Analysis

  • max time kernel
    170s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 16:20

General

  • Target

    55a72fb1b8a8e144012840d0d3e63d82_JaffaCakes118.apk

  • Size

    31.4MB

  • MD5

    55a72fb1b8a8e144012840d0d3e63d82

  • SHA1

    c29b6b5e8d7a1923f96748dde39c71a1b9b6b608

  • SHA256

    b229e10a82ac52b760c069f94754df2850e21fcd92a5652b9ee9feb5740f298f

  • SHA512

    0a521b6e763ece91d93fb1f407110d0c943734cc19614e6646e394a5effbea2107ddb6595e0dcf53149ff34418a6031a343a5f5bbcb6a80352a67c60800ce4dd

  • SSDEEP

    786432:oEji8Jh5luwOR5rMPxQ1FYwGq/FHF5DxRgxzBLG1dRU8NPXZv:32Qh5lXOTExQTYwRbZxRgNwPK8Nxv

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.tuokio.soccersumos.kyx.m
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4296
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4427
    • getprop ro.board.platform
      2⤵
        PID:4489
      • getprop ro.mediatek.platform
        2⤵
          PID:4509
        • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
          2⤵
            PID:4648
          • getprop ro.mediatek.platform
            2⤵
              PID:4756

          Network

                MITRE ATT&CK Mobile v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/0M3006CS7U0ZC2K3-access.db-journal

                  Filesize

                  512B

                  MD5

                  66b07798c083758eff514701554248f1

                  SHA1

                  e583657fc1109ad67bea8455e6b217df1e2861ac

                  SHA256

                  50e21d506f881fdf12db3e7a05425a6dbaee1262e499edd824f19db6a7c22488

                  SHA512

                  4d2a270206943cf4da10f4f8347807738476219b047233cedf6888911bd48b64428f70707a55ad18f3064f322b8f32848eb760a862f2b099c8e78449ce3573cb

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/0M3006CS7U0ZC2K3-access.db-wal

                  Filesize

                  32KB

                  MD5

                  86febfaae1af34c9a1c92186ac934e81

                  SHA1

                  48ec0d3bb9698a229ac7f8174545c3971c33fb2c

                  SHA256

                  c0af92967a1dd44d602b3b1a8ce218cd9f68e10542f0e1fc6ea5ae1bc121ada8

                  SHA512

                  03feee242af857705f79737c8a593404e1c6223934b2415459ce0d5048c3650b45345924bf260cd6e27379e380a6865d04cd2f15d63858a4e2600d0f3e50df4f

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/ownad-journal

                  Filesize

                  512B

                  MD5

                  9f2c3aa6e256b3f0f31ab850bd5431ac

                  SHA1

                  a4eac89113f21ce9aa74394d4b6209b8d809e39f

                  SHA256

                  34f27f5b5a46565f83a943ca0a6c075879af0b0f78ab805b3a03d8efc8e4c267

                  SHA512

                  ec2b0a0aa9979ead286a4ea01fc3f1e60d11a25d9d83cf6896e12b8acea0b52d66268b77ed01ec0613379da664df29ddf9433782ee81a66e8904c681eada2f29

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/ownad-wal

                  Filesize

                  28KB

                  MD5

                  94fb1d8061c1e2d66be839e896f725aa

                  SHA1

                  15867c84b9a5b18f018c670033d245d51f4b835e

                  SHA256

                  9bf55aaccf54601daf68d0e716adc00b4760b3d3e5b21ac388648c18c67326b9

                  SHA512

                  aefc8e26b41841f9f746b1a561f0912c4dc505acc01db8dea0d88ff9d972185b2dede8b6a2f0ef9d2e9d4a2b596331cf5b396b95919663154ad4569ce85447f3

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m

                  Filesize

                  4KB

                  MD5

                  f2b4b0190b9f384ca885f0c8c9b14700

                  SHA1

                  934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                  SHA256

                  0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                  SHA512

                  ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m-journal

                  Filesize

                  512B

                  MD5

                  1d7579993361fb331bbf3e1c6975dd2f

                  SHA1

                  ba845e9e7a84c21a3b0684a78ba63da99cdfcabf

                  SHA256

                  e58adb7699be15eb82cdd314eaa88d14fbc577908dabcca70a60ce68feb9fc56

                  SHA512

                  04685f9b691a91ce18ac88d68e31aa07825a4003db3ea4fa0aa5c1213f6bbd0da9e03d73c61985d321e603ca69dc01193ec9e51a9ddc2b43df4c7af208185972

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m-shm

                  Filesize

                  32KB

                  MD5

                  bb7df04e1b0a2570657527a7e108ae23

                  SHA1

                  5188431849b4613152fd7bdba6a3ff0a4fd6424b

                  SHA256

                  c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                  SHA512

                  768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m-wal

                  Filesize

                  52KB

                  MD5

                  fbbe98dc79588c360321d0093fad5a2c

                  SHA1

                  8a6c5286dcd52d839063db024dbb2d88812a3a24

                  SHA256

                  2ddb6566b16aa277718422cf285abe80a492bd9fe9eba0b8d4c60c0a7b1b1984

                  SHA512

                  401fd9d93853803933f2b1e59806469e7aa8ba4e9d1e34bf82ce20cfdfd78d07d4667970e5ff05d39683d6d7f97df72645a0a6567d6dd0291ec19fa522cfaa76

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/tencent_analysis.db_com.tuokio.soccersumos.kyx.m-journal

                  Filesize

                  512B

                  MD5

                  448937f1440f32e8aa20990d7bf5a605

                  SHA1

                  c173e6baa5a8174a90de04f894bfed74e7bbbe32

                  SHA256

                  976064db7e8adc11776a0f0464f4cf500a9991a253a395c5c30b7a38248bdf49

                  SHA512

                  ef6cd89e64508435f1bb56c00de0655854705477fcca21d41360051ad3e5b30452b15ab7961c74544a9a3f58ceb8fb718fe11e540f30382dba83fd855999d667

                • /data/data/com.tuokio.soccersumos.kyx.m/databases/tencent_analysis.db_com.tuokio.soccersumos.kyx.m-wal

                  Filesize

                  108KB

                  MD5

                  c4d9b730d5c073f512c121c6709bfc95

                  SHA1

                  18dd38c70650084cd04fc359ef9865b6a9c50064

                  SHA256

                  6a48d27fd1c939c9dd5f2645e3db6fc8f914be86481b6e18d5b0319db1a40ae8

                  SHA512

                  1393b8c07c93fc1fbe88bf3f6d66e612b6acd14b9ca2bb3f1bb83c8a6fe65ebeb55ab17c852e49d91ca06f1ad6c8f429009b91568c72affa6f7c1a0dc9cc032a

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar

                  Filesize

                  1.7MB

                  MD5

                  3a977e9a0e54b402e8f1eb3d17a4862f

                  SHA1

                  a4504afa50a91730b90ecaca529e1b79a7297b68

                  SHA256

                  b26c7cd26ad5c4cce725a49d3fa9df5d437bf552f7cbc49619d04e612ee14476

                  SHA512

                  a94b35a112322a9aff74d9cecf19b858ed7288b33ddad468a5533380106cf3e1a128b9bb78a9f441fe90e5b5a991de90432b9ea2c79f2cc4f905b7d85d144b3b

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/oat/dex.jar.cur.prof

                  Filesize

                  1KB

                  MD5

                  79995832a1e8b57843a94a215a59ce2a

                  SHA1

                  fe022eaf3de0b7aed364ab64ac1766d532b6355d

                  SHA256

                  73f120bbe2b91ccf9ae90b5dbbe41b9360de69d9dc2981f4cd0c9037eac74533

                  SHA512

                  386a07e560826849d37600679554dcd729b3207bfb95e75749c2dc522a4c29b5f88c2f87ca18521c76af237f77a39fcc57104a1f7a74d564bbc8998dcd6ecb67

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/pack

                  Filesize

                  4.5MB

                  MD5

                  ec56d2f1302684654fc0598f38f74623

                  SHA1

                  a9fea68f1ff2e003a90b91d7d7d6a0c3b209b46f

                  SHA256

                  86de77500c377943548d94491da92cd61566a3a52bdba51ea8b05b6998b493de

                  SHA512

                  8b89bead1c2db1ff7affdc216947e0629ff214916b2615eb23f4115ff0099180904a7e0b318f0eb5626950426a0d0cf9df83fde3eefdf5da7d54fcb2c7c610c9

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/xiaomi_jm/1339/md5

                  Filesize

                  32B

                  MD5

                  2665d60dd191a1ed2c5c45ae7ef19b12

                  SHA1

                  063186f2e0a1948d3b0ca7b69d24be2b0a624756

                  SHA256

                  8fb38b187912e8eb63e8e04c59389c2052c76a50629e9c29fb55348a4ec2bf55

                  SHA512

                  59d938fea82f741090c42ab0cffb090adc6a4aaf209abfdaa590a36ee15bf978c4958ebe269e20ced44c821dce5045cb7f986d43950b01f94ad6e9b853304f0c

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/xiaomi_jm/1339/update

                  Filesize

                  4.5MB

                  MD5

                  2a27edf786c796357fd9cee3255a370d

                  SHA1

                  e1042699b1820a22670fd3fc3b54df50ceb3db1a

                  SHA256

                  070455b25f8784ae7a886f95f0128ef40c993d84917efa3c969c594b5f858a9d

                  SHA512

                  eea2db3a0caca6b481253401daf0dfa562b1f9fb9105b48d4f21178d51eb2dc57edc9809a357f23ca15b1f11ab55e9d262db45d60af5972da0fe9db27fcae418

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/xiaomi_jm/checkupdate

                  Filesize

                  8B

                  MD5

                  1b54ded1ec2d9cd11debd1a36d1577e4

                  SHA1

                  b3f7a7c87cf512ec1e82f9e9586a874e22689147

                  SHA256

                  3bb56c47022af0b96c7c5cdf5d1f79857681815a8d3eb464590f3110258da079

                  SHA512

                  72a40b9bd4b6c00a360d5f4c58c698b6537e99e2d6c93599195e8a444569d82decb4a0d7fb063b2d4c666df57bfff3b3e9d773f6326663ad967720abbd89eb47

                • /data/data/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/xiaomi_jm/version

                  Filesize

                  10B

                  MD5

                  5ab63864ba72b69090787ee506b5250e

                  SHA1

                  975082eb1122eb272a8c0e1bc891672deea30911

                  SHA256

                  53b858861d020c3a566b74397cbf669ef6cfc650bb4776dcc7765db6d3e3fbc9

                  SHA512

                  484e474c0a49a1c1ddc883b8994af3b353ae2b532822a18d62e65a4ac3cf0e0b6ac385842bbbd348b353a4d6c9d18aff9ba8d5f792a1a4f095d8c62a8fca1fd9

                • /data/data/com.tuokio.soccersumos.kyx.m/files/libtencentloca.so

                  Filesize

                  19KB

                  MD5

                  2c1ed75b42b2e5fe45c87cc3729a4ec7

                  SHA1

                  60e15d8d6e99d144d99cf8936d4304272e0c3782

                  SHA256

                  7e713c464d2e1285098b82953d2103e43e43bd42dfcdbdeaccc0cfb115b9e155

                  SHA512

                  d681a6f3870b1960968d6633c2351ce67ebb0b4b1bea2926d4154dda10826f71d1529507bf32aefe436bb21f5b6682203dde61150c8ffb68eac3b50172343710

                • /data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar

                  Filesize

                  4.1MB

                  MD5

                  efd480af8085308a1cd65c7cd1978285

                  SHA1

                  43e39f89370bcef2bc0765cc06ea59eca8846f61

                  SHA256

                  fe983561da059a1f24414f780bac0a823ef4459d5cb0ec1b5c3f2077c44e67dc

                  SHA512

                  eab3033c556a36637b953b350c20e2afd59e5b0bd7d0af4c2c4b92e73ff2e386287b5197963f555f1fe152be8550917711c5fbf9101e8143e571e4db24cbe1b9

                • /data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar

                  Filesize

                  4.1MB

                  MD5

                  6a1c58e8c5ecdcc94c35b4490f03daa6

                  SHA1

                  9f941772f27524a95c443e2142e2359011fbaed6

                  SHA256

                  9d7c2786ef5b0b0d60ed43cc3be3da2f3b43c1309dd3fb2532745164711d166e

                  SHA512

                  7230b900e6c520387348bd26f858144258be9837e8f75411a41f3b56021b9889a01c5e4b3622654457329f2a8e22b52f4f4977ccf9288283e0ef7b7f8c4129b9

                • /storage/emulated/0/.rwtest

                  Filesize

                  1B

                  MD5

                  13c8ffd977013703a701cf8e11deac65

                  SHA1

                  067d5096f219c64b53bb1c7d5e3754285b565a47

                  SHA256

                  e7cf46a078fed4fafd0b5e3aff144802b853f8ae459a4f0c14add3314b7cc3a6

                  SHA512

                  527cff2b6fdfbc0f54fe092b17d6d8c7e22500242635fa56981e85a64da6ce8a12a3a66cf69fd48f588bcba9bad141b8e351a0cdd4925ae57289933eec1fc153