Overview

overview

8

Static

static

6

6e02ac4c6c...18.apk

android-9-x86

8

6e02ac4c6c...18.apk

android-13-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 09:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e02ac4c6cf71350ba8aeb7db6a7c0b0_JaffaCakes118.apk

  • Size

    11.4MB

  • MD5

    6e02ac4c6cf71350ba8aeb7db6a7c0b0

  • SHA1

    da9464111b3ffe3677bc60eba512c80e3bf1d3b8

  • SHA256

    a76d998bdec295b5edd86fa0fb38978862cdfe8de57f9ecc152769a628bd7e10

  • SHA512

    351bab467add06bd22af1d2f2efe9b16cb1da42f6f637360e03d2d236aded19e81fda4bdfdfcfc971dbcb3af785d9de6a5704c2f3d423015881ef864e1793e61

  • SSDEEP

    196608:5DYXa05tUGKR1vt8CxSyC469GweJ7sDmELFiZmxB+37FHtLOzBTjnPxo:5kX5UpXFrxZr69WJ4xiUnC+zBTjPO

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.llkj.e_commerce
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4258
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4295
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4345
        • cat /sys/class/net/wlan0/address
          2⤵
            PID:4364
          • cat /sys/class/net/wlan0/address
            2⤵
              PID:4472
            • cat /sys/class/net/wlan0/address
              2⤵
                PID:4490
              • cat /sys/class/net/wlan0/address
                2⤵
                  PID:4510
                • cat /sys/class/net/wlan0/address
                  2⤵
                    PID:4573
                • com.llkj.e_commerce:push
                  1⤵
                  • Queries information about the current Wi-Fi connection
                  • Checks if the internet connection is available
                  PID:4393

                Network

                MITRE ATT&CK Mobile v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.llkj.e_commerce/databases/ThrowalbeLog.db-journal
                  Filesize

                  512B

                  MD5

                  0c25b4ca37acd00c34af7ecdd23474af

                  SHA1

                  10ebdac73188ec3d13e084363ebd7ccd164bf139

                  SHA256

                  e7befa28d322bcfc9550b3384c7e14894316313ad7d2c5d651989d40302688c6

                  SHA512

                  42b6d8ebfe60f69135b6aefba24866285d861ac27fb7c88e30a3c34fc7322977d338fc44d10877d394f88e052ccdee4555a075fafa5f51267113e9a685cec496

                  Download Submit

                • /data/data/com.llkj.e_commerce/databases/ThrowalbeLog.db-wal
                  Filesize

                  104KB

                  MD5

                  58e83556ce04cf280391816589376206

                  SHA1

                  dd97d6b3b9cebf37ea52e9c03bde4cbfd5e8af57

                  SHA256

                  239412f237e155364d5f5f87c425708aa190f96d3feabbcf68698cf580095f37

                  SHA512

                  6ca518db47d9066565be86f48439e15cced4a7374bcdba5b2b387797f31dfb309b1026173f9ac5f61d31dafc5cbffae113b5210abc709006ca51595a280e88ce

                  Download Submit

                • /data/data/com.llkj.e_commerce/databases/UmengLocalNotificationStore.db
                  Filesize

                  4KB

                  MD5

                  f2b4b0190b9f384ca885f0c8c9b14700

                  SHA1

                  934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                  SHA256

                  0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                  SHA512

                  ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                  Download Submit

                • /data/data/com.llkj.e_commerce/databases/UmengLocalNotificationStore.db-journal
                  Filesize

                  512B

                  MD5

                  9aad49531d0e734117a79c28b17ea55c

                  SHA1

                  8b94048345cc1e41952f55df008bf28a50b390f0

                  SHA256

                  d9136d20094ee99c12e4362ca7af7ac85769358f151c0d3c685e6e8fef374401

                  SHA512

                  676143c18e8fc3658c95c11060f4d09d5e9bdb89d35e74a67151ff34515204aef7283f77385a329ba86c0d1450beb9e90e81c198647f769d11f986179991e72f

                  Download Submit

                • /data/data/com.llkj.e_commerce/databases/UmengLocalNotificationStore.db-shm
                  Filesize

                  32KB

                  MD5

                  bb7df04e1b0a2570657527a7e108ae23

                  SHA1

                  5188431849b4613152fd7bdba6a3ff0a4fd6424b

                  SHA256

                  c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                  SHA512

                  768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                  Download Submit

                • /data/data/com.llkj.e_commerce/databases/UmengLocalNotificationStore.db-wal
                  Filesize

                  40KB

                  MD5

                  842d5de682a38e5d3ddb6f6025be954d

                  SHA1

                  335920a727cb9b7206466368d201b9947aa2ee03

                  SHA256

                  abadcb08f691aa128e5542bdf129fdc5d9f87ec3a08a8622dd5805543354d81f

                  SHA512

                  56460e0356a76e8c2a5a5f6591d869dcd411a45f82d6b543fc373118f8450a90181a8bb97a26ae224ef0bb331566d0cabc0a7c97e89665bc5a07b9d02748b565

                  Download Submit

                • /storage/emulated/0/.DataStorage/ContextData.xml
                  Filesize

                  65B

                  MD5

                  9781ca003f10f8d0c9c1945b63fdca7f

                  SHA1

                  4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                  SHA256

                  3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                  SHA512

                  25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                  Download Submit

                • /storage/emulated/0/.DataStorage/ContextData.xml
                  Filesize

                  111B

                  MD5

                  12075da1241a8e842958fdd25548963a

                  SHA1

                  8f0eb13ba69deed7ff3a59d23617ff1ff28ed437

                  SHA256

                  3cd210545f04c8b00bca22f2ac2b69f8b33c620502634e622718d83e0ad43fb7

                  SHA512

                  34c2156c1ecf13446b9d47c974ae6eacb7c36cded4668a09d893eb0adaaec19ee49d7b10937a9b8399f48e95d4785c405e655368f708919da0a257978cd668cf

                  Download Submit

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
                  Filesize

                  381B

                  MD5

                  56c768cb3d53d972cef44438c0540f44

                  SHA1

                  e9c84dbf25f34b357f36ecd46527904ffa27eeaa

                  SHA256

                  200167f858fde4f3d8614b502d8620b67c73dca468ab745ae8cf27aac56ebc72

                  SHA512

                  4bfd1bc3758198523eed952579d08c4d5208d32cdcadf61c03639a940ff7392b563f4965cadadf4a70d31c131132f97f578940498db1e6eb851cad4409c15b0b

                  Download Submit

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
                  Filesize

                  111B

                  MD5

                  63204df97ff72b308c88491837a7c23e

                  SHA1

                  4115ac2b042a65144dca20bb06cd0ced971fa098

                  SHA256

                  1c1cc8fa8bf884b05abb702385275f278c7141a36999c6b89eb3385fd6b0c662

                  SHA512

                  c2ec0a07ab037a2bf1490c7f0138e293b55bac6f7fecfc44c2bba71d16a880ae25571bba973030ef469e62960df8ce18bc83fcc8a052e1a69cf48cf7b8bd3538

                  Download Submit

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
                  Filesize

                  381B

                  MD5

                  e0b698d6d23de3d953f1f000b15fdd3f

                  SHA1

                  f31e4b29a75bd05c662586bef8262f534ab83fd7

                  SHA256

                  5e9baf1993559edeeb28979f366c60b37c70cddb5223cb9399686f74d7125ecb

                  SHA512

                  36be9524f7fc764fe4b86099d6db82c58894744479a19399651f317adb20d1609265f5544c87a451824b4b958543eb1761883e6987615699550e0d268ecdc9d3

                  Download Submit

                • /storage/emulated/0/Mob/.db_accache
                  Filesize

                  333B

                  MD5

                  c5ca923cac1d46ab38d2332f85b19b7c

                  SHA1

                  d49c4767fdf038c59be6dcaf5b7300265001af31

                  SHA256

                  3e51d197463bff432e1312a43a71473d54625785aaa39b54fa7397f5db0fa221

                  SHA512

                  c5ba21592c7fdc6a5ae76b4b6972287fc6320c8f1047127e07c3f7fd53fdb6742368fbc958066094368f2628ac893e7acfb9954b1fbf28453a000e8c2eb50791

                  Download Submit

                • /storage/emulated/0/Mob/.db_accache
                  Filesize

                  333B

                  MD5

                  9f91bc811f722ab7ee0f5776524155c2

                  SHA1

                  2fd247f17c4f7f097623d1c1f9e832237858cbd0

                  SHA256

                  3b30400fe78999869519c94f6be77c85e11aa02b8eec0d2f46ddb8ee506e75ea

                  SHA512

                  942455ea6edef9695083357f279e404fce2f3eecb547789fd2e7599a058d8061629e9c50ef36a8b4cc11a93905210cc6b329747fd75c46763ef18913ed91081a

                  Download Submit

                • /storage/emulated/0/Mob/.dk
                  Filesize

                  107B

                  MD5

                  3f2be1e244aa8d0567aa17c350ac5559

                  SHA1

                  349ffee1126f20a1920367b60bd19785a8dc4399

                  SHA256

                  2f892808106d63db25390b3ce94df8983484a8a544a678c654e934424c37c717

                  SHA512

                  bb3be59a9dcabfacb7e672ace4ba361d7e412b58abada055bd09d6e9c5fe0aa427a09911f3a53cb4833240e63fa59ed51a8d4bfd8db0557c856a537c22113178

                  Download Submit