Analysis
-
max time kernel
155s -
max time network
183s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
15-06-2024 06:55
Static task
static1
Behavioral task
behavioral1
Sample
ad3aab10f0a6f07a1fdb2bc8f881d719_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ad3aab10f0a6f07a1fdb2bc8f881d719_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
ad3aab10f0a6f07a1fdb2bc8f881d719_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ad3aab10f0a6f07a1fdb2bc8f881d719_JaffaCakes118.apk
-
Size
790KB
-
MD5
ad3aab10f0a6f07a1fdb2bc8f881d719
-
SHA1
f4d26a03d980306c57bec1e9857b0a071e92c252
-
SHA256
31ad8487c4a089a6891becc76fb688c9cf4152e97db466c3fa8fa192c78ef91d
-
SHA512
a8eeaf01869e1af136a28ffbec858775d2fc8b277a9ba49c6fb53a476867626d6dcc9001a7882de9aee078ebda12d621cfe284b80367b5a3e154ed78d50cb70b
-
SSDEEP
12288:1G5K5WzffEjN9DVNHIqOP2EBPnpZeH+5XOLmKv/aZWQFIzBDwtvPYPVTlHM63Q1n:1G5K5OsBb5HOfPbc8FI1DwtvwXvEn
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.borqs.uclientdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.borqs.uclient -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.borqs.uclientdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.borqs.uclient -
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.borqs.uclient/databases/uclient.dbFilesize
16KB
MD51b25e5739be1d4533fdcc70b5687a191
SHA11b17133deefea6659d24c17db8c08117216c4d30
SHA25679161b12a83115b5b4803dc530cedb1fe50f62a6f06eaff2b90061ff28379fa7
SHA512d588d9c1052b7a87bc48ec5039db47abd41988d75e0a67b099c294c59107ed42c561e2a1d40d76f7637f9bc37ba5ceb1d2cf070ac23ebfdfaf9ada21e8c9719e
-
/data/data/com.borqs.uclient/databases/uclient.db-journalFilesize
512B
MD5974e61d3186d61ef8ea8a045ea26d7cb
SHA1535a83ec54344bb3e645ee66381e51760c89c0fa
SHA2560549bd416d13142331eac4309395fd663b374cc9145a2a66588fc1372e12e0bd
SHA5122f0699b79427f34b417fee60cdfcb153315ced7e872a11a2f2d65a29daa8ce8e0558fde7f92ca919e33838de9b7201292c00fd8f8b8b79f6fe60a7ac2085a8af
-
/data/data/com.borqs.uclient/databases/uclient.db-journalFilesize
8KB
MD5bb9c8e8401425c11a0e40459ef9cdfa6
SHA1616906d1533b1aeac3b88f304810f72f3309371a
SHA256a98a4be7bbc5b7d92495713a591b70691bdc49c244fde8f2ca7136e8d4f6c42d
SHA51204cbced58347293af79592972c278399ea48250c25ff9cd5e21107b49859096ed9373a4072d282d25f5a40bea1baf1a8e68ce6c10fba52ffd53b6a2f4dad7261
-
/data/data/com.borqs.uclient/databases/uclient.db-journalFilesize
8KB
MD50c7915bb3afee4a637d828b88dde5831
SHA15df2d1ece84c7e3879efb0e91b10d8762fde313a
SHA2560a1f5db8ced4ebf6278bf4067e3da31ecefa6ac9f7cd886e994902f44d2dc2df
SHA512ef77f19f69bae2b2fe0abceb4345f7500fedab24d88aaaf118412a73da5e17a6eb790a93542790ef1981a9dfbfb7499daa5a0e01a83dbf7bc9247c255b4319b4
-
/data/data/com.borqs.uclient/databases/uclientconf.dbFilesize
16KB
MD507099d1a18ac873d76e71312f21f4ec1
SHA1b1f045e88079a79dc46637d063658d0db78cbec8
SHA25624545559aabaad78f801a51536cf4f4c11d7369e2e29e0612b4a6a68066132b7
SHA512801217174f3e643e3aaee1711b4f243250ef080bfbb6b6ab64d6ed3fb12255687f5dc4fd5bb8578009ba5ec5da25ecc1e85c67856bf16c720e50e189ca11df06
-
/data/data/com.borqs.uclient/databases/uclientconf.db-journalFilesize
8KB
MD552b77976e725baf5f49d9bfbc58bc0ae
SHA16e3b5a295e141e8a188357e8a8c24770d6a6fc96
SHA25644dc6005d73d0bc85ce6d3a4a0eb4da7366c7e97fb75a29a550b2cb8d887c2de
SHA512abc5319cd6dd6d3512d32df3db7979e8d0b5e6fac9aab32ef7cdbce18f89810a40cd680fce8980db94133c790922039f25697f2b576d6e2c830ff183d1f8cbd1
-
/data/data/com.borqs.uclient/databases/uclientconf.db-journalFilesize
8KB
MD511be4033da453e1388d505bd126684cf
SHA18ca4151511338ffceed2df07fc843351bba6bf49
SHA2565823e5e5021407b4feeb1a08298de816b3509602066bc4659a330fc2f55474eb
SHA51217698488350a27ab22f6181d7cf5d6358b5d6e6a350d5256732b82376f48de049b7b4f881b3a37b4bf362b964841cbb4f4a6c07e8d0405dbfbb60617c98bd0a6
-
/data/data/com.borqs.uclient/databases/uclientconf.db-journalFilesize
512B
MD525274f65781b1ac345df0fea7ac7fbb3
SHA1a37f51dd2517221eac3d87fe3d67a97b9dd1a7c6
SHA2563a44c8253d08aff5c88501a60b3156a0a21c748ebf4f65d762017e4303a77065
SHA5128f87e19f99c14ae822e4640a322276a8d7cb28f2bedd3af1ae1be931c670ff638b17d13b81cec7c854edf0612385f16888b2249beccc2bf46c59019aa1b7b75d
-
/data/data/com.borqs.uclient/databases/uclientconf.db-journalFilesize
8KB
MD53252f818251510ae1e7579ddd138a916
SHA16225db0edf4ef0877c5842af82d3fa9e78ada563
SHA2565a2858e7cd537e06a40e470f342312062a75734ee1053304f46c597a39259825
SHA51285ca0bff5640f0e493bd20598b74a497549c9cb0aa22e3a39a145a9a1caf3ec6fa985352b709d90af386682b07ddb46d2a8e766f04b1e3c744604c592874c3b4
-
/data/data/com.borqs.uclient/databases/uclientconf.db-journalFilesize
8KB
MD59cec66e07c2674f2ebaa25ccbf0685e1
SHA133de199d4f8fd71474abd900b7ab2e4430bbcc7d
SHA25657adf270d379484fca8cd9643d2c2cb3087849902297fe9aac28d238c0957b31
SHA512872f1d2260f8c982cf216d058dd16903456692d5db079a1f3ec647b183eb7ea77836a1b259704ff07f8759e2973fadf3625d2c832fae3c56407ec0ed6b0ac819
-
/data/data/com.borqs.uclient/databases/uclientconf.db-journalFilesize
8KB
MD5480b0a53ff4179d20a10282a7f97c69a
SHA19075838f919a8644b048bff75cc6e06827bf383f
SHA256db1bc303116552a990ee658ff042afe70dfe62333d24086edb0cd809df22f314
SHA5123e25f892fc4fcb055d40f3fd7a16064a6741fdba0b194e8e4a927c90846ed684bf752c828dad3f7ce10d3d1f2e0e5a567a3df22e2b3a7290193d9bc908ed0fcd