Analysis
-
max time kernel
177s -
max time network
162s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
20-05-2024 22:41
Static task
static1
Behavioral task
behavioral1
Sample
612bbfbfe1acc6b3a4c94bd322929c09_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
612bbfbfe1acc6b3a4c94bd322929c09_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
612bbfbfe1acc6b3a4c94bd322929c09_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
612bbfbfe1acc6b3a4c94bd322929c09
-
SHA1
74d21ddc51cb37346f67009ec9f95c3cb7b5d380
-
SHA256
477d5262ee3a49ffcb3585602d188f7069f66dd8cf4a06e89e36c96482a53f33
-
SHA512
bcf57c0f213755780ffb6c20d69c30088f7eb538a87aa91764096fde74fdde4ffc43e880e89a036eee2c5b9726b0ee318ae854261dc586f7d40ca0e32af18282
-
SSDEEP
24576:ssQXoL0otaYtXMKCnEOn8wB7PvQGjXo+Fgjh8bq/13tdHbZKm51Ob83k:soQ7YtBCnEQfB7PvQGjrGjh8bq/1XHNS
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.cwut.bpbp.pvmxcom.cwut.bpbp.pvmx:daemonioc pid process /data/user/0/com.cwut.bpbp.pvmx/app_mjf/dz.jar 4673 com.cwut.bpbp.pvmx /data/user/0/com.cwut.bpbp.pvmx/app_mjf/dz.jar 4741 com.cwut.bpbp.pvmx:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.cwut.bpbp.pvmxdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.cwut.bpbp.pvmx -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.cwut.bpbp.pvmxdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cwut.bpbp.pvmx -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.cwut.bpbp.pvmxdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cwut.bpbp.pvmx -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.cwut.bpbp.pvmxdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cwut.bpbp.pvmx -
Reads information about phone network operator. 1 TTPs
Processes
-
com.cwut.bpbp.pvmx1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.cwut.bpbp.pvmx:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journalFilesize
8KB
MD5cae47c15f0af6343686e886cbf557f64
SHA1f6931779b1b31d70dd3c9c09e2e41005e7f2ac68
SHA2564479f38028089cfccca03a1408a5e84a266a64c9621411b7151bb01d44a39f4c
SHA51203b213def684898486136a94ea947d6e6725259125c239ac1dc89da0b559352deb4ffb6340c4ea5b984d871cbd7fdf40e364a4e94c7e4c0f5ec803380beb54ba
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journalFilesize
512B
MD51d144b09c4f1e6ce5b0bd6b49ce52b7f
SHA148b81d4f9a9881e1f93e87af8dd28206fe19c4e5
SHA256081858a0c0bbc80949df772c5fb33f8d61365b6930e366b0ac0caea25fcb1325
SHA512e31d7f63fa25c7ccfbdc574edd587fdd4175ea6cbac6d9501bc50ba23def0f5353b027631b45dc1cc51dc4bbfc3885df52a65dfe4250a2cd0873c3b547c1445f
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journalFilesize
8KB
MD5959df8efdb8c82d649ae7b827f4db86e
SHA1e7f7d96082daa11725be377d5e05bb81eb034c5c
SHA2569ef0f57339b316dc6e9530ba469d705064cff78f2a964977538b3505621e874e
SHA5123b3d943c2b6b208b391907966696eb037312281bef1fe94ab265ac271bc79b647f2683cb7629b8c4962c67e092c0a666035e42acb43b6f04a8fcf70cc662c7ed
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journalFilesize
4KB
MD5862011b0a2ad5936da2d5c44063af0e7
SHA17049a619c4298e119986875f9f326d009391047f
SHA256ff61137d552d6f0aea529f4f9b9be4df2f2a125db47b1678997e98e4ebf1a88f
SHA512f215c2d0050edd3205e559411c60f1409db3caab8b4340ee4aff57b64c6a0e6be25032de9914956a4c6d3ed0e333332ece984ac21741dc76b14707131c4e75c4
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journalFilesize
8KB
MD554427bbcbda634912c0dcbc77a68d886
SHA1709af992107865ece789f934e7ee86eb3ee96d67
SHA2567edef20402281517c3dc8dee257d295b086d7197817e02dea1a97fbd188f78fb
SHA512a7a6b13e66bca26de6b86962e8108b70a0237c05502ccf6c7f56ae4584327c4c7b6362225f50703b22f6b46d7f0cde5cba618d3a5fb046e34b5d9fb152e8d184
-
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journalFilesize
8KB
MD5fd85dfda50a2b9dd66a30f6b8f05bd64
SHA178a2b7b20f5161c31bdc5559ff5cbed54b09faa3
SHA25667cdb95983600bc562d91733544f89b039deb7e010eff77028fd0d7c8e87292a
SHA512fc8b2df75113b17fcc5b74ccc21e9bb7d348a9ae5857486c080923f10c204cb8304517df48dd95549e8bf791b08e30eb7d11dcad308e744f0231065183765659
-
/data/user/0/com.cwut.bpbp.pvmx/files/.imprintFilesize
944B
MD572103d9f68df185cc1895d02e2acf77b
SHA1f694235be03fc57e11b4bdb4d6bb5f6c70a8d692
SHA256deaea2edcfc59ec2e20d11afdf778dadfe4a0ca7ca2cc30df65f224e2f10a493
SHA5121b93d0324e8688409268e2a6de6366ba0a13e111462d8c32f16e7f58d54fea3eebb76334c1e58c18ee283e20c8ccf05db25c3607269f0dab6e7ad05a0e1214e6
-
/data/user/0/com.cwut.bpbp.pvmx/files/.um/um_cache_1716245039663.envFilesize
654B
MD5b728a6f34f27233ed95c3cf38340ef36
SHA1a55df5907167fe9eeff11e86fcc78014166e84b7
SHA2564fb3fe73c4e8fe5afecb6335c075f3313f84a3a7b3427e6572789e1415ceced7
SHA512d063a3c70595bbeb7e18598331500ff3b4fdb668d9e74284f17d1f96ce5279b3fd000ab0c1f60ca582a066a70667eb1dbd54ae9b3df9c1ec8213505a581e2323
-
/data/user/0/com.cwut.bpbp.pvmx/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5ddb6096709c256e9a5f768c4e77e788e
SHA13fe107fcb2d4c09984abb1f44205017822fa5fa4
SHA256b6dab9500f03a2cdb6e362611d27257790a8b2f52fed43e9e6fb0e4ec22b58c2
SHA5129deb3c8ed7ab9c1705f97ee055d7114b92179e0049a45e6fd261bdf53fb4146f2c3b441ab541d37db7e8dd1e653f58f359da79140fedb5d3914e8fb7bb179fa1
-
/data/user/0/com.cwut.bpbp.pvmx/files/mobclick_agent_cached_com.cwut.bpbp.pvmx1Filesize
1KB
MD55f67a3e77625003318bcfe91cbb9683b
SHA18509fe22404cff4c1f17c2caeb61bdf7a654a3df
SHA25652b98699f4e7eeb04a6e24f008fa9e1f34190c1f81ba571383d5c06fc3c92edb
SHA5120042fa86d88d23190007cc3a45e8a5e7103fa21d61ef7b48c4e5d066028cfe2a37467def99e973cad468967b432588e93c6736a0dd133496c0da9a4dd448c7ad
-
/data/user/0/com.cwut.bpbp.pvmx/files/umeng_it.cacheFilesize
350B
MD5a3d8106a2b5dd89e3bb3ae603ae9aeb3
SHA1eda8944b023ce500facacaa00939bff78b31c986
SHA2568a5115917839c65f0b8509215777a73fd010abb8370e3ef8c00b20676a84d0d6
SHA512c8252c02bdd8dee4403d80c45310cd45487d2fe50d40f05e22b119d2bb5ca9d44d0338972db3f923f6a6773842b53ee0f7698a00d9c915388a14c5731c045ba2