2146757c2e6254920e00dd02566092df9438d669d2d467f9fbe8a11c0241d1a8

Analysis

max time kernel
19s
max time network
144s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
08/05/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261241a10601974b08d581c229394c9a_JaffaCakes118.apk
Size

878KB
MD5

261241a10601974b08d581c229394c9a
SHA1

c57ec49edd88023c4c6557a6645eff650dbcb58c
SHA256

2146757c2e6254920e00dd02566092df9438d669d2d467f9fbe8a11c0241d1a8
SHA512

434caad9c3f13094e48b70fc3f61f241319e9ee0c4280cab1c464ea1b7e6e5be783a2891f321094a9e87ccd9b2792f6fb73c8d92592d29b47fd3c5d8d67c414a
SSDEEP

24576:r0O/l0QCpzTVt6C0sQZr73d+ktH/+NQA84Woiwc9q8rR:rhdzKgsCNztmp8s1KR

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.hoaix.childplayer.gushi

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hoaix.childplayer.gushi

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hoaix.childplayer.gushi

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hoaix.childplayer.gushi

com.hoaix.childplayer.gushi
1⤵
- Requests cell location
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
PID:4880

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.hoaix.childplayer.gushi/databases/com_hoaix_childplayer.db

Filesize
20KB

MD5
4a44917aced398aa8d07029dd689933d

SHA1
21682c4e7b233e2f1eac2efe95fe4e56a6827498

SHA256
704a00f8dbaa63a6a2b48345235904de6e0724807500ac662ae080e475ae6d58

SHA512
91cd29631f0ca6e1f3be68abfd77cf0f4df125b0e9966e29116b8ea5e1b480ac96030cdfb0ae244e0bd9f205f18c08f61cf761fabac422824f1913ad8a818438

Download Submit
/data/user/0/com.hoaix.childplayer.gushi/databases/com_hoaix_childplayer.db-journal

Filesize
512B

MD5
aa282f104a7b4ff3bee17e4b1ada06d4

SHA1
90dd6401d9e00c54fa53a173f22e39b00c888f54

SHA256
6c1220479c711613a91b13ba260595690ea4ec72c43ba8d5394ccd715be9906c

SHA512
43df3db95611d917f200880b8a5c6d1a822fc85c14ad1f2f7399fb44ce91a5652650cabd13600b0002233bff3151fbf06067f3bc78dcaeb272914cf3cc7315f3

Download Submit
/data/user/0/com.hoaix.childplayer.gushi/databases/com_hoaix_childplayer.db-journal

Filesize
8KB

MD5
d1af4ef276b4ce126cced8efb1d9d89f

SHA1
d1042d85b4f1413e766676e494282f735e607280

SHA256
e4e209ad3e32f8dab0b8f658e95c14645678f1f25c2fa7b9d0cca982373941e7

SHA512
97d07f28baea6454f9f915e15d0e4f5811ea0f3767ad5df380e18e143dab41d6a981dd83c5ac29dfe217baf9b2b60bfe66c8fe07d062f316e002ac57f21fa4da

Download Submit
/data/user/0/com.hoaix.childplayer.gushi/databases/com_hoaix_childplayer.db-journal

Filesize
8KB

MD5
6382988e12b160aafce2ff90d32b4bc8

SHA1
df59a454e2a7c44483a2d77520b592b39f22e737

SHA256
c584974b352d0b561f1a1ee4f1653c6a61af4496e6083743b472cdab60126690

SHA512
21a4e2516ded7494e11d59a7c7b421fbe75ca206389529392434aaf5d75141e81f03f8320e3aef3f78a2c53eabdf4369c000ef3c64f440ea3bb696dfcc3f9a82

Download Submit
/data/user/0/com.hoaix.childplayer.gushi/files/__local_stat_cache.json

Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads