Analysis

  • max time kernel
    22s
  • max time network
    180s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 07:55

General

  • Target

    978bc36a8537914ae4a836de6dd912a1_JaffaCakes118.apk

  • Size

    9.6MB

  • MD5

    978bc36a8537914ae4a836de6dd912a1

  • SHA1

    0a8c6e5c77e0114797d6690b0f5b7bde0eb89bc0

  • SHA256

    5ffbe7b1867699514b1a5abb95f5179380d0cfba37af6df7f0c2e1bca35c55fc

  • SHA512

    04d0fc8d9e39ef7f297611c93b1365e2605a6867459feb05c7f7ebf9902d421b69d1a47ad7cfb3bbac8b6a4fcc61c21edb76612c553f65108209811c1e32b556

  • SSDEEP

    196608:bLGlSkymt1cejpTdnGE9cx0TxWEQ+Hy/cuQUYttqB8:bLGlHymDcEnGEceTxWEOcZUYttqB8

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.dianxinos.dxbs
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4254
  • com.dianxinos.dxbs:local
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4299

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dianxinos.dxbs/.mbj/dex/classes.zip

    Filesize

    373KB

    MD5

    0aca234fd3c71f5fad4f7f6f4538fc62

    SHA1

    beefe3771a03889c404ccdc74bad45f4154d2a65

    SHA256

    0c5f01cf0c05302ffd9df5ddbc92a1115b6c3c7ccb84f97f4f27572385aa57ea

    SHA512

    a44a3fcf57b1ee6c0944520c2660a3d6e7c99d9f71454dff3bebc52ae2c74f448682da7c26c639a2fae52f0328e52db1f370e818b55469002bcde62401a490e6

  • /data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

    Filesize

    512B

    MD5

    96223f47d3c7f9f82a98d20358ffe2f0

    SHA1

    b07513643c478442b9f1c4ebefdc57b4149dbbd1

    SHA256

    5e86aca1902587af3e67c5c606d120cff8376c72e16efd0da146e03e5ccf5f96

    SHA512

    5e0109e869f80b29d4a26d2041e945342ec34dbe49dedc024807fff5f62ef859a2971af048162b140aa2abd89dd06e047459e52763c7c838e6dea11c8c91b068

  • /data/data/com.dianxinos.dxbs/databases/notify_items.sp-wal

    Filesize

    108KB

    MD5

    9394b0d6ae5fb0587eac410145a18aa2

    SHA1

    2dedc9be1ba357bd9cfc31c97dd619f4797e5efc

    SHA256

    81099666daea8e4dca972968e6a8523a2f96026154757131f748f2f142d43442

    SHA512

    a567366b38979b61c7f662a97a09e8ab314f75bc801ee8ce4fd8efb5e83b295e783379c41b29da27d7f219e2ae14aa0ff8f61f8723875138322ab7c58c587254

  • /data/data/com.dianxinos.dxbs/databases/toolbox_ts.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-journal

    Filesize

    512B

    MD5

    236346d693c1b16e76e56665b46e3e2c

    SHA1

    0cd01510f51c25e8ce559e31b4e94ef832e08d89

    SHA256

    bcdb75f7a4cd25f61daa035645ec4fb17d3ab973cf555646125443d4c91d3f17

    SHA512

    ab4c409ab7108804d257f6422596aa010e6377ff667e18b1e52a0341bf6b2f7aba35702418f2955b3102cc9c9f3d714a8f3cb4b3b212d1032a4ac2f746a4cca1

  • /data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-wal

    Filesize

    32KB

    MD5

    45dc08ee648779c95953b8af2bb02fe6

    SHA1

    7309b84013651958276d73e41cda99b36dfc27cb

    SHA256

    fd01c8ecfe9f88f3109f7faae0331dda68da91328406384571cbfa92201c1ee6

    SHA512

    c25679a779f039cd8a30116b2b042090e6cb4a5e432a059b531e7ecaf3ebdfac43cfe1521173f351f9328e05ebd67a6b0b55277d133c1849b0f556faedc47cc8

  • /data/user/0/com.dianxinos.dxbs/.mbj/dex/classes.zip

    Filesize

    915KB

    MD5

    cd91205f1ff564cdc4513edc7ce661b5

    SHA1

    6ae133d5ea19f1b575d68bbd9d0fa33d4685c112

    SHA256

    82f5f4ec5b2d8b97ba1c079a01f16b686fbca973fbaddbfc22d0e2324483a9ec

    SHA512

    a74b53d95286b74f7bf7307e2b14588b2fb64c3d57d2883b4adb5c258cd91118b1a337b47b2afd5f224189bc0dd33d5ca49be627cdb804b9f45db099cbbe782c

  • /storage/emulated/0/dianxin/notify/.cache/7da4/network/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56