Analysis
-
max time kernel
17s -
max time network
140s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
17/10/2024, 17:55
Static task
static1
Behavioral task
behavioral1
Sample
52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.mobile.indiapp.apk
Resource
android-x86-arm-20240910-en
General
-
Target
52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
52f2f89bbb0e21deba46196e5fa0dbe1
-
SHA1
ed1ffc91b5f0ace16909fdf5e2e4283328758922
-
SHA256
e9fca967da7de00ae2020859ecd1a958fed3597a780443375c1405c5ef56bcce
-
SHA512
853ff8076b8083f596221860318063ca266092657103f0b8ecdd949d78ce911896406ce10b48f0eae478e22bb78b9b6158da6fd63f930c6b222c6590ea2f718a
-
SSDEEP
98304:LS2EbF7lCGhzbqKQC6lKjaxOM+GbxJfpQY5hMgUKg8PiHqGVCPmwPhw1F:LS28l9vq9C6lmQOM+sfV5hzgLKGQewPu
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk skydownloaderv7.facebooklite.stt31.ua83247992v6 /system/xbin/su skydownloaderv7.facebooklite.stt31.ua83247992v6 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses skydownloaderv7.facebooklite.stt31.ua83247992v6 -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 13 ipinfo.io -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone skydownloaderv7.facebooklite.stt31.ua83247992v6 -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo skydownloaderv7.facebooklite.stt31.ua83247992v6
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
38KB
MD59b9e83b272e4f69339ed5fa03135d59f
SHA1e6061b6ae412c2ec10e1e0a12ff1e5d741fc622d
SHA256ebd736ae33d061327236743be3ba5a692c5dc202d21aeb726414b7558838cbf3
SHA51244ef30566b05ec909ab463f1c8247f9861f3ad836555dc8b462e9a20d5542bc849c1abaa538a817a78f8316f43c731e85475a91260cc2975b5c1dcffbb596211
-
Filesize
23KB
MD5aa20ee1bbd2c88b98b22529fcfe531ca
SHA16563a53227d7fa5a0940f2ad30e52dfdf2f8e3c5
SHA256cd242338345a19897d4546a9faec393bbc5beab6ab2a1f844ef74ac9c31ed795
SHA51291bc411eb2dc5ea781d165346eaebbb21800ebbca66277fa7659d09906345def2b6cafccd924ab0a75b3d12d48f6cab0a5f206573887c0c65c968ddab5939441
-
Filesize
23KB
MD5b9d4ca18c503b17808e8c212ccaa0459
SHA1eb641e029b116e4a838bffc57a2db7e9d0ae2852
SHA256e0b0665a2d5cf862db53ad32109dc6b3021b022ee89f9d67228ebb331f4fd6e7
SHA512c68967a7e794829ec2e936c3159987b46c6678f20466db9ea1cccc97a006b9f68600b720e555e934a93e2669114ac672a5254d1730eda36d57d2e3ef3c5c43fc
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287BeginSession.cls_temp
Filesize77B
MD587eec3e546e664e073040f972b2010c6
SHA16d402ad89c1bb59a30e22f403f1536fbccfaf726
SHA25698d391081370a7c959825831b046a7eadf878e527ed3f4726397201bddc3ea8c
SHA512652e8d4e23c8e9ebee75aadb68a7cfbc92ef1a9faab868258b72e58a2965c740a9067caef011bfd04c3760a418762302e4b56778a16f210558e077696045ba3f
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionApp.cls_temp
Filesize140B
MD50126a20a5bc972fa657003acc6ee55e5
SHA17219bd3d0704a3119ff51ce1142c359ab05e3d8c
SHA2569554734fea1973e3811b3286864dc9f51e898edce3db12a0d380550034c0ec64
SHA512302e34c5cc0ba8126a94850bb1c16e0708d20848c18a054792d02c965a2a8d886d729436516b146ff73133e2d71eb0b1d4290713578372c6c21b70bc98f3d925
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionCrash.cls_temp
Filesize23KB
MD50562ad6e6c39dd4d3730c7cafcdeadf2
SHA19767886533c64621563954ab3f86f99f542fc554
SHA2560f601d7554694f89b7a94a8cd3a62b9a359bdf546dbcf99dc6ae0253042996c7
SHA512e0e19e5e0823e48209bcc319da84bd05012031e4668ac81786e9e215acc340e0c5826dd6e30b444ddcbe444b041b4a1d919de213308dc248e3e4fe059425109b
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionDevice.cls_temp
Filesize88B
MD59c9e956e9e5f29a1431f2ff0641576aa
SHA188c4277896bbc068fb45100bc4f48223a0c69549
SHA256d315d37f2c4bdafc3b4b56f91d71b80311c0eac7839ccad4c275d9e4b970fc83
SHA51229725c08302ea9c46ec12b9281756630d7ed4e5044a50114f08c8388f5e47057af3f19e72811b9efa3d70daa361b09cba812c19a5966818ad7190a0475752d54
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionOS.cls_temp
Filesize15B
MD5f8b3ebea29c91d82f009e5a9c6d11060
SHA199d88c4b39d9143084e777b93d9692a59a3d087d
SHA256b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe
SHA5126f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionUser.cls_temp
Filesize40B
MD59c0c428bb140688d404b44a6029ddfa8
SHA109dda2e25390fd34bbc608caea3f9e40e0cc278e
SHA2567beb785ead0b743eb61fd11308432b3f9b99693dc088fa906f1a7948ab8ebafb
SHA5128958267ebc1c27aaa665b879da837d559254a151a0859eba2f7b69d140baea940d4a8fc268b486086e13933f66c58fe8f964158711df33b8c0ae3d11eaf58e71
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta
Filesize18B
MD5b6d185f6efbe50a888d05ae408e74ef1
SHA1ede36bece85511cd1cbf752d015b7c4463c9e669
SHA256769ab80ed0b2e202f9e10da0018179ddb92ad4afab7c268bcbcd827124a68b00
SHA512c0cceecd2738c1324bae5fb03e833b9cbdd009c8a800efe7a558fb804523f79da2690d34fe157eaf8d6619012b0f214a07852581625abcf35f54c90498e24b58
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta
Filesize51B
MD5edae353642d165f254e34d0ce986c428
SHA138116bed3c236a65e676886ac23cde72a19cd561
SHA256e8041f569777ee119f9510bb9950bf517ea3316522a667d1eec5c02a7655e36f
SHA5128a4f210ea2bb86227dcb50ba72d4f6ad4eb0139159d21558fe662894c69e5349dd48133e7fc6351a92e172342160f1a01c977d0dc06f1a29b5821de65242d93d
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta
Filesize74B
MD553dda71c22a8f65e4ba24cda94a62efd
SHA146b6a688792ef54114e4c95387e9dbac96f01c59
SHA256d73681cc7024c74acfbfedc2ffbab30c80a416121217c5d051c672d772025515
SHA512f8fcb5208ae3bcada65b04b6af7e82f3407e394b397eeff3e2f71c29fbbe547a1e6da7cd458fbb00f417bec42bc104b02ecfca5cbab8066469dc54391d2ede5f
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FB70278-0002-10EB-ECCBA329F287BeginSession.cls_temp
Filesize77B
MD514855d9f3b21be54f2baaf26ba7cd2a0
SHA1e96b6c51a8a5cc63d5657dcbca7f965269fd052c
SHA256a6f2b9150b972e773154bc2a7c34ac9f7d810d95185e8b279d70d2e8be045ce3
SHA51217ef9e52d466b8ac7789add71ab9c506569169f138684822f322c4fc7a05a573a4a7be9e1e229e6140e0fa6c98eb230faa22d74e32d49526b974b6479e27a4b3
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize1KB
MD5ed99c14491e8df0044c0af053f1489b1
SHA18139e4e73d0e60bfef23c407c8b48f99d83ba3fd
SHA2568fc6d9dbcd753714535120891bfddeda0da47434b389447689166162882fcc58
SHA512b07a2f33563fdc20f303afd7d2bc13c954018656eb75d5cb8a1938dc816f9e83e6f88e6778f3994947160af65b72921dea5cb302a3fe8ea83747f4b31fad9ac2
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize447B
MD50ee9f4ba9f85b99185fcd85052aed7d7
SHA12320f047d8ec9f6811e9d35e27147d45546cc445
SHA256d73463b69631da6161029825ed2c0909244ed622eee7ed542b7d8e4da58ce1b4
SHA512039b73b5ad1bf9e67dedcb07a8bd9deb38ca624925a5242c0693d63543a073a0de4ea9bf0f7f0bd468277cc6e0498cccb52e2c3fadb81318f09a98d14baf11ae
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7ec2ef14-78cf-464b-a799-b66c815b64ad_1729187764031.tap
Filesize448B
MD56f17ff8c0435bf118923feda8c3af2e5
SHA119811a3d6deceabfb6ff56cb7ca32a0fc2eb49ad
SHA2561cf4b48fc34ad439fa9fc11f1f15ecbff24f1d707a4ef544bd07750579a56a03
SHA512ee43d08ee24f72915875e44f09fcbc79ede9ace64599ef22590a17d8e46363ca10e8263d6c644bf075dd1f3aabbc193b198cd5def0dc4283ae521f5c381a209b
-
/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ae85621f-e36c-4f1f-9656-ac33e4fb45a9_1729187754119.tap
Filesize360B
MD516dac9930e2142a2eaf7f6e53be6c1cc
SHA16f5accd62b287e833feb7141718dd3a212b614b3
SHA256c007cb2d73ecb7c23826d23953c28f2bef06f588572fc9d6335f60e5f762ec0d
SHA51258c4f453be6b22d0c6dbbc93640e6ac5f28a321226d88b118b7539a15786c2c1f742f28b9d8f71d1c1f3d787f51179d5e89609bf787d6619a79555352bdc5797
-
Filesize
36B
MD5a2023f89d1b2de862d8ad7ea8ad1529a
SHA1e0882c1cbb807fa5575b8e5302c37a34e17c74a2
SHA25697d84d40057f394e0140b0b702a19bce56566b5df2b67d23bf9c41850c9c9211
SHA5129aee4056c899fae4c0c7fa674374928cfac101f32d19db24acff5ba0076b00f042c5cb41aad9f8b12361e13225a9d80293ecaffa58b33b222ebe5dfcc233287f
-
Filesize
1.8MB
MD5018b2dd965ba5aadaf0312893ea72de1
SHA129ffa12848677505c96f000691ccaa11e8f9d06a
SHA25681ea0a653163d773a9a9f3ef922449cbb28afc971a82a3be36a2c8f7356c3b9d
SHA512c899070f36bf0a73608678cd3cb29221b11464b506470a4a01b80d3a296471ff80c7c21529e07d78ee965d5dff8a38185713140d0b30ba767a46efa8cc111b16