Analysis
-
max time kernel
179s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
05-06-2024 06:34
Static task
static1
Behavioral task
behavioral1
Sample
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk
-
Size
449KB
-
MD5
975ec006f485b20e04b22734ba601deb
-
SHA1
a41e92cc4b9a4df519f40f7c6c0639df6a764ddd
-
SHA256
dcf5bb8568c8a027f696e0b7e1b38869081ac763110ac8046219575ef7c858ea
-
SHA512
fa536af1c0931204462489bc7b0305eba21c7d640d8a01811da90fa31348080ae1368ee7bbb72c41743efb5f1ce109eb9093db07a8784091f6833a443f2f7ad9
-
SSDEEP
12288:mHd2kFd/ioBZhrWeGeHKWgLcj/Ckx6dcKYhLfaM0L:m9z7KoBbyeGtLceqKYhLfal
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
cn.sllb.contactsioc pid process /data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar 5032 cn.sllb.contacts /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569579876.jar 5032 cn.sllb.contacts -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
cn.sllb.contactsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.sllb.contacts -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.sllb.contactsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.sllb.contacts -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cn.sllb.contactsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.sllb.contacts
Processes
-
cn.sllb.contacts1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.dbFilesize
16KB
MD5f919f25fbdf7f9596dcaf468399fabae
SHA1735804f7f7eeca55ff04ec1a42c99dfe0ac9125e
SHA25679570148e6e09cd551d52e46eac80124419f35130514dae3b9ef5a0f7be12dce
SHA512f4ef69247904512682940b4b194ecd503e30226071fcb78a9c9d13aaa95b75af56b3c0931c4b98491b6da76122877a21f703eab45e9aaa2e678279b95b8b4e1c
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journalFilesize
512B
MD50d6848b1ee95c2479576f91648de2c46
SHA1ebc537020b33881d087c79b39dae50ac765046bb
SHA2568464f4e9e47cd0911c333d481dcb383bc7b90f4146e813e621538d04cf44c203
SHA512efe1b5265c4100365888e6161220aa44f0e5c6e9bd3bc833a2a0f4fd02a94122487ce36806866defe6261b4cce754dc7372353995b8c6bf52aca6c76730bd794
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journalFilesize
8KB
MD529e3125471006289ccaba3ba1edb0a6a
SHA1a7aea062d0368cbb07641f96be39f29fa89e1cc2
SHA2565277870a2f0bfda43d775af1ef8ee8e8e350185739328059894f714c4532f853
SHA512dc7f00b1cd9e9916de39ee7e19fe8d7c45cb15ec5e48caf9d4c6fe78e00b0f3cea522b5d8cb93f3600800e5e257662dbce517648cc4d56612b16a7eda75bc701
-
/data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journalFilesize
8KB
MD576a42832119bc4a1611c5e32e89a145e
SHA1322bc67d1267ee57e0b5824349696feff6642842
SHA2562bc1dd6f7f0866318c85ddd47c11f16a2507d68e9f17c53a13dae9e7001c3dea
SHA512d10564dc83e3c000fba944d63316f7d2ede1951674916483770f88aaf91751a1de195a61519228a786aa1c433f56854f5a589186c5c7033e0fb0b9b9373e9131
-
/data/data/cn.sllb.contacts/databases/xj_adlog.db-journalFilesize
512B
MD5c6aa717a8a180914ed6d9e8949b59433
SHA17185ca289a889f48813ef87c148f9e0864ce95ad
SHA25687811bb8d80a30236d5138d1fa0ac412abc5e564fe7a2183728dbacb3f34e0a6
SHA512bc94ef63d7bfccba6d31a1c8046fb06cbc960ba3d3560908e5da8401336215d75162623c5b999d50e5229c12dcbfcb7ec809d2e1c0a71b26bfe7085db26f51ff
-
/data/data/cn.sllb.contacts/databases/xj_adlog.db-journalFilesize
8KB
MD5b80c92a93ef3463482401bd65de44479
SHA1e435a17ada3eccd114663c2c5542c5359908dac5
SHA256ba6d189c8f96204cab19215a5909547ed947b19ecce692ec0e213455561e6c77
SHA512a36293f962907f8da86bd104c0e812bb0900dca84ea2ea5d04e365f9a73158e7b11046b58f89c2b70ae66b8fa5fb06cb02cd6841310e3d08eaa556fb4816da93
-
/data/data/cn.sllb.contacts/databases/xj_adlog.db-journalFilesize
8KB
MD5d58ad46fc747094aa08c4b3867707efc
SHA1a1b657b3cd07653e1a4c7a238ec8dce8d524c0ec
SHA256a8b70d590fa99b32aecfa3bf1033bbc7b74c671541aa47f9fc864e53bf353a5b
SHA51206451ef6b5f1b0a14d019bd9f58c59610e14c9b4e3a0b915f7771628b05bf84d00d56df9315a3c764ed37e29a9561d3e2dd4d38e99d6dab0af88649a262fb6ae
-
/data/data/cn.sllb.contacts/files/5000337-1000/V4/1717569579876.jarFilesize
104KB
MD5399b8a5bbaea391c4f2d413fcee8547e
SHA18356ddaa43f2b9477d17261807f9adf072a7f43b
SHA256bf639746c1be112103d5d36013cdc181e196b337ce4d75704a306b1afaa55bbd
SHA51289f4947f6f7412c4fc6776687c613bb7a5c06d11051839c423b506cab331f2b04835cc592e959d4a06c116078e9a5e6a9a8baf4e2b3605532999e3eb38725d21
-
/data/data/cn.sllb.contacts/files/5000337-1000/V4/base.soFilesize
104KB
MD5a34614523067cb205f612e929270cdd0
SHA1562157bae1666fb796bcd7e806740b72483e999b
SHA25682d6c5559cbc089e31bd3d22fb2422582df127671de40df3a4cb8142ae56ad3e
SHA51242118d29ecb6c855106f33dc8d49b146ae964176a96a995770f9f6ea95dac90fdff80ac7a312fd1a296477b3ca650368faf96f05b6f6cf5c61f1a99a35c70c6d
-
/data/data/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jarFilesize
142KB
MD5fb9f61029be5e91cffe1611ad1fc834d
SHA138ff760cb895ecbe7ded06a00f1b5284b9bcef8f
SHA256423fcede580be77b6950828a5b7d42fc624626ba386bcaddab5e02521fafd950
SHA512bed46cf01212fdda0bf823763571fa4a92ae016578c4f3cc7da2fadd915e43027771356d36c409bd2e4572837c8f3c6366c21641feb35a1b58cb80238e22d680
-
/data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569579876.jarFilesize
246KB
MD50da5cbf5f12e8827e6360dc62dff2eeb
SHA17593c94995fbe672b660c28dd9ab3f010a8ea9ff
SHA2565814054044c97e81830da96c39f8692a5b9bd40e05d66abe62bf283e80cd2580
SHA512f38d2d72b91c1fc42bb5501f79610f710c245f73cf22655ed2e67f1bd211296cfc45963ce9f9980650252e12da6a4861d5e531f41dc1eee3eef0dfbf879ee20c
-
/data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jarFilesize
215KB
MD55673c0e6517306e207a8723301f2cb49
SHA1024387393cab1033374d404ce98902d4453d185b
SHA256369eb26a4b6818585a4b76da430ee6871e408ce3338736359a822345a3fbf95b
SHA512ad765ed6eb1d02af3ed34df5f91587a854aa8bbd7d65da60622e464cb64ab104f1d7b6f034b6bf9110d67e018a8047def8f06046bd4df11bf689588357cde151