Analysis

  • max time kernel
    9s
  • max time network
    186s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 08:53

General

  • Target

    a8d37293242111cec03e08ceac1c5221_JaffaCakes118.apk

  • Size

    10.3MB

  • MD5

    a8d37293242111cec03e08ceac1c5221

  • SHA1

    313ffbc245560f3882bf2b5992c3a7526b96baf9

  • SHA256

    52b56ad1c8f1beb1f7d697c1377a408a11a992f35d66cd87212e725878273a83

  • SHA512

    864eb30bf00747d3cfa2d8f2ce7b56e3d703035051fedaff633ec2e8d203f537557ddec172a4093198493c14ae368849defc11cddb5e6349e80b81f428b7967f

  • SSDEEP

    196608:0NYDmqgCSta8jltir2GfxcEMu/hTmtZnz9q6g2hy/nr7rlOdC:SrsQU/cEMu/hTmtZBpzhyvr7rZ

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • cm.tuofu.a20140927081705
    1⤵
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5045

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/cache_2/-2054404330
    Filesize

    138B

    MD5

    6b6459d52f57e09db2e58cc97c57f8d7

    SHA1

    cafdb7ebf691076ad5d4ef4d38eab16c66ad1238

    SHA256

    da5b5353778777054c46f194d8f8a0018e0164112657ce2a417e92521b044ef9

    SHA512

    96cae4b0cfefa6e827aad7f8045736e7f5c3133f0c7d60a520bcc91ad8e31e1cf597b908c99b96540031892918b9a8cb44249b28781fa9d49fa64d2bf71585d6

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/cache_3/-2054404330
    Filesize

    144B

    MD5

    7570dad48a063a539a65b55460ba7be5

    SHA1

    dce6c30df13d6b2b403fb7c2ec47bffecf04f0e1

    SHA256

    d15489635efbfde00f62f93c54795292d189e702ff75896e74a9476459584fd3

    SHA512

    0ff08876c9e5cfae170284e1295a302d7e5c2b7370ef13242bbc85e655445f37cada490748676e223d32d7bfab6efec106508bc1445dbd8bca7567d7ff102dbb

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/global_cache/1807629056
    Filesize

    107B

    MD5

    676aa9573d3c381e283dcec0d3f49ce0

    SHA1

    55466c9c0525c3d80081ce5dabcf6e7e2f9fd776

    SHA256

    d862dc9d32cfefca15ba0ce33d49944815e8069fdb27820e5e4fb1bfd62f8318

    SHA512

    14032bd8c961d54e4aaf994edd4a081ce713bd82c244a289cd5a0cdf217f1226c42c3f3a53ed23a18b333e6ec9228e80a2b1aa8a7f4ed30a34df2b9149e5af0d

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/global_cache/1807629056
    Filesize

    136B

    MD5

    a45d9880d71cf4fdc91776414c0df9eb

    SHA1

    954c16911e94deecad7adad4b8bfdd4da947f2c4

    SHA256

    98b34c727b2dde53a283115fb8521eaef4450014feadcb2744f25ecd9cf6d86f

    SHA512

    36a51f0756353d97d1f049f7a526ac9c8d78caa31e739a6bf0ab6a2fd3784c66e5914645433274922994c4d06c1882c0f623d1c43b94f432c017cd4301cc140b

  • /data/data/cm.tuofu.a20140927081705/cache/feiwo_dir/storage/emulated/0/feiwomob/global_cache/1807629056
    Filesize

    148B

    MD5

    46f2afc53c81ae4fed739f09fff7899b

    SHA1

    bf5127d5478bca9c7fe94786d6ee7c4b6ce63714

    SHA256

    bccfe0b6a8c48ffe54eed7cb9954e5ce273f70161a502b3bb925c892bbee6776

    SHA512

    830f8e3053cc142e4de3c33ba2be82a81aa360f5eff186d9f3f85375ad61a72c9174cc51aac7e4623b88e28cacb188eddf79e8ec028a9ac2a7b1633a95c54233

  • /data/data/cm.tuofu.a20140927081705/databases/db.db
    Filesize

    4.2MB

    MD5

    5eb48502a0a8d8a3c235388686bface9

    SHA1

    4eb8bce49f32dcb8b6b1c842158f846871ef40b1

    SHA256

    57e2ea30c4b49c0b6fbf7d7ea08e06aa882ab84ab31c600fe5e3b510fb09d5bd

    SHA512

    85ac8c4ed4ae81e2f9e0490fadb3868890e062481458b5bdb046996ea96aa8916d68ef729431e58780f85d08199933a86dca1f3fe21e4b67ad89d1e777c763b2

  • /data/data/cm.tuofu.a20140927081705/databases/db.db
    Filesize

    23.7MB

    MD5

    5751e0c6188af3680d79c18686c1a7e1

    SHA1

    0ddd57511eaece612470f2b3d546c4cfbd3f0f76

    SHA256

    da47ffccbc24e87f2b662ce41cf87e1147af87f570e7078a19d1e40c71b03229

    SHA512

    93878b3a30104582b462ef79a9dbe5d70306dc1451417b295d8b13bce28af7de52713f476d78a10ab9edbafbf96eac25a952bb8bc09087c1ff0c59b596e9a6f2

  • /data/data/cm.tuofu.a20140927081705/databases/db.db-journal
    Filesize

    2KB

    MD5

    e4704f1470b594374ef29657bc444bfb

    SHA1

    af95102024183a37b9eb602b0e2c170a14c97ba1

    SHA256

    e27e3c83955ddb97eeb9c23bea4df37d37c9b63781ac68a554e86459dff6d7f1

    SHA512

    7d5ee07347cfbb24060428a585528320882c0f30a3362787cdbee00f3396b51076f083cc8a4b9ecbc6f4783886d3907378be9b3d458ace9905188926ff3221b2

  • /data/data/cm.tuofu.a20140927081705/databases/db.db-journal
    Filesize

    2KB

    MD5

    63a7716c1e53146ce6cb9f13c4b2bf44

    SHA1

    8dfa6912c773e33a7ce91e1a5fdca5881ee58e05

    SHA256

    6e211fdffe51ddf147ee53ac24de4671a5e074a572a86c08fd38b6e13a8e21d6

    SHA512

    2864ee8f4664e77ac62b54c0053ef805aa27ba27a74e926594b9cac1be29f2dc0ec3365e5a68960e69904102f93f9a224987be66f49ead471872139ae2dbee0c