Analysis
-
max time kernel
143s -
max time network
150s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 12:09
Static task
static1
Behavioral task
behavioral1
Sample
a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
UPPayPluginEx.apk
Resource
android-x64-20240611.1-en
General
-
Target
a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118.apk
-
Size
10.2MB
-
MD5
a99b2c219ff6cbfb39b0932590a44f4f
-
SHA1
9a9144509ffa7694a9751eb4c7091540b97f1d9c
-
SHA256
d22c40f830dec01000adcee6ac1c3de3c72c93044a0dded38b69bf90a7bb0ab3
-
SHA512
70e174b3b27a89bc16a54e982ecde44cd9cb2b1736207927eb7941875a0cddc7e2002f62d6c1c9539be95653abbe467e69b3de1356df058e017942cec1b8dd51
-
SSDEEP
196608:qgCdnhQGeTEnRGXjJ7Ncz+LHhsW/6qECAhP2WkE+L2UA89rXr3wuIbOfjzK5Lzi7:/0nhVeoAXlZ//6qFJFrXTUqzKJziPD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dili360 Framework service call android.app.IActivityManager.getRunningAppProcesses com.dili360:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.dili360 Framework service call android.net.wifi.IWifiManager.getScanResults com.dili360:remote -
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.dili360:remotecom.dili360description ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.dili360:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dili360 -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dili360 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dili360:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dili360 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dili360:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.dili360com.dili360:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.dili360 Framework service call android.app.IActivityManager.registerReceiver com.dili360:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.dili360description ioc process Framework API call javax.crypto.Cipher.doFinal com.dili360 -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.dili3601⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.dili360:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.dili360/databases/bugly_db_Filesize
40KB
MD56a2511513412bafdc6692b82c5e6d4c3
SHA1368ea2d04d2c6eb01e74fa7bb6112d948eb651b5
SHA2562f0daa85cfefef4f81a19a3ca3b362641c89d6d87da79b67a6b278347690b433
SHA512992c836554350693b70ce3270ad0774ca095d5bd12552f8d63cea922e48e75df50ceb6179e4fa61aa0ecd6909afce7c3e46feebbf0fa2798278de4f94e5545d0
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
512B
MD5d73330ac6139356c8515e5c3af46ec4a
SHA1779387ec9bbf2f14a0c4d4a51be6172c58e3ff84
SHA256891f7e5f8f1df2de0f5c159c550b8fd15f1d7bdf4117eb84dadab28ce35ad642
SHA5128702c595fbfc68f460b27c0bc08035d1fc4591f83096604886fb38561f7ba7c6a80ba9b1b4ede8f5988a592b0a3ccd1ebef3adc6904b023ec2de8e6886b825d5
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
28KB
MD52cd47ada17ad7a4e3d5e2717cb2762c6
SHA17cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA2565f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
8KB
MD51b3aa51acc7605465c1482506591b1b5
SHA1f1ade66cf5495ee8128b61a3952570ebd784b9ab
SHA256d9eecef1089f351079f9253dd72855bbb645011a0d4bad68c30bc758534ea1d8
SHA5125b4eddceb93615c148aa0cc34ac0cbdcdbf406db716cbf0c51ffdeda29e1774992d55fc02d3d278e433dd646e059f9da0306f5bdb02aa2308f548ddaa971c505
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
12KB
MD56d45217fd9883d9128819004a1a7a3c4
SHA11d7f5931d0bede60263ec1f5c9d615a3475e8e95
SHA2567fc5e2190d087aa6fcd28264ebd2616178f82669c9adbf75fc79fecef7552a21
SHA5125b1cab005a44d180cb6ad8f66cba0611ca2b81e29625a475da812ee46d7214ac6e19b93a4a1b7059d11c7f5dde78dfa442f67ca121b5d602068d6a2ce6f074a9
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
8KB
MD5b2c9394fd89c4e532fcac22f36992bdf
SHA15b05b07e35ee8f553d451559c2e1670ec2880c19
SHA25619ef29ca7bc6b301204d1721c7bb586e6bb12d8e45f591ca3c0387efe0b5e227
SHA51238f88460eb0e704b2c83a8dff6c86ff7c1038bda236910b0d19ae55e9c9dd0c9eafac0ed8fa4918c685c7aa23953b4e71d569a6ff26fe6703f95d331bdc94174
-
/data/data/com.dili360/databases/bugly_db_-journalFilesize
8KB
MD5cd7fe5fd05a2d91a036ec1f187615c27
SHA122649051dc4f0ca3f750f629f9d878d531c6ed1e
SHA2565ec213a9c0ce2cc0a7ea6f6e45e761dc7e9acfef9a22b88bf380e088fc2e3763
SHA512820c5577bfdd1b1d7f1f1a633e88fb6f32d722630e6cfb02237336981ba3d4724bd9b16ad8184341ee5e85d4f3cf1bf0d79ab9025ecbc1af579832e0f60cb66f
-
/data/data/com.dili360/files/lldt/firll.datFilesize
76B
MD5f88ef7f8a8c43639731a713bc7384bb0
SHA16fe41001c279655322b549e9803516b544b0bccd
SHA2569e2a6d64543beb9e7c444bb8e1e7b95d0817bf1279d4d2320588f1cae620945e
SHA512d07e0856df9d25b7b85f6e0a87017453639421f5ef85403bf83bdabf2ffed44d1789a445b75152c1ebabd039c7228d9e03e45554843e38c9d3d4a8d4a35d1679
-
/data/data/com.dili360/files/ofld/ofl.configFilesize
235B
MD51e896eca8db2c5f71976c9f1b18bf064
SHA1ba0d8e8c9494be42cf7e19c5b05b5984c0206545
SHA2560d38aa23e95c8d86bea878cb97f6ec1876652f73eb1592c7b25ec99f694944d7
SHA512cabf1450c98ee12fc3c2c026b20c3b79ce7e37a18ddbec14132c40d9e9a24cbc9a1db404777f51d98c95deaf4b9854e67bf19ed2f98dc09011581cb6d81c04f7
-
/data/data/com.dili360/files/ofld/ofl_location.dbFilesize
28KB
MD549eefa442e55be8652c7c3c5f28d912e
SHA1941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA25663d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7
-
/data/data/com.dili360/files/ofld/ofl_location.db-journalFilesize
8KB
MD5790001615028dc5a6f8b48c3c0b54f45
SHA1584893d6cca8c8370f29b9d5ecde54eeb6bfcc52
SHA2568738d071e013bb94feaed8bc3386168fa1c0b2d5f1a86c72247857c8805211ac
SHA5125588518ecee70a9d05d91d5401b8029cc3eb33a64670213bb560b4365d6b92d38a8abb814b432cb934ee18453f90c3737192f36e783a3c52c61aede85901a30b
-
/data/data/com.dili360/files/ofld/ofl_location.db-journalFilesize
8KB
MD5c982b824555ccc20cfd3ace40087b101
SHA10046f8e1f00e116a1844187c8c5ac924da6a7d03
SHA2567189661f78fde622e91ab89c48853fa2471fdbc003c2900b3e52f530181b4d13
SHA51240b58d021e238e446431a59336824884ee75427d45e16da38b83dac9034ddd9bf54b807e3f5a282f15efdaf355229fc97b355990cd4d45f4c8cf918a96be1c19
-
/data/data/com.dili360/files/ofld/ofl_location.db-journalFilesize
8KB
MD572d667e168e6e1e2d33cb7b0659246a0
SHA1d5f53f8b9ab36145e723439d390927da41b3b9b9
SHA25687673e3c46dfcab21b44d6cb873d09d833125229528ab8957f835f618a6056ab
SHA5128ef983be466756ccfca94dfa11c9c8e4ce6e4bb3460fec6f33707a685206e3dfaa4c808e2a7da49b5c7380acd55f8e7a39640e5527f12aa203ba681866ecc427
-
/data/data/com.dili360/files/ofld/ofl_statistics.dbFilesize
80KB
MD5744ba4d6f58e22f8f82d56a50e4b5373
SHA1535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA2568b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
512B
MD59b39bbf9c4abd8d9988a8a1ea5a1a889
SHA1ece05698aeae94d53a32efb8ff743aaa5fa604ea
SHA25607e868072bc5e4da34603981d5a7aa4dfa2527ae1018aeb6bf21125c100b6718
SHA512e6cc9477a7e0bb34339c00cbb9b19b6aa4fab604ce08df135594c41da1e97d74b3003a6bbe0094a0d8358b8ae8c5b770da7f9594a0d155bd2f911df6b60b5e77
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD5d96724ce235d8cbde6b4eb272f6c0af9
SHA12b0c7069eb85dcb2f6ff3d6278ea1884e9d70654
SHA25610741a2ca9e2bac6a700abded23a816d3bbf3c6e12c5a121dff4e9d5491dc57c
SHA5123ad6b1945f65094c233a18b2e92c3b51d1f7c872fe4286a04dace8c1137c860c14324f01c679aa833ad9f1feb83636f82f8cc3ab7ba34fcc9827a648c2a43969
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD59583ca9deddeb89533e8ebf3ea4e6ceb
SHA1bb678d8ce6a127c1323000ab3f692c040490c4f2
SHA2560324d805dc2219b2cac5c62b715e7d440243e32c81a7f8bca3f87ae470570134
SHA5128b2e3da1c51409de77fbb7455b358c07df6a12d27fce0b9c80eb8905005f6a19dbadeaaa13278b5e1660fe6c7c7d3f22942da7b5fc76347a6248e08e50c83546
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD5e005fa83b90202463e98708789c56d6c
SHA194ddb2dcd8e4e88ac1d8d2e5d624287e33ccb193
SHA2569833de519f0b77daa7273281cb2710f3c59f722701a49e481d95b5c7d53f4413
SHA5128a136ab43492fb861c6554faa17de062a498781c62433734869c00bea99605e5e1bd566db39c678f3fd12ea0542fb94d0147938455b46829fb779918016229ec
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD5cc1438b9e4418794d67e7e4a906cb8d8
SHA10fbd757685e45dbbce4ee6371a21aa046ee95f33
SHA256ef42ffc1113ec15a266d8bacc6dbfc07dc0f674925bc25baa7eecd844d6736e4
SHA512a514cfeefc5e9c8570d192233c80f7edf1154e993b713a72fbff591df5ddf4fe90ff3ea4ff5ff7ce74e4f270b1504be857c15886be8575ce14f669e76f37dd9b
-
/data/data/com.dili360/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD5559699579a899238745c23a535629e59
SHA16799f57fe407d21ce90f7f4ee6329c3ac4a073dc
SHA25683ce4806cbfc243c83ef04ab92c812c738cafa1217db3b5d9fe39b09c834962c
SHA51245959172dfc6a710a42e7409fb8fefa0dbb42bc0f0a055d7deb4b90d1578294814d80fc88aa3fdea307eae373c7bc3bdbe303bde703479e6c635c7caaa919dbf
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.datFilesize
148B
MD543571bc0bf8ef49266ff3831bdd9306b
SHA1a7045398371521c3ce9d241552101e0fd69bbd2f
SHA256f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e
SHA512b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.datFilesize
426B
MD590951e32f1b34bfe38a17c83970e4b92
SHA1812ab34dca49a999a453910172d8158dbe9e36bc
SHA256f865e003835fba6d6a7470a83d8893a0a319df7f71734814176d1dfd30a088db
SHA51253f35ca3b3c8f935342ab8d96cc0a64cf4f4e38a13f33126475de5b829e7a136af598ad12dbcad3ef4a3a413770beb5fdd391fb285497f0f922ade85cf189791
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD5f19773303c01aba46f9cd1bff87e996e
SHA1ef81b86f36c8dab5b2838aacbc5906a9b0b9aa6a
SHA256b581f8065e40da01a911caebe3c27f4bfa92e31b30a82b795af0ac3fcf09ef42
SHA5127e669886c1213b63c153b1517262f60aec11976e22cb78dec5072fc9554d3da3a091a8f0215582a99c34e0a33bb6130608e49da96c6e04a62ef3b111839e3d78
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
4KB
MD598fd0f74f01bf92df4369347614138b4
SHA10b49c184ee0cdf7afd0ca0010d39b33f4fea9e2b
SHA256a8dca20e912aff98f64ecb71e66b16931e879af006167f4d7a29bdc40a96570e
SHA51280c4a26f1ca969684d3dea0e4e5df6e6b68387208f6ac904ee9bd5e7d0fc36bbac7d967314a28d8b344e3cb86d0854ff27c69a29c312dc6f8c082ac544106114
-
/storage/emulated/0/okhttp/journal.tmpFilesize
8KB
MD5aa28e5d1c38e71a47d5f59ed34a56167
SHA18a516b426bd776191b7fa1a2c466020f4ac3ac8c
SHA25667ebf32137b2edb9018b4dc3732e77cbdf2a95fdf9ba81d786ddf815b78599cc
SHA512d1a559f9031832ebd8b7679e1ffba592edb2ba048c8fad7f60a28a3f39cf4b7bd651cb93d1269ca0ec13351fd89d1c4445dfabd12a431e0b13c25ccdc97abe93