Overview

overview

8

Static

static

6

01c6dc1774...18.apk

android-9-x86

8

Analysis

  • max time kernel
    63s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30-09-2024 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01c6dc177410968e5fecafe08fa5ba83_JaffaCakes118.apk

  • Size

    1.2MB

  • MD5

    01c6dc177410968e5fecafe08fa5ba83

  • SHA1

    2465abd62a295f7e5a47c39748703aaa4b16c25e

  • SHA256

    048938dec6a2e42afbe9f6e3a54ce9d231f9aa09ecbf7d9cbdeb976e820770e9

  • SHA512

    fc2c11ec82fca19d45fc3e3c0c323fbe21538969240544f6896d24711be68fa759a3fc5eedd9935f130a33e5ab525a4886fe7072de289f1afe54b5da1981f57c

  • SSDEEP

    24576:kOBQog9RS9NJhKqq9nMJU3LS1vQ02HSTTiA7WPq:k8+S9N/xq9nEI0wATt7t

Score
8/10
bankerdiscoveryevasionimpact

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • sssq.search
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4209
  • sssq.search:push
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4306

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sssq.search/databases/UmengLocalNotificationStore.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/sssq.search/databases/UmengLocalNotificationStore.db-journal
    Filesize

    512B

    MD5

    fc9842d8d17c0683c4eb896da46d5fd7

    SHA1

    28e58a1ff165b4d4469c961ea6ab46731abc794f

    SHA256

    8a803e78a9ec88a252eaaef11a1cbde8a31d58f1c96da97a553844b677aa7568

    SHA512

    d3240df159974d1d338043af1629d3ce76d700b8371c3a0cd99c338d2d8be8936b98f6f58fc38279576859d468b36aa6229e3e25202da1e35f63f820f9993db7

    Download Submit

  • /data/data/sssq.search/databases/UmengLocalNotificationStore.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/sssq.search/databases/UmengLocalNotificationStore.db-wal
    Filesize

    40KB

    MD5

    c7785661c49f928fb2b5ac7f43733c63

    SHA1

    4fdd6d4271ed68af5feaffcb8aa4f2e867dfb0e3

    SHA256

    a02e634e241ea183100a1fa69410dca8da9f5efe2a2ca94e8d36442851e271b7

    SHA512

    47a7086ff300455e3c126cc21efd1bc3ab378e7e36b2ce8e59acf2ecc1ff9f43c8bc05655db68e8494a646698e00076fb5c22e6d33ae81875bab3610d780eb26

    Download Submit

  • /data/data/sssq.search/files/.um/um_cache_1727706034109.env
    Filesize

    706B

    MD5

    0b67509b044b0d3b9b48f7b72217b6c9

    SHA1

    78d0f39872f0530b34f506a01b7c0caf6bbd7b73

    SHA256

    25e3eb4ea5a4580d8b489f3fc4183f473615a0abc5220b93695105e47002914a

    SHA512

    97e8191363f2eb8d30d33e760e949a91913d1b6a73f4eabe92a0396354fb45c7b137a8e68d0755b03e37bd90640272a981e9e08e9e9ce3c06b4397499f314e09

    Download Submit

  • /data/data/sssq.search/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    093fb406518c56c0463b6f91243acba3

    SHA1

    29be864992e378b63a79047f590bf820c0695d57

    SHA256

    da9d7ebe5e7bae98a1201d0a185a6bab3e2adcec213a03ebfb0f62eabafc1142

    SHA512

    9262b55fb6924929af9e62896afe1be2ad07b71c8164e5b1735f13cc6e54dbee4690474a6d8d27ad69e46d81a5c0a13b2c31edbbf8327b3dc9a5d11ac9fa151a

    Download Submit

  • /data/data/sssq.search/files/umeng_it.cache
    Filesize

    415B

    MD5

    52b27b2064317d3404da0ef13bb0cc60

    SHA1

    8b34119d268a64c291308a516c3d616e12764f1d

    SHA256

    995df80ea2e8ad81bcbd6a2bb6df44f37f366bce0901cdb4e0e09132c2095b53

    SHA512

    56ac9d927acc2050f5fcef21e4631d86c1089f365a32110ef1d15f807e641b5d573aad47240abec9122f878b54e494a7ba8e9bcce7f708c99219ad9024814aa8

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    4493c5afa1cc69f0e941cbc744e93e65

    SHA1

    94f316302dc32e6abbb4bbcadf7402a239d11c48

    SHA256

    ac75b90ca05c1d5f895db1f230cdf03629686058412e4551a803a4fd1b84f20a

    SHA512

    51d187596211dbfc0542dabe9ad2c8ac47a7f42c17cfe91e23ab2d15339bed28bf64e901c1ae2fb4f8b4f2f1bbe43d229183df1af00ba9c8e3fa76bd64d88f1b

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    22361c8219378002ad565cfd21dd420c

    SHA1

    58451e49dc461b888e24fdd3698b8794c2633b41

    SHA256

    9c5b676b5b39f27747429604c0ed8a060348022ee0ba5662e04f8fab835b86de

    SHA512

    30f6e23b7266925056721320d0e2dd6589df5c41614073f2258c06314945c131892bcb3155a17f1c56fe2be058177c1264eed4dfc359a0e5ffe9f2f991db72c9

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    09d8e81b5825d649e2deb2e5ea1c439d

    SHA1

    327ec21eea70c7ddcad2798d2303232d4da9dab8

    SHA256

    1729781c9bd68aec69843aa09fdd312c25f0912b158b98cc18910fab5eb46043

    SHA512

    0834e603d30eb8b08e1478dac6905e10eef824b15f6db409fb11ef7e7f98ef1ecbabc5016adf7a23645fa952d9420148e0bbe6ce2027f7d4a689a17d1528d297

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    db87df2b0f19ed2b8ce45c2318ff12b1

    SHA1

    b5c69cfe6d6d1a9661c8dd9a373b1fbf05a9f235

    SHA256

    f8fcb10f55bcbac35347f402f8c666c7a9fe6e9ba2db14170486e0a6ea12cafc

    SHA512

    0ace8f8a97a2363d42705fc961c314a249bfedbb4266e24dabde65d09436c49412afa2f89878896bffe8f082d9b53e4d3763aaba787a3a5b3d32aeaa07154e5d

    Download Submit

  • /storage/emulated/0/Android/data/.class/android
    Filesize

    33B

    MD5

    3d01a0cc7abc4fc30bb3e60da34f59ef

    SHA1

    a77628ffc105519271a9bdfc24bc0ada1aadd20d

    SHA256

    687bd1f19832d515445c688a6acdaf9212540c0b08796179b9a1b27497f45e29

    SHA512

    6d3fffcd24d6a65a48a89313861896434f7dcf4dee695dc84f3b55d6c19e457a7a68dd6f5e464acb007d16922b44192f994e24064d69062c36481f2cf80636fc

    Download Submit

  • /storage/emulated/0/Android/data/cache/AppPacAppPackage.datkage.dat
    Filesize

    12B

    MD5

    b94e3f26f90a39ebf9c9348f84ffa3f2

    SHA1

    dc0deddec43c400e7ab052aace51825d9e59c4a7

    SHA256

    2927a014d543ed015c40a0da9e41bc670df591a33e3f42c1c3f9c0e3052a94e1

    SHA512

    d4012da214ed68ad7ca59b3021270d4b1b4489261cf49bba79b907f5bb7b6ed6cc6c280da0ba7a73be8884866c392106fc78d38f4be0141047b29068b2180836

    Download Submit

  • /storage/emulated/0/Android/data/cache/CacheTime.dat
    Filesize

    13B

    MD5

    275b7fd17927a0f7bb07a309c0054923

    SHA1

    6e4e94fc6006c9e24fbbdb232d167722edeaba7f

    SHA256

    698ebf6e942f2b63fc94401ee0c08a18a1c886f49de214a7bfc3017e6f116653

    SHA512

    0e24f4c2b8ae5976b17ab8e7f05311098aef07c8bbb1a237b51d3c4a29c42c04cfa06d48380bc688b7a25fa88b066e5c6bfb5f836bc690bf8f4d2f72a169eb3d

    Download Submit