Analysis

  • max time kernel
    179s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20240603-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
  • submitted
    05-06-2024 06:34

General

  • Target

    975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk

  • Size

    449KB

  • MD5

    975ec006f485b20e04b22734ba601deb

  • SHA1

    a41e92cc4b9a4df519f40f7c6c0639df6a764ddd

  • SHA256

    dcf5bb8568c8a027f696e0b7e1b38869081ac763110ac8046219575ef7c858ea

  • SHA512

    fa536af1c0931204462489bc7b0305eba21c7d640d8a01811da90fa31348080ae1368ee7bbb72c41743efb5f1ce109eb9093db07a8784091f6833a443f2f7ad9

  • SSDEEP

    12288:mHd2kFd/ioBZhrWeGeHKWgLcj/Ckx6dcKYhLfaM0L:m9z7KoBbyeGtLceqKYhLfal

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • cn.sllb.contacts
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db
    Filesize

    16KB

    MD5

    f919f25fbdf7f9596dcaf468399fabae

    SHA1

    735804f7f7eeca55ff04ec1a42c99dfe0ac9125e

    SHA256

    79570148e6e09cd551d52e46eac80124419f35130514dae3b9ef5a0f7be12dce

    SHA512

    f4ef69247904512682940b4b194ecd503e30226071fcb78a9c9d13aaa95b75af56b3c0931c4b98491b6da76122877a21f703eab45e9aaa2e678279b95b8b4e1c

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    512B

    MD5

    0d6848b1ee95c2479576f91648de2c46

    SHA1

    ebc537020b33881d087c79b39dae50ac765046bb

    SHA256

    8464f4e9e47cd0911c333d481dcb383bc7b90f4146e813e621538d04cf44c203

    SHA512

    efe1b5265c4100365888e6161220aa44f0e5c6e9bd3bc833a2a0f4fd02a94122487ce36806866defe6261b4cce754dc7372353995b8c6bf52aca6c76730bd794

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    8KB

    MD5

    29e3125471006289ccaba3ba1edb0a6a

    SHA1

    a7aea062d0368cbb07641f96be39f29fa89e1cc2

    SHA256

    5277870a2f0bfda43d775af1ef8ee8e8e350185739328059894f714c4532f853

    SHA512

    dc7f00b1cd9e9916de39ee7e19fe8d7c45cb15ec5e48caf9d4c6fe78e00b0f3cea522b5d8cb93f3600800e5e257662dbce517648cc4d56612b16a7eda75bc701

  • /data/data/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    8KB

    MD5

    76a42832119bc4a1611c5e32e89a145e

    SHA1

    322bc67d1267ee57e0b5824349696feff6642842

    SHA256

    2bc1dd6f7f0866318c85ddd47c11f16a2507d68e9f17c53a13dae9e7001c3dea

    SHA512

    d10564dc83e3c000fba944d63316f7d2ede1951674916483770f88aaf91751a1de195a61519228a786aa1c433f56854f5a589186c5c7033e0fb0b9b9373e9131

  • /data/data/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    512B

    MD5

    c6aa717a8a180914ed6d9e8949b59433

    SHA1

    7185ca289a889f48813ef87c148f9e0864ce95ad

    SHA256

    87811bb8d80a30236d5138d1fa0ac412abc5e564fe7a2183728dbacb3f34e0a6

    SHA512

    bc94ef63d7bfccba6d31a1c8046fb06cbc960ba3d3560908e5da8401336215d75162623c5b999d50e5229c12dcbfcb7ec809d2e1c0a71b26bfe7085db26f51ff

  • /data/data/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    8KB

    MD5

    b80c92a93ef3463482401bd65de44479

    SHA1

    e435a17ada3eccd114663c2c5542c5359908dac5

    SHA256

    ba6d189c8f96204cab19215a5909547ed947b19ecce692ec0e213455561e6c77

    SHA512

    a36293f962907f8da86bd104c0e812bb0900dca84ea2ea5d04e365f9a73158e7b11046b58f89c2b70ae66b8fa5fb06cb02cd6841310e3d08eaa556fb4816da93

  • /data/data/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    8KB

    MD5

    d58ad46fc747094aa08c4b3867707efc

    SHA1

    a1b657b3cd07653e1a4c7a238ec8dce8d524c0ec

    SHA256

    a8b70d590fa99b32aecfa3bf1033bbc7b74c671541aa47f9fc864e53bf353a5b

    SHA512

    06451ef6b5f1b0a14d019bd9f58c59610e14c9b4e3a0b915f7771628b05bf84d00d56df9315a3c764ed37e29a9561d3e2dd4d38e99d6dab0af88649a262fb6ae

  • /data/data/cn.sllb.contacts/files/5000337-1000/V4/1717569579876.jar
    Filesize

    104KB

    MD5

    399b8a5bbaea391c4f2d413fcee8547e

    SHA1

    8356ddaa43f2b9477d17261807f9adf072a7f43b

    SHA256

    bf639746c1be112103d5d36013cdc181e196b337ce4d75704a306b1afaa55bbd

    SHA512

    89f4947f6f7412c4fc6776687c613bb7a5c06d11051839c423b506cab331f2b04835cc592e959d4a06c116078e9a5e6a9a8baf4e2b3605532999e3eb38725d21

  • /data/data/cn.sllb.contacts/files/5000337-1000/V4/base.so
    Filesize

    104KB

    MD5

    a34614523067cb205f612e929270cdd0

    SHA1

    562157bae1666fb796bcd7e806740b72483e999b

    SHA256

    82d6c5559cbc089e31bd3d22fb2422582df127671de40df3a4cb8142ae56ad3e

    SHA512

    42118d29ecb6c855106f33dc8d49b146ae964176a96a995770f9f6ea95dac90fdff80ac7a312fd1a296477b3ca650368faf96f05b6f6cf5c61f1a99a35c70c6d

  • /data/data/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar
    Filesize

    142KB

    MD5

    fb9f61029be5e91cffe1611ad1fc834d

    SHA1

    38ff760cb895ecbe7ded06a00f1b5284b9bcef8f

    SHA256

    423fcede580be77b6950828a5b7d42fc624626ba386bcaddab5e02521fafd950

    SHA512

    bed46cf01212fdda0bf823763571fa4a92ae016578c4f3cc7da2fadd915e43027771356d36c409bd2e4572837c8f3c6366c21641feb35a1b58cb80238e22d680

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569579876.jar
    Filesize

    246KB

    MD5

    0da5cbf5f12e8827e6360dc62dff2eeb

    SHA1

    7593c94995fbe672b660c28dd9ab3f010a8ea9ff

    SHA256

    5814054044c97e81830da96c39f8692a5b9bd40e05d66abe62bf283e80cd2580

    SHA512

    f38d2d72b91c1fc42bb5501f79610f710c245f73cf22655ed2e67f1bd211296cfc45963ce9f9980650252e12da6a4861d5e531f41dc1eee3eef0dfbf879ee20c

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar
    Filesize

    215KB

    MD5

    5673c0e6517306e207a8723301f2cb49

    SHA1

    024387393cab1033374d404ce98902d4453d185b

    SHA256

    369eb26a4b6818585a4b76da430ee6871e408ce3338736359a822345a3fbf95b

    SHA512

    ad765ed6eb1d02af3ed34df5f91587a854aa8bbd7d65da60622e464cb64ab104f1d7b6f034b6bf9110d67e018a8047def8f06046bd4df11bf689588357cde151