Analysis
-
max time kernel
6s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 00:22
Static task
static1
Behavioral task
behavioral1
Sample
a74b5f768ff71f0607f06016e28baac9_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a74b5f768ff71f0607f06016e28baac9_JaffaCakes118.apk
-
Size
31.8MB
-
MD5
a74b5f768ff71f0607f06016e28baac9
-
SHA1
c76c29ae918e8433bd39ff0b8c7160ef3951fe49
-
SHA256
59c9f08faaad1a89a358f69361b98909d6497640f692d533e927701cc25c9588
-
SHA512
7ceb86d1b43b979a61abc6633a08e2661170eac38202bbd536a69981f039c756e1245509255251bb03cb5f3b3e75b11f2fcc39dc18a892c325bfcd86bda6ddcb
-
SSDEEP
786432:YxvsAGWbUlU6+eEOqw6/afGy3ZTnzJ0B0e/xNzKnfjTiMbw73TQW:Yxs1qUl1pZqSuIzQ0wcrpiD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.nd.up91.p71description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.nd.up91.p71 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.nd.up91.p71description ioc process Framework service call android.app.IActivityManager.registerReceiver com.nd.up91.p71 -
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.nd.up91.p71/app_crashrecord/1002Filesize
225B
MD58cf08b47ad57327fdaf17000c698e905
SHA19c5533c27bd020e764b75dcbea912e9e11d175bc
SHA256749f85a214665ece23004bc858f2193e924e793350d5d31c56cd2253e6649cca
SHA512d81cbcb0366a0d94d174efd683a5dcbd9144ae1f22ac7f2366302adf71ffbea6bc6327871bf9d0b2ef9aa158d25f2c45d977d2e92a040ba1174f722141c33e74
-
/data/data/com.nd.up91.p71/app_crashrecord/1004Filesize
225B
MD57c7407701e34caae6e2066334182e92c
SHA11bd7c42e84877b2263048d1b7612ae32b0d4bfdd
SHA256950b0679ebc1806c2e7bc7a0951b2d571976b3fd82155a39e010d0d316f6468e
SHA5122b973c9b6e6c6877c5ca70e625320978e1e9fd6d37d7ea0b01b8464ee74391db35bf25517bee89870f2c4d7cb912247c77bbd9bd555a5d2d6a2e6ff9d2ec8032
-
/data/data/com.nd.up91.p71/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.nd.up91.p71/databases/UcAccount.db-journalFilesize
512B
MD5e1cf135b6f1df68221662dd69063a47b
SHA190cf8b5116d8496650db9dc6aa596659f2b161b3
SHA256527b0e1982b4288ee5718c8e9a3147e5ab94672bb832981a59c42dea46180dca
SHA512fb04d94976e32979a5cdc51f2190ff1b06dcac8b468deab8a298418b8cd86729fe467986c58797a3468220c15cf5e34d79620e75255b466a685f7a71205fa271
-
/data/data/com.nd.up91.p71/databases/UcAccount.db-walFilesize
16KB
MD54f1ebd74508ff6cc0e6b52fa1dcba3e0
SHA1a824058a3bc34677f3d9b5b9ccf88fc3c8414aaf
SHA256b85d7f6ff0f1646f132b39a25e2851bfa84dbc53966545791f111580e8909ccb
SHA5125768a4fcda42ec9128825e76a1a954a4ebdfce798162dfe4e8c29cc7c1e197a45002b331b13e3fb1a0d6bc2e1b68079fec4b2d0fdfef66b8e1bb892bd8297926
-
/data/data/com.nd.up91.p71/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.nd.up91.p71/databases/bugly_db_-journalFilesize
512B
MD5517863502240a7b975790f6a2dc9165d
SHA108cde592c7eb78516ebfa00b46b51f44064fee3a
SHA25615a7a6d95b78b152f61d6a30bf89db3addb352c068b88bdfed0456706a6ad3f6
SHA512adc6f158351d9473a7955667450ebf04ca1b5bf0584518ecedf7e020dbec8bc08a3a5559bab233c7cbe39742e09015a961b33aa8c8ccb870de0577631914f6da
-
/data/data/com.nd.up91.p71/databases/bugly_db_-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.nd.up91.p71/databases/bugly_db_-walFilesize
68KB
MD5ebaafad59828d936b32a67092ce0633b
SHA1f77bed9321fb390b6350bed009e0645f4744821a
SHA25690be17e830dc7ce7520a4b0525a3488e09ad157c1a3dc02447a733a51cdd5139
SHA512bbb179f51c6bc60e9f858772a82df0b54a57962c2d359ef7502529ce9796ee863f6716884fba65c87973862a4d8461c21d951595fc21b24c1d5c3dc687e481e8
-
/data/data/com.nd.up91.p71/databases/datalayer.db-journalFilesize
512B
MD51e84bba1c8a2437ac0345cc2160fe00a
SHA176114a7b7afa95e7ad1186050a817b21e0e5038c
SHA2565c4a14978ebb1a01b2f3a0a56b8de9f0b0ad81e6cf798c74ab766c596baf567a
SHA51296ec84d44ec85654d77f49cfcd7dc5810d97c0e6b1a0aac825ea68a7f1f23184cbf4b22b8843199ede2889fd49c3a4a176e8dfa4c517259b71c1e695f01af487
-
/data/data/com.nd.up91.p71/databases/datalayer.db-walFilesize
52KB
MD50c4559b016d49fd5b912d9a888c43476
SHA16818a50c20aa839cfeba06042344015e645c7bfd
SHA256318c2f1a13a90879aeb2c1b39d64fcb1f90de3ab4c98334a0a27bb32406d5001
SHA512d5f74179f6f9f79f06eda51912041deb6713ceea2b57d25e1f279e9d608384a28a19053ed99f6fc982a79923f54aa1ba2257aeb1fd5e111f5b4b68a76b320958