e719ec213ba9e467a0adaefb31e12f95278b7c918540acd85a7fa87d6471410e

Analysis

max time kernel
29s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
04-04-2024 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8c38dc92719aa9f4c6cb96fa9d6f278_JaffaCakes118.apk
Size

10.2MB
MD5

b8c38dc92719aa9f4c6cb96fa9d6f278
SHA1

8c5a65b080716cbfd791e8f5696e6c0185ec8031
SHA256

e719ec213ba9e467a0adaefb31e12f95278b7c918540acd85a7fa87d6471410e
SHA512

2e159faa3b02c03953a0a6d2ac18477128ccc63bb0613cf570b7d76057d3598c4a5ec4079436454c05ae7e532d98073889ece386c2fcb30f6ce40bb5ad504464
SSDEEP

196608:NFUsWLI4pJ+JTNP3K67jT00wRdYw2HPelNevZNy8p/uxCPDMdLG:bUsuI4OZNP3b7v0tuelsZNVtuxUDMdS

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.xexostudio.sqpomofindyou

ioc pid process

/data/user/0/com.xexostudio.sqpomofindyou/[email protected] 4607 com.xexostudio.sqpomofindyou
Acquires the wake lock 1 IoCs

Processes:

com.xexostudio.sqpomofindyou

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.xexostudio.sqpomofindyou
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.xexostudio.sqpomofindyou

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.xexostudio.sqpomofindyou

ioc	pid	process
/data/user/0/com.xexostudio.sqpomofindyou/[email protected]	4607	com.xexostudio.sqpomofindyou

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.xexostudio.sqpomofindyou

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.xexostudio.sqpomofindyou

com.xexostudio.sqpomofindyou
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4607

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xexostudio.sqpomofindyou/databases/OneSignal.db

Filesize
52KB

MD5
e50e029ec0226f794da6d3fc0535d4f6

SHA1
027173bb3c775e8ee027c1e22930d9b1607195c3

SHA256
c776d1acf90c60f95a89ee4db8222acedc8e0b097d5606297aa641a3403821ee

SHA512
4f12a39bd359554fccacb8ac31e2276c38fa69a2de927f43216c9012bd3aeee0e1a0f47a48d114c6e45309e069cdd5a6979d90d21f2e60f0087f42b8364672ca

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/OneSignal.db-journal

Filesize
8KB

MD5
be6622774d11f7ae44135e105d461538

SHA1
30cf6ed6ddfdd546cf171a9d63cda462bb1e6590

SHA256
ad3edab1cc46acc5980bf122f83d4c8689a5528d2070fba83a36a7976f886e74

SHA512
803b7b49c2a7011b170d5e9070931a5e6fd884d278af55d58d02d4ddd7b65ccfde9b79c30413c29e21a6ea79e01ce25eeaf92e0c9d3f197f088ada02b230b4ef

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/OneSignal.db-journal

Filesize
512B

MD5
8e98897db9b6627f8b1141eb2bcee833

SHA1
5e58b57baf1961d97c444b6bfb09ac81ad5b6401

SHA256
7d23f71027eba578e21dd5748bae0b32b3f08fb9c4167ca3e0739938b8fae3bb

SHA512
6d9c4beb25a15fe23974822b57790946dea8e9a4b328c2f1329cb44331f76964a8980f40eec33271dc1f6719ac4d42f430246008c84da6bff3d8bdf35951418a

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/OneSignal.db-journal

Filesize
8KB

MD5
d1596c0c4d6e49d301d16bb4e277993b

SHA1
c9c9262f99a3a15af8104df1ad28c0b99a4370c6

SHA256
50d7eb0e83164ef8fb53e0d7856b5d8eac94ec53f345c13421c4302c111e17c4

SHA512
b505fe5b5b858ac3182cbd326ed90d6b816d53291b38502a0f96d5ed02e66dceb0dc1fa001abf8e4f4a69b8b33fea2a78bdc703ab640e363127e30bf870e37b0

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/androidx.work.workdb-journal

Filesize
512B

MD5
91ed8b58f8126b0d2c4e38bf92f740ee

SHA1
cfd5d335224dc2927d5e1565907b2dc6f98c9630

SHA256
9f9cef19d5899323ce4407aa713fe7ebaa75c3902e5b2f08b1ed38c09eeced6d

SHA512
e3a878522bf3b504043acc18e2a394008b08bb9c1ba3e430f318942a594d8c19348ea8feac31f235aebf8a5f00285282dcd586564152d77c0ee8ec2a8b53c44a

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
fca618f8001f07a4fd2183fa46af86d6

SHA1
47066bb92aa0ef7e4e912d0df51ff69a804a2dfc

SHA256
cff288615ee53c17bb833c14a299d8c87db55a9138e4effe820ecf2eb0e7122b

SHA512
52a2f9cc7835f1520aa4fe4f247881a7672f9e978a7dbc248ac1bbd0fdcfae409924bc8327b4af30a881a120629a22a4ffd9faf73cc434e1ba8b0673acdb573d

Download Submit
/data/data/com.xexostudio.sqpomofindyou/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
a1b4186cf4c0335b628aed57673c0275

SHA1
696c5ffd6f80ec4fd40b05658f3e405eaea0f4b8

SHA256
a7674e87ad24c9019d5728688b2a4e6226fd7ca09fa8fbc71f1874ac45e1a076

SHA512
b58efac69fba7f5b066d41ce9dea7728571fc33ffd2354911fe959dd85db13930cbda6faf982418b376afec1ed722da14190113441c73004d95b6bb08834dfb4

Download Submit
/data/data/com.xexostudio.sqpomofindyou/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
277f5c028da8bb5efaa330a6f1805d63

SHA1
b4099fe277f0632bd1b12f696798fd7d4ad9eb33

SHA256
82342cca6d51226c81429f5582bf2c1e2e7d16c662f316c69160febb8a9f53fc

SHA512
f4312ad8e9041f5a2115355a6980f3221443e6d1f0fd9acc88ae743a41be8d6b20b02de5ad50c3567bffb7ba12048f888d4444eb035cb0a5c085bb3bc7d9100d

Download Submit
/data/data/com.xexostudio.sqpomofindyou/oat/x86_64/[email protected]

Filesize
478B

MD5
b910c527f994069c22e334ca0850fddc

SHA1
4558fcea60ff2f9c6e959e3dd0151bb043899cbc

SHA256
eedc45b1e989ebafdf1b64e3fe9b41f2da3fc23b8d1b6e5100bc58454c12e87c

SHA512
5b82b93b03c59e1478e14a0b5f7727c8aa69ee3f89dac5b8f3a372c8463baffec95ca6eafb7c82a64f4d5a355b31c9aed08a9f1071422a03ffffeb5e8abcca38

Download Submit
/data/user/0/com.xexostudio.sqpomofindyou/[email protected]

Filesize
3.1MB

MD5
af02dbf436efc92b63dad16a71acba33

SHA1
93fd330f83c76ed7967f320e6f6cd2bbb937efc9

SHA256
38c5c0584805386dfce413656c636c4e73a968ade86cabd7a4ecac4f034a842b

SHA512
a3c77f369abe214b27aba3b8e98def476e20790803db49e2d357cffd9c0ea063b246942f2556ad125aa2e6406a3edee4c7846893befa9d50e08dae849a4e95a3

Download Submit