Analysis

  • max time kernel
    174s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    18/05/2024, 17:02

General

  • Target

    55d35848046725a1301561efc707011c_JaffaCakes118.apk

  • Size

    17.5MB

  • MD5

    55d35848046725a1301561efc707011c

  • SHA1

    8329f9832f758cb5e1e8aaf71545ae8218e97841

  • SHA256

    cb7c40f29a4a0f18f6c48530e8c5a5525d1e4e99259ef1abc8ac547e0dff79c3

  • SHA512

    9ca1f526847319dc09abcab39f550a6bedcd17b58d6cc6b9f0a7c1f5cd2594f0d96489c7c2f03475e2a06acf20031c87e3ee5f28df556d2b4ee36921c3b85c27

  • SSDEEP

    393216:jb+l2uRBpe+f/Q10LNQcRm0vrsfDFauIAOX6rVvXLB3:jb8npegoaLNmcgfAuIAOX6rv

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • cn.com.nbd.nbdmobile
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5247
  • cn.com.nbd.nbdmobile:pushcore
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5318

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db

          Filesize

          104KB

          MD5

          6dc76ea0e01c89dff2d541b02fe8d3f8

          SHA1

          d252f44aa7c447b35438b944fb96579312eb97d3

          SHA256

          7d812e29579f423b12f0fb246cb06b77a1c4e431e4c65f3e0a3f8dc97122f58c

          SHA512

          c1411c043050aee7b363798b424bd64294943bd9bc7c58744ee83e4a3e480ff01cdcc99aab21f142d075ddb9ec808a461ae48266a7270dcb85e5dfe06aa74a11

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

          Filesize

          512B

          MD5

          c76eb390727a550f5ee561c4c3bef51d

          SHA1

          7a2a2471b77c14ad7040066a173b58f8851ee44e

          SHA256

          69886744b5e2afe4c3a61f2b9749d71e1fcaa3e14b82cc25ba09ff6adb203372

          SHA512

          69ffa6d120e4094493394174c316262b02f3b7510214a2e1837c02b3df0a369bdf2997dbdfe392450b484cba7d7d75254371be350fa6938389371ced51a59376

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

          Filesize

          8KB

          MD5

          1393ed99e233ba0e33a5a80d8526b001

          SHA1

          dc22a7c24689f58074cdec91ac7313e0cce07956

          SHA256

          a800f0740598379218756e975d60ec58d7a6a86e7f80f10ce2dc2aa475de1845

          SHA512

          aeaedcf768183ee500a1295e60744f430c6e6522c2a75a005bb807b8b7c7994bfd8f8d77116565863567fe63599e18ed7bc4b06609b82d876edca4fabbbe518d

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

          Filesize

          8KB

          MD5

          06d5068b3baa160c88c1724a01be5554

          SHA1

          d4b74d1a46e06bb97236dc327a5ab70e4b4843ba

          SHA256

          c6545673a9fe0de4e8b27f998d9358f1cf1dd11e6b8bb193e06d0dfea6bf2abf

          SHA512

          eace96d45fe26aadba19920a5a2553215068c3e110d1955b1a9c513ea61edd80f3127f620086adb882be98ae6e80a32703abe654f1707a0435a137750c2dbf85

        • /data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

          Filesize

          12KB

          MD5

          3bbdb5eda21618d2211a7004cfd7d3d9

          SHA1

          43b27344035d7e2b72b3679aaa9104fe2afc3b6f

          SHA256

          b47fbf96d2d3a34c47b469fc8766c081d16922f2aec22fbe2152f7e208c39ffd

          SHA512

          13a771917b75ce6087061a7b3705a9ca235fd8da9618a89f7fe1bd9bec783f8940987b21fb21c500e9e86b68b4583a848a3460b75d1ef2344f11dffedf764d2b

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

          Filesize

          36KB

          MD5

          0908e924aa236931dc7166fef6e00862

          SHA1

          7782648d6d8f6e835bd47058d4852932c096a467

          SHA256

          38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

          SHA512

          3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

          Filesize

          36KB

          MD5

          67c12933d1e0e63d9801a6aa43092ce7

          SHA1

          b6936908554e4a1986b8eb08289e2d3545e8ff74

          SHA256

          abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

          SHA512

          db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          36e50865106f050dd1560e59c5383f7b

          SHA1

          b0f3acf5b9e614930e18e7ee51409500511cd593

          SHA256

          39b61070b7bea4d2dff4746b6ce1ed45640859bd52fef4c6436ddf20182dc57e

          SHA512

          5e24d7c38710a03c7c9fc55e8aef83d59ee2ec655a958c1006eb5a0beeda058276118b617d79c4fd736c9a4f53a767821ab13e89ab074d3dbac09d64342158fc

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          f5c7f4a6ff53bbc4d479779cce5779ba

          SHA1

          edff28e2d8572c3f039955e2d71b95e3b3a4317e

          SHA256

          2a998bb1b0b11d3c04bec0af4266488d776513ee216692aaf5b5d6d9557b2e01

          SHA512

          14ea0a3eb73033da51c6644dec5a97d494005e83876f2ffff76c00d331c5723acfc3f56acf56e422fb9bb303546967354fff915888d957042692da026e8347db

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          512B

          MD5

          51dc0c70bcc2f2f1b537c6b01c075790

          SHA1

          83926de8fbc008278c9c03f5d511c0d4c75eee4a

          SHA256

          c51fdb2f9b6f4c96cd7567621a60c6ca30de1247a2f29472406e19f23f91ce8d

          SHA512

          c881fec7e92a99f9878525ddddc238f08abbf4eda8b660b14a5f9fa7b8481a4dd41c8a48a90710f1c1b1511828302cca2a0be2272ac9aa4a261d2c338bdb4b23

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          12KB

          MD5

          283339dddaff06fc3d648912987a5933

          SHA1

          9691f51eda46275bae87906ee6ff6f4aab6eba82

          SHA256

          1a9f602c2c536ffacbf5135a6c287a30652fdca779bd498d9ac125a25473a37c

          SHA512

          571797009053e78bde03014ccae5b70eeda63c5ec9253441214c01ceee850c0cb1dd43a6cb92e0b92f132ef63e6bbb37af64a6ef4293a465488efc8ab340549f

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          bc3b750b5984dc1c33567bb375a58075

          SHA1

          e5c4bbac48505f957663899910d0f74ef1fd9f9b

          SHA256

          6e837b9af4db39c1ac7739405dfba2a73b6371fc717ff486928ca7f9894972e6

          SHA512

          1549675139449cb27b2eec03882c8a90bc6d6d910af80c6aea711ad97d88032df4682f40458f63948774f330af324d0710ea82e7943ad4a2bd35adb0a856407b

        • /data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          783557ed1315e9488b18dd32717c1ec1

          SHA1

          65176eaf2c2aa16d83bb274933de5f06c41266b9

          SHA256

          798df276da212f89499616332b3d3c41623c0828ea1063bec37064662615b195

          SHA512

          83f8fb799214a59674baa312e7cd7b27e744b59b08704586202da993f73af3f390564b47219f0eac417eb44261d4a49d5571a2c7e2a343da98db9da260f47419

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          32KB

          MD5

          38564ad4c73e5619bc2264b0c44997a5

          SHA1

          e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

          SHA256

          1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

          SHA512

          30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          16KB

          MD5

          6bcabf0b0bda107ee20f338f295055b9

          SHA1

          c9b83b43325381f39525f76d351789334e1de475

          SHA256

          efbaead10afada857ddcd30be02bc76f8105af3aa0effc00475c5ea8c218c3a8

          SHA512

          11413d5ed86e688b0f9e71a596efb7295dc9c12e293a8a911639b750af08d7d6be80681a4f9e64f0cddbf7ce33fe7e1897b7cfeb1a646cfadcbd08880883c7d5

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          16KB

          MD5

          ff01fa6699665623a43c8fbf7f96179c

          SHA1

          2ec12f6d421416f4b4d740a021ce95d5de52410a

          SHA256

          55aa891a66415926344db3e1ab70ea7f0e2c2925f588c93c238bdbf83154c296

          SHA512

          f6b5b68fb854593e1f3d3bfc503fda047cc5ac95caca5f20f16a90f0551da0b1aa5f8b908c81f8add5e6cfbeb67388cda31805566677d76e8854af9d970328fd

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db

          Filesize

          32KB

          MD5

          548bbe5a1e120ff85f40cebf9263e821

          SHA1

          39b15ab5440595776a7f228dd609ce6acaeb11be

          SHA256

          93eedd90e7a4f366ca724c9c1d4630da344fa2df3fa8ef973003c5a3cafc2887

          SHA512

          57f2aab8bae1838409050d7ee0007dd9eeb7301a0b4f5ba65a89f3f1a36359a60aed4cf8882a44c3ac411e288fc6d0df2955379457ecf3cb0d6d64a43d782b97

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          16KB

          MD5

          bbdff600e5d417ff62a07077e5371cb3

          SHA1

          46e28fde0d67b16a8b66886b86ec2e1b70907f12

          SHA256

          9dc09b7e1b0a97027246d2d6a1c7c8444f93778b2b46698b7074de108baed4c1

          SHA512

          bcb8c3eb4f5d4047bc2ded26182e3a1b284dca8e1a028f4da4c0c854955e9a8439444606c66db424a6d01057cfdcd30ce3345651dede8b0e9aada8554df29970

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          12KB

          MD5

          8f1039ace78c8d9eb78605a75005f62d

          SHA1

          3d0b3b676654ce5b7dd9efd4cb38d2ecc52cffe7

          SHA256

          715ccefeedf5cde7f9f60669efa8047096b4d0e9e686c6f889ccf1555541a002

          SHA512

          c917a0ff2adc587a57c9c139a4b0d0ca5d0633db0cf5c3bd0d839f9a4cc46a12578c00dc3a4e97080c00cad531236a6f439dfceab8a89faed8a59d7078ade88a

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          8KB

          MD5

          d66a5f805e0dbcd6bfa9b5b44c1a6ef9

          SHA1

          65049ceec9673cc20afbee6eb5f08ef8d2d7adf5

          SHA256

          40cc437378e810928381e214d9496361f5f00aea8d3bb1ac40a3f5839ed3d300

          SHA512

          fcdd7b123ef426cf8cac694fb46c60fc56cfd65b80c85f172d297a34249a92515df28902c5926d15d4eb71fea5fa33c489dc233796e48be2f7732b840134603c

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          512B

          MD5

          21d2eaa75a7a1a69cb297ee9123c00ba

          SHA1

          96e3bc4f063e200300f3267ca86d64b502a55e38

          SHA256

          877194c8fb98cd1578a0035ea09c8673f1475539093d561bb82da858613f38c0

          SHA512

          15616f5e7f97db6be52302db7e1d240b9b6b56f1101edc1f92dd3917823229ee7cb9e89123013992a2854fdc4734c51252fb8bdc3f58acbf23bbf90f351a81d2

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          8KB

          MD5

          b6599537c5468fa3d753abb27d34b342

          SHA1

          fd56e5e76a4c121de0f0d41e75f934b21be9fa3c

          SHA256

          431e280fcbb12fdae40a20faf844c01ac0a441004e2b1198730f079003d5f32e

          SHA512

          c5c22ae0fd952595b274e03e5a5c5fe362c16a7555547a8873bc34f05b9f6395c4c68de188c2304ab1d08d84deaa7dbc1c989216a9277e3697737f9f8b4c8b5a

        • /data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

          Filesize

          8KB

          MD5

          95dbad5dd8e67d92c9de439b70a73167

          SHA1

          3bb614229e7391c3f2ec773670d678358c8bd815

          SHA256

          2c4ea3ad18830e1515a777a888fd1d6fa993683091e35f40b774583bbce0aeeb

          SHA512

          498bdaa419ddd82c4c90d2b0873f6421730ec9bbfc6cc9a7d0a6e52aff8d77736a176c1e407130df5c91a22c0297d7bd269534ff1ee7e313385cdde529721399

        • /data/data/cn.com.nbd.nbdmobile/files/.um/um_cache_1716051938065.env

          Filesize

          1KB

          MD5

          18fa55d9823c5bb97081a17409ece4fc

          SHA1

          f001f06cba2fa183982433ee044e79cba197ef8c

          SHA256

          3bd76312051565a3ff116e5751ad8b58639553eab6aad396be3b3022d4a8711b

          SHA512

          a288468456b965385a8f545c302762dccc219b8379d594e394e5ac5f4f6ed77c674427213e9fa8731b9eaebe09ee236f7260516ae42d2e8486a0c971f90fd955

        • /data/data/cn.com.nbd.nbdmobile/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          eaf9e802e206b828b7a708c6b00604f6

          SHA1

          897272bb83d777240b312c1ff4fd2986a1c5dcfc

          SHA256

          aef0282280d765de6f979a9ccd6cf00dc3448c7a2bbd2be608caa2668aade25c

          SHA512

          6835cd50d87e273be4cdcdb72e6dc551cfc5aa4c796213e96d2d829e3439e45f496d1cee5a0463f3edb4373ed7cc31041b222f1dc3f056d06c123d9c75439bb8

        • /data/data/cn.com.nbd.nbdmobile/files/exid.dat

          Filesize

          54B

          MD5

          3bf2fd63021c2a5dec8d300ad622a0f1

          SHA1

          7e4158bcda6c60ceae64f1c2910eabb998713092

          SHA256

          77173cbe835333857c93282f0837a3af0e8456ab7a893fa9ece8dd49b4b77328

          SHA512

          431b39002794db046027c898bd16d85699a557d0cef9d9d777aafbad1b7e828eb9c203d8ea083facba4e9d38ba2198f108075b3e01befdd98540102b4bb780c6

        • /data/data/cn.com.nbd.nbdmobile/files/jpush_stat_cache.json

          Filesize

          137B

          MD5

          cebe5d13150616c2001644904d68483b

          SHA1

          836d5caf671cb073a438fae2dd682dc04fb3cd6a

          SHA256

          cc6acc84d8462abc189dca452e5562f37d0a1ca702d75e2b188f55aa01efaee5

          SHA512

          f729b479e1aa555c6eba4f494fef3b68c54082ac5973805e22ab719de203827d6df2a50a4c3828788c710dfcb90a799132f6dc9cd1727d966508190184a9fedc

        • /data/data/cn.com.nbd.nbdmobile/files/umeng_it.cache

          Filesize

          433B

          MD5

          21369804c255f3c3cb80f8d293b7003f

          SHA1

          6b2e82d5bf04d41c587dbcd1fec2c679a359dacf

          SHA256

          8d9af66167888ed163f9065b7651cec6dc9ac9df6ac21da880c6e035129dad6d

          SHA512

          c201f3f464c1208dec47a1a59c7078e2a9c94ba15b4f5fb9d80a9938f4e84b07c41e5172d6f86e979cf8df3c13996626389133ec77d63e806a17fce6e33a8433

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          2de6c0111f2b357781e0c3d0eb41e28a

          SHA1

          2e851966f4db201b96373cd03c55f01511036fc5

          SHA256

          b6321b007b359cf95283da5af9759f993e7e904827f4fc8a1655fdecfdb523f1

          SHA512

          24d9f0bb104df72970a9a0298248e043c0a4cabae4288501af06582fa7143cf04aec556fcdff3087a8a7eea5aa71dd6748828d723940a8f6142ea3b9d5566071

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          edf51bfe2a328eace7447aef006c1177

          SHA1

          d29efd1cf2e808d8c7dda43c8081d98542487a81

          SHA256

          4519f159fa18713a87e244ac842e1ef7b97ddd25f3327487103042c13a369011

          SHA512

          4da816dec30933be2cd1f0eb9a0c4e83fe90901c6fdbaa703efd8b97457077c9e2e8b845505ad62f55d579d9176adbcb17bb1800c42e3e084484e774561a63f8

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          75828ff827144e5a473ec33970f09ec3

          SHA1

          f1b2ec2b9893c3347a44f42b5040fbb90db43c0b

          SHA256

          1b03c7030710b64706bdba952e66ea5f6aeb0fece1e06c898040e8c13a2e64b3

          SHA512

          e2a5af2867a4012c70ae98b23731d19247197f41856b543e65c70431ccaf270ab0e30fd269291a2a91e4d0231613a3a633ceb40024ee66046137a64a9ccbc9c9

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          c0f75902083a2e1a04e7ab7b4c0e4f8c

          SHA1

          2cf6e2b5350f373d2f23ed192c80c569602fbe2b

          SHA256

          6838344e7df7b63b2e698f20b30d54ef61b639fc7cc8f52ce405f8539f553db4

          SHA512

          cc9bbf3d177a1f2cadfc682037f7648e27afcfdabafe077340c0a56b7fbc1e25996e8598984ec2fa26b8ccbb35b7e06e6ce085ca0e9b5c3adf7c4f62a5393fa1

        • /storage/emulated/0/data/.push_deviceid

          Filesize

          32B

          MD5

          1cf3b78621917bb61cf80a713874556a

          SHA1

          d0b15fca81e4dfdd9f016c73bcdf90afecb4a806

          SHA256

          aecd8cb1942b3b567d7f752200e1b1b271351c147fabe71b4bd093221bcbf124

          SHA512

          5c4e390c952a54ad7688785696494bc21401bf1c0af4f3f4f156ec5d97f41b0ba0a8ddcdbdd7de57a62b19549e7c0889809ea9fd98e262383c89492724fa15fb