Analysis

  • max time kernel
    5s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17/05/2024, 18:03

General

  • Target

    50c568ca141f5e0a26e6292ccf751b61_JaffaCakes118.apk

  • Size

    6.2MB

  • MD5

    50c568ca141f5e0a26e6292ccf751b61

  • SHA1

    0f0d616b9ac6e2163d34f5f454d1ad2fb438cacf

  • SHA256

    ab49fa00872d5aea4438e25a42f11cdf196871490dcf81a619e73da1b274eac4

  • SHA512

    91e5bdf316cd94a040660de0e647f035d0ed22071a0ff2c1d1cf07248c362496351cee00c66e87d775bdcfcae5a6367d0e921a34819fa0c9e27ecfcdf2da65d5

  • SSDEEP

    196608:wR2v0uKTeOUOVhLzMfFNJhiXD7EFH08CuEKF2Yx6o:wo8VTeOUwhgNdEYFUZuEAx6o

Malware Config

Signatures

Processes

  • com.fanhua.box
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4239

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.fanhua.box/databases/pri_wxop_tencent_analysis.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.fanhua.box/databases/pri_wxop_tencent_analysis.db-journal

          Filesize

          512B

          MD5

          b627b18181fc1ff7ef092615cba34cd5

          SHA1

          499ce7eba938e7d6c14777b5efc10fa5b3b6412b

          SHA256

          35510bd34261d300588b9b7a6d4be06bbcfc5c7a31115270066e1f950350ce46

          SHA512

          112d4066333b15b51f407685a48a387ef0ca8d7c70ef30f8bbdf1ed37f68b56224be06003847c6949286c80541ba2d894b817700653bf604a0072630a42f8d33

        • /data/data/com.fanhua.box/databases/pri_wxop_tencent_analysis.db-shm

          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        • /data/data/com.fanhua.box/databases/pri_wxop_tencent_analysis.db-wal

          Filesize

          56KB

          MD5

          836bb9b27f308b2bf51e56a4da426416

          SHA1

          dde4d74396b75f2db699a754cc0fafa4f8908d10

          SHA256

          f7578c9c2b7ab9be2b5d479156ef2e57a76eb98feb3373778af6b5fc3f10c9f1

          SHA512

          ce1b976d4f970284503845d6e5fc43c0b50960f758d562400f2297429a2d2af2580bb08a4e503189e60b3e03a135b80ece4dba309062b58ec726dbaa2ff99ba6

        • /data/data/com.fanhua.box/databases/wxop_tencent_analysis.db-journal

          Filesize

          512B

          MD5

          c35467e10bad166168622fa46303af37

          SHA1

          cedf4dbff6b844d8629fc53bfcee3b5a14284cf0

          SHA256

          1759afaf1a042c199cb67040a75e4bb8193cf7eda432b4f9c08866cb5f5f6cc4

          SHA512

          27db205f7d24d1aefb9e855bac63ad54fe2e4c0fbc521c19788e733be748ef40c6f52e792e94fdbe4f52a9480a833b9f15c91810a16e885551a97e4e55a773c9

        • /data/data/com.fanhua.box/databases/wxop_tencent_analysis.db-wal

          Filesize

          64KB

          MD5

          6e17c34fc1e211fe0ba6593cba562bc8

          SHA1

          85e44f26585114f8d2c730f23313399dc60d3011

          SHA256

          36a0a9019f8276bec2bb7f960319b6d665057983e3b2290a4aa439d06e981dc0

          SHA512

          4398ec225abfa79efeaaae661961283619af34315163229573b2d57712761bc6ddfe62c0fe8323cbd29077356f36e216057f73a9c0a5ed4d03e17a4698c770de

        • /data/data/com.fanhua.box/files/libcuid.so

          Filesize

          129B

          MD5

          285fd2ca5cc5c4b05aded6cb66b75dc2

          SHA1

          15fbe6ce7253e47c808716b7f7b912b2cf258919

          SHA256

          4cb0072e6aed7b479d7e5a7cec366fcc90b3ac8895a74bfeea8cc294d7f8f147

          SHA512

          75b0142e87f1f65b87463b9ebaa8517b0bdda7e5e465b3c6adb24fc26d80d7bc428d045992ac2986b5bb002e7f8c0d7ac2d58aef4d9773e84f9476ca003e7e48

        • /data/data/com.fanhua.box/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTY5MDM5Nzk0

          Filesize

          1KB

          MD5

          a6de119c9c6d3fc2ce1a855233883089

          SHA1

          fd42d0e716ea39bed304aa9e3db21df3343f62d4

          SHA256

          11b112b003092a6e8c2693ff3915052db6c4f59a50943ebf29414632e74d5c04

          SHA512

          2eadb488989554abe3fedae0939070d27eafaa5e3442d6af14d6293aa9469fb4f8502bd3cd85afd1361bdd600b2fe69de31f153de26fea4641051cea12c7ed59

        • /data/data/com.fanhua.box/files/umeng_it.cache

          Filesize

          415B

          MD5

          05edd54f96e0d9847519d80bdd051f77

          SHA1

          69aa6e6f0f6d7595f022570ec8aa21385b518a4d

          SHA256

          12a3831a3515110d5c06a37f922a1502ea1f3d86efcdfcdfe4d328d977965b27

          SHA512

          25cffdabb6bbeb7f01a3010683d0f9c1471c092a61121347368aefcf92b444ad0b50819cf7d944d3a924c2fdf05a3a437e39efbac08f0b9e69eeb24dd92043ca

        • /storage/emulated/0/backups/.SystemConfig/.cuid

          Filesize

          89B

          MD5

          d988f9362527a92577fc9f3ce5f3c991

          SHA1

          1dd2680ba645242b3ae0f7cd9d7b01763146c2c3

          SHA256

          fba668a3f4bcd694a55d923a8c4e327c6e72a43a835db2e96def263392bc526e

          SHA512

          49a07d3966aa92c54eb01eec1a57409bcbe160a040e91c0b560499c35b2bf1066862f0734b5855cf93a4fa106682dd147b141f5e1001b8c36fe55f0f76de75a9