Analysis

  • max time kernel
    178s
  • max time network
    188s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17/05/2024, 15:50

General

  • Target

    5043537704010b4e7ece10f65cbb315a_JaffaCakes118.apk

  • Size

    12.2MB

  • MD5

    5043537704010b4e7ece10f65cbb315a

  • SHA1

    0d7ed630442c6e0bb1a4dd10eb8803b796b292ea

  • SHA256

    8d7bbbf3f6892ab2c1cbc453644ee6091ddc1c36eb4fa9fab422d52bf9334e72

  • SHA512

    acb274ba3c2d8b021f88fd4d6635e63e77e35d6edb8edf0be98ca3adca4f39d619a278accffd95c8256806993936558d3e743aba1373825a9b202101a8c8afe2

  • SSDEEP

    196608:xJpuVu+M4dw5mzjTZPFPPPJNala/5fCYTFZUhMaN+6L/706dNlNpKcYPo9joATUY:xJpuVuAdrWcFZcZT0sdWPoTf7+G4Z+

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 6 IoCs
  • Requests cell location 2 TTPs 4 IoCs

    Uses Android APIs to to get current cell location.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 5 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
  • Checks if the internet connection is available 1 TTPs 4 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.mobiletool.appstore
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4294
    • chmod 777 /data/user/0/com.mobiletool.appstore/cache
      2⤵
        PID:4326
      • chmod 777 /data/user/0/com.mobiletool.appstore/cache
        2⤵
          PID:4380
      • com.mobiletool.appstore:remote_proxy
        1⤵
        • Checks if the Android device is rooted.
        • Requests cell location
        • Queries information about running processes on the device
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        PID:4542
        • chmod 777 /data/user/0/com.mobiletool.appstore/cache
          2⤵
            PID:4680
        • com.mobiletool.appstore:push_service
          1⤵
          • Checks if the Android device is rooted.
          • Requests cell location
          • Queries information about running processes on the device
          • Queries information about the current Wi-Fi connection
          • Registers a broadcast receiver at runtime (usually for listening for system events)
          • Checks if the internet connection is available
          PID:4733
          • chmod 777 /data/user/0/com.mobiletool.appstore/cache
            2⤵
              PID:4769
          • com.mobiletool.appstore:channel
            1⤵
            • Checks if the Android device is rooted.
            • Requests cell location
            • Checks memory information
            • Queries information about running processes on the device
            • Queries information about the current Wi-Fi connection
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            • Schedules tasks to execute at a specified time
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4897
            • chmod 777 /data/user/0/com.mobiletool.appstore/cache
              2⤵
                PID:4935
              • /system/bin/sh -c getprop ro.board.platform
                2⤵
                  PID:5070
                • getprop ro.board.platform
                  2⤵
                    PID:5070
                  • /system/bin/sh -c type su
                    2⤵
                    • Checks if the Android device is rooted.
                    PID:5095
                • com.mobiletool.appstore:remote_proxy
                  1⤵
                  • Queries information about running processes on the device
                  PID:5032

                Network

                      MITRE ATT&CK Mobile v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • /data/data/com.mobiletool.appstore/databases/MessageStore.db

                        Filesize

                        4KB

                        MD5

                        f2b4b0190b9f384ca885f0c8c9b14700

                        SHA1

                        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                        SHA256

                        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                        SHA512

                        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                      • /data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

                        Filesize

                        233KB

                        MD5

                        1232177bea22894953c5ee01b481b1c7

                        SHA1

                        fe3b1f6d80c92e0ca54e5b3d4f8eec72c1f9f78f

                        SHA256

                        db563de347bd18da1209303aaf2f00833b3c9d72331e2d6553dfb1edbc18e75d

                        SHA512

                        ecae9445c2620a8c3115bfb48aa5bc9719d1a1fcde6635e41f381d4164327c183a5fb037455b59b8ab452098dd6b4c2fd682c493dbf544e8c2028ca0e309d69d

                      • /data/data/com.mobiletool.appstore/databases/MessageStore.db-shm

                        Filesize

                        28KB

                        MD5

                        ba81ade0b4765bce7a1ae0b9633ae6dc

                        SHA1

                        0945be36045cd679ee519eb27a0f3d79c423d6d6

                        SHA256

                        7260f969127244d12b35b06d96e447e450abf0f7df1f677c6d596894cb47454d

                        SHA512

                        a9043d1449af1d6c652f1420d4558a591f79b6330cbd27e7ab063534e480981881a4129f6854d7167cc468ee4bea1aba23516e1e7ccf660bfed33af462cc4065

                      • /data/data/com.mobiletool.appstore/databases/MessageStore.db-wal

                        Filesize

                        48KB

                        MD5

                        b85afc2caaace09bf05dc617b464b553

                        SHA1

                        d0bc3dc6ab6a0d4483bfa4f5d5fbb57071011906

                        SHA256

                        aefff27a82e33829c8b6512c1d0c25d1094d9374dca7f539f096d644f69ab556

                        SHA512

                        60cb6355ea092d5d263160221b22fd3131a6d69303484c0b3dc726b2723c7a6e3d6514d2e2d09d88d996edbfb7461787fc3b1bced957ebafa13ddbda28b7aef5

                      • /data/data/com.mobiletool.appstore/databases/MsgLogStore.db

                        Filesize

                        4KB

                        MD5

                        7f6383011076100b3a0821fd8922812d

                        SHA1

                        a9fe73d0c9d0302ec67fe7c6019244a6f7361dec

                        SHA256

                        2d82e8326dff0ca3ec53dbfbe961b18b2bb0adf9b8600ba35abfd78a0958d4ab

                        SHA512

                        665a87d2f40c413fee62c646ac2f0359a2d33f83d9aae6e7d473d9ec593a910e627245f24dc0b0bf1b53b2862409d4f70d77584c614da3c229851ec2a2840d96

                      • /data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

                        Filesize

                        512B

                        MD5

                        6bef254d264997eb9636aebcf385ee40

                        SHA1

                        07ae20011e143c23f5504d67974e44f04b19513a

                        SHA256

                        3c3f281dbb8a4ce81d9f739d25966827c77381f39c83878d0b8aa50673ae2cd7

                        SHA512

                        7f8d30b08acb3728aed1dc392c1df3b4f99221042fa4dbd619b266a9f70e86629a0bbe6cd878c002f501411624a14b3f1d22d893b04e6254d1e086efc3cac83a

                      • /data/data/com.mobiletool.appstore/databases/MsgLogStore.db-shm

                        Filesize

                        28KB

                        MD5

                        cf845a781c107ec1346e849c9dd1b7e8

                        SHA1

                        b44ccc7f7d519352422e59ee8b0bdbac881768a7

                        SHA256

                        18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

                        SHA512

                        4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

                      • /data/data/com.mobiletool.appstore/databases/MsgLogStore.db-wal

                        Filesize

                        68KB

                        MD5

                        8e6f040aab3e28f672a8e76b425e2b51

                        SHA1

                        9abf83294e16f8a7977373bb35423e87cc2d63c8

                        SHA256

                        aa580a09fbcb4188411f0bd641d4ecfd3d70be8bfdc073a9ccb3152685e87e82

                        SHA512

                        0dc8220521c37b4a859aa7742e175ee549083356874ddd1af8c7c5997439ab285b4ccb0673c2737e74066b43d4434c9abae5e42c68f6c94e617d82866aea0535

                      • /data/data/com.mobiletool.appstore/databases/bugly_db_

                        Filesize

                        4KB

                        MD5

                        4512ff1fd452e9947d0d90b4fc20254f

                        SHA1

                        e824073d6ce22ac9305e624f08610a183f6eefef

                        SHA256

                        8d12cdb2fbcf814320930151c2c59bbc601e68caebe4c5a4d8634603f3c8a935

                        SHA512

                        666c158b43a0a99711cce13bed5147641be5b002e4f0f98abc690d8eb905ab734e663ef16342ab9c28b632f577756adb5efcc65ad56a85de4eac2071413bbe14

                      • /data/data/com.mobiletool.appstore/databases/bugly_db_-journal

                        Filesize

                        48KB

                        MD5

                        703232acabc1435d43f00eebb542db2c

                        SHA1

                        3372bb0612c64710d68c92338be1a94f9b410377

                        SHA256

                        9b3004a891f8e6c8c3fe01eff6d00091c80eaf0c4e5f85626805d33c2da277cc

                        SHA512

                        07f0351453ed92c3a4ee7619798e720c4820ec350e4d61f7fd08f16003b91a2630b6c7425c4488745c1c25892c708dd4717d3f81813e37ee36773b64c89e554d

                      • /data/data/com.mobiletool.appstore/databases/bugly_db_-wal

                        Filesize

                        88KB

                        MD5

                        760d1036e80bf98965a2f8c1cbc1d7f0

                        SHA1

                        3156c24d04d5c22270c18aca972052963bd14f57

                        SHA256

                        08ac0513435425473213afd4c260668041992105ca3daf3b271cf2975d8d15d4

                        SHA512

                        205407eb959028cf7c53ff07a548ebfbb221f8f655923cebd6f0b1c616fe8eb22530cd39e7f4df5a4e1153c9bc935e281e4cc9c03b559f7c136268d72cb6a05f

                      • /data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

                        Filesize

                        512B

                        MD5

                        2f9f7ae41db886caefdfadd7eeddc26c

                        SHA1

                        311c95f93caf1865de4a7a62f3bdbc3589e692fd

                        SHA256

                        25a00e67c3de4406a0fb54c30599762ef7a13316642b61c7f53c64ccc78d2b1c

                        SHA512

                        8f7942ba3399d1d7e0c9717d6e99d78cf1c48eec07e5c9a992b4a3b9f1cd11195dd386f3f783efe800b57147282a27b0587483e917fbd39f3545d060c502ec01

                      • /data/data/com.mobiletool.appstore/databases/downloads_classic.db-shm

                        Filesize

                        36KB

                        MD5

                        486e2bac2b3e9e1cb411d2838a4854bd

                        SHA1

                        81dd0a7537f4af319b830ae834908986be85da8b

                        SHA256

                        5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

                        SHA512

                        c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

                      • /data/data/com.mobiletool.appstore/databases/downloads_classic.db-wal

                        Filesize

                        40KB

                        MD5

                        1b7fb327bcf4accf0dd32410bec2d2a0

                        SHA1

                        168959b94990f15926681dff1f9a432941e4c8e6

                        SHA256

                        6854e05e5d4eb7bb090176f8662324830b9f1eb8c0b18ae16036d92ae321a61e

                        SHA512

                        3dcb47ccaec4f05e6073c6f101218eb2fe1df0762fd44323499220c6f6acbffd29c0531a09d29b94a5f58553c24e2b317628ed41282d7ff575b518a0fd50f0de

                      • /data/data/com.mobiletool.appstore/databases/pb_db

                        Filesize

                        20KB

                        MD5

                        650956f5790780ebe873a98ec3c6208e

                        SHA1

                        93d153640b298e9214eca32825ec30b181f9e8ce

                        SHA256

                        36b4a521ca7add4a85d3ceffd27777e37c0c0e06c44977492e58657664d59cab

                        SHA512

                        9fcc0dd8a702424908286f597c6418516a939038d264c2d31f65dc48fc5b025d7a4c85d85a54dbaf33708b7ccb0c703c2bb0762033a6fcfe7917287c6d307449

                      • /data/data/com.mobiletool.appstore/databases/pb_db-journal

                        Filesize

                        512B

                        MD5

                        e67888f76e4c0d677572b2430f77ed18

                        SHA1

                        88b9a546b87ebda5d88c232d75b9ddd22548a808

                        SHA256

                        00b593adc7f61ac68624800677a49523282981e4a3b79a72209023e16b391c21

                        SHA512

                        fb2d0ba4ba0395d195ac994b8ebd9e6c04ba3794dab1b8a111fe1c7081bd22a530b6880fc184366ecc97c3a56b12b077c9299728b2a3e9d20d90b77812049abd

                      • /data/data/com.mobiletool.appstore/databases/pb_db-wal

                        Filesize

                        32KB

                        MD5

                        7fff78db72373cb6da3a6f8168e5ce08

                        SHA1

                        b24bab0b83bcb409629bc70150628504b86e4a54

                        SHA256

                        9c476a649db7f54cc5f92768ea430dac1dcb92642ce6bab54804fde532c1b30c

                        SHA512

                        305d9ec67531a622c779370e9532f38635313debc4aa7a7ec8f44fc0018f52c0d833066c6b3df851596d0486cb1aeb404b481489fa46b9f6db538fe2bd434f19