Analysis

  • max time kernel
    17s
  • max time network
    140s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    17/10/2024, 17:55

General

  • Target

    52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118.apk

  • Size

    5.1MB

  • MD5

    52f2f89bbb0e21deba46196e5fa0dbe1

  • SHA1

    ed1ffc91b5f0ace16909fdf5e2e4283328758922

  • SHA256

    e9fca967da7de00ae2020859ecd1a958fed3597a780443375c1405c5ef56bcce

  • SHA512

    853ff8076b8083f596221860318063ca266092657103f0b8ecdd949d78ce911896406ce10b48f0eae478e22bb78b9b6158da6fd63f930c6b222c6590ea2f718a

  • SSDEEP

    98304:LS2EbF7lCGhzbqKQC6lKjaxOM+GbxJfpQY5hMgUKg8PiHqGVCPmwPhw1F:LS28l9vq9C6lmQOM+sfV5hzgLKGQewPu

Score
8/10

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Checks the presence of a debugger
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • skydownloaderv7.facebooklite.stt31.ua83247992v6
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Checks memory information
    PID:4331

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/392045835.tmp

          Filesize

          38KB

          MD5

          9b9e83b272e4f69339ed5fa03135d59f

          SHA1

          e6061b6ae412c2ec10e1e0a12ff1e5d741fc622d

          SHA256

          ebd736ae33d061327236743be3ba5a692c5dc202d21aeb726414b7558838cbf3

          SHA512

          44ef30566b05ec909ab463f1c8247f9861f3ad836555dc8b462e9a20d5542bc849c1abaa538a817a78f8316f43c731e85475a91260cc2975b5c1dcffbb596211

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/425486677.tmp

          Filesize

          23KB

          MD5

          aa20ee1bbd2c88b98b22529fcfe531ca

          SHA1

          6563a53227d7fa5a0940f2ad30e52dfdf2f8e3c5

          SHA256

          cd242338345a19897d4546a9faec393bbc5beab6ab2a1f844ef74ac9c31ed795

          SHA512

          91bc411eb2dc5ea781d165346eaebbb21800ebbca66277fa7659d09906345def2b6cafccd924ab0a75b3d12d48f6cab0a5f206573887c0c65c968ddab5939441

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/790093723.tmp

          Filesize

          23KB

          MD5

          b9d4ca18c503b17808e8c212ccaa0459

          SHA1

          eb641e029b116e4a838bffc57a2db7e9d0ae2852

          SHA256

          e0b0665a2d5cf862db53ad32109dc6b3021b022ee89f9d67228ebb331f4fd6e7

          SHA512

          c68967a7e794829ec2e936c3159987b46c6678f20466db9ea1cccc97a006b9f68600b720e555e934a93e2669114ac672a5254d1730eda36d57d2e3ef3c5c43fc

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287BeginSession.cls_temp

          Filesize

          77B

          MD5

          87eec3e546e664e073040f972b2010c6

          SHA1

          6d402ad89c1bb59a30e22f403f1536fbccfaf726

          SHA256

          98d391081370a7c959825831b046a7eadf878e527ed3f4726397201bddc3ea8c

          SHA512

          652e8d4e23c8e9ebee75aadb68a7cfbc92ef1a9faab868258b72e58a2965c740a9067caef011bfd04c3760a418762302e4b56778a16f210558e077696045ba3f

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionApp.cls_temp

          Filesize

          140B

          MD5

          0126a20a5bc972fa657003acc6ee55e5

          SHA1

          7219bd3d0704a3119ff51ce1142c359ab05e3d8c

          SHA256

          9554734fea1973e3811b3286864dc9f51e898edce3db12a0d380550034c0ec64

          SHA512

          302e34c5cc0ba8126a94850bb1c16e0708d20848c18a054792d02c965a2a8d886d729436516b146ff73133e2d71eb0b1d4290713578372c6c21b70bc98f3d925

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionCrash.cls_temp

          Filesize

          23KB

          MD5

          0562ad6e6c39dd4d3730c7cafcdeadf2

          SHA1

          9767886533c64621563954ab3f86f99f542fc554

          SHA256

          0f601d7554694f89b7a94a8cd3a62b9a359bdf546dbcf99dc6ae0253042996c7

          SHA512

          e0e19e5e0823e48209bcc319da84bd05012031e4668ac81786e9e215acc340e0c5826dd6e30b444ddcbe444b041b4a1d919de213308dc248e3e4fe059425109b

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionDevice.cls_temp

          Filesize

          88B

          MD5

          9c9e956e9e5f29a1431f2ff0641576aa

          SHA1

          88c4277896bbc068fb45100bc4f48223a0c69549

          SHA256

          d315d37f2c4bdafc3b4b56f91d71b80311c0eac7839ccad4c275d9e4b970fc83

          SHA512

          29725c08302ea9c46ec12b9281756630d7ed4e5044a50114f08c8388f5e47057af3f19e72811b9efa3d70daa361b09cba812c19a5966818ad7190a0475752d54

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionOS.cls_temp

          Filesize

          15B

          MD5

          f8b3ebea29c91d82f009e5a9c6d11060

          SHA1

          99d88c4b39d9143084e777b93d9692a59a3d087d

          SHA256

          b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe

          SHA512

          6f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionUser.cls_temp

          Filesize

          40B

          MD5

          9c0c428bb140688d404b44a6029ddfa8

          SHA1

          09dda2e25390fd34bbc608caea3f9e40e0cc278e

          SHA256

          7beb785ead0b743eb61fd11308432b3f9b99693dc088fa906f1a7948ab8ebafb

          SHA512

          8958267ebc1c27aaa665b879da837d559254a151a0859eba2f7b69d140baea940d4a8fc268b486086e13933f66c58fe8f964158711df33b8c0ae3d11eaf58e71

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta

          Filesize

          18B

          MD5

          b6d185f6efbe50a888d05ae408e74ef1

          SHA1

          ede36bece85511cd1cbf752d015b7c4463c9e669

          SHA256

          769ab80ed0b2e202f9e10da0018179ddb92ad4afab7c268bcbcd827124a68b00

          SHA512

          c0cceecd2738c1324bae5fb03e833b9cbdd009c8a800efe7a558fb804523f79da2690d34fe157eaf8d6619012b0f214a07852581625abcf35f54c90498e24b58

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta

          Filesize

          51B

          MD5

          edae353642d165f254e34d0ce986c428

          SHA1

          38116bed3c236a65e676886ac23cde72a19cd561

          SHA256

          e8041f569777ee119f9510bb9950bf517ea3316522a667d1eec5c02a7655e36f

          SHA512

          8a4f210ea2bb86227dcb50ba72d4f6ad4eb0139159d21558fe662894c69e5349dd48133e7fc6351a92e172342160f1a01c977d0dc06f1a29b5821de65242d93d

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta

          Filesize

          74B

          MD5

          53dda71c22a8f65e4ba24cda94a62efd

          SHA1

          46b6a688792ef54114e4c95387e9dbac96f01c59

          SHA256

          d73681cc7024c74acfbfedc2ffbab30c80a416121217c5d051c672d772025515

          SHA512

          f8fcb5208ae3bcada65b04b6af7e82f3407e394b397eeff3e2f71c29fbbe547a1e6da7cd458fbb00f417bec42bc104b02ecfca5cbab8066469dc54391d2ede5f

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FB70278-0002-10EB-ECCBA329F287BeginSession.cls_temp

          Filesize

          77B

          MD5

          14855d9f3b21be54f2baaf26ba7cd2a0

          SHA1

          e96b6c51a8a5cc63d5657dcbca7f965269fd052c

          SHA256

          a6f2b9150b972e773154bc2a7c34ac9f7d810d95185e8b279d70d2e8be045ce3

          SHA512

          17ef9e52d466b8ac7789add71ab9c506569169f138684822f322c4fc7a05a573a4a7be9e1e229e6140e0fa6c98eb230faa22d74e32d49526b974b6479e27a4b3

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

          Filesize

          1KB

          MD5

          ed99c14491e8df0044c0af053f1489b1

          SHA1

          8139e4e73d0e60bfef23c407c8b48f99d83ba3fd

          SHA256

          8fc6d9dbcd753714535120891bfddeda0da47434b389447689166162882fcc58

          SHA512

          b07a2f33563fdc20f303afd7d2bc13c954018656eb75d5cb8a1938dc816f9e83e6f88e6778f3994947160af65b72921dea5cb302a3fe8ea83747f4b31fad9ac2

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

          Filesize

          447B

          MD5

          0ee9f4ba9f85b99185fcd85052aed7d7

          SHA1

          2320f047d8ec9f6811e9d35e27147d45546cc445

          SHA256

          d73463b69631da6161029825ed2c0909244ed622eee7ed542b7d8e4da58ce1b4

          SHA512

          039b73b5ad1bf9e67dedcb07a8bd9deb38ca624925a5242c0693d63543a073a0de4ea9bf0f7f0bd468277cc6e0498cccb52e2c3fadb81318f09a98d14baf11ae

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

          Filesize

          16B

          MD5

          c33583fae4e0b61cde1c5b9227963237

          SHA1

          fe2ebe4d27469af1460f7e852031a04208ef629b

          SHA256

          35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

          SHA512

          fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7ec2ef14-78cf-464b-a799-b66c815b64ad_1729187764031.tap

          Filesize

          448B

          MD5

          6f17ff8c0435bf118923feda8c3af2e5

          SHA1

          19811a3d6deceabfb6ff56cb7ca32a0fc2eb49ad

          SHA256

          1cf4b48fc34ad439fa9fc11f1f15ecbff24f1d707a4ef544bd07750579a56a03

          SHA512

          ee43d08ee24f72915875e44f09fcbc79ede9ace64599ef22590a17d8e46363ca10e8263d6c644bf075dd1f3aabbc193b198cd5def0dc4283ae521f5c381a209b

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ae85621f-e36c-4f1f-9656-ac33e4fb45a9_1729187754119.tap

          Filesize

          360B

          MD5

          16dac9930e2142a2eaf7f6e53be6c1cc

          SHA1

          6f5accd62b287e833feb7141718dd3a212b614b3

          SHA256

          c007cb2d73ecb7c23826d23953c28f2bef06f588572fc9d6335f60e5f762ec0d

          SHA512

          58c4f453be6b22d0c6dbbc93640e6ac5f28a321226d88b118b7539a15786c2c1f742f28b9d8f71d1c1f3d787f51179d5e89609bf787d6619a79555352bdc5797

        • /data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/gaClientId

          Filesize

          36B

          MD5

          a2023f89d1b2de862d8ad7ea8ad1529a

          SHA1

          e0882c1cbb807fa5575b8e5302c37a34e17c74a2

          SHA256

          97d84d40057f394e0140b0b702a19bce56566b5df2b67d23bf9c41850c9c9211

          SHA512

          9aee4056c899fae4c0c7fa674374928cfac101f32d19db24acff5ba0076b00f042c5cb41aad9f8b12361e13225a9d80293ecaffa58b33b222ebe5dfcc233287f

        • /storage/emulated/0/temp/com.mobile.indiapp.tmp

          Filesize

          1.8MB

          MD5

          018b2dd965ba5aadaf0312893ea72de1

          SHA1

          29ffa12848677505c96f000691ccaa11e8f9d06a

          SHA256

          81ea0a653163d773a9a9f3ef922449cbb28afc971a82a3be36a2c8f7356c3b9d

          SHA512

          c899070f36bf0a73608678cd3cb29221b11464b506470a4a01b80d3a296471ff80c7c21529e07d78ee965d5dff8a38185713140d0b30ba767a46efa8cc111b16