Analysis

  • max time kernel
    177s
  • max time network
    173s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    21-05-2024 21:37

General

  • Target

    64d9597adb9df9f9639d679625ce44f0_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    64d9597adb9df9f9639d679625ce44f0

  • SHA1

    0995b131d1caa8c08ed543dba50248cffa019ff2

  • SHA256

    23017cf18a4b707769ced016570ab097c5561f742ad9511a3d2f4871ebced3d6

  • SHA512

    0c42c5a2fd4ed2dd1522a116ac71f227c72df0fadfbad65e46078e996908fa9dfc909eefa7ab4e29adff430c10d94c23e14fe2907d7b934e612c083682e8d7d0

  • SSDEEP

    24576:OoL0otaYtXMheC8X3lUKfcfIkuovSp0ojro+H8j/qZq/13tdHbZKm51Ob83L:dQ7YtbX1wvTvSpLjncj/qZq/1XHNKmjH

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.vpkv.iupn.kond
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5196
  • com.vpkv.iupn.kond:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:5276

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.vpkv.iupn.kond/app_mjf/ddz.jar

    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

  • /data/data/com.vpkv.iupn.kond/app_mjf/oat/dz.jar.cur.prof

    Filesize

    724B

    MD5

    df1ff980a354417d0c471130c49de84a

    SHA1

    ec6f5a0c8501b74abb9b35ee5e72cc245be59a6f

    SHA256

    8628b7439382f5cf1d2ffc743a19cfb34ab6444186c21755c919b23586967cad

    SHA512

    4b1761a91eb352dcafad7e33405e9416028ad859e975a16d8a72cda68e9f6a10ba09de0e77e9a6d7518dc747d33546d31f9aa63803b319676bf0fa092e19e889

  • /data/data/com.vpkv.iupn.kond/app_mjf/tdz.jar

    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

  • /data/data/com.vpkv.iupn.kond/databases/lezzd

    Filesize

    28KB

    MD5

    dae68dcffc3d522a79f98ebbc3b6d457

    SHA1

    6df5dce9a50f12044a2d20b8d1742ae47b82ee03

    SHA256

    56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

    SHA512

    23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

  • /data/data/com.vpkv.iupn.kond/databases/lezzd-journal

    Filesize

    8KB

    MD5

    797b3a93e02c5817457ba4c86ecd6191

    SHA1

    d3df86c753865cdfc90e01f291cff4a470407272

    SHA256

    6600a7d3d9e7dca00565afbaf09890e177182f124e99e267ee12146b440cb377

    SHA512

    99b9342305061e2bb66ea3b89e2bf480cfd1ed4d7cda39a49a4cff3012f091e238b10656c65f68afba8e468afbe91fc62118a921e030ef3316e1e8657befa0ec

  • /data/data/com.vpkv.iupn.kond/databases/lezzd-journal

    Filesize

    512B

    MD5

    987f5aede13fb8f9524aa92f7e2f70e8

    SHA1

    13890e8327b32f4e00b8f22c77f634543ca9cac7

    SHA256

    88ce2432904b3ae9e6cd3d26d470986a7bf58d248516781c61d11fc109555568

    SHA512

    a6b7b844cb9b4920238197a31d5131da6eae48812859b50eda3e25c92dd237bc6f811c1a6f6aee627c62dcd341384f5120b5d50ec1b07e235629b50661a44a44

  • /data/data/com.vpkv.iupn.kond/databases/lezzd-journal

    Filesize

    8KB

    MD5

    bb6db9c34f7ebab7dde7044c329db1dc

    SHA1

    1d3136f25a053931664d539e43bd9f7cb6e9c548

    SHA256

    a6366e7c2bda66869d41ba39b40586266fb7be751c824d0281f07ce99367b100

    SHA512

    fd411bc727b15d961cb08669e1ba4ef490d957ebcc5f04735fe2baa8c701982d585dfa4cb4ad5d83d52ceb8f4713afa985d366910470440b09701046572cf73c

  • /data/data/com.vpkv.iupn.kond/databases/lezzd-journal

    Filesize

    4KB

    MD5

    62017c8705ef9d9f48ab130d199abdff

    SHA1

    6315c52c7dd39a50fa710c00255d4ba4c786a162

    SHA256

    4607ff51b6cb31621b4c04c90ef8c14dea06d0ea7d49380d2fb7410c01c1f38e

    SHA512

    1e368d0d2a9e456c4fe4034ff4b31a6a3e56ee5605eb3fd5f891c106e90fbedae7fbb775a10f311d9210564ca08e81df568c9775c96685a4790bd379d97038c9

  • /data/data/com.vpkv.iupn.kond/databases/lezzd-journal

    Filesize

    8KB

    MD5

    969304359c53b51ba51e13ec89301742

    SHA1

    050770d0cf07573d313adf9109829f325c0785cf

    SHA256

    3c8a771f224ffd408ea7a170c38508b73dc42b5d622be5837033f25fab4d62c0

    SHA512

    e3d3b21ee81559fc682d18fa02ba3abfb3db08f839d5a276c28cc2eb77052349587074a4c94725623079a2be66abdf731c0fdb0569857b8e613e3a73099920c6

  • /data/data/com.vpkv.iupn.kond/databases/lezzd-journal

    Filesize

    8KB

    MD5

    3d004427430c4da08440f6a73a2446fe

    SHA1

    de1cc041482f6b5ade9f266fddb03fc2e39e9a35

    SHA256

    ccbf86a127945c4e6c43f1867c887f877b4b084b1a053c73cc7a2f293ea134c7

    SHA512

    d6893f42c7a3b006b86d367d08e4fd5225df4f3d0ed179793f67058467baacd7836ee2c4ca7e66dd93ac20ef9cfe4c5f474c5657c0bd6d4fe1eb82fac0baf386

  • /data/data/com.vpkv.iupn.kond/files/.imprint

    Filesize

    943B

    MD5

    89666607d40ac468fda9f8a29a7d0c26

    SHA1

    0b2720962c3e77276623a04f22bf39c2eb9d04ad

    SHA256

    cf165b81d8a8d3163c3669e4d42d2b1166dfca9f34d062054f07c5386be26869

    SHA512

    102a1bfc39095d00aedb3c52ea0f8c83534d33a9f7d093fc25d7c37513d939d88beac84e4d620056c72638022061df9ae1f17ab9b473a7896ff99dccd7e76e2d

  • /data/data/com.vpkv.iupn.kond/files/.um/um_cache_1716327570757.env

    Filesize

    656B

    MD5

    4e66bfad1833186fbf47f749e6128261

    SHA1

    9718eb61e4bed9c64cd178bbd7a388421958dd38

    SHA256

    e8fa76785788bcaa894c86a7e425b3eb096999628a23c99cb32aa9b3d9b35d28

    SHA512

    e1565fdb542de1a1acedca5c062460df7af0728ae8b40ec13cf703e4eedd593793b69aab6240a58e4477e78555f5867b886dec5e32645417c8016deb5eef14e6

  • /data/data/com.vpkv.iupn.kond/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    921e4563988a79b01ff8aa959250b861

    SHA1

    aeee82133339babbaefe83c8dbcdad81a54fd3ef

    SHA256

    64792a4d94b39ea41c8ac2649efaa2c6baf3619671a451edad2011c5321b165b

    SHA512

    021744bbe0ce9f91e050aee243dfd164c9ca7e01c296e1db82bac09c6f8923e988e27dadad3fbeef650778cfe403dbf4887fa0e14b502d65a671ee1a49929274

  • /data/data/com.vpkv.iupn.kond/files/mobclick_agent_cached_com.vpkv.iupn.kond1

    Filesize

    1KB

    MD5

    a97056c0d327cfcb5a7a543cd94933d4

    SHA1

    a88e2da82e8bece4b4b46f01c2c7230a3bdbbbeb

    SHA256

    985c8b191e53668d87dead394138c9b7fb93bab925c830fbf1ffcd617e98fe8a

    SHA512

    9aceb6c0d57beb44e54574dbba18bd3b26bc3c531d8ac00a1eca02e0678527ebada3bd285679bda44b8d55fb37b05358850214d34f57e965a2cab3e3f3201c7c

  • /data/data/com.vpkv.iupn.kond/files/umeng_it.cache

    Filesize

    348B

    MD5

    275ea9c83a2c5eab95508b527fa0c346

    SHA1

    e66345d5f2095d7cea5b784c55d83ce29cc433a9

    SHA256

    da06894ae414227c9a6bc6d3cfe7e3e7ac804c6163a92ac2d0f2dfccd6675765

    SHA512

    dd3e93d7515fbf137d98280898c7eeb83e71799017e64aef7292f73f26b8b879f164d42db1ec37835b9e8cfab5fbf31d6e780f372d42acfce2dbe6538ceca480

  • /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar

    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc