Analysis

  • max time kernel
    113s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17/10/2024, 01:05

General

  • Target

    5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    5006765c0d98565d96dade82dc43e72a

  • SHA1

    9d4616b151aa4dbd0293025a62f9c43c3f65490f

  • SHA256

    0bc5658a8cb733bf27176836a9cf34e267cb79d4aadd489c62984a4a52559212

  • SHA512

    511b7032f985a5f6b5a31bd81c3938aef1c247e68469fbab313294a0cb4f062e793b0d9d22aa3ac03cf713220ef7f886cf9f6efa85c013b441cb24243be4f290

  • SSDEEP

    24576:wBnNz0PoJrUmt9Zo+ZYjVQXq/13tdHbZKm51Ob83B:UzRUe9J6jVQXq/1XHNKmjbx

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs

Processes

  • com.rbar.bxtq.qosf
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4211
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.rbar.bxtq.qosf/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4274
  • com.rbar.bxtq.qosf:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4309

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.rbar.bxtq.qosf/app_mjf/ddz.jar

          Filesize

          104KB

          MD5

          656eec0445b1ac574b87e1bd3a98d969

          SHA1

          fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4

          SHA256

          0817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792

          SHA512

          9a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd

        • /data/data/com.rbar.bxtq.qosf/app_mjf/oat/dz.jar.cur.prof

          Filesize

          664B

          MD5

          42142ec7935c88403db679e3312724f8

          SHA1

          00d89ed3350a52dc601d1116d9ed0de8a52be82e

          SHA256

          c0b8f1c9ba49c86d0b2404383ae5b14935cf336b9f7fffbf25589ad7c2672c98

          SHA512

          d9895a5d99704ba1e56f6179800a1e0f354ecd23767eabdf8815f4d2d203387781cac56fa8fd090ba8db8819180f7134bb0c81c0b9478d895a60e9d47d8a6016

        • /data/data/com.rbar.bxtq.qosf/app_mjf/tdz.jar

          Filesize

          104KB

          MD5

          30617d6621bcd972fcea53d04f3b2a55

          SHA1

          a0a51f60773e3a1eea2f929c8f1df896b6d71e7e

          SHA256

          157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b

          SHA512

          d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0

        • /data/data/com.rbar.bxtq.qosf/databases/lezzd

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.rbar.bxtq.qosf/databases/lezzd-journal

          Filesize

          512B

          MD5

          fbbfc8d3364d114ddff02c63d537b19e

          SHA1

          0900ff047e85b49d95a3650f35a08d3e1c094a37

          SHA256

          22dc3fd3979e94bb94841e2ce2adb95b204dfa6c3c7d7d0d040e2245b4844629

          SHA512

          197ef6b9030890f6641683f5cd3a676fa7262f96aeace177f404f31ee9cfc4c6fda144d21e12be73afeecd2b1412ed9cc6caa41caa36fe811b4815656d595ef7

        • /data/data/com.rbar.bxtq.qosf/databases/lezzd-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.rbar.bxtq.qosf/databases/lezzd-wal

          Filesize

          60KB

          MD5

          30ef74d44d523edc564a4ee0bf4177ca

          SHA1

          9c5435d68cf21c5ec77bad2fcbb459b762f605f1

          SHA256

          1ce34a0852b0004af5e4c24a923c6cb08c356cea4f2b61930c01881ba76e5349

          SHA512

          1afd2ce0eb9857ce8e41e80172499baa6c16fcfedb2ee0e6e2ac80066e84643b7bf7147d44004ee2e1087dd28c109ff46e0f3988816ac038c5c0ae77d5c466dc

        • /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar

          Filesize

          247KB

          MD5

          daa884f34fd8ae9dd3bfb6b119ff3aff

          SHA1

          7de35d394619e09d959ed996ad265702cb8b8efa

          SHA256

          c9c157972fb88b6be615c55598c6dd7bc36a518c2b24e8b6ee5fd48f532381a8

          SHA512

          dc316772998f61131936b0cb6058a3ea7f144b31da11bff492408fb03ef3796604a2f887670d160e1302253d2ceac4e1621f6d26ee4293e21856a862b4f4125f

        • /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar

          Filesize

          247KB

          MD5

          18cfdb00841ddceacea677d69a13ba5a

          SHA1

          df15b27afa69a8f4e0e74c250e56df55e5701172

          SHA256

          676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83

          SHA512

          83886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a