Analysis

  • max time kernel
    8s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 08:53

General

  • Target

    a8d37293242111cec03e08ceac1c5221_JaffaCakes118.apk

  • Size

    10.3MB

  • MD5

    a8d37293242111cec03e08ceac1c5221

  • SHA1

    313ffbc245560f3882bf2b5992c3a7526b96baf9

  • SHA256

    52b56ad1c8f1beb1f7d697c1377a408a11a992f35d66cd87212e725878273a83

  • SHA512

    864eb30bf00747d3cfa2d8f2ce7b56e3d703035051fedaff633ec2e8d203f537557ddec172a4093198493c14ae368849defc11cddb5e6349e80b81f428b7967f

  • SSDEEP

    196608:0NYDmqgCSta8jltir2GfxcEMu/hTmtZnz9q6g2hy/nr7rlOdC:SrsQU/cEMu/hTmtZBpzhyvr7rZ

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • cm.tuofu.a20140927081705
    1⤵
    • Requests cell location
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4269

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/cache_2/-2054404330
    Filesize

    138B

    MD5

    6b6459d52f57e09db2e58cc97c57f8d7

    SHA1

    cafdb7ebf691076ad5d4ef4d38eab16c66ad1238

    SHA256

    da5b5353778777054c46f194d8f8a0018e0164112657ce2a417e92521b044ef9

    SHA512

    96cae4b0cfefa6e827aad7f8045736e7f5c3133f0c7d60a520bcc91ad8e31e1cf597b908c99b96540031892918b9a8cb44249b28781fa9d49fa64d2bf71585d6

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/cache_3/-2054404330
    Filesize

    144B

    MD5

    7570dad48a063a539a65b55460ba7be5

    SHA1

    dce6c30df13d6b2b403fb7c2ec47bffecf04f0e1

    SHA256

    d15489635efbfde00f62f93c54795292d189e702ff75896e74a9476459584fd3

    SHA512

    0ff08876c9e5cfae170284e1295a302d7e5c2b7370ef13242bbc85e655445f37cada490748676e223d32d7bfab6efec106508bc1445dbd8bca7567d7ff102dbb

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/global_cache/1807629056
    Filesize

    146B

    MD5

    499eeaeaa99ce93e8706251ccb0e0dc5

    SHA1

    51c34eb499f6b53c550a4b32c88c81ea9c2d34da

    SHA256

    ce2756ce59b9a1d99f5f161f273cfe7e98155981d6dc17acb8e7a0ac6bf106dd

    SHA512

    5e4d74a18df0b28b241b92eaef5f3b98f98b5b262d83c7fdd955b8d96f3874ab7d55d8bd9474e7e8c683b5e946d2053c4ce7556e44c0fd5b52b2eaa93339a917

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/global_cache/1807629056
    Filesize

    187B

    MD5

    6b2882cf09321ac5feca7e513b63f4a0

    SHA1

    35bb671bd4a7fe2771c6da92d6163280852f9fae

    SHA256

    351960847f2a4eb469055f74120300e9a429168b28e03ee4f3a81e47e782d47c

    SHA512

    86e7f4dc5e213c9ee0d604c1569ee5ea7976c67e0bda08ac88e8ee6d8d7d234a78e4076a3f7e06c48c6d7305543677174abf852ceb9e8a689175592d3c7a7f5b

  • /data/data/cm.tuofu.a20140927081705/databases/db.db
    Filesize

    1024B

    MD5

    c62d358199c4a7de197699e112f95093

    SHA1

    c5b690da0c826beeaf85f313a7e9513343529bb7

    SHA256

    c9da7d17f9bb81071d3330c23bf4b194617154e21a0fa0de72b3777e0ec3f9e1

    SHA512

    670c516be76b23329d96580eed1620397798d9642a500399919d59ef675e41f51ef58a69642c537dbe6e344d0031887290b6af250197d42ed52a179654bf0556

  • /data/data/cm.tuofu.a20140927081705/databases/db.db
    Filesize

    23.7MB

    MD5

    5751e0c6188af3680d79c18686c1a7e1

    SHA1

    0ddd57511eaece612470f2b3d546c4cfbd3f0f76

    SHA256

    da47ffccbc24e87f2b662ce41cf87e1147af87f570e7078a19d1e40c71b03229

    SHA512

    93878b3a30104582b462ef79a9dbe5d70306dc1451417b295d8b13bce28af7de52713f476d78a10ab9edbafbf96eac25a952bb8bc09087c1ff0c59b596e9a6f2

  • /data/data/cm.tuofu.a20140927081705/databases/db.db-journal
    Filesize

    1KB

    MD5

    63b946280b11bacea6e270f17cd7b560

    SHA1

    0a98de5f5eb18df582bcb644828a238c87e4d613

    SHA256

    c0ede9202c41e697cf92f5a69229014690be916baf2fac7f48d98cc8319f948d

    SHA512

    3ed0effc367fca640966602745295dcd9e4247e078938eecbfbf3e00c39c91f553ca2116a93d0ae91b75c6dd9a5a9cb0f988e2877244a80ec21ed92f5c603e52

  • /data/data/cm.tuofu.a20140927081705/databases/db.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/cm.tuofu.a20140927081705/databases/db.db-wal
    Filesize

    4KB

    MD5

    f611a42f31703f474d1ff559eb6ac68f

    SHA1

    5b2ab9c6c1faa074bfeba995103c855568a12efd

    SHA256

    71217dee562c4daa159e6dc2deca41534d8b5ef4ac151db55f3e4b4682139647

    SHA512

    e3fccaf4fb88bc06a0c401be6592589bc8f8a9e1e56efccdb3f851ac60fcd3d53bfa107a671c7dbfaffedfb208b20125776139ad26b7e658db313f4d096a4cb4