Analysis

  • max time kernel
    179s
  • max time network
    171s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 09:34

General

  • Target

    a8fdbb3e2617ab4c8b8e7c8229618b08_JaffaCakes118.apk

  • Size

    9.5MB

  • MD5

    a8fdbb3e2617ab4c8b8e7c8229618b08

  • SHA1

    19a8ea9b6da157c70f303a68d329a748b9bfb6eb

  • SHA256

    a5ed1248d020c54975bcf50f4ae282fa6241de3312c008b2b41bf69bc552d69d

  • SHA512

    f57097d9523a4d3be4bbcbfdfff444be47d77d69a46dc5c653d2b2d43b044b7819989b486eee8cd63608049a0c45491c003569dc4be6f48b9cba840c0bcc98a9

  • SSDEEP

    196608:1dgwNvq9CFPVG9waEt49w+pW9ar7eVZU322O2UzbY:cw4YtGOaEGjW9K7eVZW25ZbY

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 12 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.damsy.soupeajf
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4178
  • com.damsy.soupeajf:remote
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4217

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.damsy.soupeajf/Heriswap.db
    Filesize

    3KB

    MD5

    d4fda447be58de8656f7267c5ce2adff

    SHA1

    edde01802b846cf9d1ec35d19191bd737bb470d5

    SHA256

    e857a6d3f93f50d83c58c43b991046abdbb4a6b8cbc2cf713f3db064fbd148f9

    SHA512

    173d511bae11821d427da058222519192996d2bf80d24a33a434c6697b923ec790829e023900afa8fba988d4a11facf4224946f8f4e198d4c56907e39c60da21

  • /data/data/com.damsy.soupeajf/Heriswap.db
    Filesize

    3KB

    MD5

    14f2ecac1abb5cb56820a895a8ec8532

    SHA1

    f6d0fe1f11cdcb6e4b635f0976b6c809f3a86ef3

    SHA256

    70b55511157f8517d566e601a8338abf0c9fdecbdf5f93b9befb46ecd7a01238

    SHA512

    49fb6f41461c6c4a140b263749dbcdd68b29401422e8412f639e83462da378b28518c22df5d8c7c98e4d6df0714fa0cf0fee98689e8905cd44726fddf4ff43ff

  • /data/data/com.damsy.soupeajf/Heriswap.db
    Filesize

    3KB

    MD5

    90614bf4c63823baedeb1f0ec9b7bb3d

    SHA1

    bc6ada1697900ce85c4bdfaf3a1f15c24265307a

    SHA256

    27ca4b6c2e4dd16349c5aa20679df4045fc20cad70f8a19c1ebeeebbecd3d525

    SHA512

    4cec63bbab91aaf40e2eb7dc92317bc7026a501c3ae9d57795bdb0dad275db286d5b33c0b6ccfd9128a48b913a102c3fc4e32fe858068aa1c3a20041471915ef

  • /data/data/com.damsy.soupeajf/Heriswap.db
    Filesize

    4KB

    MD5

    ca075753ab2e9c6815c15f209a8dbd75

    SHA1

    0958a1030f15835b41b71fee2d02e933e65015ae

    SHA256

    43887e39fb8be348790e9f79b9ca0247a7bab248f44408822799741f4f0173fe

    SHA512

    d435a6141865872d36d00ad6ede41efa91a126fb0981c9624d825c604a205a91ec1e5a46948397c371f9dfda4ec6929747612f92c60486041618ae1bf90ced90

  • /data/data/com.damsy.soupeajf/Heriswap.db-journal
    Filesize

    512B

    MD5

    2ed26a79602f4d552aa337d0e46267b8

    SHA1

    087304539c91ed995e18b04d42abe123c081fd3e

    SHA256

    77fd942fcd5787b61e4db67c78979536d1a861bb0b28149542f7f223019a7a4a

    SHA512

    5d38473adfea8227d203f0c6b588583e7ea0f90cfb4da3e8725dc811f2c5ee22ab2f3cb2002c28042a5e4a990286c19ea117c4cdc2f84edbf215f03490e167b9

  • /data/data/com.damsy.soupeajf/Heriswap.db-journal
    Filesize

    3KB

    MD5

    0c65bdf6d59020c95d82a9ef9344a816

    SHA1

    696194502cf8a2f69746e4e0fd87d04e76ee9b94

    SHA256

    020e177636fad4dcb3d970a669a249bc0a7ee8eeed381d29493a4ab8214dae71

    SHA512

    eeb7a3087107b2f65a4ff908622f80c02ac562d79c99280f7382cb5efbbf7fa4394e7797d11ef5db1e82f56f3b0d886f0a6ff31a9016cb15a3c3eecd1c539651

  • /data/data/com.damsy.soupeajf/Heriswap.db-journal
    Filesize

    3KB

    MD5

    c5756a0df9add85290d9efbc830f816a

    SHA1

    a8539da2d3ef5fe46bab1bf8d64f14083387d4e4

    SHA256

    190f8fe7d38a234c013f37818f8ef28bdf88cc6cc155db93b7d4baf7b272d65a

    SHA512

    abcbf43f7afbe633ac366d70dc99b319e8d96431014aa9349b7bc4ed737ada9346421842abbcd01c900bfd9cbc7f4cde93538258eece104cb4a31503d710ea99

  • /data/data/com.damsy.soupeajf/Heriswap.db-journal
    Filesize

    1KB

    MD5

    2bc5170a0d72340a7a5ca03bcdcf9547

    SHA1

    922cbfd941322dcb55261f446089f8422a413e1f

    SHA256

    6a1b2ef639dba65d447d1c4f6bb5373df6fe2babc4527d59d8299041f5b55f85

    SHA512

    0d9aafad2789f6b61418f8de090c0661b16b5c35107d59d43cce6127c200477e07d3bed6237b9d7ca99888a66b17e74b9499f70ae17887928bc6fd8048f3a668

  • /data/data/com.damsy.soupeajf/files/1718357717304.jar
    Filesize

    88KB

    MD5

    2b8e5133ab70faf0d60773c2479784a8

    SHA1

    4bf07ca019939c97c370290b2b130782ec1ee9e4

    SHA256

    0089673365d16f03f0f62c9bb2bcab85cb6e0a9becb887536f74df45f4a96acd

    SHA512

    57454b5966d458004a4823f83105fed25e8a44cbaa3a74dfee5d1aa178c9c17cd442487dde2c78c9462922ca3b3d1a353925121243c350f99e0c7b8a42c7d2c4

  • /data/data/com.damsy.soupeajf/files/1718357717362.jar
    Filesize

    28KB

    MD5

    83cf98a8a0c81c31f961dfa319043fe1

    SHA1

    7c3c5c75ccb1e34cbf95927223b6f2818ee85a3d

    SHA256

    a527159aa1a9503c78af96a094ebf7be320cb7abf9b72467d5fafa1d3d2ab0c3

    SHA512

    362a91749c1e609358de4df99913d1a5ec30a1c5360fb55d7abf92bdde561d553542b3f36c1c9a27aa355082c6847dd2a0f71f390dd29e670c6009302707e1a0

  • /data/data/com.damsy.soupeajf/files/1718357717367.jar
    Filesize

    36KB

    MD5

    0bd10d8e09797b3d5e0bed08962fec4a

    SHA1

    12fe4bba8ad69051712f46be849a7557adb6e7b4

    SHA256

    1d6515dcb37b1cbe99cd4da86ca89b96ecd6a782306b836007aea3887c79bb40

    SHA512

    f09595794d6479dc6eaca81f8d0c3dba0473516e5a7547cb68f0830cf9428beae2253b997be5b4dd0880f9ed941a3fdc64d220c302b2fe267b084ce304fee700

  • /data/data/com.damsy.soupeajf/files/1718357717416.jar
    Filesize

    34KB

    MD5

    73509df1eef0c8db0131e1cd7199854f

    SHA1

    6b67ffc1cd28df948925e28d19d21d129c7a687d

    SHA256

    546736bc57ea8fd9b8d221c8c54e36dc2b91bff5243bd19620c9612c7a83db13

    SHA512

    5af99144d95775abf6fdb1e8616ac2c8fcfc94f5c4e28b0970f50cd57b7100c9f568fb0698cced4cfea55662e6ae8663596d4285cdb561cceb8094d3108a993f

  • /data/data/com.damsy.soupeajf/files/oat/1718357717304.jar.cur.prof
    Filesize

    163B

    MD5

    1075a920e64f18774db5432975cae04a

    SHA1

    7ac64c2c60ac8bf0a70790c92dd4e66d327524ae

    SHA256

    e883648e9adf23719e919387dcd10cb8b994548c1f858630294f7bf77157be55

    SHA512

    7e7ccaf0f1d83e5f7d46d1fdda30bcd5e89e7ad8afed86fc0403c7ebf3ba8b351209519e9f4ce641809344596793edcab7f7c1af1c2d511a8722ecee40ce6147

  • /data/data/com.damsy.soupeajf/files/oat/1718357717367.jar.cur.prof
    Filesize

    113B

    MD5

    3f7d36843e7062f27c6ac32ab1e8e3dd

    SHA1

    15d8067928f3e55ea337ec649d0951a314d92940

    SHA256

    950596eb2300a4f10d89ae149fc79995d1dd96a2d84e18f2829be137452154e4

    SHA512

    289ac3bf9e2c13949a9b4e64fa2cfe6bc0aefa451fe83506bc6a04a38bdc744e5f3ac8c360e2d2c607c093b6f0c79840cdb6c6d15847d9faeff4429c388da292

  • /data/user/0/com.damsy.soupeajf/files/1718357717304.jar
    Filesize

    187KB

    MD5

    740d10777a7b40da9c4aa080a9208eaf

    SHA1

    a410ef0845b6d5182bbb867184bd1d701a8d46a7

    SHA256

    1ea495d49d4f2a359def9c53c69ee549cb61eb23fca40d0caf147a7dd6317031

    SHA512

    ed59e78a7f26491656d37079367bdf5d4e31cf299c6029c91552c0974763640995b316a31ec7eba2fad4a982c989cffcedf5c3ea8c0e3ef422de3e4546087b36

  • /data/user/0/com.damsy.soupeajf/files/1718357717362.jar
    Filesize

    62KB

    MD5

    075dd329368aae37b58c88421c5ee793

    SHA1

    e207f5d3bb937b375dff1a9e823231aa3725e950

    SHA256

    edae0a3af40d3ef7229ccf565d27452977ef1247188eb2f31939e778e8553a76

    SHA512

    74e702fb4e64c6758f1d10ea9fe049ccfe4d0ec4bf0c68db8ee7f751f18081d9475abd7cbb4b8d4924bf8c76cdbe418aed1a0b292434d0822bf8a153efceddba

  • /data/user/0/com.damsy.soupeajf/files/1718357717367.jar
    Filesize

    79KB

    MD5

    8412b9027c7850db441740db3c8d088c

    SHA1

    8ea035462a4c4fba08e3acf889646e5bc0aac549

    SHA256

    fe5de45be505d29feae4674b32c0018f83c0cebc768086bfc46d12f33456b14b

    SHA512

    5416cbbb16719c07ee51e5de9a532c62f37a3cead789a9ba2fb85a9a2a8d869eca78cedd85bd7b7dbcb226b08e1b85e2745f1f4bf9bab423940bd172e8239311

  • /data/user/0/com.damsy.soupeajf/files/1718357717416.jar
    Filesize

    75KB

    MD5

    f64fc60eb98c91dea65430da07fc7f66

    SHA1

    0033519a40ff367dd3a7deeb9dda00ef46074421

    SHA256

    baafe6a8e530fbb4c9c59868864ba589c60485a64d94bfdae5655b5d7fb5f604

    SHA512

    7b06043da10bc6ebc0335400cd0d73c68b087dac6cbd1e665e75d1074b75e3c93018f1f88bbbce9bc0f5b1c29e66954f776546a217a5ef726c9b96e3efbc98cf

  • /storage/emulated/0/.banner/.app/.ban.apk
    Filesize

    115KB

    MD5

    b985e8318311d26b484f6d70b1c6fd1b

    SHA1

    24908076ce774fcb028c3406f8e4a123ba84528e

    SHA256

    6b5d780bdbb348f255b25115785222acab0766c612c3fc9151cafdca4a0a1a50

    SHA512

    34bcbdb0c7e685333dd7b839525d7f2681cc647720c051d3a35b21741256369aeeb43aa5d3763d2e06b934a696eb6683e4376c3b462a631bfd6f590f0c87166e

  • /storage/emulated/0/.banner/.app/.ban.apk
    Filesize

    79KB

    MD5

    98cf7bfae8414760da77d3b6297bdc19

    SHA1

    f34745b5ddd8680fd4a5625d8fffcf3cf725bcf5

    SHA256

    8228e605d3fed288e19e613b31d255db6baed1e5bc0ce9998b14e7e2daacaa38

    SHA512

    c9e646d9ace5b5fcca23c65a529dadd020195f86a5a79ab8b541bda6daebebc47b803d66c470bf61ac8a17262895ff51a3967a3014ce5360f6a997830167d83f

  • /storage/emulated/0/.cache/.app/.lib.apk
    Filesize

    568KB

    MD5

    1c91afe006f75ad641a08d0c6988f802

    SHA1

    6a3866937c39598b515744f466cd36f0a4106a55

    SHA256

    08683748eca16e19b26700dd4e76344baa733da49eab0e05e50ac6273c46a536

    SHA512

    f33b085832955e82111f8e98e2beaa54f33e97316141875cd757b9783664e945edcbae9a3148ef8070e2ccb673403153e29f92946092ff44ff6e5c0101fd4f1b

  • /storage/emulated/0/.cache/.app/.lib.apk
    Filesize

    101KB

    MD5

    4b1ff2a5775526636356d97bbfb68928

    SHA1

    be2d63b50032b00fc3bf0e05206cdeef0d742344

    SHA256

    e26e7b651e8a7d5a6ec10f0272db5ad3e3dbccf991373f2f7aed054449aee0da

    SHA512

    041b88c4f9efe4bb9169840cbe34f1210a54f242e3b36b157821df6336e6e952a4626b5d8ece94779a68bd2cfb4906e6534069f5a09a5913b762ab6253ee1b2c

  • /storage/emulated/0/.push/.app/source.apk
    Filesize

    205KB

    MD5

    96ea7a09349f6f9982dc8ef5c411c6f0

    SHA1

    284bab45851c666d0d6abc697e2d0891be9fdd56

    SHA256

    aaba756d68af1a524e81fc70a83f90cae57ea1d903f7e86972bfde60a5e49762

    SHA512

    40eb94f2ba66ce2489bb1dd9204813c4ffc91e604ff95c7c1c1948ae614c1f0b9925a49064e23c034274acc349b346dc957a0aba2113a0ab677ae65a99d9f2c2

  • /storage/emulated/0/.push/.app/source.apk
    Filesize

    96KB

    MD5

    ab161986f1c9da41148e46c5a561d15d

    SHA1

    ce075783fde23b69e0fb4359e2866a344acbac9f

    SHA256

    512d59cdd5e2cde06eb1d01f486257a89807b2f73de4dfbf2e9183d0436e747b

    SHA512

    0842c8e0362b07d2f39bbab69f33e71a6bc9482a92637bcfd7d5ebbe125b1310bb96b907c821cd051271ae588cd8b53226c9b261f5074c02fd1df12a021b2cdc

  • /storage/emulated/0/.secur/.app/framework.apk
    Filesize

    86KB

    MD5

    a01d86472bd2867dfe1b839dff48225c

    SHA1

    de104b23dab692e929e6a9100e396333abf444e4

    SHA256

    2964ac22fb76130a93037c23d358731d303e0d1e26f1290128a7e7326ea755a6

    SHA512

    24b94cbcdbdbc3612d5086aba9de9dba0794c30d2406ce02c0ebd9efdc44fa111160a6a5b209bcc6792e276829bd4143c17b99c45315208846b74cef8402ee53

  • /storage/emulated/0/.secur/.app/framework.apk
    Filesize

    96KB

    MD5

    d1b712822b3c0290933c48a123e0d0eb

    SHA1

    d4df9cc1abcbd023c75e0d7456a37f60ff1d2ba7

    SHA256

    bd86004b1a8033aad8e28f3634c211569d23c8e158ceff7ae06dbe87ceec0674

    SHA512

    c0b8cb6f8ddb4c3a44cdb441119351d58a1f2977511e045c3daabf2097f484424ca3c062062ee0aa40e7b69f627cae1d0a5011a598f975bdb594430b018eaf83