Analysis

  • max time kernel
    128s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-20240506-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
  • submitted
    13/05/2024, 10:21

General

  • Target

    3f01ed78c64f217d66469822fd8a9823_JaffaCakes118.apk

  • Size

    19.2MB

  • MD5

    3f01ed78c64f217d66469822fd8a9823

  • SHA1

    f61f0c39e193ff2e88c0cb703239594a639fc867

  • SHA256

    1654378e495b22149b614824402f87e12192f7af379b39118705d2c2c01ddacc

  • SHA512

    5addae82e7a494fa0dd787fe90099a8ce8254d9f53d61f9dbc51593a0627be1dee166465a7ea98bed965592e5bd7e14e72faa76c6d2b076be232f1d0c5566689

  • SSDEEP

    393216:fgEUpXG8gv66JXTIP57FHEHH14DofbiUNYyOffe4L8FGNQbuGg436:TU5GO6JXTCFHEHH140fblvObL8YXf

Malware Config

Signatures

  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.scwuzhou.logistics
    1⤵
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Checks memory information
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5108

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.scwuzhou.logistics/app_crashrecord/1004

          Filesize

          58B

          MD5

          0d210bfb2a0e1f1b4c082a6a0f79de07

          SHA1

          bb8ed9e364db79d1d9f2fcde3f15091893222faa

          SHA256

          988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

          SHA512

          536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

        • /data/data/com.scwuzhou.logistics/app_crashrecord/1004

          Filesize

          233B

          MD5

          8c59af832f882561425f8560efc948af

          SHA1

          1ecb5be14a175cbcf1bca66f31d9357d280321c4

          SHA256

          6f63cdf133c1a66da8685db545e1a12c8b8e5b9c28632430dd11bea782f8c019

          SHA512

          192151e50d978bee1b022ef5c66a60ea5d4683415ea691d0f6c005cb5b364ec57c2955febb0bb1a2dc4d41d82545d6d8adfe558a6eb932d7951ce1dddc975589

        • /data/data/com.scwuzhou.logistics/databases/RKStorage

          Filesize

          20KB

          MD5

          f4652fdafe0c0060f572bfa675e8c054

          SHA1

          d0e520b53184fadf371229c52ee66b60f3925839

          SHA256

          75561af4813b5b1cb417aa5d9ecdd41243246e7649f161d4782fbc676ee5e946

          SHA512

          2ca5e31c8ec2e0df99f58d552812491e78d88d3b8a828ae21015320d1db2a6fc6cd90e43e1a44478d41fe527f90f6c03bf5bf36afdc9e0ab54c99c06c3b099c6

        • /data/data/com.scwuzhou.logistics/databases/RKStorage-journal

          Filesize

          512B

          MD5

          82a888c3c664181a7d6138e63240e1fe

          SHA1

          4b76d395e8f046cb8eda6a59d0527dc6df55e7fe

          SHA256

          cfc02cde6b87c1df55d59cf4ab3c49ed7e2bda815b2f3db84d542adab7d00145

          SHA512

          ea97ed86d2e3ac39dfd9aed6c2625f63cb65bd99d1424709287b6d8a5875e5696e00d48a19a29667dffcbbfff957d9b170fb6cb7b3cfad89e77e828b9c88ef5b

        • /data/data/com.scwuzhou.logistics/databases/RKStorage-journal

          Filesize

          8KB

          MD5

          3441de824cc8119d927b89dabb50904b

          SHA1

          61a008febf6cde5c43c4c9303cfbb5bab1be1cc4

          SHA256

          5fb5db79ab7ccf6ee8a1d63c816ab6bbe949606c6d69060a8022829e059fcde9

          SHA512

          f4c56ba5723aa1bac5f8909dc0bc00114c63caaf374707d6b5a6ce5104cf89e77df2e5f457f0b0bb4063ec6e60aeed9fce3a4ead50cb426a5af3cfbad38291ba

        • /data/data/com.scwuzhou.logistics/databases/RKStorage-journal

          Filesize

          8KB

          MD5

          57458591a882da29418a83736a20fcdc

          SHA1

          decfa6aeadc0444b7ff28dc995ee75b966da4414

          SHA256

          d0a1730d1d7f5073cbe42cd1eaea3bc48cb8b350e7720ab51919837200b6f3e2

          SHA512

          d33d9edf939b5fe58d9b853cfa36380406e83d578e9bec635e7e931e3a689b4e5996924eaa07bb2162dc9c8c5cfa0a4795e23e72dae4b825c489d376a8b6f58a

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_

          Filesize

          52KB

          MD5

          9bef1e91b6a003c24d0be07cc98d880b

          SHA1

          b9f8b83726a3404c691f7d141329bd912877467b

          SHA256

          5c491a1067f784fd3eab88e4a08bcdbb84d2a42683a36c898c8cba091c6b7e4e

          SHA512

          f357d53bcedc1406a60847628819c1cbff997c60cae1d2b3e11de6391c6a5dadd24c09673897ceff5c949594d400018fabd3f10b549554bc06a6d79cde3f7f00

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_-journal

          Filesize

          512B

          MD5

          a82e229458f35fc831c1cc147338b74b

          SHA1

          b85df06b09d7fa0aa2feed3ab6fc147fd58376dd

          SHA256

          71af660eee5ae37b2e66799b5230bae1960007ec5f120241ba6ca12d4411c96f

          SHA512

          5a531a3003d6ba3bc5f88c454c3f98f3130f2c7bfac2958bd252abec0cb00bc589e6c242f00b15e135d474a771359368f9ea08e1aee23a8785b97489c0fd14e7

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          1848e59acd488caa8dbb7781e569950f

          SHA1

          5d323bdd0d6bb722dc769e93f9af093afa286c70

          SHA256

          1f25f9e0492b7e7e28bc48ac9ea0d4491276012bf2860076d05dbbeacc571d66

          SHA512

          2049a7d8f32d1369f39c72b29d4206a3652264724c6e6997a78c75c26a9f7adfdcd6a18cd6292f7e007c63bc321913c76f01296c7493cc046eb1e073bc518dd1

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          52666e66a85217d52e64411327f60c2a

          SHA1

          1993271b31d6331d2080e8e3b03af0d03ef0f4db

          SHA256

          878952883ba63ffec25afa69993867e015151947d32adad2a5ea862485413093

          SHA512

          b1e4559233daced0b0ac984e5091d55ba7353e643c7e790bc5f8ffd051aaf3e73548ac015ead8317e39d17cfb7523bc54c75574c813fae59a6512523c101bc07

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          c8fe2805f4874a00bd4f3ebf44795b07

          SHA1

          b47ae7f1f869940a2d2027a582027542f4ca1c7f

          SHA256

          0f2be791cae18b7ec81bcbd3411a6587aa3f1259b2de60f9ef8b8ca5c6636e0b

          SHA512

          7ddb6d014e26e9973ff50393085e9faca1f9bc319b5391a534eca57efb175fc89553ef1cb25d3dbc562e323be3b72fd563c1fb5d0cd631d1757f8f6a6d08c693

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          1f265cd2767e5eef6dc2954292ecae84

          SHA1

          345bd293e480ff60df5902d9a8b809af5a5be8a4

          SHA256

          303d27539e4b2d3c5e196d0eb067989e3e3afcd8e69c8bf3905a9f01d9751624

          SHA512

          0a34922e11d21dcdf438eaef760ac71cc29ca92b2fe0902c1e3e6c4027a8578b39dc80b35d7ce0d0a760a91ff5e555ee5503ca887955ebb19700935878779f76

        • /data/data/com.scwuzhou.logistics/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          9b918ad091bc67902e24947ea0c41e37

          SHA1

          ef6fab1057b46ab8435f7d2755dac500225b7d95

          SHA256

          1af65dfdebe750c54833c096dc75d14e13c666fbdfe5b27135c6a515142228e1

          SHA512

          8dbad797d8d675e34f8947b6244eb156ab2471d13533487bd971a19ba9dc7d37c6b11a6e864424621e4ce7822bc05aa56a66e8bb846f49530578dd94756496e9

        • /data/data/com.scwuzhou.logistics/lib-main/dso_deps

          Filesize

          304B

          MD5

          80ebdc41541bd49112bea0c5245ce094

          SHA1

          aabefd8a75a6b5763137e31f6557f05d9d109dc5

          SHA256

          d60ea5c46cedcbbd309ba39662b32d938d34a0b2548207e1e4e2023b422fa0b8

          SHA512

          eac528e1d634372db01abba91e863cb22bcbfa2cfc60fe05535eba754cee809bbd54fa101bac153486521a2ed06fc6073a635b28a0377edf4897beda8099ca54

        • /data/data/com.scwuzhou.logistics/lib-main/dso_manifest

          Filesize

          5B

          MD5

          c06857e9ea338f3f3a24bb78f8fbdf6f

          SHA1

          c5a0a2529d2deb60fec041b4fbd722a2ebe31702

          SHA256

          957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

          SHA512

          29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

        • /data/data/com.scwuzhou.logistics/lib-main/dso_state

          Filesize

          1B

          MD5

          93b885adfe0da089cdf634904fd59f71

          SHA1

          5ba93c9db0cff93f52b521d7420e43f6eda2784f

          SHA256

          6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

          SHA512

          b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

        • /data/data/com.scwuzhou.logistics/lib-main/dso_state

          Filesize

          1B

          MD5

          55a54008ad1ba589aa210d2629c1df41

          SHA1

          bf8b4530d8d246dd74ac53a13471bba17941dff7

          SHA256

          4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

          SHA512

          7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339