Analysis

  • max time kernel
    159s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    04-06-2024 01:05

General

  • Target

    933a80a5bed9442e26c924b9702835cf_JaffaCakes118.apk

  • Size

    31.0MB

  • MD5

    933a80a5bed9442e26c924b9702835cf

  • SHA1

    dbdee9269147de30b97931587791076b25daf6e6

  • SHA256

    35de678d878131d2cc49e8e47c95b00959a2ba28965ebd898ed2cf9593d8f2bb

  • SHA512

    f5e5e11d577c2e7c5b119b1e16b29545aead85cd9b6aeb4b86e5454e2bffacc16107be243d51265dd1dabb52a68f7293c7b7d9a6dc37ceda156a7d12bf3c36fd

  • SSDEEP

    786432:18kvvjaolYeiUtHXnRfYyPuN1LWcfvkvV:18kXjVti4tYyPezvk9

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.suyuemobi.zww
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4272
  • com.suyuemobi.zww:core
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4308
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4419
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4440
        • cat /sys/class/net/wlan0/address
          2⤵
            PID:4473

        Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.suyuemobi.zww/app_bugly/rqd_record.eup

          Filesize

          132KB

          MD5

          75b7982b5bda9989c8482ee147e1e42d

          SHA1

          caf8a37dbf6cdb347d45958cf2c42bd9524d0170

          SHA256

          03e64769d52ed9e9138fff5159b05c3beb55e6c873c75f68f1525926eb4ebc16

          SHA512

          948d1181919163860b479b2a1604414f04f758cbfbd69e97622b6f5933aebd515cb79b0401c5e469d341b7f62c243d1d79f584755914eccdb66bab57da237d6b

        • /data/data/com.suyuemobi.zww/app_crashrecord/1004

          Filesize

          226B

          MD5

          c4e98dc401b2f02c394bd54391c6e64a

          SHA1

          a8a9f5d2a44bacebd4b0908089979592bcd6d042

          SHA256

          f9d9cd7e76507f4aba75b15f05f9d633868ad2171d5fc514f354a6003e7a14f9

          SHA512

          988080b1105a2bf5c2e9df52c930261576aed82ffcb7b6ab40cb08d16abf3ed2a3194ad8e3f390266580ebcb7613a758bf7ebd440d2173bbc089d111e937f119

        • /data/data/com.suyuemobi.zww/app_crashrecord/1004

          Filesize

          231B

          MD5

          6a57f3f81ea53e9abe27386c38adb341

          SHA1

          550d4139742264e6522d7194c19b5f3a08bea137

          SHA256

          8cde4bef325affea457cb5615715790a7a47861b0867fbd70bb505b081ae6d19

          SHA512

          4873652254fca632b562d9fd6ca98f55aadddb5ffff4aa979a90f9b463a992831e814da270ca377ccbcb0db46376a0eae505342ad8f309b3e7ca2fe558e04d59

        • /data/data/com.suyuemobi.zww/app_crashrecord/1004

          Filesize

          58B

          MD5

          0d210bfb2a0e1f1b4c082a6a0f79de07

          SHA1

          bb8ed9e364db79d1d9f2fcde3f15091893222faa

          SHA256

          988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

          SHA512

          536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

        • /data/data/com.suyuemobi.zww/databases/ThrowalbeLog.db-journal

          Filesize

          512B

          MD5

          e0de1df2017b7adeba037f85e98a703c

          SHA1

          9a04a418b9204dc05817e02aff8c653dec9506c5

          SHA256

          e4aa20b1c2ea559e697350c9f546a5122d83c1c2874c11860edc655c0d1ee904

          SHA512

          234ef3f01ba80e17743e0027f874f9720e74e6d4c910b58d7591688fb04fd06746e14b593958cb4beeb3e68f3e414b76dd4c9a03c9387530710e44545180e4ea

        • /data/data/com.suyuemobi.zww/databases/ThrowalbeLog.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.suyuemobi.zww/databases/bugly_db_

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.suyuemobi.zww/databases/bugly_db_-journal

          Filesize

          512B

          MD5

          4ff9feea07afa1dc503b081c2412bc67

          SHA1

          545d7b874500416cc7e7e705bbdb0881efc4780d

          SHA256

          62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c

          SHA512

          ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

        • /data/data/com.suyuemobi.zww/databases/bugly_db_-shm

          Filesize

          28KB

          MD5

          d284e7c9a0b7fadb73fa34530d082e36

          SHA1

          80b7e78d48f0804551c0ad52f7402d0ba01af7d9

          SHA256

          d4d082dd8c5974f3e64f766ef31ef043453adc9907f8c20ea28aa41cd67216c1

          SHA512

          cee6894040da8fd6dee98526530680bc659b0f138ad724d007040ad0ef76f3eb7b8a6556532b259da838b27b5395935899a5a0a280e3c68f3e5a66a2ae4b7dbd

        • /data/data/com.suyuemobi.zww/databases/bugly_db_-wal

          Filesize

          68KB

          MD5

          56d3d63caa782f7abe51163823bbba6f

          SHA1

          0f5986838580dbf8c8a9221b9aa849761fb4c57b

          SHA256

          f025926be9b2c78957f1a93ec150adfa6c8e2577a887c44d640cc8e748f61616

          SHA512

          5d2b3713bf1ca3071b90c9d5ab9803096f82996b8d81b637326a8e55377dbb5560a3139e3d88bebf1760bed6f0fccd599361bc18f8dcab6fe0df74313d64fd1e

        • /data/data/com.suyuemobi.zww/databases/com.suyuemobi.zww:core.growing.db-wal

          Filesize

          32KB

          MD5

          d497c211d0d6966a5a3eafcb173ec090

          SHA1

          00f6884199b5f87b06259163267a811815d9f428

          SHA256

          82877861bdfc6b6550a052594a0b598ed1cdcc58fe11344841605faad74393ee

          SHA512

          e94baafc8265e5776e07e37bf5cda091f79bc645214284dd061a07edb4b9386ea85e7a7b9e7a87640179c8d98d8ec9be1a9e0ca236aafece7a73b7dbee1e30ac

        • /data/data/com.suyuemobi.zww/databases/growing.db

          Filesize

          4KB

          MD5

          666442ccff7868c58773cd56afea33d5

          SHA1

          b1cb8bee7fb7cea081de68d7b21bb52fd0344184

          SHA256

          98cef5ce1fef8721e2f69d5a6dc31f961df35ecf5a4237cf351a378ca7887293

          SHA512

          d2501d05a6e97ad004d11a870bcd512ee4c7425300241276b1be3b2a70d1545485e6949e2b42c09f4d99ab0cbc17710c1ebe599d6776c6ad644547a1cccc6260

        • /data/data/com.suyuemobi.zww/databases/growing.db-journal

          Filesize

          32KB

          MD5

          67544ed246b9ce31cd117f4da005d513

          SHA1

          e0fb910ee3ad55e387c95929e1b37c339f3fd979

          SHA256

          0c0cfdc9a394d8bf1ddc32e02c0710d60010d40a5afc1f3cff4f64915fd15417

          SHA512

          e10f61bc5af028990321d32506c0551b3106104275f02fe67a086b6f0f9a81a037e3aa41cf808dfe3ee6b0ed1400cbd97d737f12242b24858ba809b519e82048

        • /data/data/com.suyuemobi.zww/databases/growing.db-shm

          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        • /data/data/com.suyuemobi.zww/databases/growing.db-wal

          Filesize

          32KB

          MD5

          eb1c0220b13eda9822a42cf39fad100c

          SHA1

          85c5d34e465297cf091b8621890f28e50ddb4820

          SHA256

          6d14cf684bb8fefb15e1e81bcd6597cb2d7abfe5b5f4720a34d710440386e794

          SHA512

          8b3bb82c0b4fe69bd923a9eebc2e3012a01bf2d539e5d9f42abfd698d3efd5d0280d0e2b52776889456bb82541a04cc87d1f785084a67095578620ef9363d7a3

        • /data/data/com.suyuemobi.zww/files/Mob/mob_commons_1

          Filesize

          2B

          MD5

          99914b932bd37a50b983c5e7c90ae93b

          SHA1

          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

          SHA256

          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

          SHA512

          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

        • /storage/emulated/0/Mob/comm/dbs/.duid

          Filesize

          558B

          MD5

          bef6c019b8ab1ff076f03c4f6a5b1b39

          SHA1

          b3640fae7407115ed8a5ef4d789ffc5f7adb69fc

          SHA256

          5710cee7902c6a02a19db6c79d4b86a8c8a70026bed1371b3579304091048cf0

          SHA512

          ac273213585b522495b583b56e0c1b60c072741fcc3f5ead6b1ec0abc80f37290d1c060b82cf2a1c4af6f92448711a683e2191e91c2f6a53d2a8717d22ed8a4b

        • /storage/emulated/0/com.suyuemobi.zww/nim/log/nim_sdk.log

          Filesize

          95B

          MD5

          42dbc2811e8c0c1adc5156f06be42d83

          SHA1

          826fd91a2fb1208c07e04df053834451a4e4acf5

          SHA256

          faf68d56fb0fe787f1ecc8f904e758e2fe335d37fda2ff292ee873d2a7248aa2

          SHA512

          6bdff5e560a263cc34249077a9c3328a52569e46f0f014a5d046a5bbf9428e5df8cadf900ff33a5e4dec1a659c6cd221ab74ab82c453cd0f9732519fda463280

        • /storage/emulated/0/com.suyuemobi.zww/nim/log/nim_sdk.log

          Filesize

          139B

          MD5

          e7579b4e48a2ca61dec1a99b230a76fa

          SHA1

          7949d8ed45cf34fa162f3c2741f7e8a0f0031a05

          SHA256

          3ea0be25d56f7a423c34d2a069e2f157ff7764da4795f43f3d8f81bb7ddc4315

          SHA512

          f456850ef16ed6f7c7714c453cafff9e9c911aae23e52fb12488f4c49f173ee6a72f2020ae67ff22d73d2d40d2d18d9c1bc2ce64583f648a527c6a1fd0dd32fd

        • /storage/emulated/0/com.suyuemobi.zww/nim/log/nim_sdk.log

          Filesize

          142B

          MD5

          acb70396710d977e9afed0b8e6018f19

          SHA1

          e79fdd8928c034a3aa9c4d8e623e6c6b92aacf93

          SHA256

          e189637d02817d8f6dd9a18b31649ed811d9cc293a24e8c3499f389610d7a3a8

          SHA512

          471683220fd85d498307d0cc2aac72464670fa3361772ed5959961afb820f5551961a8e941b095680ae239219438c168fdc4b4d14c549f690f2577c840186008

        • /storage/emulated/0/com.suyuemobi.zww/nim/log/nim_sdk.log

          Filesize

          20KB

          MD5

          e51ecca129d12b603e6b00bf5b995798

          SHA1

          2c8aa785508e393cfb2d7dbb9f82fcdc8536d662

          SHA256

          81fc99eac73929ce02c780400d24d162654a5ab9d2d57babb385ab0cdbc4e271

          SHA512

          62aeae3a8e2f3b41bfd6a083a62e5a409c87ab062dd0d577ce8bc546bc0ce40c4bd65e15d4f4a3ff67a8ae3924ec47bb2b70178ff0be16a18887b4419babc753

        • /storage/emulated/0/com.suyuemobi.zww/nim/log/nim_sdk.log

          Filesize

          146B

          MD5

          bdfbaaac77ed6479ad63d6315a85f15c

          SHA1

          1398da9890f709c56fb5c26cde7856e3f2d18e2f

          SHA256

          2e9facece609561d558fbdc9ae44f7e4bb83e9d361ac3675eb94eac25f51ec91

          SHA512

          12310c0958f6f49f199efa29b05dd665551b00b63743465ee04708880bf5135b36efe5aaea631e80a818e02ab8b2f02473b311642823edd1a62397a2610a2d8b

        • /storage/emulated/0/com.suyuemobi.zww/nim/log/nim_sdk.log

          Filesize

          96B

          MD5

          f064503f2e363b5f017bb6a2f8dc2817

          SHA1

          5f10365de53cbcb5da3326463e302492c4f3183b

          SHA256

          f4b94c567b41d2662621565edc4a0885d22e47860f6d5636c536036d2143fa33

          SHA512

          d8ff4fae0d1054c21412ae207e9c04053fe6f476ad3837f3fd58f0bb7e338032c13d9a52de5d0121e371f5662f506c05d65628d37587ac724ddcd420aaf10b0b