Analysis

  • max time kernel
    49s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    21-05-2024 01:20

General

  • Target

    619699bc05aa8c38d67eaf6dde54571b_JaffaCakes118.apk

  • Size

    7.3MB

  • MD5

    619699bc05aa8c38d67eaf6dde54571b

  • SHA1

    4f614036e8c53016a0f8cab8b4043298b7c5f334

  • SHA256

    b388990fde8dcfcde731b3188e59975d3c1f51f2f6678a23a4935259681018f4

  • SHA512

    f520b30d2a3ca731cf4c69ad68411bd9a49f418482322303e72b05b6f4301f76cfae3098308b9c0ee8a8c5791b12df3026fa4745091626916dcd0885d384cee8

  • SSDEEP

    98304:/vu7EUpGuvGuOWqe4gImR7lvDb+i3lyCkori+cGQxaTO:/WQU0Cqe4l+pvDbUCk9+cOi

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Checks the presence of a debugger
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.nanoinfomatrix.Edu_Pathshala
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5160

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0BeginSession.cls_temp

    Filesize

    77B

    MD5

    530fc39646cc1b8abe7ed2b05062be10

    SHA1

    ad7ddaa9ffff0e8079cf88e3381567417d91d7a3

    SHA256

    4e2e3b65f08d69282660ea09d6765c4c7d14c1c390158b66762ba343b9b890eb

    SHA512

    b458015df72f938c9abf82ab8c69037dcd7a47a18c269607b52c2e60e077133ba5b0d083caef577a6b6a396925b748480ea1bbe359fe586e37f2c803914235e0

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0BeginSession.json

    Filesize

    132B

    MD5

    d998e62e379886cecbdfc8b8aa087863

    SHA1

    46c3b29fd1a32d4c65d346a4ad84c1109984b3ad

    SHA256

    12751e3ad2070f9999a52fbc519c8d54c864247384c78371e86b25631a878a26

    SHA512

    969978104bfe44d6ab8c3741b292319522b501c748669a13e257a5cd9e3d3bc2e77dffc412ab751eefaa02001fb272b08ed69d4cd8df5376e1b38836de312289

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionApp.cls_temp

    Filesize

    126B

    MD5

    38580b9f1b0e0ad09da660a4e3f2e154

    SHA1

    d2dc601cbe445615def3f181073af725093ed2b7

    SHA256

    b833de70e51f084b3f941d3514a7d2254852e35732e5ba36a8a7f182593f3172

    SHA512

    4de24ce1cbf8da92cfe9dbe93dceb6d3fe68ff378c6f930a5eb044193759b85b8ccb117e8266d93a806f50e23ec9281a5787d11a17bc61f6295ce8b369c866e5

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionApp.json

    Filesize

    240B

    MD5

    fdbd04809535a6bb206976f9b8aaef38

    SHA1

    4514d966b04cf5da922c5420f60a3b89c071b870

    SHA256

    75e6bd2de2c3a101ea95c2cdd41bad981c2e55643a749e874a9867d35a09683e

    SHA512

    e7213fafd04130162bca37ae21869b6c1893f4bd57d72273b341c6846e1d99504fc64a8c5f7a6e9a7a54eb97239fa6a2560a7222106fdb2ac1715d37a752b14c

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionDevice.cls_temp

    Filesize

    70B

    MD5

    c4b644f9e4f17e691917c0582e61762f

    SHA1

    56fa34f86dfb41c67baf535b1f8931188eae9708

    SHA256

    10a9b3c72e78e15018ae8e999648ad32985a64bb198dc363f3d7d8249aeaa9ad

    SHA512

    3affc5f116cce3b79a2d68687980289562353e26040f7af355979a4497ad8d288df83cb5921f498ab4f31f7a3e032ce00ac278332ee77484a6d9478018353a5c

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionDevice.json

    Filesize

    204B

    MD5

    18381eb4d32a22c46d8c43ff9cd4a74f

    SHA1

    d071c3ee567c2d6df45a918d867abf04af2fa097

    SHA256

    91e90d5d04a905dbd38f9f0c5a4edd37da724fc8234ff0464811925d98f3ccbe

    SHA512

    4ac69d4163bafe7910bf707f0459faba06863169a9ffb14b03776036757e66251e2f404d7fcb4bc954d51e5da14584111c23a0fcd4b2cae81b60daee7c62b771

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionOS.cls_temp

    Filesize

    15B

    MD5

    2566d27ce8c28d8961f082c375d7535e

    SHA1

    92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

    SHA256

    5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

    SHA512

    1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionOS.json

    Filesize

    55B

    MD5

    5caea4b68c57072f7f52a5a41720566c

    SHA1

    4d9712f1702c7238949da43f7d8ae6efb233a666

    SHA256

    3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

    SHA512

    fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    1KB

    MD5

    fff5eaf47a409fc33eedae8cdec5a81a

    SHA1

    f42486e3cd26f6a83ffb9e35d14905282e3adbcd

    SHA256

    37eca132a181d55a5fa41b5b00369d51afb0e1bb190ec13d6a07a630b42a9620

    SHA512

    cc0c31d9a572ac30b811a630f3e786f88447351e870453c36649d252c6354cd69b339d86ec94179bdd223ad545e38d227e1a02d3602d951abd40f0525d082801

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    475B

    MD5

    a0ed73afd7e9e411408409f61cdf7532

    SHA1

    9ecec0c232cf43a98d01c447e2251529cf52b0d1

    SHA256

    0b52a65b95bbd544863a332d8422544d068cef015c0ce82d956533a84252f0fd

    SHA512

    e39aaaf620bb161097960a97d18f35c17449889e87393eae38ff425565316283a4ec3c5eee49ef19d8c2ddc2c08ed46ecae86a54060f44794b99f01f806b8e37

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_07ff4427-9d2a-4324-9f62-969039d42911_1716254495691.tap

    Filesize

    376B

    MD5

    12ee31c8e8399b8f38a034de0c46062f

    SHA1

    dd02d3c25a1fe66a846f150cb665b59b02550025

    SHA256

    97c026b64cf045d93708b9f9b8fefda1be92f92151ce63f3f88c4bd6df64cef7

    SHA512

    baf1aa997e7c2a6c9981ec1d9f1d000a599cbf9610a4b7629a954dc5c8eb0a9ca237b595cf402718b162aef80a8cd965ec249b8ceb8ed0c733607cc47c90b427

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_756a191e-65cb-493c-a2c4-ab667e23c7d2_1716254508540.tap

    Filesize

    447B

    MD5

    f3c18a2f93d11a6447dc70a97eef3933

    SHA1

    4c1c69a0c103a2295a5554fcd591e40d89eba0db

    SHA256

    40b6d29413702e7a416e7cadc7b1250d958dd8d0942bc187a156546bd5376d63

    SHA512

    275f0976bcf84962154ed6d9d7c0c7c0d56bdb9ca58b28da500cd5e12be6c7fac928db8a82503a7bfede5404b8ec20f105bf3ea1ad6080aa7afbf22b3e4ef624

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/gaClientId

    Filesize

    36B

    MD5

    1cee4ca83a5b8773864674c7674c25e7

    SHA1

    09ee929a41c0d29c8b4647d234d3f4db95092614

    SHA256

    354f9593aa87078eb173f0c112dbc5e3006d83df76c1dd2c88dfe16388078a7a

    SHA512

    10c6451e8d9aba0eb08f79573a07f5eb2300fa70ab5ef47a77855c0938a06837f7d88f71d443a63a1f8a27455d7d6653551b77cf51c6618981a99efffa702c85

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/vTlMPCGmf

    Filesize

    358KB

    MD5

    823346d9cf7ad857698594efa439d03d

    SHA1

    c4b3ed17fbaf5baaaa7cadd606490261a59ec6a2

    SHA256

    61f2361d12d6e00f21b4f1a3b3da88e3a83be0377e65c114db8933aa4e8b7dd7

    SHA512

    f1fa3b49932b7c8728d22980b8909b80fc7f74f1d235941c7fe335dd7d0b47b64b92cefedcdb1e68100b3c53f090916a0098bee13408b99778b77013e9962d78

  • /data/data/com.nanoinfomatrix.Edu_Pathshala/files/vTlMPCGmf

    Filesize

    631KB

    MD5

    e14aa374a3098d17bb1f2c224edf4939

    SHA1

    63020b5cf238c66265a673c402d5cd814e987da6

    SHA256

    53233f371734357aaccb6c2648f61df974891430d0fb4c4289fbf02f05546660

    SHA512

    599d9b2f4f23c2cf879fb29c89b5aa25e83fe749faf5f01933019d0f50974992da3c4dbf8180be4c194ed4b5cc5fdade273fe5f02290e13d50fe57877b777fe6

  • /data/user/0/com.nanoinfomatrix.Edu_Pathshala/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56