5020b284936677a0f6830cb487b5c8066742d6a6b155b74ca9d5d58313fd0696

Analysis

max time kernel
3s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30-11-2024 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4ec3f6c8ec3539fa2c51992adce0b14_JaffaCakes118.apk
Size

3.7MB
MD5

b4ec3f6c8ec3539fa2c51992adce0b14
SHA1

f3c402ac8659b8e64ff11139fdb9c1f39ebdc6b0
SHA256

5020b284936677a0f6830cb487b5c8066742d6a6b155b74ca9d5d58313fd0696
SHA512

22e6e50eb3c292a40475f43b46d03412292c486e4ef58f0fa580fc29347751340075349d81fcc0f495f6b3a90d65b29ee66e520fade4e1f0def3c43c55c3244b
SSDEEP

98304:lNwhL7Vv8YuyEMQ+s7fl9D6Uvki4Kh+gcGKGm5kTswV:l6R7VEYuxF7fl9DXhh+GV

Score

7^/10

discovery persistence

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.zrlh.llkc

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zrlh.llkc

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zrlh.llkc

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zrlh.llkc

com.zrlh.llkc
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251
- chmod 0755 /data/user/0/com.zrlh.llkc/app_bin/dwon
  2⤵
  PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zrlh.llkc/app_bin/dwon

Filesize
13KB

MD5
622b60b7adaf2f9513f0b7dbf2858ee5

SHA1
d871418fd3eab6ea11f3748ee8c5fc6cfa9028dc

SHA256
8c610b6a587aebbe8e5373c34275f130e735d292d235aeea54d6c805e6e18e71

SHA512
7fa50e0bc26d5a6f7360cd71a6eaa595ffc8b6e8cc485a3c82afdad411ab3e804771331866f36c2fa403a0163ea19771bf64ccab567388c6b1a3614c55d08d90

Download Submit
/data/data/com.zrlh.llkc/databases/afinal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zrlh.llkc/databases/afinal.db-journal

Filesize
512B

MD5
fb9a9527c0bbb37e7682a0e531f6d084

SHA1
33c07638e75ad1664644d408dae8d4778a497489

SHA256
86a11e4e4e8cc819c5c56b202f66a1ac8147f4aacf31dae7513dff73dae85964

SHA512
aa62fb27d2540a55a0dac0082bf46dc9133a1dfd9555ce2a786467ef9d249e73eaf6321c1d34b0016382ef7e2f092a048aa3f41a3e37aaf13290d30f1996c179

Download Submit
/data/data/com.zrlh.llkc/databases/afinal.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.zrlh.llkc/databases/afinal.db-wal

Filesize
20KB

MD5
6f641723f2223dc4473b46ca0c333120

SHA1
899f75107fe2a0d81f81fd902b2b9c9748decd41

SHA256
8cf3e05e7a02ad5e1cd9043d27838288e36537cc746acb5d5f4e678f79e17277

SHA512
3837b61cbd33f0fd5e3a81ec27f72fcd73bd6d80a2b6a0f106bd8850105d3aa781ea20cbcffb5353ebca21d12821daafd46b6555e89384788788f029c76efb90

Download Submit
/data/data/com.zrlh.llkc/databases/llkc-journal

Filesize
512B

MD5
b35e1c01117a823fd97366f9f8e7d28e

SHA1
509ce069572d58cf8a4ac27870f3dbdccec36858

SHA256
92a3e1914d2adcdf348458a41fb2ca0b9e05425f90850349a68756988a75061d

SHA512
51c62c8806a9a931660c33bc219e74410aad8e498484458bbd40b3f6aa7b1dcd2763a1979537926eee1758c2aab4cf88e18693cbe782e3c9eae5386dab95304d

Download Submit
/data/data/com.zrlh.llkc/databases/llkc-wal

Filesize
60KB

MD5
7f957cdb90d76cc5c78290066d38aa9f

SHA1
75c8ac0e2badfdd9848b91f898107bc90ffb4463

SHA256
6881ccebebeb61f647a1111ff1c1a58316683e286134342655a2544d7908c380

SHA512
b7afb04f5bd9fc3afc1a878d660bb80c02db3c8b1c0763733b60d7a2d736c8bc937b0a186b4e43e194f7b353cc7e4937b6f8618dbadd5a63b8f9294e559fae54

Download Submit
/storage/emulated/0/device

Filesize
32B

MD5
2813b09cc9a27d42cb1312df66c7d65e

SHA1
d56be1ed97eb04f455183778cca780f9a6111f69

SHA256
f05b159b68295781141d4a2dd7b69052d9d5bc79e2856bd6bc81d4355b91a3b4

SHA512
29481f507508002b3907fd289728de6de2a959313adb30dc0f3993defebf69ee7aedbc12c2d26f3f35f121505797a1f8bbb83c219d8c9631664021ff803c060a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads