Analysis
-
max time kernel
166s -
max time network
181s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 01:10
General
-
Target
65788ec9c2255139f7b64d9e8630b6c8_JaffaCakes118.apk
-
Size
12.8MB
-
MD5
65788ec9c2255139f7b64d9e8630b6c8
-
SHA1
d98b00cc1c9723b625fa76ef67ef65aa41bc1027
-
SHA256
6f38da6bb5b0a7b0ef8996aa69f865dd49b7fc21d9e6f9b3c229ad088765fd1a
-
SHA512
2f2eea8ff1dbe7cb178e5ba6716808ae16fa7444faf276f3c0484027864b11609b739d7897ab7791712896bda52dbaf7ac17b1499b13f21f2e2bfda54c21d864
-
SSDEEP
196608:PDobuDTeop/7k0T5YfCUXmTajZ/a5tesngSR+AnEAPFx9BAQ8MbJOSKdoYRE8Rt:PDYuDT5p/w0T5Yxjcv9QUEuPZdK95Rt
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
-
Acquires the wake lock 2 IoCs
-
Checks if the internet connection is available 1 TTPs 3 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
com.gau.go.launcherex.gowidget.weatherwidget1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.gau.go.launcherex.gowidget.weatherwidget:pushservice1⤵
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.gau.go.launcherex.gowidget.weatherwidget:com.jiubang.commerce.service.I1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
com.gau.go.launcherex.gowidget.weatherwidget:AppWidgetService1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/cache/1582435991586.jarFilesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/ad_sdk.db-journalFilesize
512B
MD51ebaf4b0dbd675a4675fe5d6d32f2834
SHA10ef25b0cdb9fb559c926c8a55ff9418d878ab2a7
SHA25682561efa9f01f7742d581c3546623d8af6d4c9697d2b22d502b915a577b453ab
SHA51282317e26b443e0ade56190aa84bbf5ea64e727a1cef23d956e5506eebbe8e1da075b30d7685a5cbf6518f21c46aa07b3a8d8d20327dff2aa947aad1b9f6f4ae0
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/ad_sdk.db-walFilesize
48KB
MD52a04081e976408266cebf0867eb45560
SHA1a5b7bebe8bb521e5ddf85ba608a5ae410c03c729
SHA256851e4cc9bca54c51b72ad4a39ef6edd62dfaa2b7cf3ec8fb6c987833127c2170
SHA512b87b500fc2b3a95a7587f4837605c876fa16bda838f218cb1784e59b74abe20ff2defe6e9508d97225517424c18050068328e671c4207083ed829aac24c2a850
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/gostatistics_sdk.db-journalFilesize
512B
MD5559063b69b98cf97f1c67c9617894674
SHA10c7e563dd19c40e6a065b8fef8cf5b791adda478
SHA256594020f4af202859c585df57b4461b7b16933040ba06410ab16db5c816427108
SHA512a228e8516369aad7963084dc2e37c9ce91a130a0b76e4d2f57cec655c9fccb65feb48d4e9e23de093ae1c03885c651053c86ae8087a4c2797f89de4c2ac90fa6
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/gostatistics_sdk.db-walFilesize
32KB
MD5adf5a9de87d7fa0eb97c045f4bff0ce4
SHA122076d39a4eb541740567717fcefaa723919f41b
SHA25673af1df6526d4750e35150c40b827ec3c2a2ec93c1124f0d14dd093fca65899a
SHA5121f39c08feec5e9cd64f97634d6e0b8aecfd2697f7ed3cec3a33f859866cef07cacae523b77409cf395ea3cb8c886a9edd71943196e3b9b874c39ee75b4f81eca
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/weather.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/weather.db-journalFilesize
76KB
MD594105d9624bc1dcb94b36b750c14190c
SHA15afecce853aede70964eae3685a53d4236cae14c
SHA256c1ad1bfe5cbc7ea0c04308875d6edb316f1c924aae3c41f5a27e3e36d6d41cdb
SHA5124a4df87711b1747c09ba34795125eebfc0bb5c7b8d26c39d1e997d056fce197b0fcdfc2097c4ab310586f168057919064d80d162186f7b34c5f21a0cd2b835ad
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/weather.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/databases/weather.db-walFilesize
173KB
MD5e1b2b90703c8f7d7b12108b6f505cc6f
SHA1a345123db21ef637bbd6a4ed3d1a827103e84995
SHA2563f2f2945102a45c4f8b905e60462c7c0baa59276a5c0c4aeded2add38c42e7e2
SHA512102d82c0aa3319a74169a98ec9037cce6405f68fc74ba2b7bc9546fe5e5a8b53bdeb948146b5055d2c7e04529fe7dfdcd83655fad757528acd105199c7fe5448
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Y29tLmdhdS5nby5sYXVuY2hlcmV4Lmdvd2lkZ2V0LndlYXRoZXJ3aWRnZS5iaWxsaW5ncGF5MQFilesize
248B
MD5f2103e1fa0b575c37aff1232c79fa353
SHA10d77a21319de8d5e4eb996ac09101c1a6ca98cb8
SHA256bf8de636d4ec5254813d3e8fc3fff8094e757baaf2a3a7110972f74dd8077b3a
SHA5120710a027723e8567c948465d1a019d0a464e35cbc2d0064fea6785aa8926ab7e1267596a7f20c8d43028146fe3f56df107acbc8debec67ae213cf8b451610ba8
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z293ZWF0aGVyZXhfYXBrX2lkFilesize
248B
MD5e9b8274b0739b93ba4e1122ae0b3e61a
SHA19c2ef50d65d20c56baee57af6b9002ee34bb2393
SHA256ba5353ef5ed3d424670faa1dffd552fb7d8ecaa0f2c424ea89ba60ab8f8577f4
SHA51272c00dedcf3044d4aade5eaf371d5fe8c8c6d818cb0037ae7147cc4de5e0ec38cb03acd7b4ae5fbe420b19e44b41082736c6840789fea8183d540b05b6bf3163
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z29fd2VhdGhlcl9leF9wcmVtaXVtX2FjdGl2YXRpb24Filesize
248B
MD56900c09452a431409a79554d6bb8fda6
SHA15293e626f9da8a58d5147032f65c6521d633b21c
SHA25698e99d12a1ebf16fc607bc24dd59ff1eccc5ecb832a296104c53b52accfe856f
SHA5128815bafe7db43e829ca0ecf2cafa7452318987f207a19b25389161fdb36d06baaba3196e3dca72d3790868c67d4951d6e4675f5aff97545e4029b52aea409a35
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z29fd2VhdGhlcl9leF9wcmVtaXVtX3BhY2tfcHJvbW90aW9ucwFilesize
248B
MD5be21c137567e027aa0b4fd4c05cfc4d4
SHA19d3b93ae83b5a1352f9bcc673387de7ce730f372
SHA2561746230ef3e2da8c1f97e2d3a72dc3e9e101cad332345382e7e43a9e5f77233d
SHA5129f955aa4f7118e92e84bcaf22afa43fab5c94f2092346ef82d1231cfdcfb5fc5c4e35e60b720d763fb0b8f33c1910289c1039389669713f3276f3d4d00678482
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z29fd2VhdGhlcl9leF9wcmVtaXVtX3BhY2tfdGhlbWVfdmlwFilesize
248B
MD5652d7154d2b14e42256f3b694ffd16f9
SHA1737215f207b7547d5f6de2b3715593b1ea418596
SHA2563a1fb1e4dd54c848f15dcc2e3e7995d45182f9c21cb224c2d4bfeaf3e8abff10
SHA512d91781fc639010e3e206a9f0ac807d49ea35bc482b066c3d69b683fbcb316f31c1a3a2c16ab8f34d26ef5a8e2c4fac86b82c03e31cfacbea1d2935ce32467bbd
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z29fd2VhdGhlcl9leF9wcmVtaXVtX3BhY2tfdGhlbWVfdmlwX3Byb21vFilesize
248B
MD5aca167ca6ef6fb78e2ba872439d0781a
SHA145c412ba4a0cfe8a0d997a00b3465644a0101190
SHA25681dad9dc0f09376f86e8ea46b58c3122f2033b26452f1e8bc3533025372749b1
SHA51222c2a32ec458ff34ef7cc11eb56d2bc07bf89cede5671c6e337564cc2eacb46fc889c13f84b4ba06b3523747e8d68eddc815f3ae26d6df8ad0ba7f2c5536f470
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z29fd2VhdGhlcl9leF9wcmVtaXVtX3BhY2tfdmlwFilesize
248B
MD5ca0d08aaf4c60d0de54efd10b03af4ab
SHA18bd8955ca512a3635e8960c7bea36265b8157bce
SHA256987e95b25c7c453470ad0699b4c83855ab4e964f8dbbc5ff49d6021182a330b8
SHA512687b41834becc226a72ece60936f078f0806beb2d024eef3cc975965150e08b8371e8c2da9d911c0575173b201604483684746f49b8770e37f29d4b7d5eabd93
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/Z29fd2VhdGhlcl9leF9wcmVtaXVtX3BhY2tfdmlwX3Byb21vFilesize
248B
MD59187b5b572b807bdc2b81b49b3f11c0c
SHA133324291886b40909801528d8f8e7bed575cac35
SHA25685aadd4540ce91bcb5719b4dc92d5efc8db1d63ef5253f3d8a6383651a37f2a2
SHA512f15a72b47cd6e70277b5eb98434f423414bc906de9c6b7a869cdcb995b851665c6f8d055e15942cc3a0421fbb6c404788ed436dc719f5a7ee81280de1ebd7d3d
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/city/go_city_internationalFilesize
168KB
MD521cd735cc2153c7efbbb97f78f0a3710
SHA121b6e2f3b3e5c94fd7582617e8bdf98b37f95820
SHA256ef509d2cc080feca7c609796b85356d519951397794e3a94031a835043f69705
SHA5127af6d3a431b0e127e51f4e1791aa43cc15f711bfd568f8697b18592766a2d74b63e83c750e2ec18dc2efe3f8b5e93457f5702ff293bfcc629fc2149164c32963
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/gaClientIdFilesize
16B
MD53720398b1b0d07ed8e14df1517ae3713
SHA148c7ac823481bb50c8e89cbe47e56a4d2cca8455
SHA256cbf1104d32f8c2204ff59c9321daffdc6c8ac1851a7c3acace933957bf4a7f54
SHA5125ec6328f050c30d8bcdc7da21e977771389a5ad7cb42be8edb353566bcc84d211f1f8922404fa603e0502ce4479002429dc96125c5fec953775e6f128cf00017
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/network_time_and_status_statistics.txtFilesize
124B
MD5ba422c988fd02720ce08e8f3f6eb50c6
SHA181a8bf6c856ca9598c5e2ced53975fd0dc067289
SHA2560511329e4fe56ddd6700a8d67fdcf3fddf5daca6c50928ff4bff67e74bd9f883
SHA512d4ed4c48c240d5fc50dd201f134c1eb74b90b6b466c08ce6d1ebb38dd32d4d3d86ee526109d8e8e2a058e1fd4d3cd5a564e23f9f98a855ee715edd25559a71d7
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/network_time_and_status_statistics.txtFilesize
124B
MD52fef7adbea3ad3270ce73063cc34686a
SHA1548648cc6faf3637c86926cdbe3b4b557753f1a7
SHA256f036c14f89361330a9c3824c7ff66978b0392409ef29c342ad2a243868e80884
SHA512ae140ca7056c92fc44662be988a5bf4d5c5231b95d02b7a2825f0865bbb99212a53ea6372a413c8ab06cfe59fd1138871961b2cc8eed2808f13ed950cd38e8e4
-
/data/data/com.gau.go.launcherex.gowidget.weatherwidget/files/network_time_and_status_statistics.txtFilesize
123B
MD571cd085a2de58a2b4add1a9023a28b8c
SHA189d3fc146ad45d021cabdea70df2a5c1b5ea198c
SHA25635ff17ac3f6fd231cf629294b24fd2935948c851f043d5c696066bf50b8bba13
SHA512f8f6b1846270f4d4b9b3fce063b19a19175ea3431f302035381346cbcd019b4bf5b7ad46ce27d2a3a0f5df6e640606cb712ef1c1058acea3726d529516ad51c8
-
/data/user/0/com.gau.go.launcherex.gowidget.weatherwidget/cache/1582435991586.jarFilesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
/storage/emulated/0/.goproduct/goidFilesize
29B
MD511abb5e880f81a0478620d37fbadc26c
SHA10ee156bf33dc4ec5e05e28cd8d2050de72e1d005
SHA256c1610135c351336fd74482e081db35357d4400c13f8ca9b21e7225ba781fd2dc
SHA51236a2835afc66c44e9dc6359aae1e33a1079137f30a01c108065995d086315333588c38548fef4caced7141d6fd61465f78af14bd7b95555d10f9f4b1ae655f8b
-
/storage/emulated/0/GoAdSdk/config/userFilesize
43B
MD5bb38f24ce647037acaf8b216cdf7ca3f
SHA136b3c0e8a5453de7216c31e590dfb7959eb84718
SHA25639ebe3ad079bacbdf55b1a9881e9e1533340bd38c607e8312139de9ee4f40fc5
SHA512ebacaa2283c7380c39aa2d2ad5324338c30ddb2d75625bf3beb45f9edcadd69dcc93b6806ebcbd1fd01e889464f35ad77ba884029742c88000da7158aba96385
-
/storage/emulated/0/air/as/statistics/deviceId.txtFilesize
19B
MD51d19d729b2817f212fa6a7e6e50f9e81
SHA1704fafba2e850f39916ce64a296125997a3298ab
SHA2565eda496a6745815be59b40a3a7bbe25a773239d73eb096306f8336ca18a2186a
SHA512dc6650f662941ddbc134363dfee8660c5441cfb12d79def391eb60f52d07e6f93aa42b9e49989d3cb4bf7170a1b64b0e5c534f537ff597e805e10235e97f309a