Analysis
-
max time kernel
8s -
max time network
134s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
27/09/2024, 10:54 UTC
Static task
static1
Behavioral task
behavioral1
Sample
fa46a05c91784392865041643a5fc35e_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
fa46a05c91784392865041643a5fc35e_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
fa46a05c91784392865041643a5fc35e_JaffaCakes118.apk
-
Size
6.7MB
-
MD5
fa46a05c91784392865041643a5fc35e
-
SHA1
70ac45e8db0c5cfb3fa3e2a6450de80608ae4567
-
SHA256
d25c188f4a07ee3e3f2cc3d1f0809c2be170554f127d7aa15c5dba77779807a1
-
SHA512
f7af0137420eb8371691f4e972ae11339429705f770696940d2cc23c1c60acb134b7904cac298d059ea3ed4feca891f8beec5558a9f23b5e90d2931693a17507
-
SSDEEP
196608:ihj75VDy0QyiHgk9Tfx6Ypft0k4tq9+oauW:25Vj2fcln6+o5W
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lblm.store:pollingService Framework service call android.app.IActivityManager.getRunningAppProcesses com.lblm.store -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lblm.store Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lblm.store:pollingService -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
Network
-
Remote address:1.1.1.1:53Requestoc.umeng.comIN AResponseoc.umeng.comIN CNAMEoc.umeng.com.gds.alibabadns.comoc.umeng.com.gds.alibabadns.comIN A59.82.23.79
-
Remote address:1.1.1.1:53Requestoc.umeng.comIN A
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A142.250.180.8
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN A
-
Remote address:1.1.1.1:53Requestapi.lanbalanma.comIN A
-
Remote address:1.1.1.1:53Requestapi.lanbalanma.comIN A
-
Remote address:1.1.1.1:53Requestutop.umengcloud.comIN AResponse
-
Remote address:1.1.1.1:53Requestutop.umengcloud.comIN A
-
Remote address:1.1.1.1:53Requestapi.lanbalanma.comIN A
-
Remote address:1.1.1.1:53Requestapi.lanbalanma.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.200.14
-
Remote address:1.1.1.1:53Requestoc.umeng.coIN AResponse
-
Remote address:1.1.1.1:53Requestoc.umeng.coIN A
-
240 B 4
-
240 B 4
-
6.5kB 7.6kB 21 12
-
1.7kB 40 B 2 1
-
6.1kB 8.5kB 26 24
-
908 B 40 B 4 1
-
24.2kB 12.3kB 45 37
-
3.7kB 11
-
116 B 116 B 2 1
DNS Request
oc.umeng.com
DNS Request
oc.umeng.com
DNS Response
59.82.23.79
-
140 B 86 B 2 1
DNS Request
ssl.google-analytics.com
DNS Request
ssl.google-analytics.com
DNS Response
142.250.180.8
-
128 B 2
DNS Request
api.lanbalanma.com
DNS Request
api.lanbalanma.com
-
130 B 135 B 2 1
DNS Request
utop.umengcloud.com
DNS Request
utop.umengcloud.com
-
128 B 2
DNS Request
api.lanbalanma.com
DNS Request
api.lanbalanma.com
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.200.14
-
114 B 130 B 2 1
DNS Request
oc.umeng.co
DNS Request
oc.umeng.co
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5ea628e04765adaf4238a5dcdff4bbd51
SHA1a801947619ea8c368efe9c006a324dc6339ac60b
SHA256885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe
-
Filesize
512B
MD5997c7843842bfdb8c369d65cf4048417
SHA161dfbac12d8d525e26d982f076107ac68183a037
SHA25653bd27c65e5d40d7da3e38ff40999752c77d3af601ccf4b2b0bff812dca00bac
SHA512e31b4398ff437c644bff6c966d4477fe2e189949ad1f237998289ac2f10a029dd0e5182e9017e0b610a408443c05c27d0e956dcd86f221836ae77fe00fc83726
-
Filesize
8KB
MD586d868705d5d1a2f0a4dc56f1725f6ff
SHA121b804c8cc79b59a0ac95a10cc43f746f3af971c
SHA2569ebe5fad976f9ba97f16a33763dafa7028663c01e54240c7a313ec92f1a890be
SHA5120faa50e176fb216709d94985f7bef059f15db1f4457dbdc3e7f7f2a47efb0928b1ad829540b8f61f359461b73a0d85c62bebf9751aed2ba44747c887a1aec027
-
Filesize
359KB
MD54be6dd83423f03759170bf2650a198de
SHA1855aee51ca35fd4100fa56f6a33849073f14a344
SHA25652f82dd6d5ef578f4a292fc310eada5760e216b1dca66dd4b97147a4e64a601d
SHA512eef73e320773dd236ac7faafbc76a4ffbab6be1ce55ead8467ac7d4956badce1a7d06ef161118af4234676ddee677a2ef0bdb88f39f9a0f3028318db799c82e0
-
Filesize
408B
MD5308e44edd14d14bb36d141c73bc667d8
SHA15f04287e074d672f268a774cf255afb796ed088b
SHA256399b8885e49977154ab8fec4ee40de51a7551989fdb4f28a999121493f93b8da
SHA5129a63ad27f8b26010a487cb619ad50fbdc670856d04bac03ee7dd543ea261df81f64b26533c4ba89ac38c8c8f389babab6d0759759641660293c0a99611c130cd
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD52e0a599b8311bb5d269453647b0d9cbc
SHA1f4e6f6ab32feaf5cfef40ed98f47e0c808d142f6
SHA256aecc7c70b603d5a49e835f3637f5696d6f75d7dd304fdf70b8bd0f2596a18107
SHA51296fce36d96ea7af409b0f09b8ca3ee6d9c9cb7fc425065390704af2f2c2ade5dbcc3570ab3bc4d6457c6db0066fcffe61faf8ca7ab4ca87c3eccff2bb56121c6
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
135B
MD510ff13985eea1559aba49a4e1ab8809e
SHA14da0adfb9af4ac48c4f545afc36bb8085c38ec24
SHA256d62f5ad15c379db0dfd36b9aae06768acddf779ba4695acf2a358a65c46eb526
SHA5124847ce8e2d7a0cf603346b720127f8418691bbb0bbb39ece0a64e0875bb56eff4c325b668c692c30e310df19646b0c6bd8b5aa865b58779ffdf4162818af0b5f
-
Filesize
36B
MD5427eb495b0e2b9f028b78566dee1eb0b
SHA18ffb2bb835d6603b58abb081a3260d3ba2763627
SHA256cbcd39dab06ba5a7c83c5919099b5deddd439e69bf34a5f5c3e1abee980a2a5c
SHA5123a2f383422edb7d49340e1ddf79c9e454c913f29bc77df18873bfbb64cb041aaf005e597c28945ff7088f372d2b197482d1d09ba36fcec2540e4f4b35123bc2d
-
Filesize
12KB
MD5022702becfb995e87bbe2758d6ce549b
SHA1e793134d0c8b55cae395a2dba4d53b4d782a7a09
SHA2561f10cab1b2ee5e9c75d63466bed56bf6e6eeefd9a31f6597cbdd73e6185eb794
SHA5121e66b940d780ec82db5151667558c83b431a9ef28ae483440b55ce3f5fc944267125e3aa047dadf17d0e6a1113de236c44e8b64aaae9bba5dafe8de3387f4123
-
Filesize
512B
MD5de95f05d4832c2d3bc1b504dd3185fc4
SHA1afb2e2c1d500444bb9acd4ead1bce4f82918cf0a
SHA25628ee9fcb02cff0c64effcc9c0bb214a52479be1260a33d9194b6cce37841a490
SHA512c7b185533c3475e56880907a7a3c029b4b66128151094738b144a327458eb8d6c18741ac98e50a091b4e70dc73b6cea0e0ed2b7a8b78fd5a054983abc781dd58
-
Filesize
8KB
MD504e4c78206b9041d5a2ab1d4e983998b
SHA1a8a903d49863f4d6b4f86cc2e166f4f777d1a221
SHA256045e218d1d03cef4cf3048b08e430206bbd35687aed6362328dd707c51985b0e
SHA512635a15e1cd72d9c9bf90ba3f4ae61e82184cdd4b24480b56080a167d1bc83cb676955616039647ad49ef8bcfcf5362b6373e41efead3531b7d76009d44103081