Analysis

  • max time kernel
    153s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 12:09

General

  • Target

    a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk

  • Size

    10.2MB

  • MD5

    a99b2c219ff6cbfb39b0932590a44f4f

  • SHA1

    9a9144509ffa7694a9751eb4c7091540b97f1d9c

  • SHA256

    d22c40f830dec01000adcee6ac1c3de3c72c93044a0dded38b69bf90a7bb0ab3

  • SHA512

    70e174b3b27a89bc16a54e982ecde44cd9cb2b1736207927eb7941875a0cddc7e2002f62d6c1c9539be95653abbe467e69b3de1356df058e017942cec1b8dd51

  • SSDEEP

    196608:qgCdnhQGeTEnRGXjJ7Ncz+LHhsW/6qECAhP2WkE+L2UA89rXr3wuIbOfjzK5Lzi7:/0nhVeoAXlZ//6qFJFrXTUqzKJziPD

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

Processes

  • com.dili360
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4262
  • com.dili360:remote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4313

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dili360/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.dili360/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    0f7fb92dba6e101b67e2ba2580a9e5e1

    SHA1

    d01495605a95acfad6cdf6a8e7513dd7820c4987

    SHA256

    24e826421b26c455d54085fdb502552c04a3b85a53ae0e31b345c34f2ece9826

    SHA512

    17d327ec970f4032f09cf589b4fbd6d35930b4595f231e0c172da89d57d3a8d00792a8aecad7d4b1071214205de59ceccc9b27e53d1a354766916c06b4377906

  • /data/data/com.dili360/databases/bugly_db_-shm
    Filesize

    52KB

    MD5

    7d2ab2dcc3f45b2e20557b2914460fa2

    SHA1

    0f5ba77c170609c64bb93d6680397bda6649041f

    SHA256

    87391321d677fcf3b09658914091886f0910b364bfd9e23f25586e4212708f0f

    SHA512

    17328557c4be9c019305b40afde8bb8f077bf45db901ecbc85e24b49734337a026376406e70e66096256f7062625d0cc82cb3afb132aa2c615a27092db0bb579

  • /data/data/com.dili360/databases/bugly_db_-wal
    Filesize

    80KB

    MD5

    9270f1f6cdc20bab6dd9d064cffb8b42

    SHA1

    58faae0522fff914339441d1fcc443044977d395

    SHA256

    474032c36594d2b6d2dfd2bbb333d16bcca8c3919f74daa8cd4bd7abed1c192a

    SHA512

    2adb17ee34635905d4160f6d3a6d3e0e106c048906c6313c6a4f798fe3192d073e207aea655c64c02e5b8fbc16de03f0f70d70e9e0cf4c2994020eb07dc6f92a

  • /data/data/com.dili360/files/lldt/firll.dat
    Filesize

    76B

    MD5

    5e3a40aae5d8e7c026940c043cab5e7c

    SHA1

    97b7a8ff215a8edcd7f6a8dccddd4e2dfbe4ca7b

    SHA256

    805f61f877578059b178f089c7b9772b445d7377b51fa92a5ffe0c6f731a6239

    SHA512

    1a8968be141abcdfaf767c9dc078360bc3b5db6a15cbb67c09d32cb5fd8d581ad5fffd175ffedba82133076b055ed85a7c4ff6f1d808442ebbc86008763e49aa

  • /data/data/com.dili360/files/ofld/ofl.config
    Filesize

    235B

    MD5

    e3eb2e0bce0e957a69a62695e1513d11

    SHA1

    2308bf79b2d017f6e13044f7707ee2707fcd74d8

    SHA256

    1c369826b2cd98ccc73e3773a9a84a00ae4aed264ca97aa9ed1f1c1b34e20650

    SHA512

    147242ba5cb744485833737d556aee66cb2efe9dc95cfb5b312a3381c70b97b2cce968ffef782b621740cd6e60f2139b1d012a141c98387be443b632d1fbe431

  • /data/data/com.dili360/files/ofld/ofl_location.db-journal
    Filesize

    512B

    MD5

    165b0d3bf8000e036590c198f83516c6

    SHA1

    18462bfacc2bde260c94aed5464bdacac6f465d0

    SHA256

    42fbc0114a5f05475036f0abbcf1016557fc676b451530a4597930cd91550df6

    SHA512

    2387bf8392674352d77afa3a1b3c1602a02c748171b72b110fca81b4e394ad805ddb05138f63002fea431a1cab38703180b9467a06d346f3fcfa34561b32ce7c

  • /data/data/com.dili360/files/ofld/ofl_location.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.dili360/files/ofld/ofl_location.db-wal
    Filesize

    48KB

    MD5

    2da6ca4d57e0c56205ac27ce0371bbe7

    SHA1

    890e9562697a48194bc6eeb89893713fca738097

    SHA256

    a54199e1a789416cb6d03dd5c6b62d9f8bba86ec3fbef5d7a13e95bfac23657f

    SHA512

    1faa3d201f05516833ed0a735803694cff4529f0cfdda2ae46225a3f39dde65c1960d529eddfbc86b0de8c779101adfad6cf16f63f5219f48024c3b67cdcacf0

  • /data/data/com.dili360/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    28620a61fd7d109c80ff5199e6a9e909

    SHA1

    f5fe4869fdc4bb563ca92b422b503b28e7d6bdee

    SHA256

    8af9a0203f088cef3bcfa8915097187b8e220c77ab76807020fa2dfbc913ad07

    SHA512

    f5aa3e73975fb4a64e1479f1de9e219261078f4be2ff6dc95a66c387f4109a6ffa08720a4cae5aff28f246f2ee0f18fd1df7e7aae7d08249d02a1e5038611a22

  • /data/data/com.dili360/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    5ae54844da772b78a9ab5c02ceaea65f

    SHA1

    c077325a9e9363ad72a64de2151d2f855641ad04

    SHA256

    68ac9cdcb46b9922459da8f1371a03f55ff474ace3d726447d8e95d274cbc500

    SHA512

    bdd5527368cd06abf8dbf93a781a536e4d70c59238e68b928332428e201d018b933eecc7ed8476d45c4414c8928ba8bc0069349bf3a76e1eae3aed30a811d5d6

  • /storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

  • /storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat
    Filesize

    148B

    MD5

    43571bc0bf8ef49266ff3831bdd9306b

    SHA1

    a7045398371521c3ce9d241552101e0fd69bbd2f

    SHA256

    f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e

    SHA512

    b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9

  • /storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

  • /storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat
    Filesize

    446B

    MD5

    30cefaf2f69bd6e49d8b81a2576dd3f5

    SHA1

    12787dc265d882d2689264746045afcec2c2ef28

    SHA256

    7994e39ba427515f17c91d7a6d38378f901dddcd6c4e9ea06e05d59b72f13a7f

    SHA512

    d9b385438d47899b74dac28cc07162ea8764474e45eb2185f568175e81945b08d2c308f97b53a9193715d36a82a59ed9b0de45fc58710f0aae0b3b6238e5d4ef

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    65605d3c68d287ac4e9f84995b655150

    SHA1

    076dbc6af020a8fa9b19bdbec5777eee790bcb2e

    SHA256

    2f3c922a96d45c0c781393eebb59da5d2e20556b92576901e1893e8187388b97

    SHA512

    390331e90eb93c2260031377c7c4806704e07268f0daad349d63d8f98e2bf388b6ce72a10682e7ff40ea945f02ff2ad92476ab02dc1067e665bf18fa23279cd3

  • /storage/emulated/0/okhttp/journal.tmp
    Filesize

    32KB

    MD5

    3350993d3acb259fd776de3dac4cb777

    SHA1

    190da179c53d28ff37d254d35f3e22119ed6535d

    SHA256

    f82ecc5bb756e104b5aef2263e8f5c107814e80ff35ec011637bf555e6defe56

    SHA512

    2dd8398730148f49a23b68ef1757d3c1e030de5e494c96ae25a8acb04b4a64b11c7b280a6c48ef407d49ba74c402c68eeac7823586633c5eb02bfb30395829f2