Analysis

  • max time kernel
    176s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    08-07-2024 12:16

General

  • Target

    2c4ff185386142080d6f19433477a90a_JaffaCakes118.apk

  • Size

    171KB

  • MD5

    2c4ff185386142080d6f19433477a90a

  • SHA1

    196498a2278c144e5a9b7f7761409b481f62a6ee

  • SHA256

    60a8d3c67f1b64e7418a4021bc313075397a6a6017a30632f53546190664f114

  • SHA512

    ee5f76f2e4637a9ba0ef23b0cb8e32918d859848804553e4660fce874984e2684ecf413ad485c1ec512b17a972df9bfc7e7c5128e11c93e5aeac2dd053c54681

  • SSDEEP

    3072:5s/q0+w7l04ydCphOeE9g0IJTPWjbW8yXt3+h7z8R00ggvF+XIrNbr04VqFfD:5eqHwR04WCGeEYPKysvoYXIrN304VqFr

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.package.dkrknk.baqumwqhyiwl
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4310

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.package.dkrknk.baqumwqhyiwl/app_tfile/config.jar

    Filesize

    133KB

    MD5

    9ed6dd6d8eec0e3ac529fcdc694b767b

    SHA1

    ff7c569553273d8e8324dcfd3819b63a4fdc08fa

    SHA256

    e8d456375b98e909937d50382fe2900ea7b3a01028787e37025efcbeb05c6502

    SHA512

    463fc95f30e901ab26decedd4b95889e4108a1dfc69678a52fa2cf327e790c2d89ad8ae162e489ba6a9d0a05ed050288f9fa4b560efdab9ead1eb7a9f4b87661

  • /data/data/com.package.dkrknk.baqumwqhyiwl/app_tfile/oat/config.jar.cur.prof

    Filesize

    364B

    MD5

    d80e392193b7f0ed2ef8a5bf13320fbb

    SHA1

    824c7c7f8e268fd540807685d0dd9abc99b8a60c

    SHA256

    d55a122247f633c266f27952f88103770969803b7996c0bdcf0cf9bfdfc61fe1

    SHA512

    4e5a76082f0b8df58dd472780b411a3b797babbc31716cfc8957661b88970c53d961aa05d8f426e7bec2aad56759470a0d471ba3f105bb3dabc80e4e84979129

  • /data/data/com.package.dkrknk.baqumwqhyiwl/databases/tbcom.package.dkrknk.baqumwqhyiwl

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.package.dkrknk.baqumwqhyiwl/databases/tbcom.package.dkrknk.baqumwqhyiwl-journal

    Filesize

    512B

    MD5

    7ee39aeab8d82aa4561adfcb222e35b6

    SHA1

    7f67a3b2f8df60b732a83c14179108d67ae22a62

    SHA256

    9109441c6e2e42898f4995148364499fe52fa84aea3e2321dc6c9abe6028a7aa

    SHA512

    dd0ce1d30ac0d02a920ee139f3f033d165a413bc8d9fa55cde2d13070ccbcd66cd464f26bbff925a29bc6a3b5df3e8c4533a95daae5e1eba9ad8140a70584626

  • /data/data/com.package.dkrknk.baqumwqhyiwl/databases/tbcom.package.dkrknk.baqumwqhyiwl-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.package.dkrknk.baqumwqhyiwl/databases/tbcom.package.dkrknk.baqumwqhyiwl-wal

    Filesize

    48KB

    MD5

    2efe3e5d3fa6c9fcc07c6469695d2ff6

    SHA1

    d917b8c5fec84e44bb387a3873bbd37b01eac4c6

    SHA256

    bc2b3b10374e8dc3186254c7cfbdf7409cbfd8fd714f6f47c14b91a36bbd2572

    SHA512

    a43ed252d9b3e8a6935620c00eeee2d7f49c40d0a4eed3e8e5523b128e42190c3a9ccaa9e59c764f0f63f5048e0f670f065516c8e988b3834efbdcd41feeb295

  • /data/user/0/com.package.dkrknk.baqumwqhyiwl/app_tfile/config.jar

    Filesize

    269KB

    MD5

    ffb67acc7b438c9d9cb8a0e211055479

    SHA1

    2e813a48fe562968ee894deb410df4802848b7ca

    SHA256

    c146e3ae44e38f3cbffe09811f72517b1f35bc97c0546338eb10533d04700486

    SHA512

    69f055978b1c3984709d41e85cd3c462762087fe44920c6c5995ecaa3bea0dc232243e5e20d6189e3b0ef0ae3077381b21833965d499669aebb779796ffc42e0

  • /storage/emulated/0/Download/sdsid

    Filesize

    4B

    MD5

    b8c37e33defde51cf91e1e03e51657da

    SHA1

    dd01903921ea24941c26a48f2cec24e0bb0e8cc7

    SHA256

    fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

    SHA512

    e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7