fba1c17de11764d855821b723b5a1a1de044d8513f6b602ac71aaf10979861eef431c38851b8e828d

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

          Filesize

          512B

          MD5

          bb97a750c0883b6b5e47d9e685b6f5f1

          SHA1

          b034bad5770eee35e8ef01053ebf8face15e7212

          SHA256

          895cdd3973752944c243e785794b988da1fbbe5bc24a92ffd8452af806bde687

          SHA512

          d5a542ec6ea827e3b982d1cb1f935eebd4fea6a0ddc4ebe7195d3b966fa2a9838aaff28ec586ca1e3652aa911f2206b09f78b3ae0dc242b2a4e067a19804a086

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-shm

          Filesize

          68KB

          MD5

          71cfb79a4a6769233c41123cf4c55987

          SHA1

          893e154b6303c6b78af3d97ec9ba6a407d17e434

          SHA256

          2e6ebf71146bc1d74edde7474fc13a3fafb65a0554c9779967b46fea646460b6

          SHA512

          6326d7baf9225b8a5e430ceeb3445c131e35f13ffa6986f5f4d334f87db09e6e4adfd0527392c86f3ed94c79427850f61859f378c78fc78f53024cc083862abd

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-wal

          Filesize

          56KB

          MD5

          47fe23cf3e8c1e490bf31b657b2236f5

          SHA1

          decff12d54b61af4b0ee9bd3198c670b833591a3

          SHA256

          4f7fece740565c3b21d2dafe3ab2dcf4533c7f4e3ada379e145e442257169174

          SHA512

          4df5ef654530a391377d3cffb0588bac8d1d353a76d0face8285aee7b42403432d63fc5317c9ff1b444675d926b96935cfe8461a406d380be00095d513423133

        • /data/data/ibuger.nnjm/databases/rep.db-journal

          Filesize

          32KB

          MD5

          f448b6dddd6fa233c506cca8fb93adaf

          SHA1

          3c408e5911dbce1b5bab29d292b06f0cfb4237e6

          SHA256

          5a745ddc2ce91756cc59a389c6748f2a2b4956c3f364cc3479bd29373d02bfd9

          SHA512

          55aed2efe24dc6eee4d44bc848665cc2063517d113ec42c02baab4683b8a09999db20a779946dc304fd322d01f16022311ceef9ad92b35a73161544c8f591745

        • /data/data/ibuger.nnjm/databases/rep.db-wal

          Filesize

          36KB

          MD5

          5981aee9d03af53296b76cdbdfdf97d0

          SHA1

          e1034e0e40f88b2e65dc3bb8a45206a41cc5dd78

          SHA256

          25a4274ce223a91a1a67c1941b98347bc102ce3da822eb76f11e3954d81dec94

          SHA512

          19d467f11ee4ec046b7aeb10bb98ee00f77f4866680f49236c1f63d8c6ef0b8ad77cf0467af7247d812fd2b5d22bedd2b09ed29077c19eb482b4e1424364d6aa

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

          Filesize

          512B

          MD5

          3dfd250b7df291813c69680d783e3534

          SHA1

          5e9898d16582da621a658e1b6e3acf9aad3c3ff7

          SHA256

          f3a7e5b97392e9b31c7c23e1da5b113335e0c3c4c71d7eb1e151f952f51c602d

          SHA512

          e10ffada24d996cf2e06aff2febd158ee2168e5433735c9df931787773d1edc854808d35799abf44a92cd92e00688a4f3569a521133dae8bf99765e86474132b

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-shm

          Filesize

          32KB

          MD5

          cfce5ed1a3370cd4df38891414660766

          SHA1

          cf8453b62be18678e2d2ac69a715d19751c341d4

          SHA256

          244fc1dee67a5315192948c0cdb7d291d5776faf5a1dbb591537625e5ddf3091

          SHA512

          2352a82f41ab250e30f5635824395f46e3f604e119e87d3e322e10bea8fe8ee678fbe0ad8439a634de913d3b094df1ecb3dd5c092776be62dc9db4799729bce9

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-wal

          Filesize

          64KB

          MD5

          460f3507913b83c54f417834ce596669

          SHA1

          bb112f55bbd606d7744b6febe6a09c240bb29195

          SHA256

          8e85c6366677482a577751f9473958cc435265df0395ef68a1549e6c9f0c6920

          SHA512

          1b61b4d076a98fab2ba6bffd585dc0fefe3fa48bafbd155a1bf0bf719f01a3456b621b18af4463f917198d69dc92d07e914eb7d4336d773dfc0bdb923f543ab8

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          512B

          MD5

          3b1fe88a5fd4d63aa2e8cdd70180709a

          SHA1

          3d39b795c79b62e99656e13fbb541ba1dae8b0a5

          SHA256

          eaccf70339b260e836e58958109ecf2894f029dd618e5bab66fea60f1e8ace1c

          SHA512

          ebafc4347255abc9f630a48c10f72e7dfafdbcb579c58dc2fb0a94e71faacea2035dbaa37372d2816f9345794747cdc18171f9ce3b73204766733b0abe1bbfa1

        • /data/data/ibuger.nnjm/databases/xUtils.db-wal

          Filesize

          56KB

          MD5

          3e905658bd880eacfe5315ad1c93bbfd

          SHA1

          4627a073a2c39c6e83a5bbfef8b7d90a23c6b0ce

          SHA256

          de2186cf7b35edc997fb511c50c3ea8a2fec08b3e443c92ec210ea5d3f58dbd0

          SHA512

          207138d9217a07b752217200a712f757a8faa4c25b202055f335afe368817675ff09ebe8639e2ab94471ff54f27d56042c848d5df7cbfcb7d168bcde7c626ef0

        • /data/data/ibuger.nnjm/files/.um/um_cache_1715957987911.env

          Filesize

          573B

          MD5

          84908bc677c45bebd41fd68c4add6ff3

          SHA1

          b5867d0d54a866f42ad429f48e2d3c65f95640b5

          SHA256

          bb036d272981a697614af1d144447c63a4f67b881acc03dce82a536325247510

          SHA512

          8fed407a556fccc0f3f01f3fe2d9b6894bd71bb584abd619d60053a8d9036a55fadfe46ef06f4237880e6f251d8cad37399eafdab6b5678931b9d9826a062868

        • /data/data/ibuger.nnjm/files/umeng_it.cache

          Filesize

          310B

          MD5

          6e0ffae3838c7381e7f5994ffb6a84cd

          SHA1

          c26f45ef55596ccd23f382ab82b3c669d6f5dd59

          SHA256

          08b86611fdc748337fcca99120ee177be98a93be8e65c9ed5ed49e8f9b4b54c2

          SHA512

          624b348d4c8c49ca96e4243524850eb3e9b9ad85e2a9d29baaa5cf779dda7bb3179a50b100695bc89a9367567592c533e174dab268af8a413d6613b678bcb042

        • /storage/emulated/0/Android/data/ibuger.nnjm/cache/WCache/journal.tmp

          Filesize

          31B

          MD5

          8c92de9ce46d41a22f3b20f77404cc1d

          SHA1

          8671a6dca00edb72be47363a7071be65cf270373

          SHA256

          68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

          SHA512

          30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        • /storage/emulated/0/ShareSDK/.dk

          Filesize

          107B

          MD5

          c9383021bd97affc44be4db7018c4d7b

          SHA1

          7e680409d1c86e35149bebc22f2cf8c484f0d23e

          SHA256

          b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

          SHA512

          7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81