Analysis

  • max time kernel
    7s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    22-05-2024 01:35

General

  • Target

    658b3a879bf62ba834c9f88584b3f75c_JaffaCakes118.apk

  • Size

    2.0MB

  • MD5

    658b3a879bf62ba834c9f88584b3f75c

  • SHA1

    f88594daf606bd4d02cee20e70794eb744d8c229

  • SHA256

    8397963b67b7c9407686038333c665852d53c8e817c6fbbcd3a3a92aab4dd71e

  • SHA512

    d433f66f97f116085e20021e0c2a2beb0e6d11be5a23ba5f3d42a84e12bd065ce47179c758f16ce27d9a39d586b24b37ccaaa7f985d2233bd36e3b40a564f2e3

  • SSDEEP

    49152:YnfRTi71fZR7h9AyJAULvsegiW0Hz1YfL+bmEwMF0ifd1llS1SyI0HjsfigVGk1:E5m7fBnAyJAULvKZ0T1YfL+1FF0iV13n

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.s.position.x1
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    PID:5157

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.s.position.x1/app_file/gtrjf.jar

    Filesize

    14KB

    MD5

    5ad5436ca1a2f67f11b95983b013288d

    SHA1

    76929358acfb22aedf8e0bb7f63ec7d10d7b7450

    SHA256

    1b7b0efda5f25ecd04b61972bcd47a2318d3424bb35df2c41575b4b184109b2a

    SHA512

    dd998156e3bdf2226b60c15b35a022dbadec07a333e99aa0ea86a9b3aeb474e065c7e473bed2eaaf087caae4e19fa40aff88b20e217d5686e82df7236fbeb2c9

  • /data/data/com.s.position.x1/databases/dt.db

    Filesize

    303KB

    MD5

    11b05e8f4f146054cfadcd6181e70cbd

    SHA1

    09553f37c711457ec2f9c0f94db58707d430feef

    SHA256

    c8db79d55d393e827fef72438228aef7dac71045598a4ed1fbba8357ddd365db

    SHA512

    a801edd841f9f2cfd191fc259504151b69be1ec669e58251b3cf54a4c90d3e558747088c7b4ad7fc461a5cc920b5d9ea21e5d0857558b2712f7acadfcf4a1db2

  • /data/user/0/com.s.position.x1/app_file/gtrjf.jar

    Filesize

    28KB

    MD5

    1d10217da194f42e96417c2748a3a537

    SHA1

    d6b5d385e2f978b9af759438f854612e4ebf9cfb

    SHA256

    e60a83d228a87a5d02eafeb1b16133def9d75f35f1dcbd6cf08c2331b39a1199

    SHA512

    080d5b06cef75146deb81ba53f5e805b3ae6821f778faa42451b5578f4c660db119bc90274986f7e3ddd92e8761fdaa9f6dbebc74d2b428e7810006e8fa0c4b3