Analysis

  • max time kernel
    157s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    05-06-2024 11:58

General

  • Target

    9817a885936dd4b76bbae3d67421e227_JaffaCakes118.apk

  • Size

    14.0MB

  • MD5

    9817a885936dd4b76bbae3d67421e227

  • SHA1

    bb67a848c374c3c250bbba8a42dbbcca9498a2a4

  • SHA256

    a5a8ea34f978049bf2d83fd5a3ca1a4c5364018423b67394f06918bf7c5134bd

  • SHA512

    35e31d3e605265925fa3b2d081c391b6203c9e1ea693baed8d53d9623c12244b88f08981e9925b0bca124d40d49c4b8a59d79a991d53d1036235c841cc31c98f

  • SSDEEP

    393216:2yFJNN86JY3DSjRVbV6H1XRrIa5XgJziHXTeX37:2yFJNQmjnV6dpIggi3Tyr

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 2 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.chediandian.customer
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4485
  • com.chediandian.customer:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4525
  • io.rong.push
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4555

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.chediandian.customer/databases/xk_db

    Filesize

    28KB

    MD5

    b4b47c31a3031ee71f5e49145115a41a

    SHA1

    e6ad12c9992b8d2381ae21838a80449e5b479104

    SHA256

    b15fa8d74525307fc302e56c1f1925dacc16e76f753f7ac61575555daae271ca

    SHA512

    59d5fe3c8474f58f1bb9a271de8fd7a693e221e6ca6a03a242e21cbce78ebd23fc9fa3aa520d7279cca99c8717f9b7fc7ffd6ad7af69bf34e7b1af98840c6799

  • /data/user/0/com.chediandian.customer/databases/xk_db-journal

    Filesize

    512B

    MD5

    5a7c0743afffc690253253e771b9aeb1

    SHA1

    e7d3c1db836f96c77263dcc1416b86ce9f56baf8

    SHA256

    7343c59c88a77605fb1bfe159b7d9d7acba29c0b693077f4023158298cc59140

    SHA512

    a3aabe9502b115d917ea46ce889a872544ffb553c9d43f72ab5b0e147b7515f7700b1f819b143c0e84fa42e8ca323542efe5c85f047559428722c1f654c26708

  • /data/user/0/com.chediandian.customer/databases/xk_db-journal

    Filesize

    8KB

    MD5

    adc4c361bc83198552fbe920b43e2ab5

    SHA1

    8f3b813ccee57301e35fdc6c93ab8f577e036198

    SHA256

    63eea4b1ff2a7ff48d6e06aea73b76e7e54208c5b1eb4a21c477519557c79a56

    SHA512

    fa52825fad6866bbd291146c762565b8080ce67fb3a3dc8216568aeae1220c72cbb5c61a1a12d62d2601f4a26338015599eaf4c0456a5318999b9be2bf297369

  • /data/user/0/com.chediandian.customer/databases/xk_db-journal

    Filesize

    8KB

    MD5

    36995f268085f6d5164addf92fdfd70d

    SHA1

    386cd4fe977f83250628d912c7efd2e9b53e1de3

    SHA256

    def81583dd0ba2a62a977e7073141f8ab3031c30746bbc8e5eefbd18e3d36966

    SHA512

    9a24b59d7a7680e9ea25e8310c267b85ffd496f04d43bf42be7421b547e772745a006dd849d2443aa4ccb0977240b4f07441fba1fe166373966d132c9a784e3b

  • /data/user/0/com.chediandian.customer/databases/xk_db-journal

    Filesize

    20KB

    MD5

    206cf203c8d5ee372a214c0fe40039a4

    SHA1

    7ed87d2170c1d14ea9d6a4f10fc3587b85f4a782

    SHA256

    0f80d219f52802dcc51933b2048fbc5a9a1cecea94da646a2efd3819f6ec55ba

    SHA512

    9289ec4d0f65f428a657b2952c394f2af45b9b5c79bf86f09498c00f5f4d489cd3465507255e89258dea3537a96fbfb73787535e85e2d0c3e516c7a15d742158

  • /storage/emulated/0/Android/data/com.chediandian.customer/cache/kit/journal.tmp (deleted)

    Filesize

    31B

    MD5

    8c8bcb7d36cb5a71729c00c4e7f2d330

    SHA1

    a352667c61dc45f43cae74a7102fa692fba98d3e

    SHA256

    fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150

    SHA512

    4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

  • /storage/emulated/0/Android/data/com.chediandian.customer/cache/newlocationCache/journal.tmp (deleted)

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56