Analysis

  • max time kernel
    126s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02-06-2024 09:46

General

  • Target

    8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk

  • Size

    11.7MB

  • MD5

    8da7dc1501f70fecf9fedef7e9b84156

  • SHA1

    755082eae55647e1ff69b0d023ec3ea07f8673ab

  • SHA256

    f24cdbb1e8b40771f2798543664e39a08ec02c3aa9c6c552ff7008a9d6a75478

  • SHA512

    85f579c0726d0b30717982326f144dbd3c13c5017388bcd86c92661cf5fc16c42c5df9d185ef201d57bb5acf863df819c340def95133ac38cba7c66a5dacbf45

  • SSDEEP

    196608:JyAQKxUingKz/hHf1YtM+u76lANK6L5jEgKSVt7pkzpzFK5qS12dV1HFFCUdFtIm:Jy1STntzl+u7tNlLBxHN8545qSarFWoT

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks the presence of a debugger
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.damaiapp.yyl
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4279
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4431
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4455
        • cat /sys/class/net/wlan0/address
          2⤵
            PID:4507
          • cat /sys/class/net/wlan0/address
            2⤵
              PID:4586
          • com.damaiapp.yyl:push
            1⤵
            • Queries information about the current Wi-Fi connection
            • Checks if the internet connection is available
            PID:4410

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.damaiapp.yyl/databases/UmengLocalNotificationStore.db

            Filesize

            4KB

            MD5

            f5ae32aa1d107b065c2b758b7d8cc54e

            SHA1

            6f4c6201365aab1b4d6c1a1669213db716eaa1c1

            SHA256

            d96bd17a72f054221436b1e049350c1a11ad752a4e2dda89019394efd248979a

            SHA512

            35f7148afc30d4766733709af5daafe22c32039f358d2ef24cb9a1462e960141153ae95905b0516a15eb04c6f380445a52c381a0883e8f591f0711f3b7c6a6ea

          • /data/data/com.damaiapp.yyl/databases/UmengLocalNotificationStore.db-journal

            Filesize

            512B

            MD5

            09ad0d79e37c0c268c2f57972a664b4c

            SHA1

            9d8c8376b5d76b1af2d974c19e5c02fd2a6b4cea

            SHA256

            7d71a2691ae8ad62b3f41e18413c15a5ff24473cd59b508c180666116f166d2d

            SHA512

            4dadc55bffd9b39611a7a70a9ab3e8e2256468c3156a3b525122ab65c831097d22ebdba49547d0538698a26fe8b0900da1d7e07e65b2c97845cfea7d5f93b7cb

          • /data/data/com.damaiapp.yyl/databases/UmengLocalNotificationStore.db-shm

            Filesize

            32KB

            MD5

            925498e61d387efc74d273222b650e4a

            SHA1

            c0a6c6e79101032b94d21a4a7d107b9a933274da

            SHA256

            de33cee842b3970ca9f4777e9f0e3c95e53ca7c031b727befb9c1c5d6a49f9d7

            SHA512

            6f47bfb71e4509ec60e89ebeda865089728f0526d6f279ae1eaeab8dac08b6c3b3d8689e27dd0e6c4c69e4b7c9007ffa17b69659492a464516d8360719a4e012

          • /data/data/com.damaiapp.yyl/databases/UmengLocalNotificationStore.db-wal

            Filesize

            40KB

            MD5

            611c5bd1100f7b0d15880a802fc1d7ea

            SHA1

            80b51c2dd977160ce386660daeab20433e963761

            SHA256

            edfaccb7c759377d78e6647540b4369c38310b0e170ddc9dac95ab7f6cd03f6c

            SHA512

            9bfaaaa3073697694a50883e396423b9841af6fe8757f933fe36b2a63a579a6bd044f6848a9d6e1e66f68b49f61df13bf380be95629dcc50d02a1923accba35d

          • /storage/emulated/0/.DataStorage/ContextData.xml

            Filesize

            111B

            MD5

            67a428c1200ef80aaeadfbbabf991b63

            SHA1

            91d57a4e2a878ca4e8a399714ccbd9e962c27bc3

            SHA256

            100a14a1e3b345e3d84e272dc2a19c3a7774e13962f7106513aec5702eefc691

            SHA512

            edb5bff46a88dcf651efc6f75258c44c6b79e72f73f41b761839ad4c7121830dda77e67070259133b615be80587cb6b462bfc335a5d533dde42ba59c342a610f

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            222B

            MD5

            169d05a158d4c04a06cf663eb1dcced9

            SHA1

            81a9649d2be11eb27db0ebfbfc2f27c8d7fd90fd

            SHA256

            8fdab9fe9fffcce810528bfefd82753a367f78fca0977384d326a8841a65f8af

            SHA512

            03dfff135cbb5a1fa4b0ee8785c722866dc31431d80df09ba70762642fcfc08b49b424f88ff9a268f8a64d22383d915aeb81b9adaeb03afbeba7b320d28d12f0

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            222B

            MD5

            658e0884ad8fb7a218f3257c0a4cdca4

            SHA1

            9efb4e451aaff9e582b0dc0e6799d5d0ee808e71

            SHA256

            86cd85da6a0b186ccf143dbca7d911625533e9d581fecdb5ab017f75b32f5f25

            SHA512

            dd6adf31339e7325d8445a620c09c351b187580f1b8c53047041cf79d73432e4dbb9ba3ced21b2b56fc7e6e1274cf86937affe354a47936db87fba473795fb05