Analysis

  • max time kernel
    116s
  • max time network
    180s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 08:38

General

  • Target

    a8c629c108d7cceccc5fb70966897663_JaffaCakes118.apk

  • Size

    1.7MB

  • MD5

    a8c629c108d7cceccc5fb70966897663

  • SHA1

    f4062d631132c34a0103bbd3843296dd7bb625fd

  • SHA256

    89a4ebdc297524416fe1899b593dcbba0a91f88f96c3b3fb7b1bedcd83b53ab2

  • SHA512

    4ec0293aa8138bf74c24c39f428aae26ec84b62f9a60cdb5edbf5903a536c3a8d6e2f0d711548fce65e143b8de348a75e0e920c64d983036bcc568312526cf32

  • SSDEEP

    24576:+0DR/pGQ6CaZ4+e64uMKYEUFmoAUJ2sJqqrUkKvVT+CDj54m4Y0xTCYt5YI2GsK3:zRyXZ4964dKYxmojVJq8jWDum4TCbUsE

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Requests dangerous framework permissions 17 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.yas.kgkgri
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the content of SMS inbox messages.
    • Reads the content of the SMS messages.
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4163
    • getprop ro.product.cpu.abi
      2⤵
        PID:4444

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.yas.kgkgri/app_dex/utopay.jar
      Filesize

      30KB

      MD5

      eb6089c1acfa9f12535e533aebee845e

      SHA1

      165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9

      SHA256

      b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07

      SHA512

      5b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5

    • /data/data/com.yas.kgkgri/databases/740410100062013-journal
      Filesize

      512B

      MD5

      97dbba713fa24745c5807c57cafc1626

      SHA1

      b019c8d105999fd82098033146f0664e99c952c2

      SHA256

      199b474ece8cb0710e9a73e371876836c8d420da279e9ab49f90312335407f9c

      SHA512

      a5f85aa832e528ff936b24181d7e007b24b0fce492b4982045f15f46dc1e782c63dd615e4cc14b4c7418ebcc9fbe1ed5b0a36a4ce972293898c2b85875cd9bf7

    • /data/data/com.yas.kgkgri/databases/740410100062013-wal
      Filesize

      140KB

      MD5

      9def1809071e9508090298b2acd87279

      SHA1

      f17d875ff138439af3ca40eaa647867aef8194a0

      SHA256

      00dbaa75fd22513838a839dc046f6f07e445dea8761a37580988d235b97fd3e4

      SHA512

      88a91acfde0540b7ca13015c395d2a39889a0ddd1b06d890be3018802a0d7c5bf08583feaaa9216e780615ac4d3a40d27bda5d8f083d36b04a57b5bbc3dbe280

    • /data/data/com.yas.kgkgri/databases/wochi_v4.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.yas.kgkgri/databases/wochi_v4.db-journal
      Filesize

      512B

      MD5

      b9714128ec933d42dab0a3d7eac6c758

      SHA1

      15b4922eef42610a4be2ce5e8b8f2ba716194be6

      SHA256

      e9ed78d5598d336053837c7b502a4d01824282ecf28d63f3349de4531e33ecd0

      SHA512

      ea49b08b1d4e38bd4864316308fe8132835ac523090383549f1b57b49dc1ab7b5d152f83e0145a7c75eb0a6c032c8789f34eb855482ae326100e10ffd56e43c0

    • /data/data/com.yas.kgkgri/databases/wochi_v4.db-shm
      Filesize

      28KB

      MD5

      cf845a781c107ec1346e849c9dd1b7e8

      SHA1

      b44ccc7f7d519352422e59ee8b0bdbac881768a7

      SHA256

      18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

      SHA512

      4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    • /data/data/com.yas.kgkgri/databases/wochi_v4.db-wal
      Filesize

      20KB

      MD5

      b89a13daea44abeff1331f0924e2680c

      SHA1

      c4b6c4ce484f75d4a2320b658c7bcbce4f49784e

      SHA256

      d4d7c9191c0e20a1540a7649899c0a02c878fca2214c315f06f36543d611cbc6

      SHA512

      6f4620d4a9766a8357bfa1061010059b2efd7d4979de3cf256d5fce2d01c09a5be5018f72d7024ec2f374c904689e39fd2b3dc4aab4d548ba2c74dfe8673658b

    • /data/data/com.yas.kgkgri/files/Pdd.apk
      Filesize

      99KB

      MD5

      e8fbf92c750dbd6fb316be82a6b7b7ae

      SHA1

      2a6ae9568698807cacc8cf4349556446c996b136

      SHA256

      2a3cb93d0ca14a1d0b0820c2a26df502a461fb2546ef4587524087c130553f10

      SHA512

      7848191878b5b8ba2d5020c7be953e70ccc4d392d29e400a65a57cd3731604933125de1d81b3732d251b3450fd4766a814ccd01f3975beda2499a9ba585a26e0

    • /data/data/com.yas.kgkgri/files/log.dat
      Filesize

      221B

      MD5

      ff9229f8e7c92d44d48e25206d43b021

      SHA1

      be3d75050c16c5b7484652ba292fdd6510f205d3

      SHA256

      77fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2

      SHA512

      be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58

    • /data/data/com.yas.kgkgri/files/xu/ZRBJZvKAyB.jar
      Filesize

      768KB

      MD5

      6702be0f0ee71898a32d61f0b4c6247e

      SHA1

      57a9c39405c1ffaffcbd3d8998715c24046bc16c

      SHA256

      a036fb5e2f073a58480e28eea6e8ea9c0134ce274937a91f1fb43dcb83132e24

      SHA512

      d16eab1b0239264a24147d1fd8f553a080ad29615469cb5da0fdafe0566967edfc637f775f023b95c9edab8d683e706573f8bbbabc36a8b1c1a8bbaa109bb66a

    • /data/data/com.yas.kgkgri/files/xu/oat/ZRBJZvKAyB.jar.cur.prof
      Filesize

      216B

      MD5

      47c26d1a10cf1da0b740792e5a6f47ca

      SHA1

      14a6c5e5396cc49496e61d2b55166f3eb2413dd0

      SHA256

      b8c3e968d09e7793aff64bc2525dce3fe83f0b480ec235c5009fb8a35e3b476a

      SHA512

      af010ee8d883293dd58f66ecf424ad0279b51474c24cfcff5323c33931fc5e86ab0c400ae20278ef1a496e509764e979083a78fbd19a1646b84ac4678af86cbc

    • /data/data/com.yas.kgkgri/files/xu/oat/ZRBJZvKAyB.jar.cur.prof
      Filesize

      330B

      MD5

      ce36f4ad05eab57bb727a592cbc4a21b

      SHA1

      c13db8fb0cdece7032f64260c1b99d5e8246d610

      SHA256

      f65d31d7692e9d5651ac093029538c27bad999912042e7b700743b4209c189b0

      SHA512

      92b5d4398b14410f9b51c4062e6d9ffaabd7d212a4a4f1cac68df4324afab0f6aedcddceaec18b67e0f79648907a5473fe1a7246baf2e08a54de6f5b652a006e

    • /data/data/com.yas.kgkgri/files/yl_plugin.apk
      Filesize

      58KB

      MD5

      5a4c666b43ee7f2b6995aaf3527e4a4d

      SHA1

      b205bcb022797f3b16635db139c7524c0c388adc

      SHA256

      05eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a

      SHA512

      c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17

    • /data/user/0/com.yas.kgkgri/app_dex/utopay.jar
      Filesize

      67KB

      MD5

      5220524411d0bacd600da60814d1ee9f

      SHA1

      fef7210ff44e757328bc0ff7aae7bb2191cbf634

      SHA256

      6286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2

      SHA512

      b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f

    • /data/user/0/com.yas.kgkgri/files/Pdd.apk
      Filesize

      201KB

      MD5

      a4237ef36f11c2db307f6d9701da0062

      SHA1

      5d11008a4b9275034db8904e538f7115a429ef0d

      SHA256

      32f697f7444c79efe23be55fdcdab52c8e6f5cd43474cd1735602675feb5639e

      SHA512

      6921b3cbb4e6a062eb9408c06e46e6d6cd7554f6e485b8f6275d8df3b7a8d23b26220c0cb979d3fe919fb6622d5d49160769b0567eebe61488cc4c7708f3b34d

    • /data/user/0/com.yas.kgkgri/files/xu/ZRBJZvKAyB.jar
      Filesize

      2.8MB

      MD5

      5087284b2c59a2df8c2f6c61d24497e3

      SHA1

      3805290096bdb822e2d694e264dca90302b79e8d

      SHA256

      df95c902513c3744ad209e102d1f9e0cd2b2d43d482b1bf6446422301ce12743

      SHA512

      6bd901b7764827e9ac3023550a6bf83319b5570323d2af6588b1260b82cb63a7da4b4cd122eb4708046f6dcee20dfa755d182ac9836f44f1cc32140e4195d7f4

    • /data/user/0/com.yas.kgkgri/files/yl_plugin.apk
      Filesize

      123KB

      MD5

      918890b3fc5a3dc184a57d027ead24da

      SHA1

      c638f375f49bc4731b633bdc001aeeadf9462039

      SHA256

      57d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836

      SHA512

      fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef