Analysis

  • max time kernel
    179s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16/06/2024, 04:59

General

  • Target

    b1d528b002124a7a24bf26f3fe678cdc_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    b1d528b002124a7a24bf26f3fe678cdc

  • SHA1

    3ba6f71cd08f585614b6b2a2917fd46cec389e83

  • SHA256

    68b9ffd0fc69e900672199f26b108812c6f145a2e8b8bf732506d4b94e1a32d9

  • SHA512

    06979c7cb4b17c8bf64fa1e37bf4ef659fe99cf0227e703525cea6966cadce173b0c3421ad37e353a51b303280ab506e6fd00b04c63bac3330fed071a4592343

  • SSDEEP

    98304:+mC9c74JNHb6j+v3vJ+4x+SOCKk3GkJ2aqxVDueo2lMtmD1lpf3Iv9rs:U16jQWVDbUmD

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.chunfen.brand5
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4172
    • /system/bin/sh -c getprop ro.board.platform
      2⤵
        PID:4247
      • getprop ro.board.platform
        2⤵
          PID:4247
        • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
          2⤵
            PID:4377
          • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
            2⤵
              PID:4396
          • com.chunfen.brand5:pushservice_getui
            1⤵
            • Checks if the Android device is rooted.
            • Queries information about running processes on the device
            • Acquires the wake lock
            • Queries information about active data network
            • Queries information about the current Wi-Fi connection
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Uses Crypto APIs (Might try to encrypt user data)
            • Checks memory information
            PID:4208
            • /system/bin/sh -c getprop ro.board.platform
              2⤵
                PID:4290
              • getprop ro.board.platform
                2⤵
                  PID:4290

              Network

              MITRE ATT&CK Mobile v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.chunfen.brand5/databases/brand5.db

                Filesize

                4KB

                MD5

                f2b4b0190b9f384ca885f0c8c9b14700

                SHA1

                934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                SHA256

                0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                SHA512

                ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

              • /data/data/com.chunfen.brand5/databases/brand5.db-journal

                Filesize

                512B

                MD5

                658f8f5446308683687824e27275b374

                SHA1

                ac6b49ac173ccb70bec1b85c4d08a8e88c5020ab

                SHA256

                9de7884a8599a3c996cd398d2c15e72a544171b36dc2e50292b948451a08b243

                SHA512

                ef63d494996566a0bf26af9537005460216f3daa1e319d5f582f9c7bf4caf3ce0cbc45a7b102b569be0e4f4b3ed3c7cda8fb46cd40bc384d78933431d9660db0

              • /data/data/com.chunfen.brand5/databases/brand5.db-shm

                Filesize

                32KB

                MD5

                bb7df04e1b0a2570657527a7e108ae23

                SHA1

                5188431849b4613152fd7bdba6a3ff0a4fd6424b

                SHA256

                c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                SHA512

                768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

              • /data/data/com.chunfen.brand5/databases/brand5.db-wal

                Filesize

                80KB

                MD5

                5b9d70fe85964ffb38823512c47d09c1

                SHA1

                2c0bf06dbeaac28d111896265d43e17e5a884e93

                SHA256

                094cfae72aeed1ce0eceabfcb5774587b797c11f1e4cb2f5898ddb9e6536aabf

                SHA512

                f17ce760582133913aa7dfa13efffdc90938174b27da85e144c1243ccd3ed888d75a54c8338244ee4bf435a2bd386e95a7fd5926544eef73247fb3318cc00c95

              • /data/data/com.chunfen.brand5/databases/bugly_db_-journal

                Filesize

                512B

                MD5

                b31e7299e9c978ab38e1839a011fe7a5

                SHA1

                1ec5a206076e6e8e4e18f5bc0e5b3af1eef96dbb

                SHA256

                07d38f5b4cf05beab117acdd7c67d2ca4fc36d99a5d97c4c49c4f80b74473ade

                SHA512

                1d2435bd7a02640dd02b541721f3f6155c8bc41a2f366b64d9752398568e568e62f7a05e36078af53e5a57615980a342b40d76d297aa6d02a2e7d23d1a6a878f

              • /data/data/com.chunfen.brand5/databases/bugly_db_-wal

                Filesize

                100KB

                MD5

                08464642d1082829c0f3785ae855bc18

                SHA1

                2287bcf9a7f514325d7e73280935e50f72195dba

                SHA256

                665effd8d7e76f21124d43fa542b0fe46cc636c055db0a4b3e1e14ac33d3ac21

                SHA512

                644d838329d557ff2273e6fe8d3bf7ab5cdc4990861424f9ca04ef292291daccdf562f490a98bb08e07d0670f644b96dfde4e8f7e7a92ea4073074c27dec100c

              • /data/data/com.chunfen.brand5/databases/koudai_log_cache.db-journal

                Filesize

                512B

                MD5

                894f235033346c389fae2d4fbdae51a6

                SHA1

                c57aff5aef3df5d29fe46d2b754a9d25f5448102

                SHA256

                7d17545fc11bb5e891a705e554ebbc8e2229465d0bd939bd9f750f899b339b40

                SHA512

                8b3fe828f31dc5d6b6ad129e769d335326edefc8fc7fa271b1f8057a71513515f847c2a91bae48baa482778736970c9be4b86e0fa4185ef8e05a95d2a41a9330

              • /data/data/com.chunfen.brand5/databases/koudai_log_cache.db-wal

                Filesize

                40KB

                MD5

                a6d2698fb5166bd1ef2dd8cd970af500

                SHA1

                467279e9d1404e8761bd09ade604c8109c514e8d

                SHA256

                df4827f806568f367c01f8bb6a07ffc23bd4daeea69a175c77584a6c5eeafd46

                SHA512

                b2edd7d117a64b3f16e22840278952d56c08daddcc2a9bbadb33b2e21e7b5a09786f33c293aaa667ed02c85f59f20aae5df042a7959bedb1f4bc61d80ab8ed37

              • /data/data/com.chunfen.brand5/databases/pri_tencent_analysis.db-journal

                Filesize

                512B

                MD5

                f89763b852292eb4515da9b9f392c310

                SHA1

                194a37966722321826b79f69407ceccd9f5066b1

                SHA256

                9e23fbd8768cc2a75c14ddeb21a8e8b1cb940cc72bfa01334f10bc22187b4162

                SHA512

                e72178d7746a62b3e20f53858d6ef912dd43fc475a7627d39f60af16d67ec373d16d9b35f9228779d96d4558113588ed0f4240b584d7dbeb8abe4a4a9467dd56

              • /data/data/com.chunfen.brand5/databases/pri_tencent_analysis.db-wal

                Filesize

                56KB

                MD5

                998775748678b8d66cb4db402a4bdd5b

                SHA1

                daef651aff727f1e46191525f732703f310a6ed1

                SHA256

                7e72ea93b4dee74513d74d9e4671baa01b6812d035d3dcc4ea81a1a5abdc529a

                SHA512

                378bd7d7992f2a82dcffa1bc6c46bce042b8e02020f57656f5da1ee0c361d76841626e4102daa2921a453a53c3e25b13a0d701ba79fd354e5315ac284147ccd0

              • /data/data/com.chunfen.brand5/databases/tencent_analysis.db

                Filesize

                168KB

                MD5

                c747398ea600b625e4f86fa459f63fca

                SHA1

                cd1e59040dc9cde2b104fb7e97b1de0141962b46

                SHA256

                0730d2c3d4e97bfe23e481476e2534176e0b61e7bc4e9ee5f44ef227201e5fab

                SHA512

                4de256808cffcb9b1839cf0f1a20f16f79f9c2409bbb625c6d8571f2733967c2f334ddf3d27c0cd1641c96a7b2ef5b55a74fa2b5b49492c5473bfa3d68f04947

              • /data/data/com.chunfen.brand5/databases/tencent_analysis.db-journal

                Filesize

                512B

                MD5

                953f355fbf2d9be6a1e8903629a2db56

                SHA1

                ea118f7996691e4d6692e2d5c5f4201459a72673

                SHA256

                ceff1b1224c53e83220a4544cc31a7693e4846412307695c55a31459a4a6ccdc

                SHA512

                a3c3ae4c0c315dc6d05ebc1013f3f28dbc2a356cc045ffb11d80d576aa0f4e140e1bf53e44102c9f898198d67c160fb499dc29ba4ce89c25727c7b520b4fdc22

              • /data/data/com.chunfen.brand5/databases/tencent_analysis.db-wal

                Filesize

                402KB

                MD5

                bfa27f34850a3b8ebc71dd85062558c1

                SHA1

                34d2717807055130bbf0444a2390c5a5f187fa33

                SHA256

                5d4c789a040a7ca8b852a63445e0fbe6c2c3e1bf76200eaa0d7c3c9513435045

                SHA512

                9e4ed37c553bdd78f800f4c8bbd2b1f0685d4083fcd16284270a01c5d109742cd3dfa205a83d1f2e485d098bdb1063116524b8683a79681a2490f236c885f6ed

              • /storage/emulated/0/Android/data/com.chunfen.brand5/cache/journal.tmp

                Filesize

                31B

                MD5

                8c92de9ce46d41a22f3b20f77404cc1d

                SHA1

                8671a6dca00edb72be47363a7071be65cf270373

                SHA256

                68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

                SHA512

                30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56