Analysis

  • max time kernel
    177s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    17/05/2024, 14:57

General

  • Target

    50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118.apk

  • Size

    8.7MB

  • MD5

    50192673ead239a83f5fa78e0eea2b3d

  • SHA1

    395d1f12c4b99d70f54060f7d42677b482c2823d

  • SHA256

    f05c16eb969304b72f9ff3aa0701e4061484ba93734fea92ee3e88f681460442

  • SHA512

    7d056cc4fdeb91b0bbb6530df20c262fe6f36609dafcff1189b543a84853ce49c02219dab4e92b66c5a58a71a126cd14cb7e3458e7e1b2ee693ace4def5c03de

  • SSDEEP

    196608:4mUJezQjeDiGRgUAPeMieU7e0+LEeT5fqcWE/Yqczl6ilobxJS3obxJd:HUJekeVue/emeDLEe15WUazgrq41

Malware Config

Signatures

Processes

  • ibuger.nnjm
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5107
  • ibuger.nnjm:remote
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5281

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/ibuger.nnjm/databases/bugly_db_

          Filesize

          40KB

          MD5

          91064c4f50df30ef458cc6cf46f93caf

          SHA1

          56f42d0b338a742f06db02541f07eb7e7c7cdadc

          SHA256

          eefe6b703fa2a17591195b27e0f9786e061d95846f32af6f5bbc2c872274f61e

          SHA512

          e95c3b5b27d0e0ba634e170a29ee862a3d916b61c53756baa25895dd8311e9f0113d212d5b48d96df938ce2e63d66e5cd5eeea8b2a7fb131d343c9b310a21113

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          12KB

          MD5

          27f951435315f510937855852ebf12f7

          SHA1

          f165993b7a53742abcfcdb796bf706cdb6aa2caa

          SHA256

          f941fbcbe9f2a50d907dfba21a2bf4d4483fbde89c25a9b73ab0219b05f0304c

          SHA512

          1a11f9d33fa2d6b8b0bd17cf1fd57e7f405842c60cdfca7d7d7ae986a626a969e209b697a380388b4179c2869c847728c4f0b26c6df9e513c74be6b3becea22e

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          12KB

          MD5

          64eec9763112dee10ebde7fb892766de

          SHA1

          264e4ce6b416e00e483fae10c74c68e1e21bf944

          SHA256

          ba5de1e12afc20902c99dc043b8ba03e767bc14a1d305f937bf7f0688e9a25d5

          SHA512

          10a05023174b4484c1fad439bb2eec0746035f9f36717471087ba83d40ce6c250e1d2707307279372d19fdd0bc78ac490d79aa50a4fc74b969ee6734e9441ba9

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          f9f5a69935b43c500628dfded77d661a

          SHA1

          920d979fe9df2fed6f82e586e648002feee15a46

          SHA256

          62711c726946c783ec04de789585f33aa7e8e3f5000db20e9d4edf5474503b98

          SHA512

          8027f16af9d08c1e5e9d1dfaa815234a86f2742a98bfb3031db994cb39457f32a4ea320a6b98b9d4bc504623b47c7031433ca6a25bf669884a20c22ee7c7a349

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          90a884156ed777cd37e46f146f5de443

          SHA1

          29013a094cdfcac97d8e1dbc6127a41360ddda34

          SHA256

          0acb775aff5fcb60d9e1e37ad856b42683246b5561e6d927efc6e3a5a739ec65

          SHA512

          8d0428ab0e5f2a38cca62edac984d29d609638c9d179dddb789b3733d5d5637c72ad142f4c93bb871dad0e182eeb89bfada2d8258579104d13f69e4f51e1f576

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          8KB

          MD5

          cd047a7f329133c0f9509de3161d1b20

          SHA1

          572947ddf9db7a2111545bafdbc2f5be4144aa85

          SHA256

          ab90f2806743f87a7e623c0d7410374e9cf1c0aec91187947a7f097a2cd648ce

          SHA512

          76694845950c1d585d5e59d70789a07be0e27fdb9ea10720b2a9f96eda6ecd0da2c93471bfb2f96293cb22944e22713ff8d219e3c70d48147f13c9759fd97d0b

        • /data/data/ibuger.nnjm/databases/bugly_db_-journal

          Filesize

          44KB

          MD5

          e7951c23a5b8cc7df8ae15745f688cf1

          SHA1

          4dd52811aba39e317aa1929ef7eeb4229a194fcd

          SHA256

          d0a357c87c54a0d78195c32fe341734c0289bf288af93b90e048d9f69cb8e11a

          SHA512

          92412e07da70bb856caa2dde23711045de03d1c8330e1f76127ddf26850563fc8f0f69a408c61565f61d79575a06353486d6e17d183c733b772bdff854103bfa

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm

          Filesize

          20KB

          MD5

          152f6f4c70442b4d3e50cb5d0c53c852

          SHA1

          0d62a969c0c646422a41d5d040d446d624bf7c3c

          SHA256

          01308369e2b54ed1159bf115553704139b0919cffa0be12285463f5c29c93573

          SHA512

          378f2bcb74a25d89d9b0597441ea76ec16bd32d439e7b453aabf730708c50b09ddde628e49ecef73b037a65a4b8d0864910b3db5a93e5609d5e12822440a9dde

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

          Filesize

          512B

          MD5

          26e203e6206d2a66be5870366073e516

          SHA1

          1b9ea10af37da2e46913f626d88c2170f9612796

          SHA256

          3d62b1c5b8a2c5f00b185262e58d92de1783f2d26a5f40c3b7bb809d02af5b31

          SHA512

          f837850ae93938bacba5b3b6d62b9d992c1077c968b618b24d533c79e0859aa108445e49f61f107c68152c4ed3d3c4d4e76066310b1bcc601f3ff7720c850405

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

          Filesize

          8KB

          MD5

          1522efec63d702bea9cb364b6a2688dd

          SHA1

          acd57576a7f734145a5537cb64406173b7d89a8b

          SHA256

          e8bee61e4b48d63653e0597d46daeab801527ece833e1dc869473bd3bab634e3

          SHA512

          6b3bf1b76a2fef542ce6c295aad4c8a4e9164a610b5c5a331c1bf1aa4e1df4dbeb7ea317bef430defe409c262d88004b24c1d3cbb483813b2ffa60b8ff4c2b40

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

          Filesize

          4KB

          MD5

          6d993eafe4aed9935d7255463980f64b

          SHA1

          59f8aac924b2f4f49d68786caf67578572e9df9d

          SHA256

          128d2e48b4491926dfd3719d3d6f6506ed363aa07380310fbe59ebec2cac9418

          SHA512

          9e62ad2c27051c8ac28c00a00d23999c81949e216120944f79969e98fc67512daa04767b1c7dc5e4b70f64f5c4db16b818bc6193b6fe0865542c2f1d98243652

        • /data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

          Filesize

          8KB

          MD5

          04cae6381db373fcff612b9c705f6a12

          SHA1

          82612615eebc446240cbfc241c0b1d4ce7756609

          SHA256

          f7e2709a3ea61034c689cea1ab63af92e19798299ec923a2d37eb33c452e37d3

          SHA512

          fd6887a5c5c82e3220af5ac66bf05aa3511bbbf42f1b2596f3e254a4ca94ddbb1d1bb33a074a172059dc2753fbebe27f77823158c3da0a4ca4058c8925b9637b

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db

          Filesize

          44KB

          MD5

          c71634fbe3fa4c2a3fdec8963b8c68ba

          SHA1

          ffa6e1faf67cbe324ea5cb5817b0985f1f95352d

          SHA256

          e31584c7efca5d9f5f6051f6214e9723107a330d10d3d7b3f383cdcf34d08563

          SHA512

          525ce789e28685e1d36fe03980252284aeb512fc42ed4ea8b7fc9ed1a5f4162a2f1cfde9d253a04a6e924e5b4c83a757b04b5c605ac098802ac5b526a0a3c5f5

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

          Filesize

          16KB

          MD5

          0e594effe00ee7cfd184285f4c33c424

          SHA1

          8196875ff3aec9d91fc7a8e9fb68390f3150f07a

          SHA256

          22c455211c7ccc5410c5ccfca703308957f51383c372f8e27235896aa1bb7a4b

          SHA512

          5c3f0f3c3f846393468d4fe164a0ae146f40fd29311c568164cb642c72f0e52fe504b429b0f99a87137f1252c2f4daa8df932a2544d49af4232a1f588f8bae39

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

          Filesize

          12KB

          MD5

          4b2449fbf977833b29926c3049608165

          SHA1

          89648e7bfb7a2afc7d4e93e7581afbb44872b5fa

          SHA256

          075c8f920f19c9176686be10fa05c8c0826c3541aedd4a5295406f587541de00

          SHA512

          c0e84d79e39ec7fc5b8e475d2bf47d719ec61e829ed708d5e0f3196742cebb6bf52480d9255d5207023cf2702576fd9b02bf78154d0484dedf2ba02dffbfc873

        • /data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

          Filesize

          8KB

          MD5

          d4e0270f4440039ae491fa782b9c9ead

          SHA1

          317f997938d08047a1ccd4a3bf90fb5de1330752

          SHA256

          38e03b84e4e42cf8c0bb5c873fdfdffbbcaf0df78f0c3537d73b729f921b0e0b

          SHA512

          ed3aebe82caa603597124d2024033efadddc95e8dd2a0483f58bb6e76da37e14982c3f3b37c9cd0b8cad117278b38164d46d957702d0709cfaebcdafffb4b87a

        • /data/data/ibuger.nnjm/databases/rep.db

          Filesize

          24KB

          MD5

          8420e02b9403d2df4c3748d8b433c79c

          SHA1

          6a798a42a8d03f54ad3b53e23475c4391c776d86

          SHA256

          86a5c5791f2edd4278b89210ab1a02be39ae85bf81f7b05552dba4dffdbc78b6

          SHA512

          7b9377ae34a0e4e415eb6aae1443b88af8bf6c322e6e04a4203d5c6e77e7f667b01ee0fcc0b9569fcd13ffb19ba0adb9cb0c82a71635897bf7c2fe9ee7e326d9

        • /data/data/ibuger.nnjm/databases/rep.db-journal

          Filesize

          8KB

          MD5

          3d89e16bb29f83e55edbe2b3753effcb

          SHA1

          41109242464a31e9932c14ea5d621acbbf3dff32

          SHA256

          b55c1ceded64a7c2a74060d7bf4624bda542a957e2e095855bdf85c26565fdc0

          SHA512

          87712735e588b1f5871c67c15a9ff766af83830b8b189a4bac0f2f95426963b14f8556ecda3ddc41580e76008654fa3701fd0d06125db4c15865a47100ba5876

        • /data/data/ibuger.nnjm/databases/rep.db-journal

          Filesize

          8KB

          MD5

          038b30d15e499bb42c5273dbf076e170

          SHA1

          cfe54c24f2dc8f513bec46575526a2378cd71d3e

          SHA256

          4a144fb89d72c05d3bb6bab9c07cced89ea347efed694f86b6ff60a5b0881df8

          SHA512

          bbbe4bda53c2c609b7750fb604508189144c5119651802e12c8a7bf7e707a2739349666a056ad66f6abe7eee8758375cf60b6b4adcbb677a401b74b39372c2e7

        • /data/data/ibuger.nnjm/databases/rep.db-journal

          Filesize

          8KB

          MD5

          9c1e28e9787520a0142d32df1df3d98b

          SHA1

          5dc0410bfc0fd031374b79b8daaee9614e230003

          SHA256

          f633cc40c246a067245220219d864194a947b5f4cb72d784f2d3c9e9238e23eb

          SHA512

          6ccd6bf47c76e42260c5355d22186ae11e7eed69c2e87db33a9989df01dc9c7db29451d461708e49b2658ea2603a024c0d6e50a744f395123a669e046def8399

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db

          Filesize

          44KB

          MD5

          df867fe981aa4edb4dd0f2a61c93dd87

          SHA1

          101b127610f3adef21d4d50e4b50f228935c58a0

          SHA256

          55178018cbcf6a2d6c59b5ea83cd58c540056caae15ef6e405acd18ca5faa212

          SHA512

          d88413a3738b1d0db90db0b18eb4e8f9f7b11611ef9cfc4a7f5721a871ef5fe570902e797a9cf1fcd72eda70f6306393b90f6039ea0ee4386d2329dc9670010f

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

          Filesize

          20KB

          MD5

          ada4bb502d28f75c6c5627b82f6b836a

          SHA1

          03f6827885f29b782095f475dde67b2a391b4e57

          SHA256

          9a53dd56f32b4abce786e8af6397d9a5b9319f204f03669e4c68016b0ac55f5f

          SHA512

          78daa788a5b8f9111692026f8f4ee57ee3efee61130ec5ebf8a3543090a0a661ef45159f11b9207cac1f04ca0d70f66e9d4ce941ab3facdbfc7afd27314fb477

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

          Filesize

          8KB

          MD5

          839dafc03574a69bf8b63202ca7282d3

          SHA1

          83ce73005174aeb18929c35e436fd5c0438e491f

          SHA256

          343bf900115cdd7a27a6bf8848e510922f36e4757b49e14ac722f3241c4c8d36

          SHA512

          2fc51d7b50d4cfa9083077f77dfd3338cf8e36fec4c9bd40fd03840d9fc70b5ef30c5253ae08401adff90999dfe56b07af3b3894e122a1490513fcc766434169

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

          Filesize

          8KB

          MD5

          41a5f1d66d0f306f16e1c51bb3a00e0c

          SHA1

          00ba69a2e7546b50010ce362656764fba569f445

          SHA256

          895a926f532272d8d980bcaaf414e96a9537117670b15b75dd4af28c3c07f5eb

          SHA512

          911aeb3a91b9e86cbbf2ae7c826c8008558eedb902308f57b3509d0474f91b0034931edfb6d9230fb2d2a4f6cbc558ab15c1ebf2e62aa12e1b3a1c2e854d6285

        • /data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

          Filesize

          12KB

          MD5

          c4701e8c65f16d9e61cd942523ff806b

          SHA1

          78a81fc90e307aafde572a0448889c0a22bd6d9e

          SHA256

          ac34363311e5b74d3b151d06995abf6379c5e14d0f9cd6fe15c9b184dc1b487d

          SHA512

          b3399313480875da2d303babe745e2e035076cfb86116462f262eedefe1f1dbf98965216ebe3e2c6cee3000f99168929b0af087c85f0ddd3d6885d7f06548223

        • /data/data/ibuger.nnjm/databases/xUtils.db

          Filesize

          20KB

          MD5

          1c3bd979796e4d6ed035db63813de0a8

          SHA1

          bc551c6389f13c88176e066c855d5f086bca7c9b

          SHA256

          730a0dd205c42a7f501092300ecc531fe4753becfc0f8495a01b414ae4ddd29e

          SHA512

          a39516c0a8b86ed664653778e20fbd23007f05bddbcc85970cdc306a9457c9cc43de7cfc323530f5ca483f197a47bed88c5a2f414498006f4d8ae17b9607fc88

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          512B

          MD5

          4be5d258b29eefbf66b5be3a4a848539

          SHA1

          bb1ba70d562eb2087be8edbda9680633573e89ed

          SHA256

          5865e43ec0d738b620045b2095bf2293f7769cde14cf2ac7d42d4c0ac5840f3a

          SHA512

          ca72adb146bd7a6fbc355114603bd0cbb0a6b555e54becf92c3aa1007e4d3c82367120e79900fb828adb2bd64a6524f799aac533ce8f5cbb0888f41a7adbe9c8

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          8KB

          MD5

          1a795425d6cc21cfe713e85c4f7db2e7

          SHA1

          2d4db92c645c40906fcfe5080b32949ec4241790

          SHA256

          347b216ec082eebc5273641ebcc6c3d69f1065303027312f6b5b27c8da365fc5

          SHA512

          67b0d239a5f9c9eae90037e45a3e29fd470af447d48817c8fe18a66df4ff17d97cf0378969f692413b3d49c3d2c324e2639929425b70c12334cf8bf04cba6335

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          4KB

          MD5

          8f0bd1b8454d3443fb4fdc89b7a59e75

          SHA1

          d23c6ec4ac5be158408b624faf24c0d5ac87db12

          SHA256

          1e82fba2dc81ce3e421f46fe2ef4ff837f52cd3cfbd412e4d66cd295fd868df6

          SHA512

          17a0c4f1eb55e3ed91b42a48f709c351e621c80d9fac0e5752e6c80527b4936b44cc6603162004ecab49299c5aaeff46bad3cf37d4e1d07fe0746958a58c3877

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          8KB

          MD5

          4ca6f981eabfbbb3b6d4746682c1999e

          SHA1

          34782458bc37466d616de82370f0bb42b6a7d19d

          SHA256

          62b7cb56ad96825a4af4b5ffd2ce2b9badb29cb3e5a174535685da26b9fea09b

          SHA512

          b2da5c0096db747ed947e3ebba292048cf0707f90339bf0b2b3c7ec049459b4a1d169b5517f86e889d63abac7e647d3390a5f545611302b2ca9672fb23a1a2d5

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          16KB

          MD5

          6c934ef2c938c4d24ca4dba652511cbd

          SHA1

          2a2175ae5cdc91187e62eec8e2a19c7cd82f15ca

          SHA256

          e60f361c10ec17ace002808d25752fc5d83b9a7f34173e0bca49e8a7e27657b3

          SHA512

          1945f4e7453003207b742bb55ee6487f5974292fa8f4769e50fa4556cc09c65dadc28ddc2d64c5d180140be01dc898f092fe18b902ab5f9cfa2c11255bcaf700

        • /data/data/ibuger.nnjm/databases/xUtils.db-journal

          Filesize

          16KB

          MD5

          2aed83dcd66f29529d27e6e22d59ccfc

          SHA1

          6a39b369ad16a0ed5c81821bb9c3d5e2ceafab3f

          SHA256

          f5a413500b479b59e7079cf8e26197baa193b28086e335d8c613a1bf2e80cd64

          SHA512

          0312f42a7a75444c8d8141d78f9ca18291ad0474e9e6bbab65dfe590b7d7faf7ce133ff34fe1c2ee613a0f0392a271dacabb84b5801b143199f6a5e9b31c3402

        • /data/data/ibuger.nnjm/files/.um/um_cache_1715957963618.env

          Filesize

          546B

          MD5

          34441be3c13ddf3e514b40b063cba7bf

          SHA1

          fb9dd0ce96408af442d6e2e85cf6cbe9aed09301

          SHA256

          0db0af625d4d181a4c74ee92a6d5c4064d3a95ce6ce24db81f815a54231c20c9

          SHA512

          975fd8afd1b19f23abdef7ac12d3d9881bf83b32cf2ea86474dff70df92056260c81f4dc21403510c330d51e6eccd8b4381ac643c359c09086ce5ae8851fa073

        • /data/data/ibuger.nnjm/files/umeng_it.cache

          Filesize

          245B

          MD5

          aa64e043ce4165baf389ca6796f00895

          SHA1

          72077e1f8d65195c757825abe6e7281789bb3dbc

          SHA256

          bf1125d896b128096a7a62d41b194f9380d7740676680061d1f9f435e8babcf8

          SHA512

          883549d07e6e5ef6c2fb70e9b1908c543363d81b8aa5127ce726ca0fa7a80cf34c057ce4c7277cacc209ad4da2536f2defd75495638341ad07fb30b8b791f3ba

        • /storage/emulated/0/Android/data/ibuger.nnjm/cache/WCache/journal.tmp

          Filesize

          31B

          MD5

          8c92de9ce46d41a22f3b20f77404cc1d

          SHA1

          8671a6dca00edb72be47363a7071be65cf270373

          SHA256

          68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

          SHA512

          30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        • /storage/emulated/0/ShareSDK/.dk

          Filesize

          107B

          MD5

          893bb9930a6efdd3211826f4114b5a29

          SHA1

          57b8895adcc3bbfec87268d5f004cdaa6caee8cd

          SHA256

          45e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21

          SHA512

          78f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010