Analysis

  • max time kernel
    178s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02-06-2024 19:48

General

  • Target

    8f37da916c775c0b7e5dff6c37995dee_JaffaCakes118.apk

  • Size

    5.2MB

  • MD5

    8f37da916c775c0b7e5dff6c37995dee

  • SHA1

    9d19ac1a285eda0373d9c33187258991a37678b9

  • SHA256

    fa9371c84e1eec53f64bd3953883247894addb494a89a945bd32685e9887bed2

  • SHA512

    ce2a618bbcf744c6cc345c3db8af3a4883ca8c9c7565bc61177ce1ffd2940ae7ad361b89c7a36fd29b909243b9073702a59dedd1b343d9ec133b470f66df71a2

  • SSDEEP

    98304:7f+K6aOVCGKmE50CW5CLH0az272mBzLDhFLOWTfyJWTsp7aj10WOz1+APU9zRL2e:COoCjPW5Cos2aWzyBxajG7s9Vy0

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • fang.mp3.dlv7
    1⤵
    • Requests cell location
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4282

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fang.mp3.dlv7/databases/dBMdYFN-journal

    Filesize

    512B

    MD5

    36291e028bc011052d3ac0e47ef97da6

    SHA1

    b382bfcfc03ebd91ff25540b7ef820fd0c376888

    SHA256

    814fd710a424a5554e2abca346a5738f4e566341f322f5dca8e38e54a69d7581

    SHA512

    bb25191c87ba88c57c93a137b2a11c715af6f6930dc615ea512378765a6ded29c923a44444c2bf5191fe54f53c8ccf1684387a548489c866e19d918593811284

  • /data/data/fang.mp3.dlv7/databases/dBMdYFN-wal

    Filesize

    128KB

    MD5

    e97f11910fb00c283c9acfe4c94f710b

    SHA1

    0dc45c48c600517b9a76705b5140d99051d0cec2

    SHA256

    f3fa38f10ca58274122c8f627197116751015041059f72b3863c467a771075ae

    SHA512

    bcce1355e76b13a2f86711e84bc376922e2d2795c9e9128a0005ba4bcf5e7bd8144be0cb99d5ad2c0b6abc72fcf2081adb3a811544c19f5de1a90bf6f96eacd3

  • /data/data/fang.mp3.dlv7/databases/downloads

    Filesize

    24KB

    MD5

    aacb15c9d685827183320fd93a59c0e0

    SHA1

    e60f357537a48b0f9e782efa2aaebaffd03f5090

    SHA256

    2accdfe01e5e158568a6b579d231565eac7adefd4e57ee30493274a0c5147cda

    SHA512

    730955879fd7aeb5a7e286c46ad729997bd8dd16c6f206c2752dd667043379bc60b1f8d1ae7ecb3d8276ef944b8b27182a30f0f003981376a25b48dbb46a027d

  • /data/data/fang.mp3.dlv7/databases/downloads-journal

    Filesize

    512B

    MD5

    51508b1530fd58e5955960339893604d

    SHA1

    ddcd33783962877aa355104f383f171dcb7564ed

    SHA256

    d359fe82e72f5b91c36c1728bdb14c3f4cf42d2a6be88abc1286fbd786c39a73

    SHA512

    194479a7615e3beb70dda86e95b7d3218e345dbe7964aac27f79f2e2edfc2adf69a80fa2e02a12b1e4cd954a7e34c670d263f9c8a145838f41a1be57007a0e1e

  • /data/data/fang.mp3.dlv7/databases/downloads-wal

    Filesize

    36KB

    MD5

    0b0f8f44c718dac5030a43988e7b57fe

    SHA1

    dba6c7b0d5e8a629783936483447de1ce62c5599

    SHA256

    cfb7bc562c15f35ee5177c7a05f9661e1286ed7681e337c7a586b59213354696

    SHA512

    523e84915afa8bdde9cb121bd6f12c6cf48ac00d7ff2c527d9736dbc7943ced160d87ffefbf5fcaff66122b6f9b7cdad6d7341af5f45d5a8a3c983455de2b20e

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-journal

    Filesize

    512B

    MD5

    ed5be03965cdc0a82016ef6dd23a2572

    SHA1

    99d5e6f6e71878d8f8223a1f7e9ad396c94d70e9

    SHA256

    7f4bea18787595abd6c759241c39d1f5ac1bcf818fccd7c87b3a0640d894b4b3

    SHA512

    3c21e400e5611d6acbde5d7d88b8c64af47b72517d32d1ce1ffc10a7a0fb59fe5e8edfa63f8ebd4ef7a6363c65fbbee50059d256b41b32f4063cb86d465f9047

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-shm-journal

    Filesize

    512B

    MD5

    dea9126d01d051c50bfb209c0a4242be

    SHA1

    4d87ab7d419f4403cdd5e2d0688ab594d2d3a0d5

    SHA256

    55757cfe977113e0879fa3f4d51107954293aea7f0dd4140267adb33a3578e7d

    SHA512

    5c277a7776559c9aafd78a6d88bfd1027cba47ded359bae053cf4fa17c269309e617047ff95cabfcce355264419139f52b2e6f198288db67777ca578c7e34361

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-shm-wal

    Filesize

    16KB

    MD5

    0e6e1fabbf256c635320c0bbb177fb21

    SHA1

    893125b73d03f3225f2265f8590129ec375c05fb

    SHA256

    fb61d12ff8f4e021f6d28fc93fe5a1548760ce2b43000922a4d5a46fc437dcbe

    SHA512

    76181f6cef6c75ae410cbd5a860c4eb83ea72c588ef706691bf1af0418d0859316da8d2b4d496d82f0cfbf8a2884cee4a1e042cef38cd922d3b570f37f6806f4

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-wal

    Filesize

    12KB

    MD5

    3fe30614d7e0d11db870b4624f6c50e0

    SHA1

    053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

    SHA256

    67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

    SHA512

    c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-wal

    Filesize

    52KB

    MD5

    d39f622d8af4e8a665fe810a14a5f2ab

    SHA1

    a7639671c2462467c1cd57fbcad77fca599030ca

    SHA256

    b007f8b16e3274f4954401add2269bcc334dffb5f2d8330eb591efdea4633aa3

    SHA512

    c5cbb8b760548e3fcad9c010c2194e3914f9ec6268506cbae96d58f4bfdf60f702853b3d36110d0b7ac76b98668477c5972d9c762f332037d46c0807a7636ec1

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-wal (deleted)

    Filesize

    76KB

    MD5

    447b08af159c4dc5037c7a89d44c9040

    SHA1

    209deae3691167acfb3c15ed745b0f8535823743

    SHA256

    f8227a52be933527798cbf35ac6136b2f4a2413cc291bf4a3f1e5fd1957ed231

    SHA512

    d1bb7600845092c83c60d74f39cec4c606d541f6707f914bf8f9580f3db5be9e601e53b76f14ee0aeb2e0fe08cdae2cdec028522fb4c29f1d1ab6b0c8255a3ff

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-wal-journal

    Filesize

    512B

    MD5

    57f74606e7ad7929044509665f17fb6a

    SHA1

    f9929542892c6651a5b253fb1e52c7f962ee7e2d

    SHA256

    b6f6ea968b80aefb00e150710ab20b281efb078b78835314af248106c82d871f

    SHA512

    043d5e206cb5de3f3985bde14c4d9e8a6e33bbf021c2128a13ae1be792089cbf2a826ea94110ea1f2d01b752ac499ecf7a0828011ef39068d627939e693d2c39

  • /data/data/fang.mp3.dlv7/databases/google_analytics_v4.db-wal-wal

    Filesize

    16KB

    MD5

    30aecd7ff8300911d36c29c84add6a01

    SHA1

    e3454c87fa2375b838d335b330828b22f24d015d

    SHA256

    e9eea39a236c6752637f7f313adff0ebdf303d335a14f07a1db09ab4ae56be24

    SHA512

    0878160397d657d6016391b000f677176c606add518f13fd1d92c620341d3fc986782a355a7d55f38939067bbffe930349ebd65a3d05ce6dc2ca2aec6428c9e4

  • /data/data/fang.mp3.dlv7/files/.YFlurrySenderIndex.info.AnalyticsData_5TG4JGVTYX3S34VZQT7N_216

    Filesize

    88B

    MD5

    bac9ca3176f41a0a4629eac6a8438e8c

    SHA1

    be415c1a0fb6ac420d275d5bd379ef561225b954

    SHA256

    5168e64cc1ff198f48ddb6d9b93bdc9467aed6c3710913faf3487a42a0eb3275

    SHA512

    a100904a54f4b96c8f0c53da3f3cb3f07640242558afd08fece47840b0a2132550ec6b7af370913be94b09291f66f625f94eaf1d3d80dc3e6a4412a1ad22a8a7

  • /data/data/fang.mp3.dlv7/files/.YFlurrySenderIndex.info.AnalyticsMain

    Filesize

    72B

    MD5

    b93c096c4a4256a76a35955acf75f98d

    SHA1

    4c915d8ff701ee2d9e24fdda0ebc87cb37bde37f

    SHA256

    801ee8f13155406b640b4d7b630d0473100fcbb82eb727bff03585da4343ebe8

    SHA512

    a557418d61d18a00116c2c8de7c45e14b071fb933b45ac05c1b322952957594d6288abd2f95d20d0f724ac5acce18b14aef00009288206eb7c43ab60c5de6f79

  • /data/data/fang.mp3.dlv7/files/.yflurrydatasenderblock.9793ad1c-b85f-47a3-9241-4edf6f841988

    Filesize

    328B

    MD5

    1487a8eb5d60a756b9a7ce9bcae92bd3

    SHA1

    db6365a623e3067de9df10de6c06bbee5a50c9fb

    SHA256

    3eeab6777f65a359c2507468b6a33540af2cd214d0ce07ef3dc45d1f521a32fa

    SHA512

    763046370fddb05f13f976cfd2bf897b9724b552cfa0dba0ae0b2e877f62aa12ccc1e14eb44eed4c3a2943359d11877760ff811d96f2c5166c4748a4e0dfeea1

  • /data/data/fang.mp3.dlv7/files/gaClientId

    Filesize

    36B

    MD5

    b317f0628c7248011ba7f9d05c77dfc7

    SHA1

    5cb7a78bf4150bc65779764382151b3b8721cb9f

    SHA256

    6fb2e1808d82e2545621669d38d60f3650d140cfea39fe7c95caa3985278330f

    SHA512

    0766e0d426cd62ca0b5969c48da6c70b4379512e547934faaa0c55b20da696dd7fffe24f9a080e900094b1a228032a5c2a512dfa07c9084cf1ef4e138bf82152

  • /data/data/fang.mp3.dlv7/files/shared_prefs_sdk_ad_prefs

    Filesize

    181B

    MD5

    5f1a61cd768d1d0d2ba1f41af39ed1d6

    SHA1

    e9efaab032c07d485ba10b77448eb05eafb5a8ce

    SHA256

    323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082

    SHA512

    2a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12