Analysis

  • max time kernel
    62s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 17:24

General

  • Target

    55ea72557bd3b6a01d97b701c08bbb74_JaffaCakes118.apk

  • Size

    11.9MB

  • MD5

    55ea72557bd3b6a01d97b701c08bbb74

  • SHA1

    8d1dde4c3502fa6f86a2805020eaa69b0fa40699

  • SHA256

    1993b9b6fa906449d07eb485a67777db766b5dee4264bb4991d9b5838938f69a

  • SHA512

    d660568dcc493660f5aa5e8f9814ae28372ef538f507f64aea3faf44875e61881196604e0666b7f1127536293662452810bc31eff3f65f9cc24e0153e96d0342

  • SSDEEP

    196608:8Azrce5qfV8PPliIrWSe+LJw/ht6ijkrcprEUoPky3RrslS2dY5yUVM7ne:8crceofV8P0alwJttjc1NhrPIbK

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads the contacts stored on the device. 1 TTPs 2 IoCs
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks the presence of a debugger
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

Processes

  • com.estmob.android.sendanywhere
    1⤵
    • Checks if the Android device is rooted.
    • Checks memory information
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Reads the contacts stored on the device.
    • Reads the content of photos stored on the user's device.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4319

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.estmob.android.sendanywhere/databases/OneSignal.db-journal

          Filesize

          512B

          MD5

          6b95ad4c2c8dca596365b80afadada71

          SHA1

          b79165973309fcd0436583e1f544a6bcbb463382

          SHA256

          f8c5a34847c6d0bd15cad077ed2820baccb3b383bdb7ea2ab2fee8fdd08fb422

          SHA512

          2a2ea937b28e3a6bb50e946a7a58992b17491ceca13ad3d8dc40eb75a485082c43fa07fb098ef25761ebc24ea09d4d1a8a4aabb65648ace1f14ee3cb53093f4f

        • /data/data/com.estmob.android.sendanywhere/databases/OneSignal.db-wal

          Filesize

          32KB

          MD5

          ac6194873e625137d65a440fff7451b5

          SHA1

          2588cdabed956616b46864f0d313252a851e8399

          SHA256

          566818aa92338cedd2c3230b4d41c9eaf918ba019fb803217be9f8598b11badd

          SHA512

          b285433612baac6b3a972d992a7b6c1052b285f3f7ec1c0d8eeb9bdc249c91ce70dc45e3f2ff8f97b9bfcaac7a906a8e3c2988ebf9b1b66cf7c9a1e6c1dab3c4

        • /data/data/com.estmob.android.sendanywhere/databases/assistant.db-journal

          Filesize

          512B

          MD5

          c3b6eb3d4f1ff200b361d04eb5668ed8

          SHA1

          e0a5e7e19186cd4eb5b3211cec169613da8a83fd

          SHA256

          ec653bacdcfffb02991ec382e17ced4c5c8212d4820b2fbf421b18b9aafdad8e

          SHA512

          9dff24e53a58151ebe0b69f9f973c9808c025220ab328803cc65003914fbd934e3e4dfab67ad8cd149bc497cccc1ff44823bdadfa3099be9b96560b96560a549

        • /data/data/com.estmob.android.sendanywhere/databases/assistant.db-wal

          Filesize

          96KB

          MD5

          241d315ce4ed4140edfb8d6ae1614001

          SHA1

          c16c810013ff4525012d3377fc3040cc0660b53f

          SHA256

          57dd6f199ce98144a332a19e2467b5f316d6557264e74e922cf7046484402623

          SHA512

          5057b54fac95572fdcb27439b422b520ba7edf3b3ed858c79c10b7c8108d64b34b927b88f7905ff0a8d2b21949dfa085f71e00b56716e1c307deb8c2c507609d

        • /data/data/com.estmob.android.sendanywhere/databases/index.db

          Filesize

          84KB

          MD5

          3933241254fa9a61b2dc3fe7eb7ba9a0

          SHA1

          c8b23eab456dba7470a1df60c1629b07b974766d

          SHA256

          61cfa7821cb8d248123e50b956950a0bbc55e5858217a05e07f485b481565fc1

          SHA512

          580707c8a8e0cc6c82905fd23f29163d981fc49aa45baece0a91679f7b2bc1b9d2a84a3e1b7680925ab740314810c15f5d7dae4c47244473e5af273c1664f485

        • /data/data/com.estmob.android.sendanywhere/databases/index.db-journal

          Filesize

          512B

          MD5

          4b68ebd23bca53bf25af79e12f1958c4

          SHA1

          6379e4fe16081eff61a20f401fa08399c9dadfd1

          SHA256

          784cd1f6fb78b8bd8191b95e66dde528899c757a92763e804fe4b260485b537c

          SHA512

          e470bfd5dd00b360f6b4eed0ace78c973961cfe938441bd78b00e4aa2a1486076304410fb65d857f3b9dcb5b2d782c697906248a9ef97a5082546ce8ffd3e458

        • /data/data/com.estmob.android.sendanywhere/databases/index.db-wal

          Filesize

          402KB

          MD5

          07d62d3c837b889b2acf5702a9886d75

          SHA1

          83643e8ea05c0e58b30c44a336bf203d0d0dcc70

          SHA256

          e78f671c1a95bbb0c5a1e949ac95bf1a1d53f8b4612694ff1a8d449c186a1ed0

          SHA512

          08ea5bd4832c758c6fb4819ab554e0c2faf2fef70ebe1167c08afe8154925bafa35198b841187411b09815a005a1a2965c2c6ae8172e67024a706b83cc7aa395

        • /data/data/com.estmob.android.sendanywhere/databases/main.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.estmob.android.sendanywhere/databases/main.db-journal

          Filesize

          512B

          MD5

          7080b849cd732a9a5ba6043717376d46

          SHA1

          1297e3a166601ca1edb9aaa10ef4450cf2d3032b

          SHA256

          69ba4cfdcdbeaea463f3c1a913cea9fc160e8281818d7b87a6aa7ad1d7947277

          SHA512

          fb32a672ebaa93b94a09d784da9e18cd97e3969374ca88c967497142642a27e6fed2f48f57ccbeca229e5275aa5bcca63a41f44bb415ebfb1d7811255bc66d1e

        • /data/data/com.estmob.android.sendanywhere/databases/main.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.estmob.android.sendanywhere/databases/main.db-wal

          Filesize

          76KB

          MD5

          ebec3aa7310b49bf82fff7e27fcc36cc

          SHA1

          b9b5f703ee3a7ca867d83375abf7b97d1b475b45

          SHA256

          efd1ca2ee666b7bc736e33332a46b83f42af549fb939b6813b6e50e317e4bb36

          SHA512

          d40c70a359b0fb4754af2a6181c73df5ad89a23d8eeedc71e4bbd3e897e52aa51eb948120b4742ad3a979769b0a3d4be048d3c016ff758b96c2e4fc4c1402708

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566BeginSession.cls_temp

          Filesize

          77B

          MD5

          77424e5ce056ac4a36e627968fc07d67

          SHA1

          9304637f7cf49a41ac92b1048a7e6daaa98d5789

          SHA256

          18ba511877d5d8ac7ef9568c48f95e555e4352ed6ecac34d9326981ad2bec912

          SHA512

          7d939c65d5d17c70172430e00a9927538ad6df9f7f545b12240f89e3dff93c3eea0d3a7afc1250b50660ecbac202b7287e6bfdad72c28f6f1a35e06b5f9ad091

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566BeginSession.json

          Filesize

          132B

          MD5

          a5372b5cd907e941dc1acd507a6bed76

          SHA1

          d2448c14d4741f78000bdd5bae5b3c34ebe35001

          SHA256

          2ee6c2d0ce3fcf4aa8a1f020a9b8aeade35f84f57012edf0162a569c0ab5f250

          SHA512

          59b6b845fc90cd12a9ef90aca941971e31d95318148cd76d68181cda98a3fb01dda0d5a9da5d5da09105247e062aa2a439b3fa6858d0bf74d4d1e225d7f8cc64

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionApp.cls_temp

          Filesize

          95B

          MD5

          f9c8609ba15b3f6f417a32e107d593d4

          SHA1

          74ccdcae0d2efb7cbfdb359f3faa0366c010dfd1

          SHA256

          481808b1a6659538551d2926b0c9131e9dcc6a928b884fdf1e2ac15399003711

          SHA512

          5e2d851aad9af0948ceb154810857d16e89fa603124f815f13f409f49c1f3de77327e43abb9769731e231d1f0f5cb90f35fdc5ade42faf9e997b4b98345596a4

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionApp.json

          Filesize

          209B

          MD5

          eeb9f196e691d2499ff12b1571914b4b

          SHA1

          cec4d207b703382f07d4ecbecdf21ae3d85b2b7a

          SHA256

          edf045a192bf0b855ffab88a599dcbeb037a4edb70b69a9c35b99fa595f85ceb

          SHA512

          b777eaf78c2613e90b31d99044a7a6473ade32007d2a482c4b18fd40733a08f158a03607a734db6eb1990c522f8271e96900185e29dafaf633c2c902901bdd8b

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionDevice.cls_temp

          Filesize

          48B

          MD5

          cf9cb0612d588a1f71b63084cea67316

          SHA1

          3d035bb92fd3f8997160cf8025c40239af74d3ca

          SHA256

          0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

          SHA512

          70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionDevice.json

          Filesize

          202B

          MD5

          75db92d50c80a89e068550028c62acec

          SHA1

          d78ea55f5dc682e4da456d26383249f608fe894f

          SHA256

          1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

          SHA512

          dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionOS.cls_temp

          Filesize

          14B

          MD5

          9b3d4522944ce6396563812bfdb92fa9

          SHA1

          6d2a6133c8f01938a48ccc77ef86ad8ca335c020

          SHA256

          d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

          SHA512

          091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionOS.json

          Filesize

          54B

          MD5

          93023624eb8dff5c20050da136aaae0a

          SHA1

          acfd1ffed752c28fb135ba83c0c6345ddf2f6995

          SHA256

          968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

          SHA512

          bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

          Filesize

          67B

          MD5

          eee135e6127384c3fa980c70bc2c7c5d

          SHA1

          7442a68ad294b26046d2edbe9a3e9d6720dc7af3

          SHA256

          164114a7da15c860ea7e20b4d2e4211ea52794e69176860a3627bc4b525448ab

          SHA512

          9cdd6c6c33472525eb705b804cc86ca62930d150032fa101c53e02e9e926ac7b5bef5f2d1d85a219d7a243e9550d6a841143b2dcb8fa4900884e82d996b97a57

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

          Filesize

          132B

          MD5

          89ec907edf0501c6b8a7d9199e76f4a3

          SHA1

          f8cfcb8c37c0f77fdd99165f9e5352318c5baad4

          SHA256

          2495e43174b19d198bdf4b3ce43a0df9edd2dbb23745f2a8509588877bee6f15

          SHA512

          4b0b34865d405e2fdf2d591e92b6bf7271e9c7cf817b765df9404c6b582494f12ce6b3fa1b2297db144df686cd598d44ba049408ba2c6945ad698a047cb68e7b

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

          Filesize

          131B

          MD5

          ad3e287df2f559df9c1faaf2325e326d

          SHA1

          fe35e22955c5e1541e6f194f0d4ec643a681a6e9

          SHA256

          6a3b5ecee15bca5238b806bf18d9c43c15a36cb50679030a8b5df9cf300bf397

          SHA512

          2e29682a5fd6181ad82287da1dd3e224fd3e6cf85f830a6d2fd0af6fa839c20acc6ead7c08665d0e540ece5305a141eba7e8d5d1b1e0944a19442d4f5f96b08f

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

          Filesize

          196B

          MD5

          a7c41969167bfdb2999be9b2fb3bc793

          SHA1

          aa78a036874ffff7dde3eeae7d221f21f1bfd132

          SHA256

          7b6d24f2fea64d37f59b3507174932aacb021a3f5069100713ee0c561ed9d308

          SHA512

          2f96b7b2c0ae50232a35fac2f9a8c5eed7a5e8fa7ccc1387e5dffa952645f48ce75efb9ed7244c1f202cffa4fe51a23aa6539f438842dd5325fa1812a1dfc18d

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

          Filesize

          330B

          MD5

          11f707856801b2698d21aa4f56678e68

          SHA1

          a287a83bad3f967ccc9747a9822f61cdd766559c

          SHA256

          c27cb9bd31659e3eede2ef1064190a1a74192452bc276b5470b1c8435cdcfa2a

          SHA512

          3fc5232a38ca4c08f74abd8edadcc1b73161a41815870a0400045fd28628847c687739cb23701ea39ce699f8af78ffb957a2acc831a62e2477026eec6d687a99

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

          Filesize

          448B

          MD5

          0db6e550998e2ca5d94274e9041ed452

          SHA1

          020a1f66531f31d417a1cd557ebf42ec99018744

          SHA256

          f02f7a37ec6c0ca3baa4e203c3e6456db413fdb64326bc4dd4e41153b5f2121e

          SHA512

          ef938deb1d96a37fc3dce3078bbb33462d720c420ba3152998f855de1e52827c69ff2072248fddd533070a0d49932ac7e181cbe05c78cec67a3db673d84b1173

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

          Filesize

          2KB

          MD5

          d4e4e868b8ebc05bc6b786585f5e99e3

          SHA1

          d5bcacb6af33c79899c7a4e0361d6f55a55d3b5f

          SHA256

          1855e25871c3a84afa927ba44d296b25a1c6dec17e91be3f72cf26d94ab4d7e3

          SHA512

          0e24a54c034b2ba7dcadb9f300a50296614ed95aea30e404c62dc380940832eb288458da7735c4f3b8ce3273d2cee46a9616f88b1805afb0480f74cc0194578b

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

          Filesize

          16B

          MD5

          c33583fae4e0b61cde1c5b9227963237

          SHA1

          fe2ebe4d27469af1460f7e852031a04208ef629b

          SHA256

          35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

          SHA512

          fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

        • /data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8da91df5-5d0b-4fa4-9363-a04908ee3606_1716053100956.tap

          Filesize

          359B

          MD5

          7dfb0c2cb3e60b6ff57d23f05482035b

          SHA1

          9f735bf7a7af972a1c277f559e3b63f44376d4dc

          SHA256

          98d227271aad9a7a7fd99e0c44ea56e4a7b49130d7d251d9f31f781de206964e

          SHA512

          6334cc1ed0bf97ea51094525b9fe9c9bb3bdb22c4282661d70fbf1f74b2acdedd8928044d095f5b186dbaeae911674284894a463a948ed97eeffa679dec12a39

        • /data/data/com.estmob.android.sendanywhere/files/AppEventsLogger.persistedevents

          Filesize

          1003B

          MD5

          fc07249e6dcd63eca5ac999e3130c57a

          SHA1

          21dfdf869160910ebbdf67574dd084e690299789

          SHA256

          37a4a07f6b2674f1eceebdfd776d678b282d09b0721ec2143bfb98bd5bb34436

          SHA512

          23d068cbaffa098a07d3bc39487dc6001908ff5eaf4adf3831885bac8aaa9728074af0cacd20af862f609a1225efa174069cf8a1abf31fbd5c74ae5abe4f12ec

        • /data/data/com.estmob.android.sendanywhere/files/persisted_config

          Filesize

          24KB

          MD5

          9064499875414ea66561e11d86808869

          SHA1

          d4d771421baf79f80a9a28ac738b96925542fa43

          SHA256

          5dccc5d942d955711813b66f26dd7f2a8509ef6831618798ebbefa7acb40b2c3

          SHA512

          e3f4bae36182f7a49a5ee5da709a8303eef72c39171156bb0aa8fb0994768e8af2fdbdbf2f046c01cdec3700230e72b7b6d98bf04da705f2937062bd2daecfca

        • /data/data/com.estmob.android.sendanywhere/files/persisted_config

          Filesize

          24KB

          MD5

          808defd560368376178c83310e1e5a5d

          SHA1

          45c73589729916bac0c34d3a1561abe5d5f238d1

          SHA256

          39d69d2b511be2f41354d8ac101d3b7bb90871521a1a59ca25027fa518d7d83e

          SHA512

          13b37eb069504aafe1d291cc8e3996f0cd2c22bd2c86aa6e6e6bb7341f60cd1c64e4fced18a406c389b25f9305344e6d7d723ca8921e9cfca7617b8b864ec0f1

        • /data/data/com.estmob.android.sendanywhere/files/persisted_config

          Filesize

          608B

          MD5

          c59e25e4ed91c97001f53b7ae5827a1f

          SHA1

          2dc7493688d0569e07e5b7f40fb3ab9e205d31f8

          SHA256

          926bc5d1c8f2cdc869deafc405eb4cb45dbbc932fd189413d69583eae329b8f8

          SHA512

          12b6ec3aef530f73870e0527e44ac92f4565a4edd4fda472e9e7c0403887ee6ba5fa72d89af462318980e9b8f51199d8234c2be1fc0c1cdf712c527d78a83a73

        • /data/data/com.estmob.android.sendanywhere/no_backup/com.google.InstanceId.properties

          Filesize

          2KB

          MD5

          87243d0c8c31f6fbe8f8538fe8306a78

          SHA1

          02a6ca755c8816e23dcc5c6475d6939c9ed88a46

          SHA256

          140e82babfc3f3dfc374510b12253fa616c56ad266707b482c590bd47a5bd1ca

          SHA512

          b9d1a639c7019486cd17181528be044f42a5c80751494532d9af107859d0ac7900b9d45d3d364da7f72cd3e8d51c41b43c6b188f5609f75bce880b0817183e50