Analysis
-
max time kernel
148s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 17:55
Static task
static1
Behavioral task
behavioral1
Sample
52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.mobile.indiapp.apk
Resource
android-x86-arm-20240910-en
General
-
Target
52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
52f2f89bbb0e21deba46196e5fa0dbe1
-
SHA1
ed1ffc91b5f0ace16909fdf5e2e4283328758922
-
SHA256
e9fca967da7de00ae2020859ecd1a958fed3597a780443375c1405c5ef56bcce
-
SHA512
853ff8076b8083f596221860318063ca266092657103f0b8ecdd949d78ce911896406ce10b48f0eae478e22bb78b9b6158da6fd63f930c6b222c6590ea2f718a
-
SSDEEP
98304:LS2EbF7lCGhzbqKQC6lKjaxOM+GbxJfpQY5hMgUKg8PiHqGVCPmwPhw1F:LS28l9vq9C6lmQOM+sfV5hzgLKGQewPu
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk skydownloaderv7.facebooklite.stt31.ua83247992v6 /system/xbin/su skydownloaderv7.facebooklite.stt31.ua83247992v6 -
pid Process 4242 skydownloaderv7.facebooklite.stt31.ua83247992v6 -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 5 ipinfo.io -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone skydownloaderv7.facebooklite.stt31.ua83247992v6 -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver skydownloaderv7.facebooklite.stt31.ua83247992v6 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo skydownloaderv7.facebooklite.stt31.ua83247992v6
Processes
-
skydownloaderv7.facebooklite.stt31.ua83247992v61⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4242
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0BeginSession.cls_temp
Filesize77B
MD5d7ee280b8321ba256f8f336c525fa359
SHA1d2eb7b4eef105f8d3e71c7270b0537c93ff9ba7b
SHA2569843634fd7b4c132c49792891191de78d820a7d3fbee41ade5f24bae0971f6f8
SHA512f31bbbb989c943c3eca42b780929f7fbf665e8703952ec0e9feeb21726ec76e7c366a9c6d9459cefa1cc3d47e6b1d90edc1b9a38cd10fedb8f4ecfff0e1e1acf
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0SessionApp.cls_temp
Filesize140B
MD5c668c4f42f26f66eeceab6629bd9ce45
SHA178a7b8ecc999053e0a680d0a3d57ec70e06d62c7
SHA25603d403d25d972db8c11d28ea22d46669089ac2f404f0b5659b041890591e7d38
SHA51231c9602f87c5e6ad79de41dd1fef47b572f9df3f0df2b0e4bf8251fe6ea4d060f3d699252f37d5c30c062c152a8347efab08d63457111328bc81c9d6a6b5a5ec
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0SessionDevice.cls_temp
Filesize131B
MD5099b737fa8fa693bbba99160f993ba58
SHA1d415b2f3d43def4a9d9c2546a1892c9ee85b6ae6
SHA256c66db99024ec543d9e87c2f1ecb4f014a58d455110cb4282e2d2c587c7c1434e
SHA5124e8a91c51ebb8af774d4f93abe63dac481fef76ae8c9b386e9ebaf6f6f2e6302526b52f10d14d25c1f4f9770016562ee0af54e53e78e4d753ff4e869daa7b591
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0user.meta
Filesize51B
MD5edae353642d165f254e34d0ce986c428
SHA138116bed3c236a65e676886ac23cde72a19cd561
SHA256e8041f569777ee119f9510bb9950bf517ea3316522a667d1eec5c02a7655e36f
SHA5128a4f210ea2bb86227dcb50ba72d4f6ad4eb0139159d21558fe662894c69e5349dd48133e7fc6351a92e172342160f1a01c977d0dc06f1a29b5821de65242d93d
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0user.meta
Filesize74B
MD553dda71c22a8f65e4ba24cda94a62efd
SHA146b6a688792ef54114e4c95387e9dbac96f01c59
SHA256d73681cc7024c74acfbfedc2ffbab30c80a416121217c5d051c672d772025515
SHA512f8fcb5208ae3bcada65b04b6af7e82f3407e394b397eeff3e2f71c29fbbe547a1e6da7cd458fbb00f417bec42bc104b02ecfca5cbab8066469dc54391d2ede5f
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0user.meta
Filesize18B
MD5b6d185f6efbe50a888d05ae408e74ef1
SHA1ede36bece85511cd1cbf752d015b7c4463c9e669
SHA256769ab80ed0b2e202f9e10da0018179ddb92ad4afab7c268bcbcd827124a68b00
SHA512c0cceecd2738c1324bae5fb03e833b9cbdd009c8a800efe7a558fb804523f79da2690d34fe157eaf8d6619012b0f214a07852581625abcf35f54c90498e24b58
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize3KB
MD536d18f665d96a98a38c8b76272f34ac1
SHA1e0edd7d2b6d9c767b93faa03ed2b9349e97337cb
SHA2566da3d98e2a7d9c8f03bf9e23a77f8ae4a7be70cf44a0b182c5da16ce2b5fc83d
SHA5123007a223acfeed9f4faab61faa123a11a7a8e86fd085fe7c2b97278053fd603784b68f3abc2fa637ed3641fd0517f00363b9f25349fe5eb86bcead468a090a88
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize500B
MD598c10db439cb346644fe6110b1ea2abe
SHA1d66d1bfcffb9a5a1dfca8b1028007b663d0d3032
SHA2564f8db53d949dcd74e8784da27fb0d0ff4fea53c451ae1c9349af6f2c723ae28b
SHA5125a9f1f11d173babf02d7b1f4f326f36d763e8d9933e3fd488e0891fbb355e933efc13dd53c770e250a85c13609753628fe08bea902dfdc3ed1e25d4f892eb236
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ccca0317-8722-4d95-aca5-b007c9df18ad_1729187752293.tap
Filesize394B
MD5bf4cd0a9ca754ee6ce6adec045b57ee7
SHA19db24014312d502045e72f79b66c94250198a364
SHA256c117c463254267009d808d96c15a5cdb6c71e3f66949f6e90891eb8fbb1808a9
SHA5122ff63d19932d04a8b329c14a863ee8ed7db3318ffe038413c0545a98cfb27355686beb4c0d5dc5d7dc99e7dae28fc83dc5161708101a03c501839f49e397c024
-
/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_fc4863ff-e4c0-4088-a2cc-75a8e75a8f69_1729187766771.tap
Filesize500B
MD56d564878218f21c5c66fab05c708d192
SHA1251072f0d6619f4d50ee9fad8980cb8c7ab20633
SHA25611d9e14783376a52e8743b6db8f128a7769324ef52212ecb9dd9976e430299fc
SHA512d238e993264083613c9cededb12498e63b0c599f75d65d8555d0251de1f46ee8da4eec73ee0b8167fb0520b494823e68593dfda89c2504949e080db69621190a
-
Filesize
36B
MD56bb1d703764d13b722ef645636865582
SHA1471034c58e6421b5bef3df8afe6d56573098ebe2
SHA256fb5298defbb87d8439db1f2688900ee4e31aa65bf002cd99fdb72f54ab4c10db
SHA51233e36f839d9183eb54997232f2828d4f30a610030f18757e3204f954d3953fbf346861dd5c1c97cdad81c776400caea7c89e7600324981c9e289c19eab7b12d7
-
/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/1719428246.tmp
Filesize32KB
MD5054e5897fccf583739be3e03b644be1a
SHA16c9b76155b2bedee7e75ba070acbe8698bfe60eb
SHA256c93a7abdd8d7918239e47f1cf92d09b840f498f593ac2155faf8b354242ea8a6
SHA512819f417e341cd33fa19d31d10c7534ff19a8103e5d9a5ff0bcce875a04edc558552fdf2604f8bb0caf0a50f6d76317c5a54a66bfdc465c897200dc7e75839d4f
-
/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/392045835.tmp
Filesize38KB
MD59b9e83b272e4f69339ed5fa03135d59f
SHA1e6061b6ae412c2ec10e1e0a12ff1e5d741fc622d
SHA256ebd736ae33d061327236743be3ba5a692c5dc202d21aeb726414b7558838cbf3
SHA51244ef30566b05ec909ab463f1c8247f9861f3ad836555dc8b462e9a20d5542bc849c1abaa538a817a78f8316f43c731e85475a91260cc2975b5c1dcffbb596211
-
/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/425486677.tmp
Filesize23KB
MD5aa20ee1bbd2c88b98b22529fcfe531ca
SHA16563a53227d7fa5a0940f2ad30e52dfdf2f8e3c5
SHA256cd242338345a19897d4546a9faec393bbc5beab6ab2a1f844ef74ac9c31ed795
SHA51291bc411eb2dc5ea781d165346eaebbb21800ebbca66277fa7659d09906345def2b6cafccd924ab0a75b3d12d48f6cab0a5f206573887c0c65c968ddab5939441
-
/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/790093723.tmp
Filesize23KB
MD5b9d4ca18c503b17808e8c212ccaa0459
SHA1eb641e029b116e4a838bffc57a2db7e9d0ae2852
SHA256e0b0665a2d5cf862db53ad32109dc6b3021b022ee89f9d67228ebb331f4fd6e7
SHA512c68967a7e794829ec2e936c3159987b46c6678f20466db9ea1cccc97a006b9f68600b720e555e934a93e2669114ac672a5254d1730eda36d57d2e3ef3c5c43fc
-
Filesize
2.0MB
MD535b57713d34ed96d3e0d916582cf0353
SHA1e1830cba66de430bae779e839df280c857e2626f
SHA2561b7106549255a7e1dbcf8421533aa62e7ee9800219f9afa958dc4e55814e5284
SHA51297e97725940985d0ae811426ce52f5ed7310e85735375da3edf50e2af44bc0c5416ebcd4a235277c5a427a1bc10b1dd60ea8408ba8246b63ec78ac454b3b3e54