Analysis

  • max time kernel
    179s
  • max time network
    138s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    05-06-2024 06:34

General

  • Target

    975ec006f485b20e04b22734ba601deb_JaffaCakes118.apk

  • Size

    449KB

  • MD5

    975ec006f485b20e04b22734ba601deb

  • SHA1

    a41e92cc4b9a4df519f40f7c6c0639df6a764ddd

  • SHA256

    dcf5bb8568c8a027f696e0b7e1b38869081ac763110ac8046219575ef7c858ea

  • SHA512

    fa536af1c0931204462489bc7b0305eba21c7d640d8a01811da90fa31348080ae1368ee7bbb72c41743efb5f1ce109eb9093db07a8784091f6833a443f2f7ad9

  • SSDEEP

    12288:mHd2kFd/ioBZhrWeGeHKWgLcj/Ckx6dcKYhLfaM0L:m9z7KoBbyeGtLceqKYhLfal

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

Processes

  • cn.sllb.contacts
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4546

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/cn.sllb.contacts/databases/5000337-1000_point.db
    Filesize

    16KB

    MD5

    2e0379ff60639368f320c6ff2a0b81b9

    SHA1

    f1a8dd04f830fc306eda60594d64db7af486bf84

    SHA256

    a6bf2ce600ec054da8fe92fdef74c5485bd8f222a088fb014575acb430c258c3

    SHA512

    2d82297ee3eccee0852ec475bf79116eea8f7b60000f3ecd1154fe4c2325b8ab099dc29d3a0eeca904878e9c013accad0251874111176cbe4e1c3e2e735345a3

  • /data/user/0/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    512B

    MD5

    4729eb348e77674cb32227ce1c098fda

    SHA1

    d5a5cd6d0e49e6c061a214feac32911e4a537ad3

    SHA256

    5f5bb0cfc5bc5ae44c3e5a0c40d18345f12c436ec2ff23d3477cabdc031b9c26

    SHA512

    ea7996f25a5c782f6722f5f4d000163f14aa62c57d738c3605dbb5fffeaae59abf08c5bdad85bab1b09af59df174602c17d40498a4a5f58e84e3566dd391a90e

  • /data/user/0/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    8KB

    MD5

    f05ba752bf80423125bea51b394d93ff

    SHA1

    95613fbee01b99110c46c176ccf51e225fe27660

    SHA256

    85842d42a9cde7d5f56c78740250b8738f144685150accdf10a734c6a7636b03

    SHA512

    8772f84ae3c68c41c071667328e81a636ba529d1d79f13ba810d63c234f6ae47c2deec65184f357348b3f6ba406e336d85df9e28792076bc545d1d99b0c8ccfa

  • /data/user/0/cn.sllb.contacts/databases/5000337-1000_point.db-journal
    Filesize

    8KB

    MD5

    056f339c3bc9008344a0c7e8774e2164

    SHA1

    9bbb9b7a03a234a8a45e93786f5fa92f3f64a770

    SHA256

    07351ed23d9568e7e8582549a6fc23ca151afaa74a8f5ba5c842e0fbac3f4d7d

    SHA512

    3cc7c6efbec99d2062220f70f3e45b44ceeed577c9bad2eef3f2b4251709bac7e58f4d1b1e59af2e78fbe639f916287f26c666f9dcc7b0c324384e56f06924a8

  • /data/user/0/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    512B

    MD5

    647b1e8c26369870cfd8ed138a9edf87

    SHA1

    48451f7a3f2bda4dd220adcbeed697d2ce88e15e

    SHA256

    43ac9631b5096bd23d6c0374cf662e2dbf4be2f052de66f731a96254cbddd54b

    SHA512

    d62ce6d5940521a5f0618655f5d2485e18acc8101cf7564cc85f65cff5f706622585c93b0a62999e07464879173d8dd79194c065ecd4b4051c6343b0f9f1034a

  • /data/user/0/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    8KB

    MD5

    69ca635b7c5d42c58713acca28df3a94

    SHA1

    4a21e4306b9cb6f3574bc43f2f3f5fab1f445a39

    SHA256

    9ef232d5c0dd807a29bdf1f45c19d2a4b8659123c71d330e85a6d14051003cd6

    SHA512

    40bad6692216bd45bdc79afa26740cfbfe471fa537fa50aa29be47f4926efb85ca5bb093996cbd77db510eac128e9a0f4ad567c407b1f939f4a8d862d0e71717

  • /data/user/0/cn.sllb.contacts/databases/xj_adlog.db-journal
    Filesize

    8KB

    MD5

    5f2c32c074f9b49c95007f84b4c999ac

    SHA1

    233993529e3d0007522fe09b4dcbc101f9cab0d2

    SHA256

    07d8f20072e14625c79b8eb77613f9384c1383a11bb1b66d9bfb795f621e3cde

    SHA512

    3d5b0d8ce8334461aca363313099f06ad61f8b66664e49765ed93748af6b46d708432c44ea50e140c11e69b7f92d8f1950000606c223c4e98f85961e72ffbb67

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569582715.jar
    Filesize

    104KB

    MD5

    399b8a5bbaea391c4f2d413fcee8547e

    SHA1

    8356ddaa43f2b9477d17261807f9adf072a7f43b

    SHA256

    bf639746c1be112103d5d36013cdc181e196b337ce4d75704a306b1afaa55bbd

    SHA512

    89f4947f6f7412c4fc6776687c613bb7a5c06d11051839c423b506cab331f2b04835cc592e959d4a06c116078e9a5e6a9a8baf4e2b3605532999e3eb38725d21

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/1717569582715.jar
    Filesize

    246KB

    MD5

    0da5cbf5f12e8827e6360dc62dff2eeb

    SHA1

    7593c94995fbe672b660c28dd9ab3f010a8ea9ff

    SHA256

    5814054044c97e81830da96c39f8692a5b9bd40e05d66abe62bf283e80cd2580

    SHA512

    f38d2d72b91c1fc42bb5501f79610f710c245f73cf22655ed2e67f1bd211296cfc45963ce9f9980650252e12da6a4861d5e531f41dc1eee3eef0dfbf879ee20c

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/V4/base.so
    Filesize

    104KB

    MD5

    a34614523067cb205f612e929270cdd0

    SHA1

    562157bae1666fb796bcd7e806740b72483e999b

    SHA256

    82d6c5559cbc089e31bd3d22fb2422582df127671de40df3a4cb8142ae56ad3e

    SHA512

    42118d29ecb6c855106f33dc8d49b146ae964176a96a995770f9f6ea95dac90fdff80ac7a312fd1a296477b3ca650368faf96f05b6f6cf5c61f1a99a35c70c6d

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar
    Filesize

    142KB

    MD5

    fb9f61029be5e91cffe1611ad1fc834d

    SHA1

    38ff760cb895ecbe7ded06a00f1b5284b9bcef8f

    SHA256

    423fcede580be77b6950828a5b7d42fc624626ba386bcaddab5e02521fafd950

    SHA512

    bed46cf01212fdda0bf823763571fa4a92ae016578c4f3cc7da2fadd915e43027771356d36c409bd2e4572837c8f3c6366c21641feb35a1b58cb80238e22d680

  • /data/user/0/cn.sllb.contacts/files/5000337-1000/comsaappopqgjw3jseanmtr.jar
    Filesize

    215KB

    MD5

    5673c0e6517306e207a8723301f2cb49

    SHA1

    024387393cab1033374d404ce98902d4453d185b

    SHA256

    369eb26a4b6818585a4b76da430ee6871e408ce3338736359a822345a3fbf95b

    SHA512

    ad765ed6eb1d02af3ed34df5f91587a854aa8bbd7d65da60622e464cb64ab104f1d7b6f034b6bf9110d67e018a8047def8f06046bd4df11bf689588357cde151