Overview

overview

7

Static

static

6

619ec51a31...18.apk

android-9-x86

7

619ec51a31...18.apk

android-10-x64

7

619ec51a31...18.apk

android-11-x64

7

Analysis

  • max time kernel
    44s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    21/05/2024, 01:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    619ec51a31bafd08dbf2d46ac33a0fa3_JaffaCakes118.apk

  • Size

    12.5MB

  • MD5

    619ec51a31bafd08dbf2d46ac33a0fa3

  • SHA1

    cc276f65da959a39c7b69b906790db6f7c43b8c5

  • SHA256

    aec59b898df119246fdcc159a0b4b07738a073a02ac59c9d2eb920c2a717bca8

  • SHA512

    5d96af996f522ab31a698c25a756327ca834aec2bfc575d96186abba35d4dbcdec407e7d47d9b51837703190c84172d4e6690056d729e016381e36833486c890

  • SSDEEP

    393216:unsRF0Dylf80uUue4yZmJl6+3hXxJ85Pc/1p:6/KoeMJl6q/6FM

Score
7/10
collectiondiscoverypersistence

Malware Config

Signatures

  • Queries account information for other applications stored on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery

Processes

  • com.nebula.mamu
    1⤵
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4213
  • com.nebula.mamu:playcore_missing_splits_activity
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4273
  • com.nebula.mamu:pushservice
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4353

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.nebula.mamu/cache/http/dbffe9a8c48a783127b7eb9c22b5a9b1.0.tmp
          Filesize

          526B

          MD5

          f9536c43972184f85edbe914bc517259

          SHA1

          cdf871adab330c13fb098268e54dce0b0dea06f8

          SHA256

          194658e1d58aede2752c90391dc5d2acbef1ec6b0a651ad580a10709698704e9

          SHA512

          da5f9def43ce0a72b6e6834008fc1f2d9139f4d291eef89cb017d4ed4580f9babe88284e3129b924eb13284ff437751b1353996a098c6ed213172d2addff5b9b

          Download Submit

        • /data/data/com.nebula.mamu/cache/http/dbffe9a8c48a783127b7eb9c22b5a9b1.1.tmp
          Filesize

          316B

          MD5

          655c73e27d762a1c036166ddbbbcc9b1

          SHA1

          7176205a39bf0d6787bf5e62606d49b2e7f67bec

          SHA256

          a0154a6c2224406d35e987d678d4882de997e72e03469acc91ed88086cfdee5b

          SHA512

          fc7c6588f9f10087d7d5c473ed176ed13901cf3969d107f0b37bd207e3490a7ec0e43a9154dbbcc6071d4bd1842321cdc3aec7e0a605cb4aa20c099bf5b1d58b

          Download Submit

        • /data/data/com.nebula.mamu/cache/http/journal
          Filesize

          122B

          MD5

          ef6d11bfc618859f00ce575cfa6d6127

          SHA1

          acd71030b9d0b7cce332828c8652594efd42c68a

          SHA256

          44fadd53fdbb0307ffc2f2578436db50529b09fe7d43c0c4908eeeb2f727b220

          SHA512

          30915039790c48869d9b14e171cec71eac7d5c2284891222de610a0f957c56b17ec8ddfe34f449a094a4c77318480d6a0932113b7a6e0b697e638e6bd46df763

          Download Submit

        • /data/data/com.nebula.mamu/cache/http/journal.tmp
          Filesize

          36B

          MD5

          37e8e716e0e2f4a0b05cd9571d95b84d

          SHA1

          f8d068f6931707bddb8cd69f706f2224ad1fea3c

          SHA256

          7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

          SHA512

          e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

          Download Submit

        • /data/data/com.nebula.mamu/databases/geofencing.db-journal
          Filesize

          512B

          MD5

          69ba81946de52f4e91ea63477cc3ef6f

          SHA1

          9f1fbacdd1e81144c1683b6d23ec9f28e4f8c6ee

          SHA256

          9b4c3d62228f664de5f258765dab930226026635aacb16801740162282c642a7

          SHA512

          b4c19370064a411495a7e14b6c3b0a52c4c0bd4b6daa815ede6e368f6a15acdf6b9fa7e95446389157e248a0e932c867291cb2b89075d938ba8ba91ceeb63b19

          Download Submit

        • /data/data/com.nebula.mamu/databases/geofencing.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit

        • /data/data/com.nebula.mamu/databases/geofencing.db-wal
          Filesize

          40KB

          MD5

          ea12eed4cd49f3444012e9c492c3eed1

          SHA1

          b5175d2e06eac2fe07f1a33b77269888505a289a

          SHA256

          1e514dabf392bfa6641dfba119f667553b596e5c792a230a3bc7d502aea336ad

          SHA512

          c11d1845c932884e36fc1c7a7b4271b63ebba54dccdfc5b129b79dca4c6650deaa1cb4d99c2bc853dea8a31953b90d8db56a2ab90b906a70cbc2d5b46680bc3b

          Download Submit

        • /data/data/com.nebula.mamu/files/com.nebula.mamu:pushservice
          Filesize

          371B

          MD5

          8ad716216e6044f77fcd512af68385be

          SHA1

          8b149eb0e989fabd3ae70f55f816aa7426fafa44

          SHA256

          ef2fabcfbe798e6969a592ea53fc850271bc222c399fa6af3ae48a952a45e180

          SHA512

          d00f111204ef0e2e269d1e9aac22424c2d388f33d1933eb0a9f7ddd5c3ae391339e791c6754edc78be1c672be1c92ea74cda97563559499e1adc2f5ad5215240

          Download Submit

        • /data/data/com.nebula.mamu/files/com.nebula.mamu:pushservice
          Filesize

          1KB

          MD5

          62b7981f324440d38e3370212dca142c

          SHA1

          9b3b1b6c5b5fc807704fa60bb037ad15d06dc63a

          SHA256

          3f25c064ca4f077d6031023c4e07b463fc941dc2cc83cd52e7ea2c653448f730

          SHA512

          ed36792e2a7428b3f19eb8f036740aa2cbb7ec2f764c02c99d686858ea0d0e107f6a9df12aa175a871ea0ba37d60259da84a5d735b04e7089cb648cc4d4867da

          Download Submit

        • /data/data/com.nebula.mamu/no_backup/com.google.InstanceId.properties
          Filesize

          28KB

          MD5

          1deb6b895a2280f63ea2f3783f0a5ebd

          SHA1

          c01eee51a200d2007d3972b551e2515fc8f96d95

          SHA256

          c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d

          SHA512

          269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          107B

          MD5

          5e3279aef0a16a28175c1e6977a2c570

          SHA1

          5b730924040a16ef481f98a259b7b66cc83c7a1b

          SHA256

          fa86ad96e85b13abe3729392a4b7681d23a6f42e74ac5af95abae07a48267c86

          SHA512

          31fd8a93a0557a3f4cae105ef148dbb14e4cd48c9e57085b2d3ed7e105667a93aaaf34a275fe034c41b434e3e387067b9b0cc3743d3ae3ccc9489e0112c0a119

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          382B

          MD5

          a17cc45f49f51b902827aaf90cc12ec2

          SHA1

          f10b8f26b53626e8ac1a5cac74a6f79f6803200b

          SHA256

          8acf8425bf02c064b1f2a1ea4b81863e2d242ad87eaa8b43ceba1c79aad4b347

          SHA512

          26491dc7160ca8d73beb1664e341d89993b9f03cb84d3c7b69520a46ed7cf1947cd3ba44b78f7e3ffa438077550ef4b89808c38eaa4098603f09b1a96a08da7e

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          482B

          MD5

          9d5e16489c9db6d72017099045f9e77c

          SHA1

          6e9208ad9c73e42048652978edf9477da84b8f56

          SHA256

          6e442253f1058700a1e076a3ab6acca3f2f7fada1871b1178d94f0003271302a

          SHA512

          f2c77cdda6a4830027636021a16c4348af69a63f3ce67d5cd3b90779bc709e6c9a37fd9c065def4e87317130ff8dcb7f913e1b615ada144d37c73fee32625314

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          557B

          MD5

          332a358ff99e94342dd4547a50221691

          SHA1

          ee9f0e36c12e7d34118cc4043d2293d7b5e3be0b

          SHA256

          398af8e7a4c6681bee64e19eda69d9d4faf263774a55e0a45a6a5a39b5964bb3

          SHA512

          f9f5d68f5b2bae6c77444517ace319f924c32bf0e5c204b8f910cd3eb639d323a2999a4061013bb1e5542985bfc317b6b163162782062db4a34fdabd5fb1a712

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          210B

          MD5

          1a8d63e380a638b561ce010d6a8c157b

          SHA1

          69eecb6651a492ff2bcc4c976592ddd11ff2d7c5

          SHA256

          0096558a1c0d70fc0c184ff3204ba6991309d983a2720bb23852e35a4fd54ad2

          SHA512

          339e19b2481fdcca88db6a67951868a15d18dd037e434d0d385f29d4a6cd3acf31866c4ebc8b413a357b175ec5de6eeae1afc0894b3a83c50d737d06724a292d

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          501B

          MD5

          ecf0b01e765e3a1015fbfea6e00a1f8f

          SHA1

          d663c0bfb0ea47317543945b376fa293f9144910

          SHA256

          f77c78934d7e695f294282d4d8f33cc505a45520d1c4b7ab01a97f4ae5b43879

          SHA512

          0c616beadb44a2e984193f246d2efccee553fffd9a391821b1a04a694c16af5dc251383bbfac68f82d8acb429217ce61635b5daebb26c65c37a9c1697c9f6c02

          Download Submit

        • /storage/emulated/0/Android/data/com.nebula.mamu/files/MiPushLog/log1.txt
          Filesize

          557B

          MD5

          8fe833b8c22082ce071a6bc70b0ed1f0

          SHA1

          0186e15c19fd57268f7a2e645f142d777dabb08e

          SHA256

          e6dc6dff3bd8ac0ba9a8e15a764a186a76c43b1a6e71fc208a89d9c139d081cd

          SHA512

          82ef2774d643a23d3d67698658c6266c18a2b4962dac015dc39ec6030387c13e8e7a53dcc7ade6a8ca881ca684cfa655e65b4082dd8c93d1f7c879f417b2b22f

          Download Submit