Analysis

  • max time kernel
    3s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 09:09

General

  • Target

    53fc2c64e3765111d7c625393cc9f12d_JaffaCakes118.apk

  • Size

    11.3MB

  • MD5

    53fc2c64e3765111d7c625393cc9f12d

  • SHA1

    e5c940af900446c4f8f80058fd7307b081bd5ab4

  • SHA256

    6d2153eb47d2d681579af1d4ba8ba7a9222710a696e96ff43fc9f7a1f82bbda7

  • SHA512

    2da69d70128575e4cb338389daa0e465dcfde43b279f690b2117c955b2f255d544e84af0180d74e16cb10f4cbaaf47760c2eafc337530fc9ee6d4b3eb4653dd9

  • SSDEEP

    196608:KnZAMfymlpwfg1YYlC03xPoOxBFj4q8l1NkaaLpUcAifL3Xp+FeVoqHVw7k1kqe:KKQ4fg1xC036sIvIUcbfj8erwA1o

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • ai.tick.www.etfzhb
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4310
    • ls /sys/class/thermal
      2⤵
        PID:4374

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/ai.tick.www.etfzhb/databases/MessageStore.db

            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          • /data/data/ai.tick.www.etfzhb/databases/MessageStore.db-journal

            Filesize

            512B

            MD5

            df2f1a199727e43aec33a71cd4e73a15

            SHA1

            1d4c9bcfa0d12ea1cf2ffcd3737a0e29bf71e83d

            SHA256

            f51d9f145588721a4c5b3bfaa1d16f3cc307dae433d5177cdac747b00ad0fd04

            SHA512

            963ed2492e45a394aabad5801380fb6feae7957378a9fd77c8604b9fae2fa77d3e864e315c82c7bb8be18fdbc36133b3892e2a78430ab9911a023840569384ab

          • /data/data/ai.tick.www.etfzhb/databases/MessageStore.db-shm

            Filesize

            28KB

            MD5

            cf845a781c107ec1346e849c9dd1b7e8

            SHA1

            b44ccc7f7d519352422e59ee8b0bdbac881768a7

            SHA256

            18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

            SHA512

            4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          • /data/data/ai.tick.www.etfzhb/databases/MessageStore.db-wal

            Filesize

            48KB

            MD5

            323c548221bd44db58166c1f2991fa85

            SHA1

            5187216a07b00777655413eb63daecad51fa3f6f

            SHA256

            6fc1da7c8e64a54fc3cff612d58be2fa44d001c953e3cecf822fb91a6c3b7669

            SHA512

            180d53212360fd65e0d98ea28fd9031f494d531178ba0e19ecbd6dba031ebb11ec33f27929b8e6675adf1480264b4473044b0d5167732460f2c94139124a9d19

          • /data/data/ai.tick.www.etfzhb/databases/MsgLogStore.db-journal

            Filesize

            512B

            MD5

            1208a7281f22f61d243379e6933f0df3

            SHA1

            0244ada7dd75ea24f67283603764409e5f081538

            SHA256

            8174c9d8153f9337db0ce630744f7bc5db1088aa05dcdb43ae0b959ae11570bd

            SHA512

            02cca0972beb984e988888d238f40c4762e1d0535b2cde1d22758cbbd4ff53bd7b39bc250e789cecaa3b7083dbd5b98e570127e28f2e40e264a59fee17818521

          • /data/data/ai.tick.www.etfzhb/databases/MsgLogStore.db-wal

            Filesize

            68KB

            MD5

            6558dc2e2362d37223a2e3c956644383

            SHA1

            770ff8c469d08df27a16bf952f8e10e056d115a8

            SHA256

            d8712b7ee4fb3d5550757d48dc936e6119624c97e8512e4e6d58e7ac89c53c4d

            SHA512

            ecdc13c0de00ad494cb84997f17111deb3d1ff1b32f8e827c52e42b10ce00700b7a4e02839d18a0e522f41e3153e120724e55b59abea49502d9762ef8175da6b

          • /data/data/ai.tick.www.etfzhb/databases/accs.db-journal

            Filesize

            512B

            MD5

            2057acff31deb522db69a75569733605

            SHA1

            150f3fa347e93b986d17e894e0db9d2ce0194962

            SHA256

            6e9b05e1c08833bf6c4f13004ae21d46ae694c28f0438d1bc113ae047e496595

            SHA512

            4b0ef741bda4f8c0aaecc1704ef7d61ed5512bfc41bc8f0fed5e8c3ff8d12f0061e3feca987610e40a4c7167c3bad1c3a8a1b78c974389ad515e2747655c45ad

          • /data/data/ai.tick.www.etfzhb/databases/accs.db-wal

            Filesize

            16KB

            MD5

            4e10263cdb38d819ba88ddef94df3b55

            SHA1

            fd072793af2aee3353bd6d09283e2bf1c1dc1916

            SHA256

            4990c3943d44e9a21c2004f79f8f2dd4e43c2e334e0c3a29b7ff8a4fb28dc20d

            SHA512

            b1a865308c07d82845b65ceba484726ede2ba013282ee35ff6196e58f13ffd2031e84c44ee040a9d417a71be071820bb8bb9a68c0b48c43eb9b55eca1fdf52f4

          • /storage/emulated/0/.DataStorage/ContextData.xml

            Filesize

            111B

            MD5

            1749f6d5138ec3056f0f53bb0919afed

            SHA1

            0be4cbecad98a3cce6cdb69d869c7e2502decc03

            SHA256

            914e752a72ab0d60880aaef0a79f6c3199abd692f305ce04c3444ceb6de2d7c0

            SHA512

            f91198f763078b28e5f76ee609ca75a75ecc78e1975d5a23f23b41f159a4d32c4da5366b914be1cd5617cca6477910c0ea367ebb66b2547a3c4bc1f79ad5363c

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            111B

            MD5

            7af6dee4b96e9f87844e7628bd4583c6

            SHA1

            2089fbf3ee645a5a13d2b3322a3fc24e4dde494b

            SHA256

            08c21e77abce9ba25adf1b120b037443d3e767d9b1cb83e1258b159b5a831c78

            SHA512

            1e1755690a68a580c95f9e86784a50f6ee979710e389efafdb70b1b447439aff0b2b46f833326a5cb79e265a3c2de062ed43ff54b8769c1ccb20fd0d9c26295f

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            167B

            MD5

            635a6e68a6ccf47c40914d7832c27c1f

            SHA1

            e1096dcdc90becddad8dd805332d469d7ad01034

            SHA256

            dfffd499b2e03cafda85e5315fccc389a1dbe9671539def78a16f12b006ec160

            SHA512

            93b583248004e9a19004f34c148d9974029f26f0e9bce2ee28f3a840f6aa9ba7249c00de3ff7aa828331f6b72225bea67f69cb6a432415b12d3251578d5e6ec8

          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

            Filesize

            65B

            MD5

            9781ca003f10f8d0c9c1945b63fdca7f

            SHA1

            4156cf5dc8d71dbab734d25e5e1598b37a5456f4

            SHA256

            3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

            SHA512

            25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

          • /storage/emulated/0/Android/data/ai.tick.www.etfzhb/files/tbslog/tbslog.txt

            Filesize

            1KB

            MD5

            a1d0d72ac1065fb8c559bedbc99049ee

            SHA1

            e1d62a10ee19713b64552259a6c0cf8531cb80c9

            SHA256

            7e68d9c7eb409d06dfa3bdaa20d0dd1bc85f204a8dda0311b3e0b526b4232771

            SHA512

            1363a56173be71c66c1ec5f80f556c372f523204e5fb8d63a9e29da78ac406f25fc65f96acb10fb08e976196ac988b73a298a2a5c5968d4cdb8f62c3be9833cf