Analysis

  • max time kernel
    179s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 06:34

General

  • Target

    975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk

  • Size

    449KB

  • MD5

    975ec006f485b20e04b22734ba601deb

  • SHA1

    a41e92cc4b9a4df519f40f7c6c0639df6a764ddd

  • SHA256

    dcf5bb8568c8a027f696e0b7e1b38869081ac763110ac8046219575ef7c858ea

  • SHA512

    fa536af1c0931204462489bc7b0305eba21c7d640d8a01811da90fa31348080ae1368ee7bbb72c41743efb5f1ce109eb9093db07a8784091f6833a443f2f7ad9

  • SSDEEP

    12288:mHd2kFd/ioBZhrWeGeHKWgLcj/Ckx6dcKYhLfaM0L:m9z7KoBbyeGtLceqKYhLfal

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • cn.sllb.contacts
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    512B

    MD5

    356161e41b1dca0bee6d4f3e16462024

    SHA1

    3c206c5c993ae654b9f52f70a8ab62f1e069cb35

    SHA256

    21572c3d9d2e2cfd0eb57459d18c104f9866175ac605717b6a6e0fd81dd9ed15

    SHA512

    5e8b9d6cdde4d6779dcfc4088b68d070779f453ce76dec4c5fc709bce2d26f78fac5f0139ffd1a68f971baffecac69634dfa15b031ba4ba6d8f8e860e4544562

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db-wal
    Filesize

    28KB

    MD5

    c7321ab6014f20f53e6399aafc774d22

    SHA1

    bdb4727e9093e46a9eddc428c149e5dd6fd2b25f

    SHA256

    3772f6bf7d93e4266c0dc8b669dbc28d8f9e51d5ff1cd74b5802b726851fc921

    SHA512

    52416fe4005c1352a4f374e9ccca28573b99b7ed92da85c6c6add0f62fe9f5495686e4458e4db7a68ef3bdf2afc4efc6e7000ed84c7ccb5239887c12515c267a

  • /data/data/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    512B

    MD5

    88863ac1a691390b82a531714860bd68

    SHA1

    ff26f46567ef8c1895822e8706d9990bfb01a19e

    SHA256

    8fbefd7d0790f981b60b35f9763535bf326e55eaa91d3047246f028340e9b9b6

    SHA512

    1bebc4216ca038cc33f9f85376c476a003990dad8e702bdb71aa5b4b60b1666067f493438bef821a99d3aaa65137d731e126f7c776d11843c0150bc78c5fb053

  • /data/data/cn.sllb.contacts/databases/xj_adlog.db-wal
    Filesize

    28KB

    MD5

    5900e4116bf96229a1179e32972d8970

    SHA1

    c95522427c75e8c578e1fb959ef7dfb3855eafe1

    SHA256

    1902c054061af893153cb0fcac68d6808a66b7923926239b8c908961f6cfc106

    SHA512

    37782ba65a9fae74f1cd84f2066ec2eb5dd623d5bbc686772e40acc3ac8e3d9593ce3abb9e5946cd70eb5b57d022453112e41e9640ab74a315450a091b9f820c

  • /data/data/cn.sllb.contacts/files/5000337-1000/V4/1717569580971.jar
    Filesize

    104KB

    MD5

    399b8a5bbaea391c4f2d413fcee8547e

    SHA1

    8356ddaa43f2b9477d17261807f9adf072a7f43b

    SHA256

    bf639746c1be112103d5d36013cdc181e196b337ce4d75704a306b1afaa55bbd

    SHA512

    89f4947f6f7412c4fc6776687c613bb7a5c06d11051839c423b506cab331f2b04835cc592e959d4a06c116078e9a5e6a9a8baf4e2b3605532999e3eb38725d21

  • /data/data/cn.sllb.contacts/files/5000337-1000/V4/base.so
    Filesize

    104KB

    MD5

    a34614523067cb205f612e929270cdd0

    SHA1

    562157bae1666fb796bcd7e806740b72483e999b

    SHA256

    82d6c5559cbc089e31bd3d22fb2422582df127671de40df3a4cb8142ae56ad3e

    SHA512

    42118d29ecb6c855106f33dc8d49b146ae964176a96a995770f9f6ea95dac90fdff80ac7a312fd1a296477b3ca650368faf96f05b6f6cf5c61f1a99a35c70c6d

  • /data/data/cn.sllb.contacts/files/5000337-1000/V4/oat/1717569580971.jar.cur.prof
    Filesize

    384B

    MD5

    d7133c9553712a1f779b0d27b788ba8a

    SHA1

    4880f62aa41b4682cdb8f2f4d6e8f19d3300b4a8

    SHA256

    544e8efe2e8d473db5a047809c6360e98b7d19b536b37b611b8e82c57019eb1c

    SHA512

    9e1c1abd8faace7efff5bea70d26a75b08eb692ea19d763b335839fc8b6f736e30193935cd89e4c88cbf6df3ce1bf496412a04ced33efc72ca9a0fbe5bc98de2

  • /data/data/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar
    Filesize

    142KB

    MD5

    fb9f61029be5e91cffe1611ad1fc834d

    SHA1

    38ff760cb895ecbe7ded06a00f1b5284b9bcef8f

    SHA256

    423fcede580be77b6950828a5b7d42fc624626ba386bcaddab5e02521fafd950

    SHA512

    bed46cf01212fdda0bf823763571fa4a92ae016578c4f3cc7da2fadd915e43027771356d36c409bd2e4572837c8f3c6366c21641feb35a1b58cb80238e22d680

  • /data/data/cn.sllb.contacts/files/5000337-1000/oat/comsaappopqgjw3jseanmtr.jar.cur.prof
    Filesize

    338B

    MD5

    50536143c6e42cd9602b48c5ec122f58

    SHA1

    f10d16def214a5a191d1f5f68032fd93219ecadb

    SHA256

    528418d0a9706efbea41736b592d9d5fe68931015fa8349eb529e472c4eadb06

    SHA512

    558e8c35128b24edf384b1e8f0cb177b6e05b2175e0e50c74c3eedf4fd0fbf7a5d87b6d7cc00286a19e8b930c07ac3edbfef84dfec7d119a99a3a04eba47a569

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569580971.jar
    Filesize

    246KB

    MD5

    0da5cbf5f12e8827e6360dc62dff2eeb

    SHA1

    7593c94995fbe672b660c28dd9ab3f010a8ea9ff

    SHA256

    5814054044c97e81830da96c39f8692a5b9bd40e05d66abe62bf283e80cd2580

    SHA512

    f38d2d72b91c1fc42bb5501f79610f710c245f73cf22655ed2e67f1bd211296cfc45963ce9f9980650252e12da6a4861d5e531f41dc1eee3eef0dfbf879ee20c

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar
    Filesize

    215KB

    MD5

    5673c0e6517306e207a8723301f2cb49

    SHA1

    024387393cab1033374d404ce98902d4453d185b

    SHA256

    369eb26a4b6818585a4b76da430ee6871e408ce3338736359a822345a3fbf95b

    SHA512

    ad765ed6eb1d02af3ed34df5f91587a854aa8bbd7d65da60622e464cb64ab104f1d7b6f034b6bf9110d67e018a8047def8f06046bd4df11bf689588357cde151