0ccf9cfae60602b20c679ad8d56cc14f94ebf50aed389ef9db8a86e717ed76ea

Analysis

max time kernel
11s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-10-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fb4d640fd9021d43d3e952be9118888_JaffaCakes118.apk
Size

1.9MB
MD5

6fb4d640fd9021d43d3e952be9118888
SHA1

6bb5ac29eaa12991655c67c0b133f0de547b716b
SHA256

0ccf9cfae60602b20c679ad8d56cc14f94ebf50aed389ef9db8a86e717ed76ea
SHA512

004c3bab57a2081748ece4e0a78cab2c7cb2da4cc78f78a3dd63eb3929432233cf4843a5313d87f7504f7cd4fd80b5953e9ceb302e11b1bc954d875f498a6fcb
SSDEEP

49152:+qq3L9SshzzJ+RC/nvL9OWY5Bp7UWucfj06:+qq3LnzzBvhOWgn7/u2j7

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.light.ddp3

ioc process

/system/bin/su com.light.ddp3
/system/xbin/su com.light.ddp3

ioc	process
/system/bin/su	com.light.ddp3
/system/xbin/su	com.light.ddp3

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.light.ddp3

ioc	pid	process
/data/user/0/com.light.ddp3/app_jc/c.jar	4966	com.light.ddp3
/data/user/0/com.light.ddp3/app_jc/b.jar	4966	com.light.ddp3
/data/user/0/com.light.ddp3/files/BKit_qsb.jar	4966	com.light.ddp3
/data/user/0/com.light.ddp3/files/BKit_qsb.jar	4966	com.light.ddp3

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.light.ddp3

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.light.ddp3
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.light.ddp3

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.light.ddp3
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.light.ddp3

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.light.ddp3

com.light.ddp3
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4966

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.light.ddp3/app_jc/db.jar

Filesize
95KB

MD5
e6b5ce59b96d66f7e496bbd7c9c9a5fd

SHA1
8207be6cdefb7d5e05867b6b9dd63572aa118c30

SHA256
4a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47

SHA512
9d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96

Download Submit
/data/data/com.light.ddp3/app_jc/dc.jar

Filesize
51KB

MD5
17e76adc46244c2eb8240f6fa60ea08f

SHA1
1b3f04099dbfaffd44b175f2c70443d64652c02c

SHA256
8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e

SHA512
110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c

Download Submit
/data/data/com.light.ddp3/app_jc/du.jar

Filesize
62KB

MD5
1a3acdbb7bba142fd62cd14f65f0f9aa

SHA1
0225a74d95ccb318cb833fb427d1bf4ad7bc693f

SHA256
fee9ad22d48920c23dabc57aa0e9fa9b2815a9fba645a95c51818549422713df

SHA512
c531a4407902f5750ef391b67bbf50a7b86774f785a0cd3124ee99ab0c68934878196b01005757349ff57c2cd2ed64feab4cb52274eea66bf72f32bfc2df1825

Download Submit
/data/data/com.light.ddp3/app_jc/tb.jar

Filesize
95KB

MD5
1ba088e6a5c9179048c6f0dcb9126b9c

SHA1
1654ede1e7d91aefd6284a26e80fe1810233fb5d

SHA256
d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138

SHA512
218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff

Download Submit
/data/data/com.light.ddp3/app_jc/tc.jar

Filesize
51KB

MD5
4c04c839c4c1663e740e6b9a6f2b6938

SHA1
727f1d98bcf6619fea747d1e0e1744c8a79b04d7

SHA256
a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e

SHA512
9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb

Download Submit
/data/data/com.light.ddp3/app_jc/tu.jar

Filesize
62KB

MD5
0bf39a7ea5d64004b531e2c73fa7244f

SHA1
138e64f2b52fbe6b220e046b1b7b51b2e3500bef

SHA256
a5fd25605f6e0bf439a1a5ac64f501fdf92d67f3281bf35b0ad7c2da2c65df44

SHA512
5623031209559f49985d67a390653361c17ea2ae4b9ea40f6f2feac021bcbceabda56deaf24996603068c2c14fa04a4f8bd8c041894688aca247331245db5f1b

Download Submit
/data/data/com.light.ddp3/databases/vdownloads

Filesize
16KB

MD5
82d33228252ebf5a49287e97e1555f71

SHA1
2d544d58d334763e3df436ed0a339598174f2f74

SHA256
d88a9698a21746f8dcdc1d80cfe6e54df1a48d2c9b507572b8c42fc46684c680

SHA512
e6d11314c961832abb2e2a7ba4093b087edb1020ff81228433b8d17f8bf6fcdbfa1c094fb49e343faf28698031e8c390a42bbf67d1c3e6df26f9ec6f55037c12

Download Submit
/data/data/com.light.ddp3/databases/vdownloads-journal

Filesize
512B

MD5
22eb4b8a46c35f73eb0e944a4ab60294

SHA1
bcbf4e3f4b8c6aa1140d8e4b0336e8edc6221192

SHA256
f4bb0cde0ffee18d9c842cdf484b6133c4f9bf7bbc5c4465b4747046625d600e

SHA512
f20437159594c558fffd8b05cdef4d8b4c1664ef69f667934ce7dd7a2b24f879f8931e71ce09a8c9501dd6d739e0caf1f104c9f32caf3fd9c2e9f8fd8857829f

Download Submit
/data/data/com.light.ddp3/databases/vdownloads-journal

Filesize
8KB

MD5
3386dcffef0e19f745b12678f7dc6349

SHA1
f56743fda25fd20d765c8fdfa12fc74d4caa973b

SHA256
b20741492f3d70b279f221e4db739e309c7532fcc66bbdc0804ce291ad168daf

SHA512
705bc0c242172310cf9201d78036bf5683be18e8d2150914f9c20547e9e4cc5ae852f95c205b9dfc6df23cf0b11aa7625b566b0d80a723eac0728510404470b9

Download Submit
/data/data/com.light.ddp3/databases/vdownloads-journal

Filesize
8KB

MD5
06dcfda938ceec40aba18ecca4703de8

SHA1
94a0d93d2b1cf1895e3ce5cb3250f0c3a33501f7

SHA256
6b5fbc18e0c0bb51558be298897a5ce7322f64bd2953e8da27f4b6c2ebacd02c

SHA512
2f34e19aa5750563a03576057d4460f36ca395dbfcb0b1009cbb0b11510ee06394af7cedab7e73bbdd81f5e8111f57e09d094d8a954c7b898d9ad4a1e06ee958

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db1

Filesize
16KB

MD5
f5f27d5a5e3029f2ecab3d7e64cff165

SHA1
b76ba1a9e01700bfe1428c5c1a4b81e4782c5f09

SHA256
58c23195c845eb25d30167f6eb703c3d8faa7f893d0f16b81132fcbbb5ca7c5c

SHA512
79388652d4ee37cad56bb229c1515916c51d30fbe238af18e41afd155bd98a199935c92491e87bd0ab2a02a36bae4b73a9736428300418b23bb8d10ac0d1508b

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db1-journal

Filesize
512B

MD5
6995880eaaffaa38ae2f6672b69a74d4

SHA1
1af133c589138c6e843254218026b7cb7d9d330f

SHA256
064f419c00fe853b4a32cdb027635c5a3743c15fa786c7f45a850e469840441e

SHA512
5f7767628e5b95e034de83c57506eea0f4a36a104a1d7754fd8c40c6f19fa2b73cc3281f24d06786013e489291a332ca2758f5837f22cb48e159c07ce8e4477c

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db1-journal

Filesize
8KB

MD5
eecb37f5156cc54fbb9b2397a441a2ed

SHA1
ccf6d73c70edb915fe94dcee7a92826e3ba406aa

SHA256
360fab82ec58b1efd678ffd3e53d021950d851612d562e73c07e3dac90a891f9

SHA512
4aa611736f0ef7789ce5ab349e60ce1cbb6379302155d3d3d96fd0c9926eedc117626b30ce26bbd91e517da9ad70d1a31f9479ad149c2364c76645bd7541b598

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db1-journal

Filesize
8KB

MD5
951debd32decffe5ca9352379882e31f

SHA1
b7b062f0b112a3de6b4de23a4f11fa66e5b8ea4f

SHA256
2fc4c128f2524a069c7deb62d6495f293512873cfb172367d571a6c17197bbf5

SHA512
b899cd295a04b598f304dc2ed6f3196a9e216639b9af7aecb09821e6731037fd0af3c056e6519b76f14c061fc3be58d83668485c3fbe2bca666130dab317d370

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db2-journal

Filesize
512B

MD5
f5eef6541f68e4937e3e9c122d233fcc

SHA1
1455ef2ff28630915eb90da1ebc5ec77063951d1

SHA256
c25296cfcbaf6932fd498dc021246e616da64df37246eaeadaebee0e1cc7693c

SHA512
ccc40ec6f64f016f7a387659aa5e86c428e4aba9f4e784190499d962de5a1051959ef0bf8d29a20ee5dac4d41bfbb6827ebd7b8a00af61f852225c1de719771c

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db2-journal

Filesize
8KB

MD5
47b46c8d688611cb73b9747719837229

SHA1
2f2eca7b391cebd5816c6e6b61eab3edbbad2323

SHA256
96e1f506f550290c6d121f1146932c3ec709e5fd5ac5f33fd1ba1d83392d964c

SHA512
524d66a4e2c40d3ad9cb9dabe5b8eeca01070bbc09ef5afcab8fa44443a42646410e6164dab54b9ccbdffd7b2b9f82014a9728ba4851acc80c5e23ff9315072f

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db2-journal

Filesize
8KB

MD5
58545d27c593e6941af87cfaf60eaf94

SHA1
a4116e235155a55f6f57268f02e7e2b86223cf82

SHA256
334f2132348ba7792bd32f81b13a1897eab14a860e06d8be9d182e14c9098d18

SHA512
5f3b75aa7ff3de9a93c623d80d6f359d1d0d725836bc798d8f845e861c2093375544f93b1e5001917266920eaeae74bb9d77b9ddeb1f4d71f7680004d4b63530

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db3-journal

Filesize
512B

MD5
9688c285eb635369f2dcda61a36c3f73

SHA1
3921ac0eed1832fa3310ef19c3cce6305ca39b62

SHA256
24f931bf22c416dc8880836b857b8329a4362c77e0eb0f7fde38d8989a28c8c0

SHA512
5053c6168df8f80ed9d67c5ee965b15daf663a7629ca9cb71e63168e61881453ab056fd8537077b0815cc0c1f1be49c656a4a36fb61422ba4cb234027e682be7

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db3-journal

Filesize
8KB

MD5
332eca33d4fb5e19d872a08d986994b5

SHA1
e8cf62b1a4607f7a52d44bf521b3c1a33179cf1a

SHA256
b4ea9b7e1a42cde096ab0ae0deb06c40200b11af881d5572380c2903b05e8f10

SHA512
68fa472661961d13225a846146aef6b962723895aa304fa8d90665698e513b6bc3ee50c6ea364a77ecb3a5706cdd15b98eec6abc1e3e9af2d7e931de1d5efea2

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db3-journal

Filesize
8KB

MD5
045e463886e4e155437f7720946fc941

SHA1
bc72fb39f7b6e855ebfb097b65aedf60d1751e00

SHA256
3be6bb313da47a345a3935153ad5afb6249ecfb8437fe0b8e55586970e6a8c11

SHA512
8c897152bddb58984b2829aefb7537e2eceaab2888cac3f8ab8a6b54c27cbe190d7b9e9b31ec11805e73bbe3ef515227e1a402050e5404c2b0aa02ab758e04c6

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db4-journal

Filesize
512B

MD5
841b66d9333f85011a7c9e8402e098d6

SHA1
97d8c65938926e8722de68f8cc163602928aee92

SHA256
6ef78ccd3f0a0e6e7965058569fd7ab81b3dc9cb00044bc0bd988360abf8cdf1

SHA512
92c5c67ceedbc4518ab029a64564b5a54e8831cd6f8b79e1a06702f94c0f823f5500ea94d670faa1cf23b5f580916deee6797db5c6706a1043677b48dffdb55b

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db4-journal

Filesize
8KB

MD5
c52c729a2ee13a945399c49642be290d

SHA1
fd5c59d5cd94842b8db4b0494bda41a3e9c36026

SHA256
b2b4af2c4ffcb43ad92d29af9c7cd31d391ed752eb5d8ecbfb1558d76e1016e9

SHA512
646993809fff8e925f1c6a34533bdd751b765265ed6030767a0dfa849e3ebbef51b180730dc7bba062cb6b59ae39861e7e0a9e5efb9d63cf7386b7d4e6ecbd0d

Download Submit
/data/data/com.light.ddp3/databases/zdt_record.db4-journal

Filesize
8KB

MD5
1ece02832dcc1adef67807acbdb7abaa

SHA1
9b21f8c86370253c371dc77cf4177257ee562814

SHA256
10a06df717ef3a73cf2c849b23a36ab53b1f12fdf0acee49c81d3e05e2d486d8

SHA512
1ee58cfd7712060defb9711d295ba33179f7644f8cbbdb0570a708fb403234217c1215a05c1ec54219bb48140e72117655bd223d0512687ca6175a4216d823af

Download Submit
/data/data/com.light.ddp3/files/BKit_qsb.jar_tmp

Filesize
40KB

MD5
2b15afda4be2bdc487bcca6dff5db3bc

SHA1
b07df752efb6650dfb3b52ef1cd82a0c9419c30b

SHA256
a8860637b469acbff60958d3e92b2daf451010e8d30e69915b79326249ec6e06

SHA512
22c101049771acbb9ac40c4a380da423b784ff2dd326ad390132bb4754ff7542325fd08b980c755404ef6aa69aa6c9457d3ed1f3208e0f1a10484d9881212025

Download Submit
/data/user/0/com.light.ddp3/app_jc/b.jar

Filesize
167KB

MD5
2e005187eab28668da44a87ce47551ca

SHA1
4b81ef675d8b1e285716b3879320bd298e4a6293

SHA256
efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de

SHA512
111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068

Download Submit
/data/user/0/com.light.ddp3/app_jc/c.jar

Filesize
137KB

MD5
47156cf1a64f54cfb14fe9b28d58e589

SHA1
286284ed2e5dc22d30d1114cc035251c54d63924

SHA256
fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269

SHA512
dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2

Download Submit
/data/user/0/com.light.ddp3/files/BKit_qsb.jar

Filesize
83KB

MD5
15ac4c22f4533cdb23beb38ca00f8f5d

SHA1
5b3c8903dc9dd2f82a5dec2a57f17dab14637f04

SHA256
0332d8ad92ff94bfeecb69055e494a0ffdfeab832aa2473f22ea23a200608a77

SHA512
0ea20d38e9d760bc3ac040fb272c6bf64c549fa87579b7a31cf9856dd2050f0ddf5ef8cae1e740da8508d7e1135cca144d4af65105745d3dafa485c57fa504ad

Download Submit
/storage/emulated/0/Android/data/cache/CacheTime.dat

Filesize
13B

MD5
7777af35b09669b2f1f9164a1b3571fd

SHA1
a5f5d5ab35ec7fac277c9d79a56f21760e6b9009

SHA256
9944f2731ff613c4a97925a8d150c8b2084b11f2636bc0d5c8603dfa9affee5c

SHA512
7f1d750553057d5f129666a08bcec9f10e3ae7807a60f1098fc23898ec6333bfb9e57739dfabe670ca273dc470ef9ecf2b1feff38806e9737ad32855fad2d2b7

Download Submit
/storage/emulated/0/Android/data/code/.vapp.dat

Filesize
813B

MD5
82c0fa78820cd934cce3dad794dd65d2

SHA1
d546d0abb24bfe82c31b30f70b5c029462022d6f

SHA256
5edbb03a9d2bbdcd05cc70815069685b4c6f267d1dd0d7cfa79f9931667ccbd3

SHA512
99d1fb067fd735686901f287412dbb0c4962cfabdf81d5cc9f665bed5483fff4320349f67956c61eb2230abcd458be78360aa513c222fae6a1465440c96cc72a

Download Submit
/storage/emulated/0/Download/9j/1.dat

Filesize
15B

MD5
6313770f0f4b1b61b4cf2825594b1585

SHA1
2342f71924c300bee85eaeb5c60c63283d20e0b6

SHA256
619f31ddb02f54d92147c7630487d88be46887e59677f7d0470c48a2a5159dbc

SHA512
8d520dcd68004ae325ffa3df6163dedbe47355f46de3a61f872049c738ee8490e9e73ccfc72ce5b3d1b747d29cc4f253ab7fb6611a329a60b2da43ec956b4a74

Download Submit
/storage/emulated/0/Download/ads/clst.dat

Filesize
15B

MD5
be01126cc2a8daa03a36a51b29d2f4fa

SHA1
018c9865cf925244f9292c777017488e2e40b50e

SHA256
8966cca89ca8251e0f154deb3e70876fa42b6e046618fa1da2dc35eaa892a9f0

SHA512
932f8ce3888d0f2928fc167f1ea551345f8e9ec1b06121d6cdfdc583f89f6cec75bba1bf2f5dea7e22113c965c80268741b1693f38b0ba19122e22c18fb38652

Download Submit
/storage/emulated/0/Download/vgp/clearT.dat

Filesize
52B

MD5
cf7a0464ebbf731bc68bb138009831c1

SHA1
f81d6f38ec2a44028ed5294166e7c0d739a99051

SHA256
49ead1d5129e185ca8842ccd5992d1255b860a62842e643f56739c2a728fec28

SHA512
da8d1270b08fabca1dfde77b5364896ed408f07d12811970580a8a926584f7c6001e6a18ac5471256844e823b1c96a28289a645fbe620f164153f29f0a7f7fc7

Download Submit
/storage/emulated/0/system/android/data/light.ddp3/devscore.dev

Filesize
2B

MD5
142ba1ee3860caecc3f86d7a03b5b175

SHA1
6e956e31476ccd6bea194a2d6e5e54d66bd3281b

SHA256
dedba7762ec349c2d16e9199752b17f374d6f83071d29b09877816f390928960

SHA512
afeff9332ae66f946c36cb077ca8eb02a2168d1e0634a5d04c607beb2b20abf893b18e30c5061081c7b0b6886d290a970378df7a05c565506c7e6c309d9532d7

Download Submit