Analysis

  • max time kernel
    6s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 00:22

General

  • Target

    a74b5f768ff71f0607f06016e28baac9_JaffaCakes118.apk

  • Size

    31.8MB

  • MD5

    a74b5f768ff71f0607f06016e28baac9

  • SHA1

    c76c29ae918e8433bd39ff0b8c7160ef3951fe49

  • SHA256

    59c9f08faaad1a89a358f69361b98909d6497640f692d533e927701cc25c9588

  • SHA512

    7ceb86d1b43b979a61abc6633a08e2661170eac38202bbd536a69981f039c756e1245509255251bb03cb5f3b3e75b11f2fcc39dc18a892c325bfcd86bda6ddcb

  • SSDEEP

    786432:YxvsAGWbUlU6+eEOqw6/afGy3ZTnzJ0B0e/xNzKnfjTiMbw73TQW:Yxs1qUl1pZqSuIzQ0wcrpiD

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.nd.up91.p71
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4222

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nd.up91.p71/app_crashrecord/1002
    Filesize

    225B

    MD5

    8cf08b47ad57327fdaf17000c698e905

    SHA1

    9c5533c27bd020e764b75dcbea912e9e11d175bc

    SHA256

    749f85a214665ece23004bc858f2193e924e793350d5d31c56cd2253e6649cca

    SHA512

    d81cbcb0366a0d94d174efd683a5dcbd9144ae1f22ac7f2366302adf71ffbea6bc6327871bf9d0b2ef9aa158d25f2c45d977d2e92a040ba1174f722141c33e74

  • /data/data/com.nd.up91.p71/app_crashrecord/1004
    Filesize

    225B

    MD5

    7c7407701e34caae6e2066334182e92c

    SHA1

    1bd7c42e84877b2263048d1b7612ae32b0d4bfdd

    SHA256

    950b0679ebc1806c2e7bc7a0951b2d571976b3fd82155a39e010d0d316f6468e

    SHA512

    2b973c9b6e6c6877c5ca70e625320978e1e9fd6d37d7ea0b01b8464ee74391db35bf25517bee89870f2c4d7cb912247c77bbd9bd555a5d2d6a2e6ff9d2ec8032

  • /data/data/com.nd.up91.p71/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.nd.up91.p71/databases/UcAccount.db-journal
    Filesize

    512B

    MD5

    e1cf135b6f1df68221662dd69063a47b

    SHA1

    90cf8b5116d8496650db9dc6aa596659f2b161b3

    SHA256

    527b0e1982b4288ee5718c8e9a3147e5ab94672bb832981a59c42dea46180dca

    SHA512

    fb04d94976e32979a5cdc51f2190ff1b06dcac8b468deab8a298418b8cd86729fe467986c58797a3468220c15cf5e34d79620e75255b466a685f7a71205fa271

  • /data/data/com.nd.up91.p71/databases/UcAccount.db-wal
    Filesize

    16KB

    MD5

    4f1ebd74508ff6cc0e6b52fa1dcba3e0

    SHA1

    a824058a3bc34677f3d9b5b9ccf88fc3c8414aaf

    SHA256

    b85d7f6ff0f1646f132b39a25e2851bfa84dbc53966545791f111580e8909ccb

    SHA512

    5768a4fcda42ec9128825e76a1a954a4ebdfce798162dfe4e8c29cc7c1e197a45002b331b13e3fb1a0d6bc2e1b68079fec4b2d0fdfef66b8e1bb892bd8297926

  • /data/data/com.nd.up91.p71/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.nd.up91.p71/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    517863502240a7b975790f6a2dc9165d

    SHA1

    08cde592c7eb78516ebfa00b46b51f44064fee3a

    SHA256

    15a7a6d95b78b152f61d6a30bf89db3addb352c068b88bdfed0456706a6ad3f6

    SHA512

    adc6f158351d9473a7955667450ebf04ca1b5bf0584518ecedf7e020dbec8bc08a3a5559bab233c7cbe39742e09015a961b33aa8c8ccb870de0577631914f6da

  • /data/data/com.nd.up91.p71/databases/bugly_db_-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.nd.up91.p71/databases/bugly_db_-wal
    Filesize

    68KB

    MD5

    ebaafad59828d936b32a67092ce0633b

    SHA1

    f77bed9321fb390b6350bed009e0645f4744821a

    SHA256

    90be17e830dc7ce7520a4b0525a3488e09ad157c1a3dc02447a733a51cdd5139

    SHA512

    bbb179f51c6bc60e9f858772a82df0b54a57962c2d359ef7502529ce9796ee863f6716884fba65c87973862a4d8461c21d951595fc21b24c1d5c3dc687e481e8

  • /data/data/com.nd.up91.p71/databases/datalayer.db-journal
    Filesize

    512B

    MD5

    1e84bba1c8a2437ac0345cc2160fe00a

    SHA1

    76114a7b7afa95e7ad1186050a817b21e0e5038c

    SHA256

    5c4a14978ebb1a01b2f3a0a56b8de9f0b0ad81e6cf798c74ab766c596baf567a

    SHA512

    96ec84d44ec85654d77f49cfcd7dc5810d97c0e6b1a0aac825ea68a7f1f23184cbf4b22b8843199ede2889fd49c3a4a176e8dfa4c517259b71c1e695f01af487

  • /data/data/com.nd.up91.p71/databases/datalayer.db-wal
    Filesize

    52KB

    MD5

    0c4559b016d49fd5b912d9a888c43476

    SHA1

    6818a50c20aa839cfeba06042344015e645c7bfd

    SHA256

    318c2f1a13a90879aeb2c1b39d64fcb1f90de3ab4c98334a0a27bb32406d5001

    SHA512

    d5f74179f6f9f79f06eda51912041deb6713ceea2b57d25e1f279e9d608384a28a19053ed99f6fc982a79923f54aa1ba2257aeb1fd5e111f5b4b68a76b320958