Analysis

  • max time kernel
    5s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17/05/2024, 15:39

General

  • Target

    5039d7038eb55d127685f3bc28601d44_JaffaCakes118.apk

  • Size

    15.3MB

  • MD5

    5039d7038eb55d127685f3bc28601d44

  • SHA1

    8d0710b5e15cc73f2b98ca905195cbf042e515c7

  • SHA256

    60fa38ba267e5cbebe9c10ca95dd93fa01f27aa982ca759fde1f7296b80bf1c0

  • SHA512

    79ff97587ce36d562d2d4508287d6275c3b3d8e96a07d38375676735d66693afef6e9319fd046ce487b248498a833f1af6cd67e7398b06f947962c9812cee93c

  • SSDEEP

    393216:ZKmqaL7Qkzv21yRwqTilIk3C/Y8nvsEeQEtPKSkCBdlbAA:ZOa3BztTWlzCQ8EcEcfCBdp

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.vigo.tongchengservice
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4337

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.vigo.tongchengservice/databases/MessageStore.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.vigo.tongchengservice/databases/MessageStore.db-journal

          Filesize

          512B

          MD5

          a5711b8f1228e29d2a40ee2cd8e8f10c

          SHA1

          64a1096f3506f7469ce381183b7edeb79742c69e

          SHA256

          601ee99130dbdce765f8fd319215a638590ff82214d86469f52cb19acd67ad8b

          SHA512

          5d7f2402085d7f7b505c16358600cc11e19fcb76bf1d65ae82364a31d48ea5603d1864c4590da596f6c8354a9e82a7874e64be721da00d1dac54d04da2b8e3b1

        • /data/data/com.vigo.tongchengservice/databases/MessageStore.db-shm

          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        • /data/data/com.vigo.tongchengservice/databases/MessageStore.db-wal

          Filesize

          72KB

          MD5

          3d2f6e16ea2b9983a72e040f54d226b5

          SHA1

          1c75dec310728d33108f793fd755bb5ea35e33f4

          SHA256

          d1718dd9b2469e56407b6339da710bfd8f5b3efbfa189070c4b9a42b3e68edf3

          SHA512

          ed1ec5121b9b8571a20a17d70715b5d82c670d044e8143e94c08eee51978dff3e5426279d71c9f48be0ef9475944045cf61c47ec495f514659dc24099c280770

        • /data/data/com.vigo.tongchengservice/databases/MsgLogStore.db-journal

          Filesize

          512B

          MD5

          a8a5c3f89ef3c1eb2a6e1f03376125c5

          SHA1

          d55330bdc5409caba120c8d01ad37c0621829c9c

          SHA256

          22833a632fdb46d68d54d8fb84f0c29f1614cc3df52ece4d62c86bfc44c8ca87

          SHA512

          086569bc807f1bb2d9486dd86e58b21ac6b4d3013925033710434c4d712a46c1aa3fc19b68b5f29a23c722c6faaf55814bbd0750a382fea72f50a19dc7b4cb14

        • /data/data/com.vigo.tongchengservice/databases/MsgLogStore.db-wal

          Filesize

          68KB

          MD5

          7eeba7ca5d265c99b3b5b039d4d5cc6e

          SHA1

          9f400f64aa2d413d6ab824993a182c2ed9ce8006

          SHA256

          c6233f29bda8d81e375b7bb63ae087e3c2c82701cc50e2f79ffb032f7e850e36

          SHA512

          b12f1ae252f2c7cf077c9b6594dda5be3323177afd00320df9bec56c609c8914baaa5e2b0a6457f66c13aa1e695cfaee856faa7f275082925b096c22b4d6bf57

        • /data/data/com.vigo.tongchengservice/databases/accs.db-journal

          Filesize

          512B

          MD5

          ef1423cde77f5a88466ec24917ac2cd2

          SHA1

          822f9dc99eac24e7a79545f8825d4129bfa7e9d0

          SHA256

          5f2fe427e2e553916db430c5f49b8ff82924b2a06259b88637af1420136a2f17

          SHA512

          3a249dafbdc03a13907f49adac64f99ec0159c0037877df45949df652c958e60262bc98b95bcea053f74056e69e89554e97f4a1b914cb6728a526c051aba5de7

        • /data/data/com.vigo.tongchengservice/databases/accs.db-wal

          Filesize

          32KB

          MD5

          a67baee6ee1f353da95f0de30b72fd74

          SHA1

          dc17d4ab07801b1135041c1b9b98bc5a2bb48220

          SHA256

          a5893846ef8306c8cce58c5ab10ead5ba5a40a3cae7e663b3b559066aa367c2d

          SHA512

          f04c2394dbaca7de70ca68cc21dfddcfea47b071a4f5b08e481771c20d78a226265ae2a6fca390338e669ffed0f2c5a7e008cf486fd77a23fbe5dfee11511dc7

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          b1588176dab11c3be63f3b8fc48e35f4

          SHA1

          eabf3ea0876bd4f0ca707f09d952e2956b8ca781

          SHA256

          cbe02d1a376c8ee66f9ab400f4cbc8ca27b8c28ea3d29db64e5336f99f21240a

          SHA512

          59f748173c6352b611d051460e90b6b019bda3db46fed195fdaadfbebd9bd63b7f0b043a43e69db5220043240e0c1f742e013c290fd8a4aef47a53f5f11f7b79

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          16a536e18a452414c674b058cf58e17b

          SHA1

          ecd3c44e3e4528e4740e4c1b21433d6a628f0ac7

          SHA256

          b0c8d6adda7bda88c413b1661835df32b0ce4dcaaf838ce98b27e423cfb904d1

          SHA512

          d0a5ad1adbe1fc331e4ad83bb2ab84bc5a3129cb463a45effc1183f35db98957c2d4edf82aa16428e45e5d16e2e527164f5f1a33d1d2fa3282af415695d72433

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          57daa271140e90119ad0549ad3c442b2

          SHA1

          d9c886bf79ac737ef8d04de7a260e903ef6f7d1c

          SHA256

          f87aed113e29932d16e7b850e18c197db3769496b8793a87c6c631da6bc53500

          SHA512

          7f95f3f269ae32336d663f1fc5f1dc6be63b68b61cb4c9269981a45b4a77b1307e65c3fa065fb1737b53c071afc6b6f23858648e425fd433208cd609f1d0d6f5

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          7191c2f53b68ebf91ae15081b2428e40

          SHA1

          05c5713a54b42f1b7c9f2d8fc1fe7e1ba3466e10

          SHA256

          8c94d958f1ab07f5481778ba1316d7b5461a7cf5f797cb93f087fa61a17b4daa

          SHA512

          3b9203e43c1d1e8e557ed9c8c21b91d5d53e14d409e06a18be89d3ff3c0ab661cb20b5232fcf13d8d4488f65b24958df1f620bacd221f336096dbc1cdaa2b86c

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/Android/data/com.vigo.tongchengservice/files/tbslog/tbslog.txt

          Filesize

          1KB

          MD5

          c145025027d77000fa015009616f6fe2

          SHA1

          15ea9e0825be045d8ecc22cc0edda070f2c5d400

          SHA256

          ebbca6da8023502cab6c3b6730f75bf988b437d5bda1460d930e24518053c8d1

          SHA512

          9b8bf4ef173965e56527c3a726df8e8fdcdd496e35dd8a23d598bad2b9457a5f75875b0a34487356dea7774a34178679b202433c4da0df4bd0a112ce3c1ef4aa