24a56bfe72cd34ab12a9c3d1c02c5ce0068581cd83fc01e54fb6029dcfd90590

Analysis

max time kernel
21s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64779abd1c8540735a11d4749e36bb84_JaffaCakes118.apk
Size

8.9MB
MD5

64779abd1c8540735a11d4749e36bb84
SHA1

fdf853944376cc8073839a34e3444ba3b767f7b7
SHA256

24a56bfe72cd34ab12a9c3d1c02c5ce0068581cd83fc01e54fb6029dcfd90590
SHA512

015085978de78d134f6947cc2ce6994dc569509c473f26c59874a94bdd6fac51420b484cce41d1659acd4b3ef946db41ab79c9abdb3777603694262c25d89ada
SSDEEP

196608:NZAaGowVP8djneDiBc9YpDuk70hADh0DeIA52/IeB4UoYFI3:NydoWWeDiC9uD8yhQ9A52/IeB4UoYS

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.caynax.a6w.pro

ioc process

/system/app/Superuser.apk com.caynax.a6w.pro
/system/xbin/su com.caynax.a6w.pro
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.caynax.a6w.pro

description ioc process

File opened for read /proc/meminfo com.caynax.a6w.pro
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.caynax.a6w.pro

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.caynax.a6w.pro
Acquires the wake lock 1 IoCs

Processes:

com.caynax.a6w.pro

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.caynax.a6w.pro
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.caynax.a6w.pro

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.caynax.a6w.pro
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.caynax.a6w.pro

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.caynax.a6w.pro

ioc	process
/system/app/Superuser.apk	com.caynax.a6w.pro
/system/xbin/su	com.caynax.a6w.pro

description	ioc	process
File opened for read	/proc/meminfo	com.caynax.a6w.pro

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.caynax.a6w.pro

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.caynax.a6w.pro

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.caynax.a6w.pro

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.caynax.a6w.pro

com.caynax.a6w.pro
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.caynax.a6w.pro/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
9a00f21cb176302fb03d1fa278850053

SHA1
356af02836781e0ed35b91a7e3eff033ab4cfea7

SHA256
d0e0761776f858b48d2ccce39b914aa082be275a0943c6af6b6e52ac7f5c23ce

SHA512
b5feaada019dd0551eb8157ad173682f9f36f44765f39c3a283d56e36e3877ce4b11913507a2a39b4ecd3a1bd7b337b055c9c036066741c283613750800a1895

Download Submit
/data/data/com.caynax.a6w.pro/databases/google_analytics_v4.db-wal

Filesize
64KB

MD5
450ba3c3ca769cf6a5fd15bfae28baa0

SHA1
9e506239eb4d019c99f8bd1c12ee274676117649

SHA256
8e4a29aa19ae1af98a1290e42020ac3beb454259c48988564147da21cbd01a1d

SHA512
70f2c206dc4de336d70d9220d9bdc292c2794748366b14d27b0378bc32e1be3713919061f4ce3e69cdc38b530672c1fcbaf748d85844e079dcfdece96ee542b6

Download Submit
/data/data/com.caynax.a6w.pro/databases/google_app_measurement.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.caynax.a6w.pro/databases/google_app_measurement.db-journal

Filesize
512B

MD5
10646a603cc2b5724218da091558a354

SHA1
8da8f703daa9d4d8706e50a51786246ea83fdad0

SHA256
a2a6f8816591e3e5d36bf0197978b6338e4a51279f87dc253b504f86d4f34f60

SHA512
5c9f52d8e4c6e35286e9604cfde3539f874cc57b415d5940157cfded7c327907df53b341af06709d85e50965f33e722afed773246aeb64fab9ba241c1e9451d7

Download Submit
/data/data/com.caynax.a6w.pro/databases/google_app_measurement.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.caynax.a6w.pro/databases/google_app_measurement.db-wal

Filesize
342KB

MD5
db0a9d7135cac775d8398edee18f8a87

SHA1
c7c2d8babb0c2bd38270f7674b2a7b597d3732e3

SHA256
17111f81a50cf06774a5c0b208f2f671d102107801f352a2bd7da1451bc1f470

SHA512
37c5261b9c96ce833456e95a09fe37583d5c53e4fd5919311d23c4f370b2ee9e23b00ee1068b26f3ba8f506c6614e587432a5de5454b67f037175d9b837105f3

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853BeginSession.cls_temp

Filesize
77B

MD5
a841190c11aa53610577804688c242f3

SHA1
128421af74e9195aae152e8d6bdf1f4e45396f07

SHA256
1c3954b704ff369274db7294f6752bef9cb5089390a78236d27f21d1b9781a3e

SHA512
44a8bf476012b302e706947d8a1fe58a4b752ffd5300afe597d350dd7e3209372ecf05f7bf45a4852d06e32539eeceef5d49ea4f8fd1fd3242bd0ef03675d88e

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853BeginSession.json

Filesize
132B

MD5
d83fa8546642f4968039694a57e6825b

SHA1
090d5c0d484a5b831677fdc422eec6c3943f6cc8

SHA256
a7f5ddd19af1c05abc9acc33086633b2621813b8a5b6165e95a1923a4fd89f07

SHA512
8e5ffeaca6760aee66ed111f8785836d1021b426157e7a730c8d906b2653286fd2f0f685a2e682a44dffc4d18843c0b7ef069d962f0fa329b1369e81bfe4c2ce

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853SessionApp.cls_temp

Filesize
119B

MD5
afb3075e8be9aa94e77ff458a7d3fc20

SHA1
7063f8ad195a3ed14fddbdcbdb06388a1522ac49

SHA256
a71bdc058f2941fa8af43bdf5635aaddd47efc05b609f159be2e133d7fe4bcfb

SHA512
0ebef7c010cd4854ecf0ba15b51f8ab99378827f98fb0caec2e06dbc86af0bf58c60378d1ad78a7889864c08a1757ba654d334b64dd6453aa15847fd7a2f6343

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853SessionApp.json

Filesize
233B

MD5
00fd0363a5edcdb30908d1ba6fb9121e

SHA1
5ca90ba6f4f12162ae2f4dba48e6e5027a03fd4e

SHA256
7ae55dbdf2f7d3ba60d51db2cf74bb51daed173bde921317951fb31cc5364e15

SHA512
a3bdeed99c91b47156f4aefb038b8b46e3c1e77c2d81153fd1690b6ad1c79a75fdb33a2b302db1325ed0ba8219c7fca237bb6129407e5f685a2fafb28d946a32

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853SessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664CF45900EF-0001-10A9-EDE449D85853SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
405B

MD5
d4a083ca4d80bf4bdafddb5976de68ad

SHA1
5cdb632f8eeed46d787dc331f758202a15fcc5da

SHA256
3ceaef18edab28b200c604ee7d1a15e2f6c4786622a5bf2adda53b63a072d5e1

SHA512
469131abe9e4dc0f21d0572872e0b4397305e74095b53c246a5d44e19d333bdc2d0a271ce7f2af09ae7b6d8ca592f2c33d15c4d12b067fe1bd2a4f7f2162db40

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
799B

MD5
1f8f4244e3f9eeae01429e6b8a8fa179

SHA1
8e256f7b4d5738a8409522bf5bd3a3ce810e8619

SHA256
6fdddd9b2cdc28052ef284e14dac6f8d451a4b5ce9550b5b68db050ff2cb5318

SHA512
fd1179ab85ddf43c54e24fb7f561d86a59c7782f7179a71804f3362e75bd16d9857973ae57e543639b87e088fcb1204de4e58fb0df5f181a217ff988017b6eb9

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.caynax.a6w.pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8a189873-0dd9-42e3-8948-29d0f2a0a10a_1716319328663.tap

Filesize
326B

MD5
a6806ead6266d016782dd45650d87590

SHA1
35a8c6dfa9af685f1c767a104b6050c4b20de8ec

SHA256
d608d33f864ad1283ad5f9a03b4ce74d7408da8fe44dda7e182c607da67c6c49

SHA512
a3f2eb6ce389e7d9e662a09f035d063cd2d0298b8fbfcdcef25f3041550bfdd6ce43b0cf74ce14aa0fc6ff03cadad47873d0649fa190f882e03b69f032e95965

Download Submit
/data/data/com.caynax.a6w.pro/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
f0101ba6ea7feb6866c35fea9ca09bb2

SHA1
3161df6f5553a50ef3dcedf48da43a6db4af686e

SHA256
c72f0078dcc432460d9205106c210857455ee98f6a7daa9d01372ec8b7f8d35d

SHA512
4d999db487759b14bb29ad6823ca4a16bbaabfac6a5262757fff7e4af3387578293d076885dec020ff85ca0be9104356e783f78d74784dccfff67bb45a207dad

Download Submit