e7858e0c3ac80b923e07b79839354a5312cf5aa111ea0ccd761eff679fea3739

Analysis

max time kernel
24s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-04-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7871bb5dc9d79fd0b0e689bfbeb84c1_JaffaCakes118.apk
Size

13.2MB
MD5

f7871bb5dc9d79fd0b0e689bfbeb84c1
SHA1

40c0de006ea3672f7f1ff18ac1da393cfd7ba4df
SHA256

e7858e0c3ac80b923e07b79839354a5312cf5aa111ea0ccd761eff679fea3739
SHA512

b5bd93ced7f3924997cb141dd1c9b3d4803f628704a568eabf28d9c47e6bf127644edac83f7b0502abd730dd093cf310438b049333c0521ebb3b3910fee4ed39
SSDEEP

196608:mCbn3KLX2w0WJyTiDhpDUQGNeFRlhKE1l9kzd/1y+Zh7lyFRjbBU6ZS6s0YXBAHP:n3KKGdZGcrnKEz+y+X70xwK36kQQ4u

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery

T1430

Processes:

com.mobiletool.appstorecom.mobiletool.appstore:channel

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobiletool.appstore
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobiletool.appstore:channel

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mobiletool.appstore

description ioc process

File opened for read /proc/cpuinfo com.mobiletool.appstore
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mobiletool.appstore

description ioc process

File opened for read /proc/meminfo com.mobiletool.appstore

description	ioc	process
File opened for read	/proc/cpuinfo	com.mobiletool.appstore

description	ioc	process
File opened for read	/proc/meminfo	com.mobiletool.appstore

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.mobiletool.appstorecom.mobiletool.appstore:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mobiletool.appstore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mobiletool.appstore:channel

Queries information about the current Wi-Fi connection. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.mobiletool.appstorecom.mobiletool.appstore:channel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mobiletool.appstore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mobiletool.appstore:channel

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.mobiletool.appstore

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.mobiletool.appstore
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.mobiletool.appstore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.mobiletool.appstore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mobiletool.appstore

com.mobiletool.appstore
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263

chmod 777 /data/user/0/com.mobiletool.appstore/cache
2⤵
PID:4291

chmod 777 /data/user/0/com.mobiletool.appstore/cache
2⤵
PID:4313

chmod 777 /data/user/0/com.mobiletool.appstore/cache
2⤵
PID:4338

com.mobiletool.appstore:channel
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:4676

chmod 777 /data/user/0/com.mobiletool.appstore/cache
2⤵
PID:4704

chmod 777 /data/user/0/com.mobiletool.appstore/cache
2⤵
PID:4730

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobiletool.appstore/app_crashrecord/1004
Filesize
234B

MD5
691f9d70f9e1bdd44cd942dfe088688a

SHA1
3d80dc91f1fb169f1b6b977bc33425a5b0cd0c76

SHA256
ee5aea4fa4eaca3e938394535b3f931ed5b513b8a807cdfe29813ac5aeaf750c

SHA512
5656b0c5693605e85a0a26fee0b1a656cf27d2d14627f9b02e1fec81f84de152e05e93dfc5726bd4d8695163c472557b069e9174be496d3471c9880d4498e872

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal
Filesize
96KB

MD5
496212aa9169e0851b32dfb83febcb7d

SHA1
bd5ea78b4e5ec3e2eef4fdfbc5b3d555f8de42ca

SHA256
e89e86f64055411a004127a0083b988cd3d0dc66fa5b2067ddad3b13e1ec07a0

SHA512
696fbaab299a75d5c06936bae739bacc272259bd05c3ed070fb762c2d66770b466ef474d370f9ea45ba905a7379b59abbc65f051431cf7f9d9a72bd9f1e74cb1

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-shm
Filesize
28KB

MD5
6a6823b89171b5a15ee8444b8fd67964

SHA1
eefea6a82cf255c065efe4d09cd3c2a04d028877

SHA256
a45e5fd4bde36fa5c052cd0a9b0ac707aea076b33db68905048d4a5538827ad0

SHA512
4f7fa4444a04ea1fb027604c7d083346d4d969ba63ebf07fcc8bd4e27522a97f0da0a577c2110b778605226d1c06b9965b891e1c2d4ecb208a83b8b60868047b

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-wal
Filesize
56KB

MD5
938b46337ab4c3f7c1dc8a350a84d60d

SHA1
224fb4ea3b81c57c20236703a2c92b14caf1ddd9

SHA256
4a5fcc538477fefc482ecf86d2db78482c5efa6c737671a1b29084e1ea83b73b

SHA512
06693842d5a94c35436e03b8c159d9f98fe6b3d5f6aaa0168a78c2bfa4f2cf95e21aa76cc1004dd7207f0d27f2adb156ad354defcabfe34d6d1080e499d57c8a

Download Submit
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db
Filesize
4KB

MD5
3f9b36350aa3433f07ae02544ab68b74

SHA1
476912824d53164d4234963504643adde1ff83e6

SHA256
b5dfad22d991b6c2743c4d43ba5406012b8f71ac5716a6cc647e80242c8e36a1

SHA512
d0a7b419f3c1887bf0da6674bb3b7fb8db772f83b1b02c0d61ad87bee5ea78a5765e192fd7b932dc978d577de2007a68cfb87a2ef90111140148086036b98c68

Download Submit
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal
Filesize
512B

MD5
98556a24077b930b309e4c7badb0cec0

SHA1
39cbf6df8bdc5692d83646b17b449393c77e600f

SHA256
8ab0ae2185eb6c264b46c38652cbdb3db0133e8013007b0feadc695a45707805

SHA512
74084119d8888eabebe3273b1645948b85ae36c9d961498d6df824406ae8db27d8c4144b878f9f69955a5c2e9b304957725eb03f0c63ac7fd98bc160bc7b0b54

Download Submit
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-shm
Filesize
28KB

MD5
36b3ac266aac00246ab6a30950416279

SHA1
5f4ad06e9506a47ed50bd0312b6485515cfb4cc4

SHA256
09d9050cf41b3b1f4279a496a43b0296a2dfde198fe72aa899f0c49a5ba236c3

SHA512
a33e0283de4b25e7d5baedd3e3a3d253ee5b2927846213ad09cf8483ad8ba52a34c4b042d6e74a34f5fda912ea7cef65d5dc0138f732eb6e1d67f559c664b3cc

Download Submit
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
8bbe53b6d0fe62786dffc7d2ce78eeff

SHA1
32e4aad3721d64921b4747cb25965ffdba0425d6

SHA256
4dc8312ddce06520d4b61528a5a68b692bf2d7dc6cd84d2ae13f39ed1432a547

SHA512
a6176308948816e7bb835eae635e8ccd32c3d5b5809db9922bbe25a538ea4c7e28f0aa4676e57ba92b19b04782ac6c3dbe0f9c83a0a7a4195d14b30756a8efd4

Download Submit
/data/data/com.mobiletool.appstore/databases/account.db-journal
Filesize
512B

MD5
76a630c3b77f7b40eb97f8e7523b4bd8

SHA1
1852b82b42fd6837dcede3710f757f787bca7da0

SHA256
930cb829c874ab3571b3cf6894fbb89bf07b8cbf63f176f51517f470968dab97

SHA512
88dc916c7a93e622b48c59c7807fd811de290e8b33ca56ad5f744f9009031db797dac50ee8ac981308ad36db285cbed045e621c204c4607cbffa714f60d7b06b

Download Submit
/data/data/com.mobiletool.appstore/databases/account.db-wal
Filesize
16KB

MD5
b10b3dbca8fcfaa9bba5f37a85b55fbb

SHA1
4809ac31091f68ce5ef2a38f51b1ceab87d67616

SHA256
cd4ba414381a1db26ff0dee216397c4f8b67365f835302c4d377dece875b7ba2

SHA512
b4f56699a9e5d3511f237e0bb40f93a0b7969fda8cd00ab3a11e191926f076664cc33d34cc769bf72fcc0a6dcd22649e1ddf15d976247c337be70d50f04657e5

Download Submit
/data/data/com.mobiletool.appstore/databases/accs.db-journal
Filesize
512B

MD5
45fc130b0447253389559e27be398e68

SHA1
8bab5a594e8990dcb918c91fe251804325df7355

SHA256
49bcb58747be400fbf9f31c9494ae83696addd4b8e7e6bf36c70e5d891564857

SHA512
2b0513d48cf77a67d09cf710fb6750eb779c562ece4aedace8bd98d53add080aec8c5949d15dfa3c2f5afb9f807c2e350a354284d92f8289abe8a097643fa6d0

Download Submit
/data/data/com.mobiletool.appstore/databases/accs.db-wal
Filesize
24KB

MD5
352a693b04653d6066da188c901506b3

SHA1
1ac8ae155395810617e2376c160810de937f1ffb

SHA256
78ad5bf8b91cc279720323d6fa6f90b3a9cdb4f2ecb4c265a2e90afd566ab7bc

SHA512
8966f98beb64bb75931dd7a80edae3adf58992879c946e92b9510726fbd93cc764d5c403e59498d4a82c6213d046a65ed5a75f38dd60ce662024fa64577f6e2f

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal
Filesize
512B

MD5
4e3f03bbe8e18dfd7e068a989224d38b

SHA1
01612d975c03e629b8d93a07fc95d9b6fc983621

SHA256
f3631a05907b742d21680fffbfbde2eb902fa44d1bb8b3b5a3305bbdd2c48b55

SHA512
901408546721c2707d61271d13e51f645ff8d094e7d8bc07260aedc77deef1e8e540894a64bda0504642bbc527550b47ea61b336fb114635aee9e55e4d75bee1

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-wal
Filesize
72KB

MD5
300e443adcf19cc585ca45a4d6f363fd

SHA1
fd1c3c60088a7ba6f61241129b498f4e2fa27c3d

SHA256
3afcef3b9bdd63725726578ffd40218ea4ef9c10fc687c089b3bb798ad0453c1

SHA512
d6f4cb3c433bd384af935f9aeb4c05b415301ec0dedca33fa99ee1a074c6d35fb459dd68716584ebc6e98c03ea145eb69a68aa4e24931dc35fdcd8b7f6f37416

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db
Filesize
4KB

MD5
eab90527649ade6e1871b27f51829c1a

SHA1
699163be24575c857a2829173fb803a98097c86e

SHA256
0f3a423767dc081b5813d6e43fd71426e6f17438739d5df5bfa6cb630ea95388

SHA512
d9e1eebe723d1bad3885bbffb1ad6bd92ffa7a541673a6207fadd7b842e213c79332beae1eff0e8e7a1db46aa9118a2f7b230442a78a7c1e68f2a4b440992bfe

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal
Filesize
512B

MD5
f57c38bc6f665c33ffa2343488d55377

SHA1
efc21a31b055f6f9446be2a0ff9e0a4eaedacc68

SHA256
26b66d7787d798edc70c6bec37b3905efc29376867a4e6d994dc8aaf53c97bb5

SHA512
b7e25a352caa3a88778bc73d343c0ab342905b310179500da0fc1f946a56dbc00bb1ca4832a021cd7ed3ec520d7b0a70fba5235e33ba49323c462a14012f3450

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-wal
Filesize
40KB

MD5
9365c202495c3c245c7b2752afffffae

SHA1
ade8845304452dd9402cdaf7cc3c1200a24d7092

SHA256
fcbd0bf2119b2bf481c23c551640b088b176f3cd46422859f8d020036a2acd84

SHA512
da6b83e91f021a4bd3e78542da2f6c68a6a69a6e411272bd996f9ceda5afa352e5bd354127a29637be9dcefef524c7362884e97d02ee6e83b0de82137d09f92a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
e1eaad5c2e151f9dbb0b8308c130763d

SHA1
2a928ca3cdf429ad368d0676b717c8940c2e1caa

SHA256
a852bd59cd429e198516eb3e17f98cfa6134436172075c6254aff22ac2769d58

SHA512
5f92b5ee09143047462cc42bc3f94dc82d09cd8d96be216f649604a13d81429ce567cd4743a2182d47f0347111936efbca083541e983d5dad42b4bf5b0354661

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
ae27aed43eb4948a9229e09505c5ac97

SHA1
6713f44aa67a84d78fb3f8ed67f63056e7e19790

SHA256
4c7a6f0c7a78ced16b1f63e8624bae1f17e72dcc3a9e85f2a27d839f1c09661a

SHA512
eade1befd42939de5ba04cfac13a56f8247b54eda23d8235783d8c366f8f0f6192e82fe8a63b49bd29232cbef176eda25a123923d997b9dd41f654afa3f66746

Download Submit