Overview

overview

7

Static

static

6

2c43679243...18.apk

android-9-x86

7

register.apk

android-9-x86

7

register.apk

android-10-x64

7

register.apk

android-11-x64

1

safetynet.apk

android-9-x86

1

safetynet.apk

android-10-x64

1

safetynet.apk

android-11-x64

1

vending.apk

android-9-x86

7

vending.apk

android-10-x64

7

vending.apk

android-11-x64

7

Analysis

  • max time kernel
    54s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    09-05-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c43679243aceffdf65a37612704c034_JaffaCakes118.apk

  • Size

    18.2MB

  • MD5

    2c43679243aceffdf65a37612704c034

  • SHA1

    609fc79ae0c0b4302aa3a41052830548d868484a

  • SHA256

    ddc1f2edb82739e7a92182aae6ddff254393d459c66b120ca09ce84627457efa

  • SHA512

    16964591a023cbeba613098f6ad88bde90e53f99695212e49d89b73891c3a1d9e3f7fabf4d137e397fe71a028e46fc7bcce225e4653a241cfaf172572cde2b7a

  • SSDEEP

    393216:o0PWpOh4C4tBP1I/aql9GhfXsnVxx3szexeyrRqMSM+nt3a:o0PWpOh4zqDGt0RsaxeyrR/xz

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device 1 TTPs 5 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.excean.gspace
    1⤵
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4282
    • chmod 755 /data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar
      2⤵
        PID:4316
      • chmod 755 /data/user/0/com.excean.gspace/.platformcache/main.jar
        2⤵
          PID:4330
      • com.excean.gspace:chk
        1⤵
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4401
      • com.excean.gspace:smtcnt
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        PID:4468
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.excean.gspace/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4519
        • /system/bin/sh -c ps
          2⤵
            PID:4640
          • ps
            2⤵
              PID:4640
          • com.excean.gspace:lbcore
            1⤵
            • Loads dropped Dex/Jar
            • Makes use of the framework's foreground persistence service
            • Queries information about running processes on the device
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            PID:4569
          • com.excean.gspace:smtcnt
            1⤵
            • Loads dropped Dex/Jar
            • Queries information about running processes on the device
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            PID:4737

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.excean.gspace/.platformcache/kxqpplatform2.jar
            Filesize

            2.0MB

            MD5

            81dd9e764e856adc0443a92acb57ee02

            SHA1

            ced662672b510248a2a615abc662a7f90421ac46

            SHA256

            0e7aee85ad363c4728bccae8242547de8622ef11be346f55f515aff0ff39bef7

            SHA512

            6d84fa0b8e2351773de98eaeee42f37d1aac1e531ccc8f8cef7f3030e2f2240a7030b569c02a7814905650640665cfb54c45746d030e7a8e875128a0dd4ef934

            Download Submit

          • /data/data/com.excean.gspace/.platformcache/main.jar
            Filesize

            2KB

            MD5

            81a6b68f93a2a6ebd99773e7acb69bb9

            SHA1

            aad12c03915062b5820034d7026cbbb4d5e2ffef

            SHA256

            de6b351b54176858e1b1a3263509a936b677758ba375d4de40b0b42139bcdb6e

            SHA512

            ad55ac3afdcad24b8d85d1a6473190733ffd97c8da65499841ac0e6e0abae2a9883310875719e82e8eb659a35928b30e6bf7419f2dd0bad97ff51ae8cc657f01

            Download Submit

          • /data/data/com.excean.gspace/databases/lio_statistics.db
            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            Download Submit

          • /data/data/com.excean.gspace/databases/lio_statistics.db-journal
            Filesize

            512B

            MD5

            50127d171351f46beed2bacb77452f3b

            SHA1

            825b118d49d5a03fe5c58a692e6ed9b96b8756a5

            SHA256

            dc5e9619135f483150418397cf99692479b3f25aa075c613d648e7a50817c303

            SHA512

            98c43cab622bdf7dcbf24b1353a0348a64da3053ac59973fe074a3495d6c92e8d8ed1555f7c16d894be01086e2bce9c068c36b3c9603dba02c60e9de8063f545

            Download Submit

          • /data/data/com.excean.gspace/databases/lio_statistics.db-shm
            Filesize

            28KB

            MD5

            cf845a781c107ec1346e849c9dd1b7e8

            SHA1

            b44ccc7f7d519352422e59ee8b0bdbac881768a7

            SHA256

            18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

            SHA512

            4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

            Download Submit

          • /data/data/com.excean.gspace/databases/lio_statistics.db-wal
            Filesize

            104KB

            MD5

            59aadd39f6b1692fe61ab93ef7d2e02a

            SHA1

            1f86a6a04102dbce03e46e36f7410f70303580b5

            SHA256

            992147de609d2b7311fcfe9763fc0ed65d722fb1c08ea7ad634e329e2517a44b

            SHA512

            89b442b677e557027063521aacde936af6472c7bb19a75c862a5e5670ac7536d5a94b92c3bf347ae04240fb6693d37ef42ba0c8b443d72ccdeea67d79e3df215

            Download Submit

          • /data/data/com.excean.gspace/gameplugins/.lb_packages_tmp
            Filesize

            324B

            MD5

            5cc8d7886393aecdc08b9865346de06b

            SHA1

            93fe82249c7fd7808d888a2127d1f2254d7a1dce

            SHA256

            c2b94e61865f40e439127ac672f2024189cd48dccc00b64ff11206bd9fe67006

            SHA512

            a15b0780a4e80859e6291639ef44edbfeb013b5da2b680bff14f33944f89efd5a77163f44d74eff3e9f3e0697d364b176187e2a3668f734d20195d66a931037d

            Download Submit

          • /data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar
            Filesize

            1.6MB

            MD5

            e95a57e5daa73e0e70729501d94c2171

            SHA1

            38a7ece15cc96dff690eee150e4b366ce3fc18b5

            SHA256

            782ba7953136ec783e924b86e2afb2821a42123c87e7f32f49f97c23172bb942

            SHA512

            8ae7940da638a0b3a35b6e5ace767914fbbfb19c28d8a3257ee85c1f0a05509f134f9049329b083c8be6481a0b29429618feb13cb3208a60562b8e434e0a493a

            Download Submit

          • /data/user/0/com.excean.gspace/.platformcache/kxqpplatform2.jar
            Filesize

            1.6MB

            MD5

            fa134f606d5d2cdbffbbdd30920ef3c8

            SHA1

            b77cf464dc1433941f794f5f598d7519a84943f0

            SHA256

            50468d3351e30429876c280498e4dce69999ca9e97a4224dd5ec049f6ee25a00

            SHA512

            3242b16a9f07cb77bcb68f1047e5a2c98cca4a17bfb239d2f0cdc4a9614e98fa29fead8de04c33e9e01adfee1fa779afce316f53587b4d89a3d19b567c42cff8

            Download Submit

          • /storage/emulated/0/.com.excean.gspace/.phoneInfo.cfg
            Filesize

            132B

            MD5

            fd800e45c1b25e1f366b5df6c422eb4f

            SHA1

            edb870a9931d945acc71305b0273e4e6ca0d1b13

            SHA256

            8c5586c00c886968b4a9281932b9d8a774bc2240a5c0c557f9d1849d137caba5

            SHA512

            3e3426a89ef37bc7608ba65b19f0161d18b104abb612e4b72ef68972f1e7b5e1781dbdd675b21dbec19902f07ceb45a0e91134a22689ef4bab1912225c2364c9

            Download Submit

          • /storage/emulated/0/.com.excean.gspace/game_res/compVersion
            Filesize

            1.3MB

            MD5

            fde39c4dc909444091b1f02fd1febf04

            SHA1

            2e5544b612edc131c2947517bc446a4e75ebdb4d

            SHA256

            9e04d798408824f3d7e1388481080caec46342348283b9b83edfa44ebc48509b

            SHA512

            39ac5ab76d29c78e9eddd367d66d2270c553e9c8e56cdff64c4259f9bb73f4f33db88f5bb62a384e24889deea2d50521b84056bf756f85f47de9e980d65fc6c7

            Download Submit

          • /storage/emulated/0/.com.excean.gspace/game_res/info.data
            Filesize

            31B

            MD5

            e50d12ea8518b7241c218b3c8d781d10

            SHA1

            f0792b958f9db44c59e5051250e79f1235f9fc74

            SHA256

            6e5f8f917585100ca30cb339e7d5650644bada7ec5af38ae43d193b66f24cc00

            SHA512

            c3b06289edf174468cd2df8bf5a61b50b4a1de85bbcf27cf1e23be3967f6387e8d2e271b200c4e6d77bfceeb30a6b9f90a6073d0a37c6cd67a9f896ac53ff410

            Download Submit

          • /storage/emulated/0/.com.excean.gspace/game_res/verinfo.cfg
            Filesize

            85B

            MD5

            18f0544dd246feb12a14b948835aa8b5

            SHA1

            d326590d44adc63bc6b8f5dac64755c63ba810f3

            SHA256

            50df42beae5b325d0afd26a667b22f8d56fa26b86c700ae959a237fcd92d791a

            SHA512

            70deb974b95d4474e8b4d77a04c26a5762d77154e912ec79a2bc23e6b53972419341950204ab7cec2a6f0075f71ff209720c6e55c668a28d228b57231472eb1e

            Download Submit

          • /storage/emulated/0/.com.excean.gspace/game_res/verinfo.cfg
            Filesize

            82B

            MD5

            ed6c7f8f1e2f23451388df950cfc35e3

            SHA1

            c802b60e68d930aa320827a906cece49516c1716

            SHA256

            c604c3532ca68decbb127f96483409184d23c4e4b05b8d57285ae36d929125a8

            SHA512

            fc439868ef60187cdf899962869ec3de6a092937b52ee91f6dc05a7ba1202d34f970d070e1e67e3f1cb58da93ca6680b58bcdd41283e89c01bd39b50a64d27a9

            Download Submit

          • /storage/emulated/0/.com.excean.gspace/init_time.txt
            Filesize

            24B

            MD5

            abdd50289696299e93f895bd0c35c18a

            SHA1

            2599738020a8bf7934bf53403f97ae72f81bdc63

            SHA256

            9fc221329a60ce99692036af34a0f42975e090c849e04955057c2d9297cd9843

            SHA512

            2755200c7fac166beca1d3132e7516c4c2558a3d01eb2a484f518f831ac0e6a0ac56f2beaa3d5561d553813519be39358ba41fb90c4d1654896ae1e7ea45f764

            Download Submit