Analysis

  • max time kernel
    174s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 04:51

General

  • Target

    a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk

  • Size

    11.4MB

  • MD5

    a80e800b3cbf913beb0640e52aed4748

  • SHA1

    bc8033b80ddbfa77fd2e7918606b0e9c4cd1378d

  • SHA256

    549c105b7d69f9638fdde3b93531398e6ebaa2c7cf45b9af143d35bafd762ca7

  • SHA512

    a6f9821c74c9758e3c4c219be202c3920ec05075145aa36837182310b75727c9f303172b641180c705cb66b767ff6c79bc8594f47c0a62c977178cb6e78b615b

  • SSDEEP

    196608:RJQC3NTj6yLtQAxJH1HFy7hEIz7qVyGYfmrfJDqsYYZdk98zde:RfTmyx1HFy1E27cY+4DiZzde

Score
7/10

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.travel.koubei
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:5042
  • io.rong.push
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:5120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.travel.koubei/app_td-cache/tdappcpa
    Filesize

    517B

    MD5

    4ebc417bea22510a06fe3f511010da36

    SHA1

    000dc7aec183cd0de1299f559b2f32cc70a1afea

    SHA256

    3c7c33dca2395c20492e1e4321189baf6d35032d0d8d2093147822020b5dfb11

    SHA512

    8852e23ca18c2e487ff70c264a8675c9c444f6548741f26b91775142d2d847da6be51b3395885438cc89890bc1b780ca02d036e70afdfde25bb59932382a4595

  • /data/data/com.travel.koubei/databases/mta.db
    Filesize

    160KB

    MD5

    36b46b5e398a35a317af258fdfc2e2d9

    SHA1

    d6c3fb3fb356946ccfa77381eebc8fa326e6fc30

    SHA256

    4e436c00bfad5a3e169a630f4d6e7fd7769f44349335cfeea3bff5ee2909305e

    SHA512

    47bcb0ca59d0171dfefd48ab6fa722bfdd077cb56e615b2410516b990e4a3e60a59e6bde9c83f1af670da93b6c7128bcb6aee396fd674a5a42336d00fbf10869

  • /data/data/com.travel.koubei/databases/mta.db-journal
    Filesize

    20KB

    MD5

    acce75ccae890d8c85b50f354e6eddf3

    SHA1

    161a91f42508bc6202f74230fd2a0a80a1200d94

    SHA256

    c6b6fece393ff706047a12c441de8d5bdaad89c3df2be2c338b4ad16c65e768c

    SHA512

    e9ea14d2cd8251553f78fdf9349d50cbc742080747354dd15b5a514ee36f2bb95fc5eed086758b0a1a4bfb4e4c2e3594f28d9ba603269677b31c30ca69471c01

  • /data/data/com.travel.koubei/databases/mta.db-journal
    Filesize

    8KB

    MD5

    2b6e9bde32955d93c871513b0d758b0d

    SHA1

    ccbafab2f125532e85f1414644d86ec94cbbee85

    SHA256

    c0ae171e2dfff7a0d9365f53a7178c2aad838a91b4314edbf791ef697bde5d38

    SHA512

    4ad4f6c74a492980b5fef41f9bdacade12fe62faa06548e8feb2d8e63fcedce1333fa3311969a4592b063b1125dca92a117715105d677ed678be405ea2bcab0a

  • /data/data/com.travel.koubei/databases/mta.db-journal
    Filesize

    20KB

    MD5

    f3f779a2b0da7ffa6105c230250169eb

    SHA1

    da9c42c53377c182f2429f3a4dab045ec080433a

    SHA256

    208b9b3707dcbac4484baa15c6ab4382a9e8757545c1604b99fd97e82f8085c6

    SHA512

    6beb7326da2718e8a14cc6eb3196b8e99513d635a295734c06ba496b3f5ed3db67014ae167615384b8e83550791687c341742062d14fab8d6dbde30236719b75

  • /data/data/com.travel.koubei/databases/rong_version
    Filesize

    28KB

    MD5

    b92f522dfd4593eb9f8ed3c1cf2a4a0f

    SHA1

    ed7ce696b45f23e6eac417eac395fe817e5276f2

    SHA256

    c3188bd794721b550a9890a5b31194d271aaffe688e3bb989cb17ff4ac09eb2c

    SHA512

    32d81335cee050b4d1b39082ce1bf40647f4ae476200b35fa4524630730911300dcfcba757d1708a270fa874b3638ffd86688529ad6b6a93b7a4e755d1949079

  • /data/data/com.travel.koubei/databases/rong_version-journal
    Filesize

    512B

    MD5

    bb238fe3b870b0bb64a19ee786996c6d

    SHA1

    e0b8d9ba61a11ff3a9fdee94fd6f73536b945cd1

    SHA256

    a0c7ba35e6ef29fb81187d54d5565edcb4df2985c4d41c60826372f10138547f

    SHA512

    3aa7ae39fe50e6322b43cafffd765eb7e16cb0c24d859fa71c3081b1e25a21201621a2567076f8b7ad892e290894d96809933630988b5b36529d193e50e1bda8

  • /data/data/com.travel.koubei/databases/rong_version-journal
    Filesize

    8KB

    MD5

    a9782fccd5516543e64488be012bf9c4

    SHA1

    8ba05d802250405e4b81aea8c76d2e16af0b24c8

    SHA256

    ca4107e9aeae276022054fc7ab81e477e25d36fef7f260e32d8c749c903b21ff

    SHA512

    6fde5b9ffcd9b8171d09c6a52b06b0b3da44b5b175fc4602b6fd1e2b4661fb6664beb82930aba081a40648d79e61d72b3a8edfe476934541e82c4e28aa378888

  • /data/data/com.travel.koubei/databases/rong_version-journal
    Filesize

    8KB

    MD5

    5315c6ead4a64c516e84e4a93d4e38fa

    SHA1

    9a69907fd63425a0a2c98b33896bf3d92e2a56d8

    SHA256

    2b5c72f870e68eee0e5bf3e463c2cff3ee169e1e2bc51b999c1dcd0e7b888db8

    SHA512

    93aed7da1ddd6d6bb92a20e70aa0c890bb989f64e9e4711734e6edc213142e301f1862d6b31e111640059e94bb46b8d3ace673e8fe38e66f1cb15a94e9b8ca17

  • /data/data/com.travel.koubei/databases/rong_version-journal
    Filesize

    20KB

    MD5

    5f5093c6dbcdda52de52917558ff848b

    SHA1

    f5b6b4ace633fa999640435a5d0b48fe30585f83

    SHA256

    090fc989d12dd91672b51cbd9fdd2e52b5c9ea777e13bb37573e2dd89ce7bdf7

    SHA512

    4953da83f71dcf980c4ae27beacff200131abb0ac76f46acb9ff609a88470b7a40c1d9f727a197e28467d34069b6464f95a6767d04f2f11f94ae6d1428945cbc