Analysis

  • max time kernel
    6s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17/05/2024, 16:15

General

  • Target

    505c9f7160817d3e855eff2f149811ef_JaffaCakes118.apk

  • Size

    16.1MB

  • MD5

    505c9f7160817d3e855eff2f149811ef

  • SHA1

    d2d7682d023fe683b96e42ff50cea95957f4ac15

  • SHA256

    cd8e15f7d989db4e45f1190c14f904f548af1a40d62537ba2f2ae933fc148895

  • SHA512

    b1b439bfa2bc97a750331a76fb8857742f15685460b47ef6cf3f9e91f25ad7f94741b798bd8fe0f8ca56a76eb92ed361d35337a9233c057f814906747fb77381

  • SSDEEP

    393216:gGq+FmVAhz0AxhG6XiJYDUrpKxGdKyO1HAUizykSE03At:dFmGhAQGoiJY+pthO1HIzTuAt

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.example.a14409.countdownday
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4276
    • ls /sys/class/thermal
      2⤵
        PID:4326

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.example.a14409.countdownday/app_crashrecord/1002

            Filesize

            252B

            MD5

            c4d6255ca13d60a382685f64c9270a1b

            SHA1

            f78bc8d09dbd3291419c1278714b92c226c63c07

            SHA256

            b2b84f7e875b8fbfaddca14fdffb67c3461e89d6b1b0df8ab1cab2c4299d1336

            SHA512

            2168efc611dcdcbc00acdb7c7e98b632e4ad605a238b5459ae9a2921aec1def75bb85f7012b49f86d4df715344b9497322e261eabffcb30f0f7b539352b0c0e4

          • /data/data/com.example.a14409.countdownday/app_crashrecord/1004

            Filesize

            252B

            MD5

            5590066d69a08f833a820f362f874ef9

            SHA1

            4529e317ee738cb9040525269a38831a92b6267f

            SHA256

            96c587a708520c9129de7140772660ccec8a9f515ff82d1c149fa9850857c1bf

            SHA512

            179fe885c8f31348ce323eb3bf190fdefa4bef392175c46d7f0cb9b3514459687d360b2dbf47222d5a3319971b65c602b165b82ffb2bb6b9b98a151e5956083c

          • /data/data/com.example.a14409.countdownday/app_crashrecord/1004

            Filesize

            58B

            MD5

            0d210bfb2a0e1f1b4c082a6a0f79de07

            SHA1

            bb8ed9e364db79d1d9f2fcde3f15091893222faa

            SHA256

            988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

            SHA512

            536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

          • /data/data/com.example.a14409.countdownday/databases/MessageStore.db

            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          • /data/data/com.example.a14409.countdownday/databases/MessageStore.db-journal

            Filesize

            512B

            MD5

            e41810b2b9e96f058bcd23d74ebb744e

            SHA1

            c3b8760e9979e3e4aad0834534b4aa7616255be5

            SHA256

            cf14c5b5398e2dfea36101bb4ac93939f63f8e912191f4ae74fbd7dcf24d7a31

            SHA512

            3f03e01c2dc3222674ca130a63a76bb9551f370498a01d7b6dda46a76e837339583538f84b7a398261abf416962ad557f1c2a2eb128b64f6ed1607d5deaff7b2

          • /data/data/com.example.a14409.countdownday/databases/MessageStore.db-shm

            Filesize

            28KB

            MD5

            cf845a781c107ec1346e849c9dd1b7e8

            SHA1

            b44ccc7f7d519352422e59ee8b0bdbac881768a7

            SHA256

            18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

            SHA512

            4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          • /data/data/com.example.a14409.countdownday/databases/MessageStore.db-wal

            Filesize

            56KB

            MD5

            7e38ad13e50edfdcdeeab2b14679d936

            SHA1

            4062c0e84715e7dce680213063f0ae9045077aa4

            SHA256

            74010fd034494b3a74dfd1e21f9ab975761da3792f71602b47c3df202d7dfc2f

            SHA512

            4105fa4d63ed3f02d6c4a0399de7319849c25078d94707abde9c69a7b513ff86f50cf18c54e190a072d4bb2e25779a57b4b986148fae4baee35d133e23a67a54

          • /data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-journal

            Filesize

            512B

            MD5

            4d950fd5df584f8efe5f85c213638653

            SHA1

            9f5686a7b7bc19487640e10e4e8dd3c11ecc7406

            SHA256

            b9cf48b0b06c676d331a0736f472af04ada53c34a336d50a21dc3f5bd1cd3ee7

            SHA512

            5cb3036bece53f4d7ca28a493c65db49808b593e2101f31215e63d046b6960004672144e579ad18855ffc0331a92cde9d5ba50975f0bfd83b358150ffdc79745

          • /data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-wal

            Filesize

            68KB

            MD5

            74cf81af829f5a2cba440ab069e836fe

            SHA1

            2fbb20b38f9fb440a3133bb1a970b3f54038153b

            SHA256

            3f4e9059b35844181ba9b44451e31da97f815bfbb892866746dbabf18d2337f6

            SHA512

            edc55d23b8767325b7287b109e0c1aec90b9ca01f7566486f5a5d1565f5ae0e8956bc5a3968f2bcdc74696a83b150c54e80a1ec4b8cfeff0a18de09f6e17f5b5

          • /data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

            Filesize

            512B

            MD5

            9e3bec2406aaf942502ee044b24987b0

            SHA1

            b805abe749f5d00474fecdfb79fcf8c05fb94554

            SHA256

            764f06547649418c1e36747b5432bf819ab02c67e3b209c402bd0cfe3ee97ec7

            SHA512

            aec56a8f090732eae0f11abac5bbad281e3d87739a865edfea9e3f4bb4e6a5701f48bea55d9ac24dd7c39cb96e22ea1162eb1ab0e1ba933e347bf5622981ac74

          • /data/data/com.example.a14409.countdownday/databases/bugly_db_-wal

            Filesize

            68KB

            MD5

            fc3e65a239f83300ce8323a31ec386ff

            SHA1

            abff039dd9d6b1d82ab85156e6461a8f79357b0f

            SHA256

            9bd553a5aef6cede6c62b1de22b5998a7906ceb9f5d62433eea4016eb913b5d9

            SHA512

            ac5dce0dc24b3eee4a1968b5ccef0319768c5796e76784351165b912be77421808cb17b9dccc7026b56330b28bad9f16e0bb1528945461daa5058645f58c2fe7

          • /storage/emulated/0/.DataStorage/ContextData.xml

            Filesize

            111B

            MD5

            f1ad68a55ae76ad340ffff10e5571766

            SHA1

            ef500d7532f84c2fd4394efc6b0c3e8f689425df

            SHA256

            d7855e9dbbb475f0c4e3ce488009e1238692d007d5eb328ad972af91cfea74e6

            SHA512

            af5a794f0cd01304c33c92308d91ea94577aca1e6065d2f8e2c43764efdf16d8d029f9e78da2a32b68ffa92111f22c42db2c69d0f0f2e0c388aa1e8938cffca2

          • /storage/emulated/0/.DataStorage/ContextData.xml

            Filesize

            213B

            MD5

            18d6cdb8f079915bc3e7d1870b4acc4c

            SHA1

            5af15f9f879018a826ff8d997425ffcf0afac3e1

            SHA256

            29f988e69d62735f4d30ac5b6fd35848ddc2fad9b76ddee99d7df20fadc9f390

            SHA512

            51c14a9fc2817f8d7c6b2623deeb4f9ebc8249ad048ed382f9194d5b89a4d3d221a861dc535bf4f8e481a0574eb931b0d76689896bdbd079a46bcf530c691f6c

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            111B

            MD5

            4d60460fbb8b26c7e0aec026fbd3a445

            SHA1

            38ed2a004c277f66a7a5d9ea799cbb623dc0314c

            SHA256

            73be534f49074bcd78015ab3008c4cc09e39bbf3f34fed3ff365c99fee36a033

            SHA512

            d9abcce712cc66a902ce5128e7a87073af3bcf10cb15777b40dc7c81228110ceab35d726167ad4f7641b847c2753c35b03f2876d81c2dc248f377371dd944a3a

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            167B

            MD5

            bbeed0e23202462da327dbd3c12b6a89

            SHA1

            fa6803e17ccd15af0a432693d5ecb123059dad7b

            SHA256

            44e06a436d563fb1958db8cd8e3c1d071f3d5443f7cb430169adb4a83374bea2

            SHA512

            d357cc5a618e220ce78b7ab20bff598a203d19db4793bb831e96a7359fd3f4e65f0a8be01024ef3a2a9079659eff35e024766daacd7f6f805dd66031d29e6d1e

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            65B

            MD5

            9781ca003f10f8d0c9c1945b63fdca7f

            SHA1

            4156cf5dc8d71dbab734d25e5e1598b37a5456f4

            SHA256

            3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

            SHA512

            25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03