Analysis

  • max time kernel
    177s
  • max time network
    188s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240611.1-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system
  • submitted
    14-06-2024 00:24

General

  • Target

    a74cdb89cdf6dea6b1743dd41adc70c7_JaffaCakes118.apk

  • Size

    31.0MB

  • MD5

    a74cdb89cdf6dea6b1743dd41adc70c7

  • SHA1

    00b5a1f452ec9956b4929dbba5d673a2849abd92

  • SHA256

    507b111f1f7dc024dc8c9f7b8877395208e47ff7bba9a7a4e619d2a0270ac699

  • SHA512

    2fb326573fb604d4b4b7dd1638130122067a6524bd8774d567de07104cb883cab83bdb7b6a5a5f0f830d7a6277e4894c54a33e3398eefe81e706d705e46b378d

  • SSDEEP

    786432:1d/aF9p4IY2MNUlu9VhXZQN4KytltrnX5NrDuBXCxEKIVMBqfoRCiRc:1d/a95qNuUX+N4KStrnX5NH6XC9IW5wf

Score
7/10

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • liulan.com.zdl.tml
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    PID:4273
  • liulan.com.zdl.tml:pushcore
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4314

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/liulan.com.zdl.tml/cache/picasso-cache/journal.tmp
    Filesize

    36B

    MD5

    37e8e716e0e2f4a0b05cd9571d95b84d

    SHA1

    f8d068f6931707bddb8cd69f706f2224ad1fea3c

    SHA256

    7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

    SHA512

    e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

  • /data/user/0/liulan.com.zdl.tml/files/jpush_stat_cache.json
    Filesize

    119B

    MD5

    39522aaf349b850e02af8b952f3b8d08

    SHA1

    a1a0f173eb1b876ac3d450b957c6d4e995c49bd4

    SHA256

    04de5f9214b6d8525437615f408590662a25b8a2442696a994ccfcd66aea035b

    SHA512

    5bf130bd6190244b1772573b5389b37c9da80bea191dfd876f89b26b6689a6881d4a759bbbfa4fa0e7503bb50fbd8853ffc865d955ad9925d7814e2fa8cbc8a7

  • /data/user/0/liulan.com.zdl.tml/files/jpush_stat_history_pushcore/normal/nowrap/3ceac616-3652-449d-a80e-b90da4d93c65
    Filesize

    187B

    MD5

    771c4c6b6971b31f2f9f9ef9b5737b28

    SHA1

    c92567d4024f2e43bada49772f270dbd734308aa

    SHA256

    16d9caae7d3c4d1039e65771fbeaafbd97b8093d9d861235f1ec27b8399cc9ad

    SHA512

    4ef309f950b65439815de450c4e4b1a5401734a0cea30b416f54874f4ff1e6e76b2c97c294c97751ddb462ee4528403f19c6690518b5469a9177e2e542f7b9b6

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    159B

    MD5

    dcfacc956876633168273fa8076a822a

    SHA1

    cdbc874070bb1e4ef9e370750afb48186e700612

    SHA256

    06849af704597888d4544a2124059986666e0e7a58601264b690799cfa23ffba

    SHA512

    b61cb814bc3feccb4656b83dd12e996ec939fb4a23c9131c4b358d781948fdb9a166caf19304f7c3532fed316e3806fed974b6978641b33d1e099664af5f28b8

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    1KB

    MD5

    f526172de1566b34fdcea744710d9559

    SHA1

    000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

    SHA256

    8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

    SHA512

    dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d