Analysis

  • max time kernel
    87s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 00:02

General

  • Target

    a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk

  • Size

    906KB

  • MD5

    a30f0843c579505b6149e69daeda3d58

  • SHA1

    9a8c6cb3f3a7cdab071caa2869ab9bffe7474f63

  • SHA256

    4a9d76ef21a86f91fb239054fdbeb47d77bb21179b3702887ca0604248c25867

  • SHA512

    0033d87d539ba5d2b244758b73c3ee1058c40d86dccf2f64ebc31548f61ba4a74f39d572430f3d3df1a7c4bfe8aadf35779311b4501033a7fe001e8e923ff4f5

  • SSDEEP

    12288:izgX/bmAT/tK3bvE1caV2W43mmaO3brR6tdQ0p9ttS2bWkB2eT5TMzAx3ZXb9A1n:IAbpeTAO32dRLty2/T5TTL8

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.sim.gerard.bgubhun
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4323

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sim.gerard.bgubhun/databases/lcdownloads
    Filesize

    16KB

    MD5

    ccafe434dee3daa40fe525297f69cc34

    SHA1

    f2bffaee6cb9c0e5c6ecbd78388a5502702b1d05

    SHA256

    dfdc489a14040bbb8543b3c9249b664db5e9dec15ea5b0e5a040f8493dd85bcc

    SHA512

    fbea0b53395981dbad127c709dad92795947d5ec817927da448ef9c4744bf9b38afb680a43892ec2f309197336c034f7f89ab03e109cf1bd8f70c33952e8353c

  • /data/data/com.sim.gerard.bgubhun/databases/lcdownloads-journal
    Filesize

    512B

    MD5

    b36d152f4860de13bfb441faa041599a

    SHA1

    468507ca7bc6c7968606c84ea619d00b0f61ab9d

    SHA256

    d3423f84343d479e1475fbeb2b952d603d413f50edc8da616ec60995fe4ea1f0

    SHA512

    39a4b0a6e4fbc91ece3a19e37c601d4f777c3e7c7228e3d758e13c8407af914f9251debbc43e989bb1d3d0cc2c4cc134f74744867aad82d21e9cc059282f2ee9

  • /data/data/com.sim.gerard.bgubhun/databases/lcdownloads-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.sim.gerard.bgubhun/databases/lcdownloads-wal
    Filesize

    28KB

    MD5

    d3084fb56c27bcddcf8feb0cc5846388

    SHA1

    986a15812c1ca59cb6300680d35973484cbab972

    SHA256

    71439beb81b7c6419699ef8f994a46acbec3d900bc3725e0925b584b38bb7e93

    SHA512

    4a3982acb9d46478e6fc7ea1bee8cc3ad7883923b2aac25947e1b19a3c34fb1bdb612c902a54bac9fb05300c45048f277f8c4596c68600fe133ff8b2a73a75ed

  • /data/data/com.sim.gerard.bgubhun/files/setting.txt
    Filesize

    102B

    MD5

    90b604f4273e9af48eb421ee3052b903

    SHA1

    dcf95523092e5d850aa3e8b56a60104ba939aada

    SHA256

    48d58ff3b75b08c0e5886ba822501ed87d34bc4edaa92c5c774b89e224700a24

    SHA512

    a740b5a5a3acee4328da3b986c06e02098d6117e085074fbdc8eeedf477e7ae2527cca100e3d259d57feec7f2a84731924ac6e7bcb70701b7152088151be291b

  • /storage/emulated/0/Android/data/code/KI.DAT
    Filesize

    58B

    MD5

    2b53b6b030d7bdb5da6ea0d501b6a165

    SHA1

    fa4e9e8d724d91963a3fa3def11790559cac11c1

    SHA256

    d8209526853a232417c586b6c130ed3ec53af8a2928b95d032ddcee37b4698fc

    SHA512

    dceddb69f3c907593c47edd56cea3b5cd68e560f020244e6abf9e63c58263d38b36e8736617758f2c5c7292bffd815af44fee3805217aa9065cd143e0599b128

  • /storage/emulated/0/Android/data/code/MID.DAT
    Filesize

    60B

    MD5

    c679783f144b5b77cbcc89952b9590de

    SHA1

    339c29f74856fbb0a27070d1d90c1acde4d49142

    SHA256

    03e9e03b09bb456d2e730f787e5b232d119d59547959fd73617cbf44dcf56de3

    SHA512

    5ac8cdf1e7950029ccd418c6df2991e9763083cc631f549ab2302758b0cd634817c1f712db7310927ba39aa9612e7be746532142434d314fb7231e2f97d4aa2f

  • /storage/emulated/0/Download/9j/1.dat
    Filesize

    15B

    MD5

    4bdf32d4972c2adae82c299d0d385d75

    SHA1

    c13ecbf155453ee71b9375e49e04bea8eaf64402

    SHA256

    868e0f7349b166c8be4f3912792383f4b075ccf79e8586b3fdeea1bc2550cd19

    SHA512

    19c10ce0d4c671ac087d086351fc82dee6fa61e78f0cc8edf5981d263196fe294988823b591c4d96b8c6b448e998467f12da442c58ea2b5ddbe96b33c7ff5b26

  • /storage/emulated/0/Download/ads/clst.dat
    Filesize

    15B

    MD5

    44787d13320c41fe0128d47a2804503a

    SHA1

    80c3c8711e1d33fdec235a3231771c409bc05747

    SHA256

    129ad76f4928088d897081d5d95d9f449691dc735767f68435b061504ef06954

    SHA512

    52ffde4c501260521097d63233ab062003fe9e6f55fe39f72a3870020ec7dd82647c907615fc2c07f270af9dbddc744ac71e6e2c226e7d99a0781e597aa3f9d0

  • /storage/emulated/0/Download/ads/rt.dat
    Filesize

    15B

    MD5

    21ddcdc0be65cfdbf076ba31e647268f

    SHA1

    050cb6673ba1f4473b56bcd3be19ecb76a3ae38a

    SHA256

    fc5b516d23ab6867f6b9076828adf44a13b3a289eefc3bec185e9e95ef053700

    SHA512

    fb91bd5bc9bb133e546b9a170c7f0cdc44b7fb77532ae093e378c153df11d0faf86d89bdb0fd229fca154080d6f6669dc172ae0a2f458aa5662b1167306ecc4b

  • /storage/emulated/0/ljk/capin/time.dat
    Filesize

    15B

    MD5

    4cf2db54d9485d248873a92f12ecd7f0

    SHA1

    bb979fc0936ff5512da7cb65697413061029cbdd

    SHA256

    443029d9d352531a3739fbb17021963b5f29479995962519dda2c37b29974c03

    SHA512

    5205bc5f709a76ee1b528c1c14de14954f68641bccc79197343363160ec7892a86b041cac3dd843b9a80de6a0256c1c6c07cb83f52176b7c5108bd2c1458be10