Analysis

  • max time kernel
    169s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 11:58

General

  • Target

    9817a885936dd4b76bbae3d67421e227_JaffaCakes118.apk

  • Size

    14.0MB

  • MD5

    9817a885936dd4b76bbae3d67421e227

  • SHA1

    bb67a848c374c3c250bbba8a42dbbcca9498a2a4

  • SHA256

    a5a8ea34f978049bf2d83fd5a3ca1a4c5364018423b67394f06918bf7c5134bd

  • SHA512

    35e31d3e605265925fa3b2d081c391b6203c9e1ea693baed8d53d9623c12244b88f08981e9925b0bca124d40d49c4b8a59d79a991d53d1036235c841cc31c98f

  • SSDEEP

    393216:2yFJNN86JY3DSjRVbV6H1XRrIa5XgJziHXTeX37:2yFJNQmjnV6dpIggi3Tyr

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 2 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.chediandian.customer
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4273
  • com.chediandian.customer:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4307
  • io.rong.push
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4332

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.chediandian.customer/databases/xk_db

    Filesize

    28KB

    MD5

    59bcf672d6aa933d7a5d5a6a41312d89

    SHA1

    1ccbf2bd3647dcb1ec22784f98a4aa035d507ffc

    SHA256

    587526298ec8243e9e3affe269261af7c8b15c716b3f611a4fbc4768455011f2

    SHA512

    a662d86f07752ec3b16d89fe6ee1af615a0af7806d8bc85386cb1c3b73abca26da4f77d95eb1563168ae31540fb8988a4ab7ef8bf42703b5b6e4bd6fa36ec233

  • /data/data/com.chediandian.customer/databases/xk_db-journal

    Filesize

    512B

    MD5

    ff8e25b4d441642003dcde28d268057f

    SHA1

    75237c04e2838831c0979b9d67ef34b92597bac4

    SHA256

    e3dc43118289047cc7779571dc25479a8b813da780ade92ebd2b38a1f845b1dc

    SHA512

    0a899300b405440227a1ca83283d15a837fe83b02677df513a2203379327f6b2e6a95cc358d3c33da92f64e1a8bfc0d6e412b62071ecf6f9f7be6c3bef62d606

  • /data/data/com.chediandian.customer/databases/xk_db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.chediandian.customer/databases/xk_db-wal

    Filesize

    56KB

    MD5

    ed3957d6289eb0a7b62149fbf8249938

    SHA1

    913ba710b9f2696c7a0983e08b32aac3916959cc

    SHA256

    0c8171deee46e3a04bb562c20999cbc21b15556e7dc8c1b7c56c647cd4640aaa

    SHA512

    9b4ca6467ba6b13f19c37d10dccaf2aa51418774ccb690338e96afce816e2f0fb392503e8732daa076b7a283bc3f2edc526a3c57733740841f13d9aca250255f

  • /storage/emulated/0/Android/data/com.chediandian.customer/cache/kit/journal.tmp

    Filesize

    31B

    MD5

    8c8bcb7d36cb5a71729c00c4e7f2d330

    SHA1

    a352667c61dc45f43cae74a7102fa692fba98d3e

    SHA256

    fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150

    SHA512

    4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

  • /storage/emulated/0/Android/data/com.chediandian.customer/cache/newlocationCache/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56