Analysis
-
max time kernel
174s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 04:51
Static task
static1
Behavioral task
behavioral1
Sample
a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk
-
Size
11.4MB
-
MD5
a80e800b3cbf913beb0640e52aed4748
-
SHA1
bc8033b80ddbfa77fd2e7918606b0e9c4cd1378d
-
SHA256
549c105b7d69f9638fdde3b93531398e6ebaa2c7cf45b9af143d35bafd762ca7
-
SHA512
a6f9821c74c9758e3c4c219be202c3920ec05075145aa36837182310b75727c9f303172b641180c705cb66b767ff6c79bc8594f47c0a62c977178cb6e78b615b
-
SSDEEP
196608:RJQC3NTj6yLtQAxJH1HFy7hEIz7qVyGYfmrfJDqsYYZdk98zde:RfTmyx1HFy1E27cY+4DiZzde
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.travel.koubeiio.rong.pushdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.travel.koubei Framework service call android.app.IActivityManager.getRunningAppProcesses io.rong.push -
Acquires the wake lock 1 IoCs
Processes:
io.rong.pushdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock io.rong.push -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
io.rong.pushcom.travel.koubeidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.rong.push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.travel.koubei -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.travel.koubeiio.rong.pushdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.travel.koubei Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.rong.push -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.travel.koubei1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
-
io.rong.push1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.travel.koubei/app_td-cache/tdappcpaFilesize
517B
MD54ebc417bea22510a06fe3f511010da36
SHA1000dc7aec183cd0de1299f559b2f32cc70a1afea
SHA2563c7c33dca2395c20492e1e4321189baf6d35032d0d8d2093147822020b5dfb11
SHA5128852e23ca18c2e487ff70c264a8675c9c444f6548741f26b91775142d2d847da6be51b3395885438cc89890bc1b780ca02d036e70afdfde25bb59932382a4595
-
/data/data/com.travel.koubei/databases/mta.dbFilesize
160KB
MD536b46b5e398a35a317af258fdfc2e2d9
SHA1d6c3fb3fb356946ccfa77381eebc8fa326e6fc30
SHA2564e436c00bfad5a3e169a630f4d6e7fd7769f44349335cfeea3bff5ee2909305e
SHA51247bcb0ca59d0171dfefd48ab6fa722bfdd077cb56e615b2410516b990e4a3e60a59e6bde9c83f1af670da93b6c7128bcb6aee396fd674a5a42336d00fbf10869
-
/data/data/com.travel.koubei/databases/mta.db-journalFilesize
20KB
MD5acce75ccae890d8c85b50f354e6eddf3
SHA1161a91f42508bc6202f74230fd2a0a80a1200d94
SHA256c6b6fece393ff706047a12c441de8d5bdaad89c3df2be2c338b4ad16c65e768c
SHA512e9ea14d2cd8251553f78fdf9349d50cbc742080747354dd15b5a514ee36f2bb95fc5eed086758b0a1a4bfb4e4c2e3594f28d9ba603269677b31c30ca69471c01
-
/data/data/com.travel.koubei/databases/mta.db-journalFilesize
8KB
MD52b6e9bde32955d93c871513b0d758b0d
SHA1ccbafab2f125532e85f1414644d86ec94cbbee85
SHA256c0ae171e2dfff7a0d9365f53a7178c2aad838a91b4314edbf791ef697bde5d38
SHA5124ad4f6c74a492980b5fef41f9bdacade12fe62faa06548e8feb2d8e63fcedce1333fa3311969a4592b063b1125dca92a117715105d677ed678be405ea2bcab0a
-
/data/data/com.travel.koubei/databases/mta.db-journalFilesize
20KB
MD5f3f779a2b0da7ffa6105c230250169eb
SHA1da9c42c53377c182f2429f3a4dab045ec080433a
SHA256208b9b3707dcbac4484baa15c6ab4382a9e8757545c1604b99fd97e82f8085c6
SHA5126beb7326da2718e8a14cc6eb3196b8e99513d635a295734c06ba496b3f5ed3db67014ae167615384b8e83550791687c341742062d14fab8d6dbde30236719b75
-
/data/data/com.travel.koubei/databases/rong_versionFilesize
28KB
MD5b92f522dfd4593eb9f8ed3c1cf2a4a0f
SHA1ed7ce696b45f23e6eac417eac395fe817e5276f2
SHA256c3188bd794721b550a9890a5b31194d271aaffe688e3bb989cb17ff4ac09eb2c
SHA51232d81335cee050b4d1b39082ce1bf40647f4ae476200b35fa4524630730911300dcfcba757d1708a270fa874b3638ffd86688529ad6b6a93b7a4e755d1949079
-
/data/data/com.travel.koubei/databases/rong_version-journalFilesize
512B
MD5bb238fe3b870b0bb64a19ee786996c6d
SHA1e0b8d9ba61a11ff3a9fdee94fd6f73536b945cd1
SHA256a0c7ba35e6ef29fb81187d54d5565edcb4df2985c4d41c60826372f10138547f
SHA5123aa7ae39fe50e6322b43cafffd765eb7e16cb0c24d859fa71c3081b1e25a21201621a2567076f8b7ad892e290894d96809933630988b5b36529d193e50e1bda8
-
/data/data/com.travel.koubei/databases/rong_version-journalFilesize
8KB
MD5a9782fccd5516543e64488be012bf9c4
SHA18ba05d802250405e4b81aea8c76d2e16af0b24c8
SHA256ca4107e9aeae276022054fc7ab81e477e25d36fef7f260e32d8c749c903b21ff
SHA5126fde5b9ffcd9b8171d09c6a52b06b0b3da44b5b175fc4602b6fd1e2b4661fb6664beb82930aba081a40648d79e61d72b3a8edfe476934541e82c4e28aa378888
-
/data/data/com.travel.koubei/databases/rong_version-journalFilesize
8KB
MD55315c6ead4a64c516e84e4a93d4e38fa
SHA19a69907fd63425a0a2c98b33896bf3d92e2a56d8
SHA2562b5c72f870e68eee0e5bf3e463c2cff3ee169e1e2bc51b999c1dcd0e7b888db8
SHA51293aed7da1ddd6d6bb92a20e70aa0c890bb989f64e9e4711734e6edc213142e301f1862d6b31e111640059e94bb46b8d3ace673e8fe38e66f1cb15a94e9b8ca17
-
/data/data/com.travel.koubei/databases/rong_version-journalFilesize
20KB
MD55f5093c6dbcdda52de52917558ff848b
SHA1f5b6b4ace633fa999640435a5d0b48fe30585f83
SHA256090fc989d12dd91672b51cbd9fdd2e52b5c9ea777e13bb37573e2dd89ce7bdf7
SHA5124953da83f71dcf980c4ae27beacff200131abb0ac76f46acb9ff609a88470b7a40c1d9f727a197e28467d34069b6464f95a6767d04f2f11f94ae6d1428945cbc