Analysis

  • max time kernel
    172s
  • max time network
    177s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 07:06

General

  • Target

    5381cfeb78ea0ac05bfc114da905f8d9_JaffaCakes118.apk

  • Size

    14.3MB

  • MD5

    5381cfeb78ea0ac05bfc114da905f8d9

  • SHA1

    a515981c967eea85d4279c4b6775fd9d4f05e2e6

  • SHA256

    4024d0f1bc319647ad39251c338ec2f7a1c8f5fd8973637a9d72b64c47e5d387

  • SHA512

    30c53b6e81a7963643a6ab1ea247cdb63cb796288b2f1d7a2e54dafbcda2b206588ae89aafd06bce3371c027ebff6e65910d4ef488d8a0eec1595f9d3a5670ee

  • SSDEEP

    393216:2ggz6LQ/EILYWxCL++1UTSnrCNh43XOMZsfv5oUAJ8JfcUjCh9t:2BDVjgL++e+uNe3XxZsfhRUZ

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.caifusenlin.cfsl
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4256
  • com.caifusenlin.cfsl:mult
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4327

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.caifusenlin.cfsl/cache/image_manager_disk_cache/78fefc26ee98a81e05de27fc9f7246f04fac9b22faffe5066d8f22aa4419dc50.0.tmp

          Filesize

          39KB

          MD5

          495cadef7c7561fe71e1314b9459c4a1

          SHA1

          ea3eb58ab203481725191ca70869b71a686b747d

          SHA256

          6efa48f69cda3a43f08177c57d591b07e9806db28c56ad0b6972eed5a9cd5894

          SHA512

          bc297aa23d4be800e42d68d7a85680fac5e67ae51c65db17c156752353534b0c8e683929175cb1a792fdf1109f35d01800e020f3ee432d56d61cef786a063231

        • /data/data/com.caifusenlin.cfsl/cache/image_manager_disk_cache/journal

          Filesize

          179B

          MD5

          7e45870d682a9ce5aa1b9d3340d04f0b

          SHA1

          4dea7172ec818cc7d78cf4def29a2a6e32e3bcca

          SHA256

          03016c5d329e6d5c7e5e0ac1ef8ae9e280b9aea14eec1f317b83d7fe0ef50e58

          SHA512

          d4867b395c1f6845bdaa8fd49bd8831a1e008aaee23764b4ff5d0e6ca5295541819a345927c4af031c46362fec83cef3402af0e9ecac02a6d90eaac57d60c29d

        • /data/data/com.caifusenlin.cfsl/cache/image_manager_disk_cache/journal.tmp

          Filesize

          31B

          MD5

          8c92de9ce46d41a22f3b20f77404cc1d

          SHA1

          8671a6dca00edb72be47363a7071be65cf270373

          SHA256

          68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

          SHA512

          30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        • /data/data/com.caifusenlin.cfsl/files/jpush_stat_cache.json

          Filesize

          137B

          MD5

          aeb05f61a95a3f22569f2b62004db547

          SHA1

          282e09bb6376c00e55cd34c55651a53058ae4987

          SHA256

          8e21a3b9c113399e7ecfb2a33aeb41f1931c7a8d492aaa2e8fdab93e8e8c8515

          SHA512

          f75b5750d18e373d74ef1656d2bc7165a7496e0867f4b0cd2bf4659a326769cb6c9d9e21dda8c5fca9628fc5bc5ddef834e0714cd914f28021693aaba9d18e44

        • /storage/emulated/0/Android/data/com.caifusenlin.cfsl/files/tbslog/tbslog.txt

          Filesize

          18KB

          MD5

          24d09ce6bd6b4fe6ec4cfc45e6e13ffe

          SHA1

          ebef080f062a4c3ff9834776207582b1d2c1cee1

          SHA256

          a0a0ab1e3f6f26a57412df199a07f4d9bdd48490d49d9d0d2805172604a056e7

          SHA512

          a53e627fd9d4895844fab6cf175eb84e0760a89ca9ef2335f5cbf744973ad97231d956a148594c8a988c1d52b48ba4445e372ae58882a05b07f6335b9495c0d6

        • /storage/emulated/0/data/.push_deviceid

          Filesize

          32B

          MD5

          563bf04c05f21ccdec501371db9fd202

          SHA1

          cb0fe094578dc90dbf4f4aea78fdae237267def2

          SHA256

          ea3e0a063e7b3d34bcc00d4a6fe24cae1eb49f6331e0b3c52aa1624638cca152

          SHA512

          3d5004543b25ee220adcd410c241ed7d8577518656d694773a42767f52fd600d4b4a04531870ee39fb208451789b9d80970275a2a36d655a2b6d4bc1f3ca29bb