Analysis
-
max time kernel
178s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
21-05-2024 19:23
Static task
static1
Behavioral task
behavioral1
Sample
6478d00b69e5c2561bd38d29f2813fa2_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6478d00b69e5c2561bd38d29f2813fa2_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6478d00b69e5c2561bd38d29f2813fa2_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
6478d00b69e5c2561bd38d29f2813fa2
-
SHA1
c9ae761853f981f359a466217cbee390f23fd97b
-
SHA256
43c9703326164f014bb317e79cd79585245259e18e6d4af32b7735b6da5dd2d6
-
SHA512
b0dca0d2c2008b1211197e6debf026c21f296e3834c28b6c1d9e35ab0d774f5b57e5ad54170071a845fd2b02d4abf520cbb90c66753f0fdf192c1353f8f4d105
-
SSDEEP
24576:loL0otaYtXMLeE2sepAvb6vsm0ZGpUvb+jno+G8jy9Wq/13tdHbZKm51Ob83B:2Q7YtcFeGv0sKUvb+jbPjy9Wq/1XHNKw
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.tbus.dlqa.exsndescription ioc process File opened for read /proc/cpuinfo com.tbus.dlqa.exsn -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.tbus.dlqa.exsncom.tbus.dlqa.exsn:daemonioc pid process /data/user/0/com.tbus.dlqa.exsn/app_mjf/dz.jar 4528 com.tbus.dlqa.exsn /data/user/0/com.tbus.dlqa.exsn/app_mjf/dz.jar 4590 com.tbus.dlqa.exsn:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.tbus.dlqa.exsndescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.tbus.dlqa.exsn -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.tbus.dlqa.exsndescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tbus.dlqa.exsn -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.tbus.dlqa.exsndescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tbus.dlqa.exsn -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.tbus.dlqa.exsndescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tbus.dlqa.exsn -
Reads information about phone network operator. 1 TTPs
Processes
-
com.tbus.dlqa.exsn1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4528
-
com.tbus.dlqa.exsn:daemon1⤵
- Loads dropped Dex/Jar
PID:4590
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.tbus.dlqa.exsn/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.tbus.dlqa.exsn/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.tbus.dlqa.exsn/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journalFilesize
8KB
MD5ee30640f3cfb36a1beff24484eb5ced8
SHA17272ef075c16c45b5d2acbfbb8aa7db1aa7d3d4c
SHA2568205ab75f5628e7b4498da675d4b938e046b9fe9bc2ab834f727e558fc715551
SHA5128333996593764743a6c81624c728d139d60be85d2ef7fd91c600647c86e7cdc4214cf23b48e8de6506c26f7c9a4bee0771bcc70d8833ed9bbbfe1fc1e4b8e248
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journalFilesize
512B
MD5c19d3c9232b33a48c8d9fbbe812ad31e
SHA1cfd7124aa353971e1523736f8361e44d57613c9c
SHA256a44ddd12f68fb163bfe7a3b13790b1d3020207e95af279067302669c7819e5a6
SHA512d801f6085284b9f7a48891b95d39f793d3a4adb48252b35b71b4fe538097bb3e49f759fe796da3ed2899486417a9a78f6624ee5c0b82c87d88669943f5785c76
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journalFilesize
8KB
MD51868c343ae72df78328d650d938fb84c
SHA1e739a036ff0a476d4b12ddd6bf4f4200f521571d
SHA25689de1c874bd7c7ae70bf739b7a21160885394b4c0283b82d321ca919cbed933e
SHA512b53757a46bd09b110640c2e5df9621a560f89203fc74f69983def998c022fcd582b5f62b0fccd8d80638b415e9ac9409b55390f6689a4e97c442042737410394
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journalFilesize
4KB
MD5bf9db24c89a30159977787e09b91ee09
SHA1734e7e223741fad82078c2b3182cca2ee20247e8
SHA2567ed4e38e6c6644f0d6abfa3e5758a2d57a5ce5a8f08d9859bd239b9c6feef2cc
SHA5123130fdaf09e48bf56469cfd86a87fab4237bb9164c520ffe8bd33d1cf6d779d1aead33258b1bd3d2ca730efc318f861c4e9e7551063d495bb4ef2f0028a213d9
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journalFilesize
8KB
MD5417dc019e3c623c50b9b6a6347f005d9
SHA10bfdf650ae20bf3cbf491d99dc2f7534349f29dc
SHA25618b6951a6199271dd48ae0ed11a002999629b385a7f506272bdc7278dad4fd24
SHA51297d3548ff6ad33ef5543fdde62afebe70bcc57f156be31dcad611a4e9cf36363e9d856678f88c47976dd38904c4466d118a2da35ad6f69123d327ea76913b886
-
/data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journalFilesize
8KB
MD523182f7f62217a0bf4f76e247b27321d
SHA1742346a721b105e0a920ac8d4935e4b6b3a76084
SHA256a67cdbdcecd046a15210d1bf632c5890d134e8d8851aed9b37f7701edd3a56b1
SHA512bb4eb56fa62b39257eb25da566c6eb994ade132f0562ff83a715ef18cf85c70855b5defb6eb19651572869a28aa86d4e4332801b1ffffe8a2f6fbdd78f8d9bc4
-
/data/user/0/com.tbus.dlqa.exsn/files/.imprintFilesize
945B
MD555f850c92ba44256686f8c9af7c94a39
SHA179a40db01b84f2558af64ec1e427172095cd79bc
SHA25642f8b7088ef3089c5e6f75e5a34ca6ad822d3ff90611555b6a5270ef25e9622b
SHA5120473e966a8ae37399f31ca61fb37c877b776a1bdd96ed19a8987f402b766912ed8eda8d0f188105f4c95ed63d654b3410eb5f26a55ae82263917f9680945207b
-
/data/user/0/com.tbus.dlqa.exsn/files/.um/um_cache_1716319513428.envFilesize
656B
MD51907967357fb792452d9f26b1a2e801e
SHA1ad53c188a47fe336736652bed0c47882a29698bf
SHA256e71cff27c50dff7ec8ddd60258cf458bbd60991504a758da6030e6d763c0caba
SHA51236093ac3e0cf82466a03b28b1d3d13d4914266702540542382f0605785b36629ff5eb56a33100ad8de7c43320ae5dd2c6fac432cfa8315e23dfb7a19df781492
-
/data/user/0/com.tbus.dlqa.exsn/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5741f9ae45557b049e300ca022c8483fe
SHA127f538c8645a23674163b79fe1ebfe585e2e9576
SHA256f9da773e7f109db1bb387990a231acfb439209be6148d7d64893e2749b99cb70
SHA512744ff479243ef770e4d2b247007ca1474e498ee8b03337832dae91990a494d854caabf164176c74f9524fdd93f4e1afe17065a190eb88ca733388f6dab20c6b8
-
/data/user/0/com.tbus.dlqa.exsn/files/mobclick_agent_cached_com.tbus.dlqa.exsn1Filesize
1KB
MD5ffdc39fd132f4272fd84a046c1623577
SHA1153777e8e30f2081e06a3d3dfb6150b28f137e47
SHA256f83cbd35c4a490c8189b44c7489a5ce9f79f4cd4240bbb426076dfef63ff0e66
SHA512d3f9c2130af0b32509122ebfd4cf5a423ad4b599d90bbf980a7c7b7c3e0a986bcfb53dd4e794e4466761d333da626f2cb36dba0e87dc4f4dd3dd43b0954af2b0
-
/data/user/0/com.tbus.dlqa.exsn/files/umeng_it.cacheFilesize
352B
MD54e4da0a3dd785f4b412f1ec2b33a694e
SHA10c9c1abe01c88501b2fe3c94a9c3d08802c2b43f
SHA256a3f1203598acb84369280a26910015524b243d74f850ae0b04df95e665ab98b9
SHA512a698b234fcda91d0d5d3df99614561933f4e7afc5410a1733d26e1cf75e62aa6d9468c29c003fdf8540232410e9518b4a2b8e36d0e05f182819de6d47ad52b2b