Analysis
-
max time kernel
153s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 12:09
Static task
static1
Behavioral task
behavioral1
Sample
a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
UPPayPluginEx.apk
Resource
android-x64-20240611.1-en
General
-
Target
a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk
-
Size
10.2MB
-
MD5
a99b2c219ff6cbfb39b0932590a44f4f
-
SHA1
9a9144509ffa7694a9751eb4c7091540b97f1d9c
-
SHA256
d22c40f830dec01000adcee6ac1c3de3c72c93044a0dded38b69bf90a7bb0ab3
-
SHA512
70e174b3b27a89bc16a54e982ecde44cd9cb2b1736207927eb7941875a0cddc7e2002f62d6c1c9539be95653abbe467e69b3de1356df058e017942cec1b8dd51
-
SSDEEP
196608:qgCdnhQGeTEnRGXjJ7Ncz+LHhsW/6qECAhP2WkE+L2UA89rXr3wuIbOfjzK5Lzi7:/0nhVeoAXlZ//6qFJFrXTUqzKJziPD
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dili360 Framework service call android.app.IActivityManager.getRunningAppProcesses com.dili360:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.dili360 Framework service call android.net.wifi.IWifiManager.getScanResults com.dili360:remote -
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.dili360:remotecom.dili360description ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.dili360:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dili360 -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dili360 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dili360:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dili360 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dili360:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.dili360 Framework service call android.app.IActivityManager.registerReceiver com.dili360:remote
Processes
-
com.dili3601⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.dili360:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.dili360/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
512B
MD50f7fb92dba6e101b67e2ba2580a9e5e1
SHA1d01495605a95acfad6cdf6a8e7513dd7820c4987
SHA25624e826421b26c455d54085fdb502552c04a3b85a53ae0e31b345c34f2ece9826
SHA51217d327ec970f4032f09cf589b4fbd6d35930b4595f231e0c172da89d57d3a8d00792a8aecad7d4b1071214205de59ceccc9b27e53d1a354766916c06b4377906
-
/data/data/com.dili360/databases/bugly_db_-shmFilesize
52KB
MD57d2ab2dcc3f45b2e20557b2914460fa2
SHA10f5ba77c170609c64bb93d6680397bda6649041f
SHA25687391321d677fcf3b09658914091886f0910b364bfd9e23f25586e4212708f0f
SHA51217328557c4be9c019305b40afde8bb8f077bf45db901ecbc85e24b49734337a026376406e70e66096256f7062625d0cc82cb3afb132aa2c615a27092db0bb579
-
/data/data/com.dili360/databases/bugly_db_-walFilesize
80KB
MD59270f1f6cdc20bab6dd9d064cffb8b42
SHA158faae0522fff914339441d1fcc443044977d395
SHA256474032c36594d2b6d2dfd2bbb333d16bcca8c3919f74daa8cd4bd7abed1c192a
SHA5122adb17ee34635905d4160f6d3a6d3e0e106c048906c6313c6a4f798fe3192d073e207aea655c64c02e5b8fbc16de03f0f70d70e9e0cf4c2994020eb07dc6f92a
-
/data/data/com.dili360/files/lldt/firll.datFilesize
76B
MD55e3a40aae5d8e7c026940c043cab5e7c
SHA197b7a8ff215a8edcd7f6a8dccddd4e2dfbe4ca7b
SHA256805f61f877578059b178f089c7b9772b445d7377b51fa92a5ffe0c6f731a6239
SHA5121a8968be141abcdfaf767c9dc078360bc3b5db6a15cbb67c09d32cb5fd8d581ad5fffd175ffedba82133076b055ed85a7c4ff6f1d808442ebbc86008763e49aa
-
/data/data/com.dili360/files/ofld/ofl.configFilesize
235B
MD5e3eb2e0bce0e957a69a62695e1513d11
SHA12308bf79b2d017f6e13044f7707ee2707fcd74d8
SHA2561c369826b2cd98ccc73e3773a9a84a00ae4aed264ca97aa9ed1f1c1b34e20650
SHA512147242ba5cb744485833737d556aee66cb2efe9dc95cfb5b312a3381c70b97b2cce968ffef782b621740cd6e60f2139b1d012a141c98387be443b632d1fbe431
-
/data/data/com.dili360/files/ofld/ofl_location.db-journalFilesize
512B
MD5165b0d3bf8000e036590c198f83516c6
SHA118462bfacc2bde260c94aed5464bdacac6f465d0
SHA25642fbc0114a5f05475036f0abbcf1016557fc676b451530a4597930cd91550df6
SHA5122387bf8392674352d77afa3a1b3c1602a02c748171b72b110fca81b4e394ad805ddb05138f63002fea431a1cab38703180b9467a06d346f3fcfa34561b32ce7c
-
/data/data/com.dili360/files/ofld/ofl_location.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.dili360/files/ofld/ofl_location.db-walFilesize
48KB
MD52da6ca4d57e0c56205ac27ce0371bbe7
SHA1890e9562697a48194bc6eeb89893713fca738097
SHA256a54199e1a789416cb6d03dd5c6b62d9f8bba86ec3fbef5d7a13e95bfac23657f
SHA5121faa3d201f05516833ed0a735803694cff4529f0cfdda2ae46225a3f39dde65c1960d529eddfbc86b0de8c779101adfad6cf16f63f5219f48024c3b67cdcacf0
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
512B
MD528620a61fd7d109c80ff5199e6a9e909
SHA1f5fe4869fdc4bb563ca92b422b503b28e7d6bdee
SHA2568af9a0203f088cef3bcfa8915097187b8e220c77ab76807020fa2dfbc913ad07
SHA512f5aa3e73975fb4a64e1479f1de9e219261078f4be2ff6dc95a66c387f4109a6ffa08720a4cae5aff28f246f2ee0f18fd1df7e7aae7d08249d02a1e5038611a22
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-walFilesize
156KB
MD55ae54844da772b78a9ab5c02ceaea65f
SHA1c077325a9e9363ad72a64de2151d2f855641ad04
SHA25668ac9cdcb46b9922459da8f1371a03f55ff474ace3d726447d8e95d274cbc500
SHA512bdd5527368cd06abf8dbf93a781a536e4d70c59238e68b928332428e201d018b933eecc7ed8476d45c4414c8928ba8bc0069349bf3a76e1eae3aed30a811d5d6
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.datFilesize
148B
MD543571bc0bf8ef49266ff3831bdd9306b
SHA1a7045398371521c3ce9d241552101e0fd69bbd2f
SHA256f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e
SHA512b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.datFilesize
446B
MD530cefaf2f69bd6e49d8b81a2576dd3f5
SHA112787dc265d882d2689264746045afcec2c2ef28
SHA2567994e39ba427515f17c91d7a6d38378f901dddcd6c4e9ea06e05d59b72f13a7f
SHA512d9b385438d47899b74dac28cc07162ea8764474e45eb2185f568175e81945b08d2c308f97b53a9193715d36a82a59ed9b0de45fc58710f0aae0b3b6238e5d4ef
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD565605d3c68d287ac4e9f84995b655150
SHA1076dbc6af020a8fa9b19bdbec5777eee790bcb2e
SHA2562f3c922a96d45c0c781393eebb59da5d2e20556b92576901e1893e8187388b97
SHA512390331e90eb93c2260031377c7c4806704e07268f0daad349d63d8f98e2bf388b6ce72a10682e7ff40ea945f02ff2ad92476ab02dc1067e665bf18fa23279cd3
-
/storage/emulated/0/okhttp/journal.tmpFilesize
32KB
MD53350993d3acb259fd776de3dac4cb777
SHA1190da179c53d28ff37d254d35f3e22119ed6535d
SHA256f82ecc5bb756e104b5aef2263e8f5c107814e80ff35ec011637bf555e6defe56
SHA5122dd8398730148f49a23b68ef1757d3c1e030de5e494c96ae25a8acb04b4a64b11c7b280a6c48ef407d49ba74c402c68eeac7823586633c5eb02bfb30395829f2