Analysis

  • max time kernel
    131s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 06:43

General

  • Target

    3e33e653272bd153a6e8386fd818ad03_JaffaCakes118.apk

  • Size

    8.4MB

  • MD5

    3e33e653272bd153a6e8386fd818ad03

  • SHA1

    8da4ee1915d24b62d3652ed863ee47e3ae4b5bb6

  • SHA256

    0e83faa0b475403ce3e0dbd2171c2b59754ef30f77279dbfafea9ed670425cb4

  • SHA512

    9b38fccc79ac38dc62f0d8fc5950356af8307ae33e23be32e4a5c42c5f480d79484aa3bc7963a22bbd86d797c62e0ce3bc856a722210794be3f71e40908515ca

  • SSDEEP

    196608:7Ydnko4KKyJsXv71Or8ZATFGpO+gH13e7NKSeeTOQzyM:ZoRJsXz1m8ZApGs+U13q1L

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 3 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 3 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.radius_circle
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4267
  • com.radius_circle:pushservice
    1⤵
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4313
  • com.radius_circle:remote
    1⤵
    • Requests cell location
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4336

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.radius_circle/databases/TestinAgent.db

          Filesize

          24KB

          MD5

          60b8f451ef199d7b056fed22a173e53e

          SHA1

          468339187f71f5b2e9e2ad4ccbf486ceeadf6198

          SHA256

          80e39bc86040437090c60d2b8cda8d46ea91b13ad92487b8e4597440463c4894

          SHA512

          0272f89f18513d0fa6c6f1906f4ee6720262f0fcc4510ca2285f8b8a618449249d9758e674bf77605c02d2e945d9586f02dcac7d4a82a21ca17787f937f49c45

        • /data/data/com.radius_circle/databases/TestinAgent.db-journal

          Filesize

          512B

          MD5

          dbbe3032b5321f0ddf6a4d0e03a7b0c0

          SHA1

          1e5d02f4c6ab00bd167cff85b152801b1a1db9fe

          SHA256

          d9fb7c30168eccddbc606e1d977e89e17a02bffc8e8db3edea067b807f34cba0

          SHA512

          6d81b0372564682b6918f0068a37b09cf96660f7f32628f9afcee5066e4217052fce7839aebb05f665d26c2cb5447dbf3ee6a8f82d0ace455978b998d587f2c8

        • /data/data/com.radius_circle/databases/TestinAgent.db-wal

          Filesize

          44KB

          MD5

          3f84aa349cd7a5fbdc3d849c01dfba84

          SHA1

          283ec1e0b324c75ae473e6f4b946d79876b478a2

          SHA256

          37b0040ed5afe47e6c5dea7b88bf1816b4772cf5382f15bea3eed19cd7306a4a

          SHA512

          3989697926b45bd65125f9b0f0fbbc536798d906faff839c017a90b9c1b3f418247237c99fcfb20ad6eda9c61796b6aebe8b89b98a9e01554e74f9255808401d

        • /data/data/com.radius_circle/databases/pushsdk.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.radius_circle/databases/pushsdk.db-wal

          Filesize

          88KB

          MD5

          caa436089b0bd83cd0f8b6f197be0b82

          SHA1

          cb9de325bde1794e9729d8531b446517f719bd8e

          SHA256

          b35ab80b4251d1af17a52cbb11059afc7c2fe07a9f9dc84bd714e6d9d7214af6

          SHA512

          5cca3438d9649091d319a6ef175eaf02024bb2f42c170a8c71f7d89d57cd899a66426733886e60bf429a20eb2cc9c73773590f39848fb3158b023ca439bc2f1c

        • /data/data/com.radius_circle/databases/radius.db

          Filesize

          4KB

          MD5

          17520dbe240769eac794aa9af22a3ad0

          SHA1

          da7875ff170bc4738d11d7ac7747deb037d5e91d

          SHA256

          5acf154e62d35252f781b631161bf13b95f0e34284cfe584daadda554eb53fa5

          SHA512

          e6157a6de40377c525763f3f14e477ee6e0262b6ed6362ea82873231eb0cb424816662480e8ce92183dca8917a82d9010d0b9ca80c5a67065de11b48f1ffeb0c

        • /data/data/com.radius_circle/databases/radius.db-journal

          Filesize

          512B

          MD5

          2e4b6821db132fb3475a7b1a57252eb8

          SHA1

          5a3229a75452d16cf5a3ea6efaa773ac403454b5

          SHA256

          fcc13ac088ecbc86b43dec6949c583f3020f4289f3a9e5178e5da8274b73245d

          SHA512

          c1f6f0d7085c1099ecefbfbfb444f0ea69acbb49a119743289c5cacd5e56819aced635b2f7f1f685347a363c57a10136a89defc84aa8d2757675b54a57cac9cf

        • /data/data/com.radius_circle/databases/radius.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.radius_circle/databases/radius.db-wal

          Filesize

          36KB

          MD5

          fdda76ab5d868a15566a34b5577a5b49

          SHA1

          43f64f690cba8e3884affa6e8c0645595859a533

          SHA256

          168be0189129dce44a308ba4b7dce3da578718fbede4ab63e282b42712fabb8a

          SHA512

          0b8fbd22c40ae084f4c7ff562ab222830f0e8e96cee64ac46546e4bd37e3cad732556bc70685b487628ee4f4bbb19520b04b14ef0d06848f960d40dd2a846d8c

        • /data/data/com.radius_circle/files/cfg/a/ResPack.rs

          Filesize

          525KB

          MD5

          2715241c3bb3020da6c289d34b9df8f3

          SHA1

          6bb73060578b9997f943ee6085a6c97084be971d

          SHA256

          6fcf62679a7a4bafcb0f9b2e4fdc5666519806a81258464f9043d095f6c2b78e

          SHA512

          4f1cf7555680ca3b46f0cb092f12991af6d146d3a4c498c457e5c75ead3f0a264427355bc2cbf8780806866b39ada8c9c6bfbd0e9c5f2d3ff507f8c764982269

        • /data/data/com.radius_circle/files/cfg/a/mapstyle.sty

          Filesize

          248KB

          MD5

          df0a726d27e19bc43c1ef45d0138da4a

          SHA1

          a4453894762ba7b541fc87e36f988fb369251e6d

          SHA256

          c4c41df82444ca3c8f6a40780a9ac22511dce1b8bc0d4ff6cccd778af0ac3ecc

          SHA512

          d553fe731069f72de17d2c96a879b8a3bee0a51dc9e4e3db6fc47a8d663d33a8d5b2628008491171ed4ee555db4d573210eb383b09c4d81d9176c21b8fb65939

        • /data/data/com.radius_circle/files/cfg/a/satellitestyle.sty

          Filesize

          166KB

          MD5

          b220cda59031c02810ba642766c5e81e

          SHA1

          1fffe212739b6886ba298f4b806bec3fc6cc5daa

          SHA256

          7f61542eabfb309d4bde16e60963c3c48a4995df72659d6f84a5d930f0a878e9

          SHA512

          fff02ce54395dd3fc153557876b27888994def77b4fc03f2fa5a377e8b07fcff9acf38460df030acd090684c086b5c1c23a59f255490e698273ccd760c6bd0e3

        • /data/data/com.radius_circle/files/cfg/a/trafficstyle.sty

          Filesize

          4KB

          MD5

          be7778f14fa70b5e3fb0834de023998c

          SHA1

          3bc4b22e1883afc0aefe872cd446bb76203b4b63

          SHA256

          bfe474a867d3d178f1f8859a833db63bc8c0470769effbb103ea3713f311e2f7

          SHA512

          a47a3cf5e0fc9c953dc94befe9847a4b335ea5c44d76c01f7a9f8f5d4e97b840f675cf308e9c7c4a0847484d254aa074336d9b4d1b40d0abe009d6fa812010fc

        • /data/data/com.radius_circle/files/cfg/h/DVDirectory.cfg

          Filesize

          69KB

          MD5

          4e9eab735928758b860e48b2f9befd7b

          SHA1

          7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569

          SHA256

          1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4

          SHA512

          c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

        • /data/data/com.radius_circle/files/cfg/h/DVHotMap.cfg

          Filesize

          10KB

          MD5

          dbe34a42cfc24f4165fa47ab6756d407

          SHA1

          24a627b951058f4862438fa1e6255f92586b8ff0

          SHA256

          62abd336e5eae558b6ba0e94b708663d89f7da73c413e9e90bfafa23a1c2294c

          SHA512

          30283aa4c070eb5be8b3b961725eae4a8c882028fcdb8038de7b245210350266eb2272677dd44f4feb388098db062bdab0145f31037438b28df0624595d35aeb

        • /data/data/com.radius_circle/files/cfg/h/DVHotcity.cfg

          Filesize

          1KB

          MD5

          883c30365d5d377966125dd0c079debd

          SHA1

          d296ec1e3f4badb6e3e6166c1473fb55d4265761

          SHA256

          50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa

          SHA512

          00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

        • /data/data/com.radius_circle/files/cfg/h/DVVersion.cfg

          Filesize

          86B

          MD5

          298924848d2517a508f43ff0cc51bd3b

          SHA1

          b9fcde7b86653ead6deb57280a6049cf87745710

          SHA256

          0b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b

          SHA512

          63b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342

        • /data/data/com.radius_circle/files/cfg/l/DVDirectory.cfg

          Filesize

          69KB

          MD5

          c3e9893caae1000dd079a6893a18c2a3

          SHA1

          e446cda2e2496e8de2a23ce7e888b93cb0d2ab7a

          SHA256

          9e2491c68ee457df6a73072d9c6d1273459a3937c5b1a2916649dd84ad468aeb

          SHA512

          4d931efe4c163fe8e75aa89e1543e24ff72f061bb13a5cb8b44f20a3d13b0f86dce74579569920f80d5459ed2e192cb89b59ee77aaa64673bf1af5081aac124f

        • /data/data/com.radius_circle/files/cfg/l/DVHotMap.cfg

          Filesize

          32KB

          MD5

          6092fe1b84c213f043edeb7bff79f40a

          SHA1

          6316b9b6ccecc36dc8d4d04c6b330cee168774ef

          SHA256

          0cff1e8f6d8e2bf7beffd508a941b5285d0fe0af64c1e2e6296e5a2db6b604bc

          SHA512

          f57064a3debcd593bb808db3caee3e3478cb89e69aaaee732098e9cd919d3fb5beba2ab72ced36b8fa923eb12fab1765a7750515abf9b50d6ccd46d49ad34aec

        • /data/data/com.radius_circle/files/cfg/l/DVHotcity.cfg

          Filesize

          1KB

          MD5

          1c6abcbbd253448057930ad1cc59ac75

          SHA1

          a5845d1c4bc87b8b4785b456d76edcb8309eda4e

          SHA256

          a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136

          SHA512

          71aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631

        • /data/data/com.radius_circle/files/cfg/l/DVVersion.cfg

          Filesize

          156KB

          MD5

          861eabc59a3ef30ae002a19e5295fc30

          SHA1

          3373c2ef608c6a89ad482227c523cc754c4db0dd

          SHA256

          22cdcdb51b2db55eb86074c9d675a7cd84219b76630cf83f95157977647e950e

          SHA512

          ba4be0cc4ddf3784f3e0eddd11b2c24c756532a50f3bc79af275afe037df5e065410fea0225b9b1e7fc4f89241977f9dfb97cfd8e9ba9be4475554ccafddcc57

        • /data/data/com.radius_circle/files/lldt/firll.dat

          Filesize

          76B

          MD5

          e26b16a0c62241f586b16fef3d6949af

          SHA1

          021195c3187f47d693c1a14c9dad11a3193fddc4

          SHA256

          fa20416ca51ed30163d82414aeeb2e0fd36be6ffaf934fae3d4847264ad98897

          SHA512

          37e05fa0c5d04b86eb58dea63ea891a9ad2b92630ad0c3697fd1a60e83be86c3cf456f595b2cc9d12ae919443b39186ede944926e6c2befe22024853d30c017d

        • /data/data/com.radius_circle/files/ofld/ofl_location.db-journal

          Filesize

          512B

          MD5

          982d2f4ef70233a878060367ccb3c616

          SHA1

          6426fc5d18ac7c9f87622081e529177ba7b3c520

          SHA256

          236b5b619ff6f89acf2e310ed5c4155bac65b7ccaae7d5840dfaacc0e268b8ca

          SHA512

          23f69a9db607b048129a110a56c1e380d4dcfb1c51a6dfd74cfbaf2500d8a99ddae140d1acbebd9daac04b5bd29c85f897165b38fadd1e97a45c85c38f1c3249

        • /data/data/com.radius_circle/files/ofld/ofl_location.db-wal

          Filesize

          48KB

          MD5

          4f281990d5265e2fa2d2441905451696

          SHA1

          c66f2b1e7c41fdfe2186405eb89464ee940f39e9

          SHA256

          c30b5c2b24cbcf40eccd7826d0dcc69263205ff9d5fd5a144537deef2faf245c

          SHA512

          b4b6bac4abc989e444187d418a93bd6ed2ecd23a038073ab3cec752a54edc2e30225a8de82e31b7c2e184a71c3126794ae5104847062d5a03e71c5edc7ac3753

        • /data/data/com.radius_circle/files/ver.dat

          Filesize

          512B

          MD5

          068053286848d141c606640e1801cc70

          SHA1

          101620e105d355047f4d3a9632ef2b5ec615b10f

          SHA256

          a81270762fce53af2db31fc437720236969b18f295a0bf3d4d507a9620959337

          SHA512

          939baa444ef2455505060a532929d736b3bd87b20f795c9a4b1206bf89d53c2136cb2d959cec9e97736058cb25fdc9e84e2fd7b9c542e1512eab640eeeecddff

        • /storage/emulated/0/Android/data/com.radius_circle/files/baidu/tempdata/llg.dat

          Filesize

          24B

          MD5

          161557b06b4a4d3ce095528dea370eb7

          SHA1

          8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

          SHA256

          f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

          SHA512

          96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

        • /storage/emulated/0/Android/data/com.radius_circle/files/baidu/tempdata/yol.dat

          Filesize

          24B

          MD5

          a936690571e9104e1922dda4a0ba5bd1

          SHA1

          65f49c57edde2f96be2a1dbdfc3f7351f1e66554

          SHA256

          f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

          SHA512

          3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

        • /storage/emulated/0/Android/data/com.radius_circle/files/baidu/tempdata/yol.dat

          Filesize

          24B

          MD5

          1681ffc6e046c7af98c9e6c232a3fe0a

          SHA1

          d3399b7262fb56cb9ed053d68db9291c410839c4

          SHA256

          9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

          SHA512

          11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

        • /storage/emulated/0/baidu/.cuid

          Filesize

          154B

          MD5

          6a070032a0a048846eca2d81f01524db

          SHA1

          6691d1c1efde37755be2415399168975c14370cf

          SHA256

          faa94d3c4027e69e654e8f3fa287e68765298e34e681c28d6dbbb4f75260ff76

          SHA512

          433902e3314ce1fa6e7fd8011e4a0be240843ec2432e4bea25763705e9f66fcac51d93a25984d75446f4a59d38b7f8bb5542613699ba3db434a0818117495b7d

        • /storage/emulated/0/baidu/tempdata/lcvif.dat

          Filesize

          96B

          MD5

          a54ebdd3c678b2eacfe25045cb46a84e

          SHA1

          082b30c3e116a586fa5a2b4c7ae54539a8d2aa16

          SHA256

          48c89c0bf4712e41f18fca64a4aca79e8f64f46e55fb0d555b1a2d1f43f899f8

          SHA512

          e159ab8439c1ced6bdee2a056e437db67cc8a3e88534f4afd2bc208689a942b16bb5aa208d825b761e587f196eb97f7326b5a8d099777211cc82d0a57a5bfa78