Analysis
-
max time kernel
179s -
max time network
144s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 06:34
Static task
static1
Behavioral task
behavioral1
Sample
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
-
Size
449KB
-
MD5
975ec006f485b20e04b22734ba601deb
-
SHA1
a41e92cc4b9a4df519f40f7c6c0639df6a764ddd
-
SHA256
dcf5bb8568c8a027f696e0b7e1b38869081ac763110ac8046219575ef7c858ea
-
SHA512
fa536af1c0931204462489bc7b0305eba21c7d640d8a01811da90fa31348080ae1368ee7bbb72c41743efb5f1ce109eb9093db07a8784091f6833a443f2f7ad9
-
SSDEEP
12288:mHd2kFd/ioBZhrWeGeHKWgLcj/Ckx6dcKYhLfaM0L:m9z7KoBbyeGtLceqKYhLfal
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
cn.sllb.contactsioc pid process /data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar 4228 cn.sllb.contacts /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569580971.jar 4228 cn.sllb.contacts -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
cn.sllb.contactsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.sllb.contacts -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.sllb.contactsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.sllb.contacts -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cn.sllb.contactsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.sllb.contacts
Processes
-
cn.sllb.contacts1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journalFilesize
512B
MD5356161e41b1dca0bee6d4f3e16462024
SHA13c206c5c993ae654b9f52f70a8ab62f1e069cb35
SHA25621572c3d9d2e2cfd0eb57459d18c104f9866175ac605717b6a6e0fd81dd9ed15
SHA5125e8b9d6cdde4d6779dcfc4088b68d070779f453ce76dec4c5fc709bce2d26f78fac5f0139ffd1a68f971baffecac69634dfa15b031ba4ba6d8f8e860e4544562
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.db-walFilesize
28KB
MD5c7321ab6014f20f53e6399aafc774d22
SHA1bdb4727e9093e46a9eddc428c149e5dd6fd2b25f
SHA2563772f6bf7d93e4266c0dc8b669dbc28d8f9e51d5ff1cd74b5802b726851fc921
SHA51252416fe4005c1352a4f374e9ccca28573b99b7ed92da85c6c6add0f62fe9f5495686e4458e4db7a68ef3bdf2afc4efc6e7000ed84c7ccb5239887c12515c267a
-
/data/data/cn.sllb.contacts/databases/xj_adlog.db-journalFilesize
512B
MD588863ac1a691390b82a531714860bd68
SHA1ff26f46567ef8c1895822e8706d9990bfb01a19e
SHA2568fbefd7d0790f981b60b35f9763535bf326e55eaa91d3047246f028340e9b9b6
SHA5121bebc4216ca038cc33f9f85376c476a003990dad8e702bdb71aa5b4b60b1666067f493438bef821a99d3aaa65137d731e126f7c776d11843c0150bc78c5fb053
-
/data/data/cn.sllb.contacts/databases/xj_adlog.db-walFilesize
28KB
MD55900e4116bf96229a1179e32972d8970
SHA1c95522427c75e8c578e1fb959ef7dfb3855eafe1
SHA2561902c054061af893153cb0fcac68d6808a66b7923926239b8c908961f6cfc106
SHA51237782ba65a9fae74f1cd84f2066ec2eb5dd623d5bbc686772e40acc3ac8e3d9593ce3abb9e5946cd70eb5b57d022453112e41e9640ab74a315450a091b9f820c
-
/data/data/cn.sllb.contacts/files/5000337-1000/V4/1717569580971.jarFilesize
104KB
MD5399b8a5bbaea391c4f2d413fcee8547e
SHA18356ddaa43f2b9477d17261807f9adf072a7f43b
SHA256bf639746c1be112103d5d36013cdc181e196b337ce4d75704a306b1afaa55bbd
SHA51289f4947f6f7412c4fc6776687c613bb7a5c06d11051839c423b506cab331f2b04835cc592e959d4a06c116078e9a5e6a9a8baf4e2b3605532999e3eb38725d21
-
/data/data/cn.sllb.contacts/files/5000337-1000/V4/base.soFilesize
104KB
MD5a34614523067cb205f612e929270cdd0
SHA1562157bae1666fb796bcd7e806740b72483e999b
SHA25682d6c5559cbc089e31bd3d22fb2422582df127671de40df3a4cb8142ae56ad3e
SHA51242118d29ecb6c855106f33dc8d49b146ae964176a96a995770f9f6ea95dac90fdff80ac7a312fd1a296477b3ca650368faf96f05b6f6cf5c61f1a99a35c70c6d
-
/data/data/cn.sllb.contacts/files/5000337-1000/V4/oat/1717569580971.jar.cur.profFilesize
384B
MD5d7133c9553712a1f779b0d27b788ba8a
SHA14880f62aa41b4682cdb8f2f4d6e8f19d3300b4a8
SHA256544e8efe2e8d473db5a047809c6360e98b7d19b536b37b611b8e82c57019eb1c
SHA5129e1c1abd8faace7efff5bea70d26a75b08eb692ea19d763b335839fc8b6f736e30193935cd89e4c88cbf6df3ce1bf496412a04ced33efc72ca9a0fbe5bc98de2
-
/data/data/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jarFilesize
142KB
MD5fb9f61029be5e91cffe1611ad1fc834d
SHA138ff760cb895ecbe7ded06a00f1b5284b9bcef8f
SHA256423fcede580be77b6950828a5b7d42fc624626ba386bcaddab5e02521fafd950
SHA512bed46cf01212fdda0bf823763571fa4a92ae016578c4f3cc7da2fadd915e43027771356d36c409bd2e4572837c8f3c6366c21641feb35a1b58cb80238e22d680
-
/data/data/cn.sllb.contacts/files/5000337-1000/oat/comsaappopqgjw3jseanmtr.jar.cur.profFilesize
338B
MD550536143c6e42cd9602b48c5ec122f58
SHA1f10d16def214a5a191d1f5f68032fd93219ecadb
SHA256528418d0a9706efbea41736b592d9d5fe68931015fa8349eb529e472c4eadb06
SHA512558e8c35128b24edf384b1e8f0cb177b6e05b2175e0e50c74c3eedf4fd0fbf7a5d87b6d7cc00286a19e8b930c07ac3edbfef84dfec7d119a99a3a04eba47a569
-
/data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569580971.jarFilesize
246KB
MD50da5cbf5f12e8827e6360dc62dff2eeb
SHA17593c94995fbe672b660c28dd9ab3f010a8ea9ff
SHA2565814054044c97e81830da96c39f8692a5b9bd40e05d66abe62bf283e80cd2580
SHA512f38d2d72b91c1fc42bb5501f79610f710c245f73cf22655ed2e67f1bd211296cfc45963ce9f9980650252e12da6a4861d5e531f41dc1eee3eef0dfbf879ee20c
-
/data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jarFilesize
215KB
MD55673c0e6517306e207a8723301f2cb49
SHA1024387393cab1033374d404ce98902d4453d185b
SHA256369eb26a4b6818585a4b76da430ee6871e408ce3338736359a822345a3fbf95b
SHA512ad765ed6eb1d02af3ed34df5f91587a854aa8bbd7d65da60622e464cb64ab104f1d7b6f034b6bf9110d67e018a8047def8f06046bd4df11bf689588357cde151