Analysis

  • max time kernel
    172s
  • max time network
    180s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 17:02

General

  • Target

    55d35848046725a1301561efc707011c_JaffaCakes118.apk

  • Size

    17.5MB

  • MD5

    55d35848046725a1301561efc707011c

  • SHA1

    8329f9832f758cb5e1e8aaf71545ae8218e97841

  • SHA256

    cb7c40f29a4a0f18f6c48530e8c5a5525d1e4e99259ef1abc8ac547e0dff79c3

  • SHA512

    9ca1f526847319dc09abcab39f550a6bedcd17b58d6cc6b9f0a7c1f5cd2594f0d96489c7c2f03475e2a06acf20031c87e3ee5f28df556d2b4ee36921c3b85c27

  • SSDEEP

    393216:jb+l2uRBpe+f/Q10LNQcRm0vrsfDFauIAOX6rVvXLB3:jb8npegoaLNmcgfAuIAOX6rv

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • cn.com.nbd.nbdmobile
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4307
  • cn.com.nbd.nbdmobile:pushcore
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4365

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

          Filesize

          512B

          MD5

          a4ca8f30f010eacad3c9754439b39490

          SHA1

          138fa9775250fb5dd8b65f6959b69704486f702a

          SHA256

          f7dd7cd6d7f5d10dbc8b8f8d80690c17e463f6e36201a54b6058b8dd19b363b9

          SHA512

          75869ba321ec573dd4f2acffa1e1c2ec6f832d26aba7e0def5ccddc60178ee5653992e75d766b93d6b2f45ed9d470a2514c6884cdbcc6b9d9ca0b055a6dca885

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-wal

          Filesize

          124KB

          MD5

          6e90ae7909fb3272469a3188418410cb

          SHA1

          7a65899133e5183a782902e181c06215d6a1106a

          SHA256

          c8c8e40f8acdc55d93d3204cc658ed49f048d1a865c8240740d55c8d1393592d

          SHA512

          37fe8f59cbbc92a4889b6947aaf067e51f7d28d381a9b0791a0939894082418ebba9778ef845ede5cb58e2c073dc7c95aa43940371f43b899e8ed4d9fc27c08a

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

          Filesize

          36KB

          MD5

          8acafb8c2a8bafc717bc70290784c534

          SHA1

          e3a473d378bc2bfd41399da74e391fd96e65e066

          SHA256

          1bb294062de9887b4b9be1bffd520c00be9006b4856ebb67f84651fce8670a22

          SHA512

          5503b937a99cc24251b145b238167c235d77e496e544524175e9dd51168b04a0ce9aa5fbfc065784a4e6272a3135dd05f2cde9c348c609d5e4d75caba791a2a8

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

          Filesize

          36KB

          MD5

          ce6135aa1b1fe4f2c2db2a546d2a5558

          SHA1

          79b59582154017aadab783dc266fcb158c252940

          SHA256

          7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

          SHA512

          2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          512B

          MD5

          166437cac9f5ba11bb347f4a5b90954f

          SHA1

          b81f44957bf14692894f3bc2e89002f9a9dc0277

          SHA256

          00b46f1b2d439667d2f78e835a73e09642e05da333a4bda0d4643ea06b67d963

          SHA512

          a61049e17a8c8c50da6b1e25fc05539c28b123a128b8ec93fb657d439c78bcf5ee6cb403810fd4d72fb21091025e41da2061d46340cc82a4f189e8e6374d12ea

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-wal

          Filesize

          16KB

          MD5

          b06c19d1cb54bef072a6b10fcbc705b4

          SHA1

          522d3999942644a32f96f65a483b6b93cf71de8f

          SHA256

          32522c644a63594b7fa4602c84e1e1be718fe1f911fbd8549aef591371aa82f4

          SHA512

          87ce9d0e286105bcc6982c04873a39e91ac4c626df50ef6b44f636e7756bb90f73913d1a2577f62d98b11cda56384c3ae2f5170fef99d2a5c59cf8c53a5aa9d1

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-wal

          Filesize

          48KB

          MD5

          817c72b816d38fc70f53d09322192ec0

          SHA1

          74528f22b10790e52cd2a3eb6b431a63782ec6ad

          SHA256

          a4206bafd7d4d6a32e77312d04dd34159a5b984878bbae7561ae3be4a9224f34

          SHA512

          c2241c8bf6de625e014ddab874b71b35d5466945f597f5576e06b73f97702db7432f333e58816a02d531bb02e3e47a710f4650d1cb87e67a7839da24de2623bd

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          32KB

          MD5

          d604a3bf1f8d992cc320ea5b1f7609bd

          SHA1

          247f88df0b55c7d523ea5398637711a0e4a483a4

          SHA256

          329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

          SHA512

          67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          16KB

          MD5

          35a4132841adfab41182546dad6d354b

          SHA1

          c06e0b4132cc7ef26f4fd839546508f8438851f6

          SHA256

          f9a4607081ecbe399565b422f0697ae3f7a33761bfca86b1f3693d03e12ec0ca

          SHA512

          a7a95bbf68d0d7be57e9867528d9790b8ff4ddbf7b64ffad1df8a907181fc85eccc1116a6ec7449bd9bf7b014172407127f6d6a4e45600a61fbda408e84cf034

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          16KB

          MD5

          ffeba06c933b195c941457c8d2068282

          SHA1

          6a20f0faf81b4134a80154b1d0ada613655d1a24

          SHA256

          16a16ffa57ff57c9939a43ada5949266fc071157846c6d70e9b9bb9e02e03e32

          SHA512

          e324c16223642a5aae9ee5c48068088d4174a1f77ab9b30aedb20d4ac6f50d0e0b2079c75a822967ec1cfa51e4c7ac60167bc55e7fb29be6f81264a5cabdba8f

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          32KB

          MD5

          74ef0e4ec91c13cde3d512a0c0b186de

          SHA1

          c6ba82795a9fdd987006e4b709236ee178553281

          SHA256

          f2ed069123dd792351d652dc28d21f9dff0fe72e4ebc5756f940758e05a242a3

          SHA512

          19353972ac619999d72607f692e9a53ce1c15abd7ec37ee771ce5ceb8dac95eb6a56f8b39d8a26bffb3a02e61c4fd18d010b1d09465d0769e8920aa69c87b2f2

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          512B

          MD5

          16051cf08989cb16702991839bac2e9e

          SHA1

          f55e040ddcef5305c54a68ce8283b0eccd2c8bd1

          SHA256

          f5cd1283e1ebf3960491d4e3be604d936efcf3680cdf0f8eea36f5921c12aeb0

          SHA512

          67fb1ef0f6a3da7dbf32c8940df0da01e2a9d30602eb2fe8dbc845e0299cf8a6e3a040c64a5f4229d6a1230ce0c4038633d80b025a8cde094cd3783454345c99

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

          Filesize

          8KB

          MD5

          ccd0b3ab7b93f26a6c2982d7f55312e3

          SHA1

          7cf35de2707b4715095769e89f2ac90154099666

          SHA256

          4125465d15ccada3e3af3c662c3a6273216a2f870eddd20d5737b455d67eb50e

          SHA512

          31ef87f319e378cb5b9d730dcde76f9004c55e30de0319339141ca6f70496e26c1e9740a297c72e8a8b5dcd48d459c8a3695d9a4d9bb3e2bd6b40a3247423bd0

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

          Filesize

          4KB

          MD5

          84e93384b86587ca157aea8daa8a96ee

          SHA1

          6ae583bfbc64097b4926efbfae400ba8109b674a

          SHA256

          26a847310fc36962d7d359e19dca1976d9d1da5673aec4e7219613b9cb0f2bcd

          SHA512

          5eaa29008444b551f9cd2e7d21806ced5e25730a3007c516baf941ad79109fcaa81a41d7cc1f556a2438f12cd46d9c241f0576e8089d08d93836f6f6fd721c51

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

          Filesize

          4KB

          MD5

          79a36bf8d2c9b927bc1d4f35b5ecab93

          SHA1

          1a6f3297aef56892dc9645268721dbcbfd037adc

          SHA256

          21407dd2c3dac29fe1a0c367679a1ab4990fbdb3403355c94d3f2bde5bdcdea7

          SHA512

          12b20adfab89c3070ee4c3c4057960a8fd3262b3b321538e129e70384068080619f8ed6c11c601b272598dfd38d3d227fa502b8c0874676fe7cad5d5ef270cee

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

          Filesize

          56KB

          MD5

          6fb0e681328b15c4125375efa280bccd

          SHA1

          a1519c6a3a8ef9f6e0f3fb1bfd1a3ef2b422205d

          SHA256

          e7bded8312b95e3077cbf7ff98092a25c72b9bdd15039eb0096d43555de2f4f2

          SHA512

          701fd43ab45a812464295dabff57ceb23a41440e512cef9cedabcc5d0dfe94c9681f7f2666ed3446a0d62b9dc45b66f3703ff786dc7a4dce5becc9b4344c2d7c

        • /data/data/cn.com.nbd.nbdmobile/files/.um/um_cache_1716051937620.env

          Filesize

          1KB

          MD5

          2ff925f97c3b158211624c6a6dca33fb

          SHA1

          aa34b9db31f8a7fa9efff956bdfcbdc267cd855e

          SHA256

          dd4ae1ca8504f3924ad49dc923c75a0adea21e8c96eceb9a03d815ede1dedee2

          SHA512

          ab08e71bfc71cf2501e9a410e92317cf23179ebb1db91e77619a7318bab75ef3cb306c743b790c97fab1987a5be35b40eb2fe9f39e35fa243e2f8a9737abeb07

        • /data/data/cn.com.nbd.nbdmobile/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          b30e9ca3372d013005381bb889b35eac

          SHA1

          5dd0b4fd5da730a8e85f79b74aabe3e2ccf4db7a

          SHA256

          e6d93e818b71c6d547b54afc9b6dbfc38cd6d4d5be557a24619de6391cdb3aaf

          SHA512

          8387a39e043bf89ee1d1226d508a7cc4f651704dad578114ead416b3d5c552096273bc24664acaf4d98ac6bec21a9dc988d6a833068f801abd6cf02e8e5eff03

        • /data/data/cn.com.nbd.nbdmobile/files/exid.dat

          Filesize

          54B

          MD5

          3bf2fd63021c2a5dec8d300ad622a0f1

          SHA1

          7e4158bcda6c60ceae64f1c2910eabb998713092

          SHA256

          77173cbe835333857c93282f0837a3af0e8456ab7a893fa9ece8dd49b4b77328

          SHA512

          431b39002794db046027c898bd16d85699a557d0cef9d9d777aafbad1b7e828eb9c203d8ea083facba4e9d38ba2198f108075b3e01befdd98540102b4bb780c6

        • /data/data/cn.com.nbd.nbdmobile/files/jpush_stat_cache.json

          Filesize

          137B

          MD5

          9f9eaf87302860b85b9765d40733e6ff

          SHA1

          5fb8cb1d1a377b354a88efd3a3ad44960206c30d

          SHA256

          a02f77ae35bbc444ccf50377a13c5b004c47fdb8e7e33cb2a2f9796c7f73b9ac

          SHA512

          e2c818596129c62391e8761161f65c7bdd8a3fc7c9bcacb0795a443bfced4939fd2f76cd7eea241d75c15b606ff808a831cbcef2cdddfd9db84a40ed7e08faed

        • /data/data/cn.com.nbd.nbdmobile/files/umeng_it.cache

          Filesize

          498B

          MD5

          878d8ca8038825488e33994fe399083a

          SHA1

          cf6184a7521d18c9742ba7060c3ad26df316a681

          SHA256

          ec1f839051a84d8d42688fdd8463c5d0be9678e677e27c52927c5aa08d3817ef

          SHA512

          d0cfaf7b25deb33397e1f51c00e09041bd47839c6cddb3dde8e5524e076d3ab9c126a40f2a0be7047b7ab73d543c5b40352f3cd935a3faed43f8426aa35422ab

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          258c7923033bed02d93ac7a4ce98b533

          SHA1

          28e1e8fb021c84d7755aaeb579d3f2c6bd54ed8a

          SHA256

          d26255f1bc9e748ca3891b84b46ce647e721c29257e7d1a7dd4c84b40cba08ba

          SHA512

          4685c391b3d5bbefcb0c150ee984acc625a32114b52230fbf85617a06651db3f6177eaef050ed82f75cd927d467be51ad0cae921d6e6f391946e12032833c92b

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          64e43ba32a7ac473a118d9ee239071bf

          SHA1

          ca502d500b707810514264c28d3160b19d1d4c31

          SHA256

          a600b99bff45c89e184367bfb24c13fbdb4d14df248d9c95ebf9fb1e529832cd

          SHA512

          0da698719ddc506ca3aea4390bdcdecfaa024a743aee14bf0d47bb04d339a0373e5631951edd56f18ef5d5e3dd9e5fdcd25bac498e39a9f70db7514de9f9db65

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          f512c46146950b2644e652c1172bfd15

          SHA1

          ca2ac62ee049a498c402e5c8912ea05ad8c25b7f

          SHA256

          986e4355dbd019dfac5b6866bf111723399008d044f2afdef5777d1767547482

          SHA512

          fca144ed1bb367ba1fa102da23bfd2b23048b6303a8d0359a91152f613857f023bda64c74c0c91227aea76bb5f1c586c8462758a17fe0e15c8027d6829eb1c40

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          1ce8c666cf5042461b887c75d43a4e3a

          SHA1

          df3932e865a00a7ce1cc355fbb00ab98549498df

          SHA256

          4ed85337b1fbe804dd515ee28ade70c8b84caa1608cc90b0a2ac8b67decc1e7f

          SHA512

          ad2c55de056217f3bb75bbf6b68635866beb17934c34874edcf1b23957aafa2e6ead96059fc9227594ac0201ee1427a892c7a78f03b34ff742140c24192ddc61