Analysis

  • max time kernel
    178s
  • max time network
    186s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    21-05-2024 15:39

General

  • Target

    63d1c4eed6af4f5df798744775aea2ab_JaffaCakes118.apk

  • Size

    636KB

  • MD5

    63d1c4eed6af4f5df798744775aea2ab

  • SHA1

    668acc398af2a9e7de36d82ba2574ee70c008897

  • SHA256

    36050438869a840764b4dde7481bdd75899763ee2e5aef89b29bcabf115e2fe0

  • SHA512

    84358f4752c19034d043eb854b20af46a94bf39130dfe7c656b9b824f512e94057b48104440970110978d21a76ac4991896ea4d547b9571e5446e53e5001a76d

  • SSDEEP

    12288:Q4LUaxJLbt0E46VYj1b4Zoi/m627grLMxpzseFxIMtU94vvQe6ERylTUu:O6LZ0E46iKZoie62bCMiiydX

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.ajdr.epbs.blkv
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5116
  • com.ajdr.epbs.blkv:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:5258

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ajdr.epbs.blkv/app_mjf/ddz.jar

    Filesize

    105KB

    MD5

    7f1e0fe2e6a0618b6c84d48ea0586b6d

    SHA1

    dea54fa91f9f431b85e8c4048244a1c3c4b16665

    SHA256

    4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

    SHA512

    7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

  • /data/data/com.ajdr.epbs.blkv/app_mjf/oat/dz.jar.cur.prof

    Filesize

    730B

    MD5

    dd700f22a556fcad635f2dbcd470244a

    SHA1

    ccef6021225a1e037cf4a402384ae62e3f936a71

    SHA256

    cdb870b3b79e1f5490341cfbc0a1b2cc4abf4c88e53b5597161c04aa92d2901b

    SHA512

    41984f251c0167335c1cb34ec2b51ff7f253abd9ee9516ebd6a247856895a40d77ef6c302107374892ab6bee18d559d92b77c7a0768031e793ff51cba887e276

  • /data/data/com.ajdr.epbs.blkv/app_mjf/tdz.jar

    Filesize

    105KB

    MD5

    fc1eb8c18ddc0f8727b5fb5eba8ca870

    SHA1

    af6d64fe2432bece4c523066a57f35be8f175a48

    SHA256

    7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

    SHA512

    25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd

    Filesize

    28KB

    MD5

    dae68dcffc3d522a79f98ebbc3b6d457

    SHA1

    6df5dce9a50f12044a2d20b8d1742ae47b82ee03

    SHA256

    56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

    SHA512

    23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd-journal

    Filesize

    8KB

    MD5

    8544f140f926af1e8e3bc70bc5b976f7

    SHA1

    c01786455fa4eeef0d55690acf7dc145df73fcfb

    SHA256

    b03142d589c5c412bb5637c8ab9423a24134ae640aec48e23d584298279fa94b

    SHA512

    a0f2a8a971782b2b3d20e8839c71fbfe36d078ef22c2b2dc9b43d32ab91bdab33f23749cdb326cc0f5a69d1f4bca99cbad341f9b00d29d23df08888c3f6ae610

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd-journal

    Filesize

    8KB

    MD5

    3472470eda5a49eecb326417d4db9ea2

    SHA1

    df12f425d3e87e62ffb931614b270e5b0626e094

    SHA256

    4cd6e516767d7c7b961f2fd8115c19dd2825a06da968dfb5535c46ca7b722821

    SHA512

    540c4303024e432ecf68456cf183c649fcbebd89efaa019c4721da471309d03a5df0bfb95dcb5709d570b42800190183bf6c93fef3624d43e81dea49fb9fe7c4

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd-journal

    Filesize

    8KB

    MD5

    a9da4fff2c51565b9f40f11a3c525299

    SHA1

    e58a05d114b8419e4c7e97b32f23f285400fa455

    SHA256

    c8fc7cc0024d5546f52c37a8f0a7bff66d515d4c788cef6a8a5d59c71a210dcf

    SHA512

    e30dbce184137895484015191a82084555fb2b640abeda951ad99854412a60a562fc8fa38dd845d5ccd8674a48911f0e233b5efc96e1f3aec92225a6c367bc62

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd-journal

    Filesize

    512B

    MD5

    258711f1e04aa0d1f1a7d1922b47d093

    SHA1

    80ab4a3d4bccd3663555a667164b76910e441efd

    SHA256

    d054a1e9d870da7b539ec960f6262752aede2c244332056739d9ba0f6ac18646

    SHA512

    ee4b6a157942e7dc3e9bec512abc61ca46a7aeb39eafea0a5602c290cc336e919edc66c86d45184e1a83decf8777cace17e808fa3961d4f2c99062d461120114

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd-journal

    Filesize

    8KB

    MD5

    fda96b14443112f71c56a16b84f65963

    SHA1

    e33b51445822e37178def8f071a10a7805be36c7

    SHA256

    a3fa527403bc930e650227f68b6baaa2a2dc1393c2b8380a54fc89368a86d7ce

    SHA512

    ff1b57dae18e2526c3704f8bec63aec43a210342bb44f3f07abf337bbe10faad89acb6395917fe16d781ccee13f0eca308ba203e7cdabb3ec8757e18eaeba0bd

  • /data/data/com.ajdr.epbs.blkv/databases/lezzd-journal

    Filesize

    4KB

    MD5

    98330c87da6e4ee0f491d1bebac638c1

    SHA1

    926b050c93f0132d0661efd3ceeb76f75e63aa74

    SHA256

    8158e92a9473c8215201bc7925863452f8ba6695b4dd350d405bfce7b3cc2d66

    SHA512

    d0f5bba2878f7823b36eff24a7c916f953fb86d8da40ac714edad7e684546eded757e1640663c34f6a1d9e19e02f01df65ad3c93dd593da984b49363e8575f26

  • /data/data/com.ajdr.epbs.blkv/files/.um/um_cache_1716306048952.env

    Filesize

    650B

    MD5

    2855383bc2a9dc3b1309e3c5cf689dbb

    SHA1

    2f88204dc213224fd15c77a5e309864471a239f9

    SHA256

    45b1103b9f473676b91447eb6e148fea23baa1e3fdf575701838ddf0b0a007e8

    SHA512

    f359abbe81dd90c726326a418939ceb9cbf5255f9ea5768df3004f1655f481d174e966d778ff45304f3f798e9fa5fef37a762dad5a5422fcce479c8d65b1436e

  • /data/data/com.ajdr.epbs.blkv/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    cef6174c614493465567b75274419dfa

    SHA1

    9f09a526b694547bb7a7baae05156aa83f12d5fd

    SHA256

    e3c436320ff42adffe9616dd5e65caa75afbba5469b351ceb9baaec1f99fca8d

    SHA512

    690eb1cd445504d1b289a3b6e61d46606921237d313563f9fe6258075afddd63577ac598bfec9482bf2e1bc01a6ec96129b94bb070827df129eec6d7f8f223e8

  • /data/data/com.ajdr.epbs.blkv/files/mobclick_agent_cached_com.ajdr.epbs.blkv1

    Filesize

    800B

    MD5

    a419ab2975383326ff129303d2e8113b

    SHA1

    973fc7fca085188698bfeb059b4ce6ae7e3bebb3

    SHA256

    0211ee66a4c8d9bc5ca731b1ef5dd2a53845acc1341f3ce55d795df09961d113

    SHA512

    a88782c06d98fcf0726eb6e45a1cf05867f2cb39ac48d412902872b5027e384dd846944455037c97726a773bfa673377dd0973c75a9cfc5ab0eb337f967646c7

  • /data/data/com.ajdr.epbs.blkv/files/umeng_it.cache

    Filesize

    348B

    MD5

    3044c962eaffa1c4a834bf3cbe4b9e72

    SHA1

    417211c63790c4ce7d01cf0be4a81ae90a2ef923

    SHA256

    f4feb243177a178ff6c2f35477e14bfa40b1a45a02731418df919c212ebef8e4

    SHA512

    99fdda474f885dea2861551a1abcf210c4e326d8a9f23c5e6d5a8d265a5bfa65d99294b0efcf5ad20494648041d041665da3708237debc6977e1231e22a77072

  • /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar

    Filesize

    249KB

    MD5

    789a4162427149dd5e519f917ead0e29

    SHA1

    d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

    SHA256

    830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

    SHA512

    b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37