Overview

overview

8

Static

static

6

6919869580...18.apk

android-9-x86

8

6919869580...18.apk

android-10-x64

8

CommonPlugin-2.6.apk

android-9-x86

1

CommonPlugin-2.6.apk

android-10-x64

1

CommonPlugin-2.6.apk

android-11-x64

1

FeedPlugin-1.2.apk

android-9-x86

1

FeedPlugin-1.2.apk

android-10-x64

1

FeedPlugin-1.2.apk

android-11-x64

1

FrameworkP....3.apk

android-9-x86

1

FrameworkP....3.apk

android-10-x64

1

FrameworkP....3.apk

android-11-x64

1

TAEPlugin-1.3.apk

android-9-x86

1

TAEPlugin-1.3.apk

android-11-x64

1

Analysis

  • max time kernel
    67s
  • max time network
    129s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    23-05-2024 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk

  • Size

    11.3MB

  • MD5

    6919869580e4ae4023b9f69cef59acf9

  • SHA1

    bc8bfa0ae5b3fc2a726e484e6a2abf6b9d4e0034

  • SHA256

    304ebc227163b6de2f6c60006340bd588ab1297bd6d642bdde44bb0208a0861c

  • SHA512

    dbc4fde68236933469288cec25af22a1d4a3d1b40c5d46d94e03628a45293ed3d76bd2811f6967a5368498f4ea747216300c3cb3ccf0d26489c0ae22469d33c8

  • SSDEEP

    196608:ruKkfY2xIbu+VPtbdCqadsNEebsCZsY9PgTGDGjMTG2fL8Eih:lkfjIuIFdCdsCYvRYbeG9Eih

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.ss.android.article.news
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5184
  • com.ss.android.article.news:push
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5267
  • com.ss.android.article.news:remote
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5419
  • com.ss.android.article.news:push
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5446

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ss.android.article.news/databases/ss_app_log.db
    Filesize

    40KB

    MD5

    844cfdcce29c16b62fef6fa43db7dd81

    SHA1

    143bf6db12c04225bb8648f9e33408279d15b7e3

    SHA256

    cc43fd0e2c533f7c941965f8e977cfe0c351b0cae5df7a95366bb362fff3b2a3

    SHA512

    7d8817e6cc86ee3c13ef7f9f676994c2f1365d79afcb607c008d128ba09639d3544b3cfedf05ae6481a50cef04613c2d7a2e3534b9e7e6fb8bc83c7027eca422

    Download Submit
  • /data/data/com.ss.android.article.news/databases/ss_app_log.db-journal
    Filesize

    28KB

    MD5

    2cd47ada17ad7a4e3d5e2717cb2762c6

    SHA1

    7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5

    SHA256

    5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279

    SHA512

    c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

    Download Submit
  • /data/data/com.ss.android.article.news/databases/ss_app_log.db-journal
    Filesize

    8KB

    MD5

    0ad057f64ccf02ab98cc9cdded917c98

    SHA1

    23c85f7aca2f2db964c21a932b60d7a983cabee6

    SHA256

    7153c6e83ef4df6f92d69b0bb4c64fc88603fa1a776d0d75f81fa33900119f92

    SHA512

    b76ada380a7c7460e1c417e0f11fcc305a9a5ab60880ecfd7a9792aa6d061a09c1154b19dc47cece32b9d872f92f8dd32190a8acc403acdd7dde5adc3305de3f

    Download Submit
  • /data/data/com.ss.android.article.news/databases/ss_app_log.db-journal
    Filesize

    8KB

    MD5

    fadd4252142a26dde7577d7619ddcbb6

    SHA1

    4dbb3d151d1308eef4c07eb8bc2a8bc98bf7cc4a

    SHA256

    9fa83f81cc457d4b442111e3d68b26bd4fc92d98fddee7d595d65464bce42cca

    SHA512

    1a5faaa7e107c6570356be25ad63bc3f433f933d1766b228bc465914c711c10220cd94d0e8f7a66ebe62640e0d866bf1163ff91a9ca94d7f83d300ec34af3e20

    Download Submit
  • /data/data/com.ss.android.article.news/databases/ss_app_log.db-journal
    Filesize

    12KB

    MD5

    92676dd6c1f8c306961f959123b1e430

    SHA1

    bde8253fdb6a642aab639db0247638b83ceb98e6

    SHA256

    575d59f95bbf6be6911e857f86ff18edf95128ead1beca51dc5056c86eff2dec

    SHA512

    1c6ce53d93356abe684e574fe4ead9e28a564163477aa0adb771ac8b9e9f06c339f0643340c727a5c2c5465e3a7d60ce013f2c2c03658d0147c01510d5892376

    Download Submit
  • /data/data/com.ss.android.article.news/files/lldt/firll.dat
    Filesize

    527B

    MD5

    6e042577e620251ec2dd4aeb5490840f

    SHA1

    aa90c15088b9d09a493b6c1a7e56bf4b79751139

    SHA256

    edcd901c86a3c48faf435c5e6186055f0c13759311f763643a9bf323f3198f8b

    SHA512

    205ed439e01305900d5b7ee091837d1c946b453dbe4caad813687e0f2fe949ad58ebde0a3f63f781b5eba48f45809b2218e33b6defbe6896f08a5744cbdc6e27

    Download Submit
  • /data/data/com.ss.android.article.news/files/lldt/offinfo.dat
    Filesize

    44B

    MD5

    4ddbc5dd33fb4974390075e721bc74e8

    SHA1

    b068b63288988cc2b25c5d5c07a92494bb6bde7e

    SHA256

    71a190fb80c3462235f2570b3cb3b3bfe71029bf27d3ef018b4b61bcd8a049dd

    SHA512

    8d273ade647b790d90b1d623f09e6630afe7504d72ced709c8551753475aaec4b6a5f0774e3387ea7ab010aef084bc9aaa046272bd39d0a848baa7f9e8f82649

    Download Submit
  • /data/data/com.ss.android.article.news/files/umeng_it.cache
    Filesize

    148B

    MD5

    7f0ac324bfe849ee6ef815c7aa2fb436

    SHA1

    61d86a4a73b0fdd21045ef43a0d3dd627a19a6eb

    SHA256

    1f9d76cd0582a7db8f0e5bc6c57c1f836a5c9a0dc372afd4a0040e8725f018bd

    SHA512

    d617a0fbc6561a30911e3ab80e155092b768b0e0e7e8959b306a6592ea066fc6594cc31525efeafb04af6e9fc0ab95732c77a32a0b5ec475349f20b4dc38def9

    Download Submit
  • /storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat
    Filesize

    36B

    MD5

    671d72a411dc27ed709c1cf12b9c8f8d

    SHA1

    95dfb2e3dc1e02777284612c6a0521b24a1f4d04

    SHA256

    91d882cc7c30a0eb08653bc4a005949b47161e2b94b052888cc2bd1408baca64

    SHA512

    140e81dfa448edcca5157e81a470188d0afdb88d2af4fb5297b74308c93096c4f28b094b5d922e51ff1aa66696dfc7eed26717e77dd6ccb3a68f16e125ee3d9c

    Download Submit
  • /storage/emulated/0/Android/data/com.ss.android.article.news/cache/locationCache/journal.tmp
    Filesize

    8KB

    MD5

    6ca837eb17f5906368a2848d435d1481

    SHA1

    f52616aa0787ba2ecc800dfacd2cf6060bf04c1b

    SHA256

    0bf29342097d776fcbf6273d36588bfcd0a70992fd9517021abbdd852e02ffe6

    SHA512

    122337af168cf87751d3cc0e688227f1da80da74bd07e9dddd6633987c0d6c05c70791e05b66ce7eaf0301082d6f30369052d211cc70d59805d2cfae078d80da

    Download Submit
  • /storage/emulated/0/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

    Download Submit
  • /storage/emulated/0/baidu/tempdata/conlts.dat
    Filesize

    164B

    MD5

    814a311e9de0e467007d33c96d5f2bad

    SHA1

    0c500d71e8689538c2ae8e7689923b32289c4d72

    SHA256

    57b93a8c78c976e2fe4bf1b13d51503ca32e5fe511cc9fcb160edd1814be8246

    SHA512

    7af19b4b89e20ccfdef7ffca472b9f7c7d54a5e615c1d4753a80ac9da2697964c99ae4b35dc43e36f78514bdfab02d2b6a451c76f4b219679ec688348d73ad1d

    Download Submit
  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    0b1f5c70e97c78db736611c3c81a6bb0

    SHA1

    5b09853a69edd356539c63bbdfb7fffb5fab920d

    SHA256

    8bc8a733f1d50037fab2d685691e7b7fe7a2cd16d1b719597048dd58b8d7f940

    SHA512

    5bcf4b570afcd350e86ed08e9d1805c761cac81b86dbb2d07dfc56bc664351e0794219ffc3dbd9d0557f26d54b767372a82e58ac106598792b79202ad6167646

    Download Submit
  • /storage/emulated/0/baidu/tempdata/ls.db-journal
    Filesize

    4KB

    MD5

    0c6765dfb53c2308eb7eeba4e925ec61

    SHA1

    dc4ea9c0c6924c24d0241c1f278ac0a47dd616cc

    SHA256

    6c3aca4ec29cdb331ac76038720e1f1bd50b8b6c90ffc12d1b56a77afb52371c

    SHA512

    0b96fa85c1c075125285527feadbe71348838f0df44638f90b2fd829f0537db2e4eacac67231e0234d0658d975a567dfb8ed233f87b0e4da9fa701ffd10d77fa

    Download Submit
  • /storage/emulated/0/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit
  • /storage/emulated/0/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit