Overview

overview

8

Static

static

6

6478d00b69...18.apk

android-9-x86

8

6478d00b69...18.apk

android-10-x64

8

6478d00b69...18.apk

android-11-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    21-05-2024 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6478d00b69e5c2561bd38d29f2813fa2_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    6478d00b69e5c2561bd38d29f2813fa2

  • SHA1

    c9ae761853f981f359a466217cbee390f23fd97b

  • SHA256

    43c9703326164f014bb317e79cd79585245259e18e6d4af32b7735b6da5dd2d6

  • SHA512

    b0dca0d2c2008b1211197e6debf026c21f296e3834c28b6c1d9e35ab0d774f5b57e5ad54170071a845fd2b02d4abf520cbb90c66753f0fdf192c1353f8f4d105

  • SSDEEP

    24576:loL0otaYtXMLeE2sepAvb6vsm0ZGpUvb+jno+G8jy9Wq/13tdHbZKm51Ob83B:2Q7YtcFeGv0sKUvb+jbPjy9Wq/1XHNKw

Score
8/10
bankercollectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.tbus.dlqa.exsn
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4528
  • com.tbus.dlqa.exsn:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4590

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tbus.dlqa.exsn/app_mjf/ddz.jar
    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/app_mjf/dz.jar
    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/app_mjf/tdz.jar
    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd
    Filesize

    28KB

    MD5

    fdb8a92e5060ce104e8f0faca55a47ce

    SHA1

    270d7ca30673e18cec1d2b9add71cba96dc426fe

    SHA256

    194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

    SHA512

    ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journal
    Filesize

    8KB

    MD5

    ee30640f3cfb36a1beff24484eb5ced8

    SHA1

    7272ef075c16c45b5d2acbfbb8aa7db1aa7d3d4c

    SHA256

    8205ab75f5628e7b4498da675d4b938e046b9fe9bc2ab834f727e558fc715551

    SHA512

    8333996593764743a6c81624c728d139d60be85d2ef7fd91c600647c86e7cdc4214cf23b48e8de6506c26f7c9a4bee0771bcc70d8833ed9bbbfe1fc1e4b8e248

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journal
    Filesize

    512B

    MD5

    c19d3c9232b33a48c8d9fbbe812ad31e

    SHA1

    cfd7124aa353971e1523736f8361e44d57613c9c

    SHA256

    a44ddd12f68fb163bfe7a3b13790b1d3020207e95af279067302669c7819e5a6

    SHA512

    d801f6085284b9f7a48891b95d39f793d3a4adb48252b35b71b4fe538097bb3e49f759fe796da3ed2899486417a9a78f6624ee5c0b82c87d88669943f5785c76

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journal
    Filesize

    8KB

    MD5

    1868c343ae72df78328d650d938fb84c

    SHA1

    e739a036ff0a476d4b12ddd6bf4f4200f521571d

    SHA256

    89de1c874bd7c7ae70bf739b7a21160885394b4c0283b82d321ca919cbed933e

    SHA512

    b53757a46bd09b110640c2e5df9621a560f89203fc74f69983def998c022fcd582b5f62b0fccd8d80638b415e9ac9409b55390f6689a4e97c442042737410394

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journal
    Filesize

    4KB

    MD5

    bf9db24c89a30159977787e09b91ee09

    SHA1

    734e7e223741fad82078c2b3182cca2ee20247e8

    SHA256

    7ed4e38e6c6644f0d6abfa3e5758a2d57a5ce5a8f08d9859bd239b9c6feef2cc

    SHA512

    3130fdaf09e48bf56469cfd86a87fab4237bb9164c520ffe8bd33d1cf6d779d1aead33258b1bd3d2ca730efc318f861c4e9e7551063d495bb4ef2f0028a213d9

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journal
    Filesize

    8KB

    MD5

    417dc019e3c623c50b9b6a6347f005d9

    SHA1

    0bfdf650ae20bf3cbf491d99dc2f7534349f29dc

    SHA256

    18b6951a6199271dd48ae0ed11a002999629b385a7f506272bdc7278dad4fd24

    SHA512

    97d3548ff6ad33ef5543fdde62afebe70bcc57f156be31dcad611a4e9cf36363e9d856678f88c47976dd38904c4466d118a2da35ad6f69123d327ea76913b886

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/databases/lezzd-journal
    Filesize

    8KB

    MD5

    23182f7f62217a0bf4f76e247b27321d

    SHA1

    742346a721b105e0a920ac8d4935e4b6b3a76084

    SHA256

    a67cdbdcecd046a15210d1bf632c5890d134e8d8851aed9b37f7701edd3a56b1

    SHA512

    bb4eb56fa62b39257eb25da566c6eb994ade132f0562ff83a715ef18cf85c70855b5defb6eb19651572869a28aa86d4e4332801b1ffffe8a2f6fbdd78f8d9bc4

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/files/.imprint
    Filesize

    945B

    MD5

    55f850c92ba44256686f8c9af7c94a39

    SHA1

    79a40db01b84f2558af64ec1e427172095cd79bc

    SHA256

    42f8b7088ef3089c5e6f75e5a34ca6ad822d3ff90611555b6a5270ef25e9622b

    SHA512

    0473e966a8ae37399f31ca61fb37c877b776a1bdd96ed19a8987f402b766912ed8eda8d0f188105f4c95ed63d654b3410eb5f26a55ae82263917f9680945207b

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/files/.um/um_cache_1716319513428.env
    Filesize

    656B

    MD5

    1907967357fb792452d9f26b1a2e801e

    SHA1

    ad53c188a47fe336736652bed0c47882a29698bf

    SHA256

    e71cff27c50dff7ec8ddd60258cf458bbd60991504a758da6030e6d763c0caba

    SHA512

    36093ac3e0cf82466a03b28b1d3d13d4914266702540542382f0605785b36629ff5eb56a33100ad8de7c43320ae5dd2c6fac432cfa8315e23dfb7a19df781492

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    741f9ae45557b049e300ca022c8483fe

    SHA1

    27f538c8645a23674163b79fe1ebfe585e2e9576

    SHA256

    f9da773e7f109db1bb387990a231acfb439209be6148d7d64893e2749b99cb70

    SHA512

    744ff479243ef770e4d2b247007ca1474e498ee8b03337832dae91990a494d854caabf164176c74f9524fdd93f4e1afe17065a190eb88ca733388f6dab20c6b8

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/files/mobclick_agent_cached_com.tbus.dlqa.exsn1
    Filesize

    1KB

    MD5

    ffdc39fd132f4272fd84a046c1623577

    SHA1

    153777e8e30f2081e06a3d3dfb6150b28f137e47

    SHA256

    f83cbd35c4a490c8189b44c7489a5ce9f79f4cd4240bbb426076dfef63ff0e66

    SHA512

    d3f9c2130af0b32509122ebfd4cf5a423ad4b599d90bbf980a7c7b7c3e0a986bcfb53dd4e794e4466761d333da626f2cb36dba0e87dc4f4dd3dd43b0954af2b0

    Download Submit
  • /data/user/0/com.tbus.dlqa.exsn/files/umeng_it.cache
    Filesize

    352B

    MD5

    4e4da0a3dd785f4b412f1ec2b33a694e

    SHA1

    0c9c1abe01c88501b2fe3c94a9c3d08802c2b43f

    SHA256

    a3f1203598acb84369280a26910015524b243d74f850ae0b04df95e665ab98b9

    SHA512

    a698b234fcda91d0d5d3df99614561933f4e7afc5410a1733d26e1cf75e62aa6d9468c29c003fdf8540232410e9518b4a2b8e36d0e05f182819de6d47ad52b2b

    Download Submit