Analysis

  • max time kernel
    4s
  • max time network
    171s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    18/05/2024, 09:09

General

  • Target

    53fc2c64e3765111d7c625393cc9f12d_JaffaCakes118.apk

  • Size

    11.3MB

  • MD5

    53fc2c64e3765111d7c625393cc9f12d

  • SHA1

    e5c940af900446c4f8f80058fd7307b081bd5ab4

  • SHA256

    6d2153eb47d2d681579af1d4ba8ba7a9222710a696e96ff43fc9f7a1f82bbda7

  • SHA512

    2da69d70128575e4cb338389daa0e465dcfde43b279f690b2117c955b2f255d544e84af0180d74e16cb10f4cbaaf47760c2eafc337530fc9ee6d4b3eb4653dd9

  • SSDEEP

    196608:KnZAMfymlpwfg1YYlC03xPoOxBFj4q8l1NkaaLpUcAifL3Xp+FeVoqHVw7k1kqe:KKQ4fg1xC036sIvIUcbfj8erwA1o

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • ai.tick.www.etfzhb
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4595

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/ai.tick.www.etfzhb/databases/MessageStore.db

          Filesize

          36KB

          MD5

          f1abc67cc72bf5fe66779fa5dd1dfeac

          SHA1

          660f6d1cffa2bf57ec29105e40d08ab103cf18ad

          SHA256

          a953ef381606a6d98d98f3278e94fc1d5b58a0778f8ea3e305111586b759c14a

          SHA512

          dfbe97f3c1f3a3ebd63fc5bcee1b1dd1b91dfe01ac95af8fe897f44079e852421fa0c4cf038da6e43264d50f3e612ddc2be9aa17bf47ef604ca428fafe0858de

        • /data/user/0/ai.tick.www.etfzhb/databases/MessageStore.db-journal

          Filesize

          512B

          MD5

          9e867308d3c483ceb14320a411672921

          SHA1

          2ead49c71ab17c573aa60a4eadd5d998405627db

          SHA256

          c74d76aa246fba6ca910c38ad4426432b42dec3395a858c667d0a7806480dfc1

          SHA512

          19c237e761bc9562cdc5919e2f9a8cd73ff2d9799168ef8462a1d10ca68196e9ec550c21e8c19a27d554b8de22ef8a99eb331cfef3dbe03b9a2ae630307a797e

        • /data/user/0/ai.tick.www.etfzhb/databases/MessageStore.db-journal

          Filesize

          8KB

          MD5

          d3fcc2bcb652153e9467e59e78f6967f

          SHA1

          1b06905cf1f0c3e06014ec234758372a3a055114

          SHA256

          5b3a8cce3dcd4da8670402231e145d0f694b9ead191984f531bf0e328e78cf05

          SHA512

          3dd48791e9e52359c97bbf3498bc7e699bcca104a3fd79ebbaff63ead33dba7f5cc9e5554f91f6cf33fb3fbf2c3c7577ab3252e22b42344f4b4885c3094455b3

        • /data/user/0/ai.tick.www.etfzhb/databases/MessageStore.db-journal

          Filesize

          8KB

          MD5

          1e560747e885fb54e2f184c8ad100b81

          SHA1

          b0f2568dc068c00a69c6464604e9674f3030e6c1

          SHA256

          ec09f22763f70344b7d36647259ea14aef8536013c7cd23172bb49f59f30b95b

          SHA512

          f7bb1d749cdceb6f4a2f6f3e3f694e70771fe2347b44093d8088390f7748dd278c36b5eb86a71ac8d4c36c7b4e6a02abf09d7db5be2ff508aee23f2b5fca5a5e

        • /data/user/0/ai.tick.www.etfzhb/databases/MsgLogStore.db

          Filesize

          56KB

          MD5

          a860ba3e3a648f73fc11269ff9ea9c16

          SHA1

          7167faf1666bdb05633e945dddc3d6af6c35fd0b

          SHA256

          4087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e

          SHA512

          279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0

        • /data/user/0/ai.tick.www.etfzhb/databases/MsgLogStore.db-journal

          Filesize

          512B

          MD5

          232c83f98405e5c3e0b06d5547c247b3

          SHA1

          d26a337eafe6301a2fe1bf2a9353efccdeebf295

          SHA256

          d0e5d864c1433f34e11ee69e8ead0ed7c8b81ec199a03b29d134f40b49b7f447

          SHA512

          e333b0f12ee06a9d048831b617654c784316963fae019b5d494f23d09a94cd81777da62b2de1b1a6081ba851909c5c9b3d3a9178947d07828f87dc6dd22fbbee

        • /data/user/0/ai.tick.www.etfzhb/databases/MsgLogStore.db-journal

          Filesize

          8KB

          MD5

          638ca6ca2e5b463fe33d542ccf9e7a6a

          SHA1

          d1feb48ab8d243568afd55ef8ff9e91600c25c95

          SHA256

          63ae241f41234b252609f8e7215876e7f2a0ab72ee80e85a81268d6778412739

          SHA512

          8ef2974f7a9aa17d8a68f52e821f9944763f0bc2eb17e2d834d773bbc94f10d82f7df9e47d9da324e6610013d6f38cd52387b730cfc39afa80c440c7b870972f

        • /data/user/0/ai.tick.www.etfzhb/databases/MsgLogStore.db-journal

          Filesize

          8KB

          MD5

          d9401452667b4ef27d2aa61e580dcc77

          SHA1

          a0d0984edc68ba6815bd9d791ab74f4f78b1c182

          SHA256

          5449af113855986c3444048efbb1bab81e218bc6395f3929ae05a2bea9c9d4f2

          SHA512

          dc50a33dc758ebe2df1593877290290ddefcea7b0bbef66467f94efa04b165601b1a3434fa9b42fd2029c2610aaa171fc7beb4bdcee4b66bb4ad4f26e56eda9c

        • /data/user/0/ai.tick.www.etfzhb/databases/accs.db

          Filesize

          20KB

          MD5

          064201502ce25754236b3b5c12e24c65

          SHA1

          e2c89961dcf8306440bc99f7b058ef4680eacf0d

          SHA256

          b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00

          SHA512

          3f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1

        • /data/user/0/ai.tick.www.etfzhb/databases/accs.db-journal

          Filesize

          512B

          MD5

          3aa36948be983c77ad01686fd9fa86c3

          SHA1

          31df846094d46f18c33f50c4505b86bcbe6369c1

          SHA256

          c056a35acc5e875de2b2b5157988158238854f62ba94f4a9c40c8e01ad5fa084

          SHA512

          00492639d51f9d0e530940d431c81d31e700e704844e34666eb1516739d7253a3d64d28b7b13966a10e224620207f26192c6034fa89ba084aa68eb30a097f5a7

        • /data/user/0/ai.tick.www.etfzhb/databases/accs.db-journal

          Filesize

          8KB

          MD5

          fa3d8cae216803adad791879c92f5d2c

          SHA1

          8eaa95481129413df146d5859b69e8488b8edf0e

          SHA256

          7a30fc2194a74866c28b4e63a71bb9cbfef6bbf0ada2754ff8fe30021feabe07

          SHA512

          ffbf3e6526b3a7a3577e8d3dc0e07a224c4b776128294293c135868e9f50fd713402f70fedca904a6bdde034caf3a977a1c2d2155f11ab7f5a8289722b348546

        • /data/user/0/ai.tick.www.etfzhb/databases/accs.db-journal

          Filesize

          8KB

          MD5

          0274ce81bf023849d507e917f377bbfd

          SHA1

          6924ce67937d687cb597e1612710bf809e6e6ea5

          SHA256

          99258dfce2b3aed768c09364138baf226e3ab0da8908c8bb160712a455271a4e

          SHA512

          ab72be635dd17c6cdaa4ac303e24c0cc170444cba623ee0c4042897df72eff23f332c846e6b5274042fc3d9b1f758901b95b2b3db2ddf36a8098d695a5f6c8d3

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          e4cc327e331000d11beaa260bf5eb2d6

          SHA1

          fc1ba4eacf0e3a533e741efc0baece58d634d12a

          SHA256

          d5afe3f184bd489afe204b4bebab6d73fbdc83c6fb3f2d19e8c11a1cc6cb9c84

          SHA512

          2df5ca8e052069c07b0705a02f4c6f83ca00bc9d1a757f962731f44488836e6fba69a80b840c5e3781843caf8f7748ea592bd275a0e9a571041ffbff66a53241

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          f35948dadadc72dd54a8cb7a01636706

          SHA1

          874c102d418c31d8c162de67f2956b0912711443

          SHA256

          bd64b39511ded4d809376e5d245ec45687b6164629a10e426a27437309eb1033

          SHA512

          2e81b8de37c48a1d6c95a47b46697fafd280374953b1615e07f1e0e2c2ba9a724548a3af4a070cc0505c3a0222ace50e8c64139871548904ed1879c949fd1d13

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          5896a73291b533628e6e1964dfaa4337

          SHA1

          86cab9ebd844f11a1a8a9698079405a9f4c5d43e

          SHA256

          5009b579e35ecd71f895d355ad2b2c0dfbbbbdb1698ed3acf7ec05c9d106e641

          SHA512

          28534a44115fd28a759dd60910cebd1271e0698c7ccfeac6cfde92059ebcb5fe9284c768744e309443a00b8da2d33adf75792be2fe1b908221becd72c84b6e7d

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          acf6f9e6cf8f19f87e0ff53417bc1bdb

          SHA1

          56136495298796371f2fb7496a596003f0dfe438

          SHA256

          08e67510c4931728dd3c301095ee1f851cd2a827a7ced1ba27713db020c3cce1

          SHA512

          8a4306df0ba55c9feae00582555865902a9add5d84b328834bd3984a5dfba1cecf47e744d9882f7b0418fb353bb58661d0717da081ac4fd8d22ea1222f245f9e

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/Android/data/ai.tick.www.etfzhb/files/tbslog/tbslog.txt (deleted)

          Filesize

          2KB

          MD5

          56365b8abd4178b69cadaf8766b246cd

          SHA1

          1b7986335d329a72892ac9bbb1cf5f77de4b1366

          SHA256

          8334ee2b559cf4b7b09310d58b7f6011b44bcaef09881ce116179e35cd0b5166

          SHA512

          9deb641da235f472d0c2dabf778e44bfcc7dd4710f026fc16708d84045c0c67f5dfa62862b06714d4d7eac40cf1b762575dc128b3abeb474616a9ec6180599d4