Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    15/10/2024, 21:25

General

  • Target

    4a1417007cce3309e04b28f326953288_JaffaCakes118.apk

  • Size

    3.8MB

  • MD5

    4a1417007cce3309e04b28f326953288

  • SHA1

    577dee7298196e38cd0df9234970205b71288304

  • SHA256

    592fd5f007d203ca288a16161f53dc7ca7bcf84ef431b45c48e42d7d202c0ba9

  • SHA512

    93b577cd84b914cee8bd0a816ee9207ba48bcf98836bbd69fa9376375999f6238ce932fc248618bb0af9614effc7e321a6ffd426ec94bc5f5137dba992726bea

  • SSDEEP

    98304:eHEvO202+T2nchP/WNLTYnOFTk+KmJDAxRhEwlGlvNayFdP:UEvOfth/WFB6EPXXP

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.dajlxc.djzdls
    1⤵
    • Loads dropped Dex/Jar
    • Reads the content of SMS inbox messages.
    • Reads the content of the SMS messages.
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4246
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk --output-vdex-fd=46 --oat-fd=47 --oat-location=/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/oat/x86/com.lyhtgh.pay.ltplugin.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4275

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

          Filesize

          145KB

          MD5

          278e8100ea1ee2c466d55451e87cef73

          SHA1

          8347d2b269f74841ca92cef51d450ed953d73aaa

          SHA256

          06d08532287fc6a934aba8d5a361eb83e4d7a1c8cde4f6663ab2746e4fc09a38

          SHA512

          3e7fcf245a07ce8e03a78f75835c30e0b0f270e68987f85b92aa97f7b0894d73702ebdd80372cddea310a52624db1ccf65125399b6bf218dbd717ad053dec088

        • /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

          Filesize

          345KB

          MD5

          21c7c675b3dc4ba37ecf2e58fec9ccf8

          SHA1

          16d524195e74f324010e7e5cf5a73e39bf757864

          SHA256

          7502952614e205d4d5605d0af83169fb70efedc52b0feaa1f9003cbfd830ea93

          SHA512

          ad3725129013e75c632b383999b7a936beed98418ed7d92d4dd4a5fb9ac7a1f518b4b6444324d5f366f422fe5099f6a54bc7ce62be4f8077ab4957b144b85482

        • /storage/emulated/0/com/android/system/uid.sys

          Filesize

          85B

          MD5

          01b7e0a09645544befd01b5dfa11eb44

          SHA1

          27cc80ddbef513986b2afb0418e02df972c767d8

          SHA256

          ba6c50deac163098e7e7331cefe565b613f12bcc41114645a770d777252cefef

          SHA512

          e6de69af69f47d34cd8761bda7884b4ae426c988db29b533570b283adfd3cc0e3ae32859e49c762b52ee32d590ae1e349bc0c3e84634a16d4039a1672e5057ae

        • /storage/emulated/0/cooguo/data/code/CG.DAT

          Filesize

          58B

          MD5

          f9b4c184acb79fd4c8252cd6e88d8050

          SHA1

          cf665327477e78bda68ef595426f16ceb30b990c

          SHA256

          9b76574309fba347747f19e525f9d0ced2863648c1263dc9d8143fa5cd1bc8c1

          SHA512

          2d02162c1a8ec6c7fe48eda339970cf0d0603d0133f42cc1182df2f93053ee9ffd7d6fac4cc84e2443dd3164f893cac70b767ab04e8f8527a61f1d784dc4102a