Analysis

  • max time kernel
    4s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    12-06-2024 10:24

General

  • Target

    a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118.apk

  • Size

    16.0MB

  • MD5

    a04f111d7bf1aae4f631a46bfa07b7ac

  • SHA1

    a141ce6dab697962203a2c723284481cc0cf7496

  • SHA256

    d72ae1fd0e29933d696e3fdd0e7e80ed07e181b754534cc7e04a51c54edec8bc

  • SHA512

    f1ef01c031543f9151080dba28cb15e43ff949cfd06ca550355c8f81174f1fe922acb907c10e8f2746f6a9b0fc5e47a8504095b6b37cc63737114fa73477293a

  • SSDEEP

    393216:I0vEnze5ltUcb10SblS4UNsB3rvy7C/ULzeTkVz79qE:bye5lpbOgS4mwrvnozRVzd

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.vod.infantis
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4271
    • ls /sys/class/thermal
      2⤵
        PID:4320

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.vod.infantis/databases/MessageStore.db

      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.vod.infantis/databases/MessageStore.db-journal

      Filesize

      512B

      MD5

      9f4df133dc91fa65a9928ae1585a5dfb

      SHA1

      d52425b9f131341ed14b50e7ecf432d20ed80ce0

      SHA256

      91b178ffef055512eb98d875a477cb3fb03ffd5bb85c8f61c32762a3e0348b44

      SHA512

      2b1818cbeafd25f9ff0a1930d6a27bb9910214885667a049842e5475f182ccbab757c3accdf46c1b5408cab0ad29728c01744c27060a95f5a6b62e7c7333f664

    • /data/data/com.vod.infantis/databases/MessageStore.db-shm

      Filesize

      28KB

      MD5

      cf845a781c107ec1346e849c9dd1b7e8

      SHA1

      b44ccc7f7d519352422e59ee8b0bdbac881768a7

      SHA256

      18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

      SHA512

      4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    • /data/data/com.vod.infantis/databases/MessageStore.db-wal

      Filesize

      56KB

      MD5

      d8168460e0f4d8778047f13249ad3b4a

      SHA1

      ea1bb43e19edd6fbd1d5509ab3f19edcfcf8e778

      SHA256

      8a921bc125a98ff036b3876cd166900651ba1959956a391ead687d2fcdb69d65

      SHA512

      1c67e2d8c2603f53817764303cfcefff31b85ca642d009ec76fbe0d308379ddde90f593ae51904954af1b4aa6b216db32c20d1ad40b24761026a8062ab0d9f4d

    • /data/data/com.vod.infantis/databases/MsgLogStore.db-journal

      Filesize

      512B

      MD5

      0ed5a68e86d77027de3aa2c27202bd08

      SHA1

      304443c2c6189f9b29f7ef84eaf4cedb77cd7c22

      SHA256

      190cf4126d3c75f3cc8c33f00ebd900ab2df0bbfb4581c036af40d11b4413db4

      SHA512

      f926ad6b16c2578a634090ec66990eaf640b2a3c80f6e57512a70895c55615e45af546fd91110b123dba84609717365fb0551c83d14c438ad0503f5f9db42297

    • /data/data/com.vod.infantis/databases/MsgLogStore.db-wal

      Filesize

      68KB

      MD5

      700fd771e3028ca0ac52782c8887c4de

      SHA1

      bd29310aac58107f7eedbe786f1f8e5b7870bb8c

      SHA256

      baf5c3089d3180382bd7d8e4b5f2a534236f666bccf56611dc57eb52d9661ec2

      SHA512

      9ab3da1e93a444fac096f30bfa1b085e1b2bd35b75108c3975bb6911beae70eec0709dd290a30b023b882a22797a83a2953d21b3dce24197c99d635480781c9f

    • /data/data/com.vod.infantis/databases/accs.db-journal

      Filesize

      512B

      MD5

      730027228a7f65617568e5962dd699e5

      SHA1

      0aa3c47d9c11efcfbf7320edaebe5f81b909f367

      SHA256

      ee3ec61cfe91b99e285d7bd83c58eea9df532d2b18bad46192e722f377c25621

      SHA512

      7cfed4a497d30877ebd64c1840484e3983cc86c9b32612d088707663d05026f726194132fdb4dde264261232fdcc8205cecadc221cd0cff411afc6b469401d75

    • /storage/emulated/0/.DataStorage/ContextData.xml

      Filesize

      111B

      MD5

      4f85cf4359c0091037ed0d49951acfd2

      SHA1

      ebeb4ba6085f16711677eab0ed519cedf8d498d2

      SHA256

      ba52f6aef1525525604d2826d01b718b0777f281bd84ef16b761b020fee4f27d

      SHA512

      f46cd9b886bd064fa7f9b1485f0e78eb1a0f9c6658b7ad30268472ca105bfaa4dcdacea4f730e45bbca99c6a8e401815bf2d30ecf4f583e0dfac697d167695b0

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

      Filesize

      111B

      MD5

      9ab0c3b4971c38ee07394e4fbc4ac0c4

      SHA1

      4ec3d90fd3510521c090acb51d3b33e73cdb3d9f

      SHA256

      0677f8b565d1de584f8d10b2ff8a76cec3aa8eaece81a0a44b34a9b5bf23784a

      SHA512

      d119b052f0d1a3769244673dd54b68dd38df172618ba259ded4562bd61a95b1d05d5a947b6d89c630dc5b6451c0b758be9d4ae2f15fafaf1155fb48256b97be2

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

      Filesize

      167B

      MD5

      0ff4b6bc9ae8587dc6dc6716a9e519ef

      SHA1

      c2181e1bd0c15602a3ad7c5c0493bc5eeda8154a

      SHA256

      5c91f0458c02a08457a6cbca4cf5df65ee68380fd812e99a51fb8b7025b1c376

      SHA512

      3aaf1ec4b98481f7bb5dcd5b95c5ba601ea58dafdd39bbd3c020a6b6b9a87b2256d590c25c0432bae27a05f52ed55eba71cac2023f3d5b754b2037dcc0cb5ea0

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

      Filesize

      65B

      MD5

      9781ca003f10f8d0c9c1945b63fdca7f

      SHA1

      4156cf5dc8d71dbab734d25e5e1598b37a5456f4

      SHA256

      3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

      SHA512

      25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03