Analysis
-
max time kernel
172s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 02:30
General
-
Target
65b265f1aaef39c451fa05b19bc37cdf_JaffaCakes118.apk
-
Size
19.6MB
-
MD5
65b265f1aaef39c451fa05b19bc37cdf
-
SHA1
8f31b460ad999070b3dc83a6225689e02e575c42
-
SHA256
caa7feca6ef1de4db1dc55e55010ee0a9edad8ca88f154c469f615d251369579
-
SHA512
76cd9b683117ce5db4e444aa00d0cc077961a1edd0c08e1b9b307cb1773313ff4f50c0088579011c0397f424d25bf740054e0735e3135223a4d176f4cd7b71ee
-
SSDEEP
393216:065Z3489vfiUmiModLtojsqHo93Szr9UfBEIJagXjYFYqy/1XEoopfClx:065Z3j93mtuLV3SVUfMiY2Oo+fg
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.shoyoo.fangzhisanguo.uc1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shoyoo.fangzhisanguo.uc/cache/jars/core.jar --output-vdex-fd=73 --oat-fd=76 --oat-location=/data/user/0/com.shoyoo.fangzhisanguo.uc/cache/jars/oat/x86/core.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.shoyoo.fangzhisanguo.uc/app_td-cache/tdandroidgameFilesize
6KB
MD5eaf3757fed64ef4d20bf3ca198e0415d
SHA11134bc7012b0db9099782cc0ccd1ab2c66ee3f0e
SHA2565131fda524d85a3f42b03098c91572c1a3e018c090d736c5efbeca7f6745e970
SHA51227afa5ea6924526d5e82f1aa04952d2989a8729c4d516763a7c5372c67a408ba3d13f2722f9796f407cea0491e56c3623285a68d4e254782d0d2b2eac23d55cc
-
/data/data/com.shoyoo.fangzhisanguo.uc/cache/jars/core.jarFilesize
393KB
MD54f4dd81dbc77518d59df6abd1be1ac29
SHA12655a6c6ea5e40ad646e2ee8f48fc48658d18f4a
SHA25642fb5fa1d7fbbeba40120bc460fe4ed43097111023f9485f2ee73119970119b0
SHA51201f8bfa37ba9e9602e0a7edefc14a1d01dc4465a24d606ee2876c8be58cda47d8161b5dc0689a0299ea6b8b0814b2b8e1b342c32b1d26cd1acbe49e561e61dae
-
/data/data/com.shoyoo.fangzhisanguo.uc/cache/jars/entry.xmlFilesize
1KB
MD5fe1439042d8d67bbb494df594e3fd8fb
SHA1808a14ceb841f70909faa1550afcefbd5552347c
SHA256395a6f058b4409e26ba34c7c45d5ab39c75d8a3544d65005e3f5f06fe6949607
SHA5128dbc843c8cac01f9579a321f5daffcad2c8465cc924fb15bf533be4a76b704e1275b19007550d21468215cbcb8d3fb9af641741c241cac4eb0b273687cae2466
-
/data/data/com.shoyoo.fangzhisanguo.uc/cache/jars/lib.jarFilesize
140KB
MD536b3cfe3cac3453cc1d324327401c7b4
SHA14cbff3359a8a82a492d7d47862d96e9a54952116
SHA25672404d6b19db7a072abcbf2ecb00bf64eaabf66f83080cfc217ca44274ad26f5
SHA512984a3d9099d6157a49a55ab095cb52206221eb1f2b6c845b36faaa22d61722e0aa4df54d265e11d523c5d3ca73fadfa650c56f8f48695e07443f9c9224dc91d3
-
/data/data/com.shoyoo.fangzhisanguo.uc/cache/jars/update.jarFilesize
5KB
MD530fcb1580a140f09f40dd3ddfeb51f3b
SHA11c22b48540f753ede97a6df9f856cac2014ece36
SHA256340525f16eda59a80250b0ba013dfa9ebdf6cb15a355d1f7bbb6f39bbb9cf1f1
SHA512e75d13c1b1d28b5f094d4d3b36754846ae92c0b73d0b6ed9965db9fc851cce00dde298a2275425f0a3501dab179d440f1750e457e4aba26c9761e251242fc42a
-
/data/data/com.shoyoo.fangzhisanguo.uc/databases/bugly_dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.shoyoo.fangzhisanguo.uc/databases/bugly_db-journalFilesize
512B
MD513b3f1783052d0a0ec640b09e6e0abc7
SHA1d257318bb85fae6b32ed9d08ac6c14a37160c060
SHA25650f578a8edfbb56612cebca62c4753e1824ea15a08bf3be5ed22347aee5c335d
SHA51294fc51eb129028dfabd05aab495c10e3d903ff91c77f546512b4dea802148899f18f2982a61c307a0b903ce0a35693ab8412f053ec3b45caf381ab64e268dba0
-
/data/data/com.shoyoo.fangzhisanguo.uc/databases/bugly_db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.shoyoo.fangzhisanguo.uc/databases/bugly_db-walFilesize
36KB
MD55dc1af32469db06b57899ffc6a024d2e
SHA1b1943ae4fb38a7d35a449b9e7545a9ed61224bce
SHA2564498a528fcb70f1b2589dc5611d0683177519203ab7441e24ad3060c3f7a5898
SHA51201cfb40ab01072e5e5efa2aa2520d5040e5f83c926571516053d558ecf99284605bbe2abbf73aa35f2a56bf56b435d7b0d626c908d7873273176294a22aa386d
-
/data/data/com.shoyoo.fangzhisanguo.uc/files/umeng_analytics_cacheFilesize
244B
MD59974fcc298ac4378ebc759b497370451
SHA1afa7a7989bdee5aa06cf90da8dc5ecb8f6d5c749
SHA256794e432df046d17f47072bc2ccaaf030b1ed41b2e4e20bcaeabb3cf0532310ae
SHA512c36b8a3647d3cd7c1028e3616c6122061895e59a9aa7cc1d3a89c6e42b66709e9c438727ee5f7929809e877ba60524672cae49f46d41e81f9ada20d6c1ec85cc
-
/data/data/com.shoyoo.fangzhisanguo.uc/files/umeng_analytics_cacheFilesize
403B
MD5a8386f0ef4351ffbb5f64154a5bb2a88
SHA1b981364a94d5952641d86672bd78601a902e19c3
SHA25653f9fc82fbd0af92319a5aa7369c8b16ad4a01ab3c0cddeb238aea5cb05f76aa
SHA512187c7a8c75abed4fbb0887f65deb128a8587031c63e19f6923bc1a8116c70bde54b9519040d1128658c35b9f3544e7f7640a109631f502e1df38309d4c73f6a1
-
/data/data/com.shoyoo.fangzhisanguo.uc/files/umeng_analytics_cacheFilesize
403B
MD5b2b7f0e44d69e5f3b48b1a5ca4fea779
SHA17ea5a85bb5d2a2dadaa0a0770912996c3233eaaa
SHA25676c53246a5bbccd039158f0d4b146dafc133fbb58a323474f74afd4a9a81f3c5
SHA512b8b31de31c9dea80c2ff90b5fa281c3e9ed8dba39ddb9126e0d76db8089a10df2ad2f7386a9e3c64b07487f0750ec4dffe54e17846d5619e60a73c23be23dc90
-
/data/data/com.shoyoo.fangzhisanguo.uc/files/umeng_analytics_cacheFilesize
403B
MD5b47ceaaab1ceffd014e3f75ee00e4516
SHA157af055378c8b95e5a1fbf95e1c7fee14b341d1d
SHA2562248cdbfb212c5ffd69f440db96d4cc5c73151ac8352fdcc48611a3d10427884
SHA512911caecf351b7e33f9c3a729dc845a6d8c1dee794bc138a98863227ea95c63e7c5e833fff6e3c424b8363b399e4e2c6b00bab605653f3717a98507f7c76574a8
-
/data/data/com.shoyoo.fangzhisanguo.uc/files/umeng_analytics_cacheFilesize
403B
MD5b9d732a7473f3f02096ee64b6a3d127a
SHA1507071e4c0e6e63f2edbb825a4a527841e6f481f
SHA25661aaa9a7c5d6c69f7eb677eeb610e2f128d4259e3488a3dd69e3aa578883730d
SHA5123d074ea6942e2992f00cf4216f464f2eff9d71500a96569c9e9e8e520e0cefb007d36fdaa6511c61cc4aeca7213c81dee4320b4445a90099c363cfdf40d3b671
-
/data/data/com.shoyoo.fangzhisanguo.uc/files/umeng_analytics_cacheFilesize
404B
MD5e52c67109e1041a58dcd2a46e539918c
SHA17738a98644f053d38b3fde5ae4da48966034adc2
SHA256e1b17fd3717f3634d558ce17271339f6eb73fad4069addd7b427b19192876dc7
SHA512cb561148bf0416e6a9540094d905710fdd8ecd7122b1ec2874d2a81378a4ffcd8c8a5723c6ab88c611d93df82f58f2cf8e7e3c2ad8420cab72d57fa7249f2659
-
/data/user/0/com.shoyoo.fangzhisanguo.uc/cache/jars/core.jarFilesize
968KB
MD567fa1e405ad0fb6e9816973306faa105
SHA16d2a3c80ca8b6457050d7db7cbff9f3def642852
SHA2567cea597bb4e04f06f50dfa3ac6e4f1320e119e00f43394df657fa8f1cf1c67fb
SHA512494dd4ee7a1c5a8d5344ea3462b63b6efeec8ef6f3048147ac94e8d4cf26f63dd20f4b36f342e92dee8fcd65697226c13d7ca69618e616d8c8fd68e9289fd57a
-
/data/user/0/com.shoyoo.fangzhisanguo.uc/cache/jars/core.jarFilesize
968KB
MD5e82d45bef5a2c40e83cae885d84f13b1
SHA150701eb181b60d5d4236f6c4232942d236f0e211
SHA25618eed2e69d1d937e6ed8e5f00e095279499f97ca7a48bab89d20a8e17e3b1bea
SHA512a8d0e39ae5fe6926e22c8c4e751632f631a997612de743a5e7e4b3aa8b14e14e67a408a3cab3efa4d06d325f496ef7b47eee7c78be5f3b121ff73afceefcd1cd
-
/data/user/0/com.shoyoo.fangzhisanguo.uc/cache/jars/lib.jarFilesize
362KB
MD5fbedc6cb7ed4ff0a5cad87c6f45be44f
SHA15e68a18a44affc93e46a19e30262b38e575c3cc8
SHA256110769f1962215c1275cf121d05babb1676031cc92c3ac590b18b4d593d724f2
SHA5126acdf9506dae7c7b2f61adfdde4a25e8cdc7cbd2fd785ad64ca1645d8bc7456f4e5609f6d70beb901050bf4439b537c5805a15e012de14a2e80b5e5563ac23df
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5e30c03de7691d1dc3b82fabd49007cd2
SHA1525c4aa15363be969215f52713adbe7ea292af8d
SHA256d78d55317d73b85fc2989772337f6ef080b76e5e1756452ba81e3b79957d25fb
SHA512bb7a85f88258c70935c1de83d2337bbc05eed2aeaa7f76f052e7af34df78c6cd091d8c731b26011d3961d2f68e31058c56e0fc8f5b8611bba27225dfebe0eb39
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD58b2944542c5e38c329c18c0b2ff6e2cd
SHA12c6d94559a0f7fc460d2e583e603d688ccd3dc9d
SHA256874832d88adf0039d8ddcce6be53566bb5bbeb06e435e8c8312ae29394c33334
SHA512ce8b6aa78575ac6136586d06154daa5fe4210c3260754c22997305d8b45e495484319b4e0c757ef3b69f908e1969e26da0bb73a57ea3e3d2760d216ef05ee487
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5b69019254e87ed9689d46e179161fe71
SHA12052c33c3cde17623d4b5b698337b8273588c5b0
SHA2569297ffa801eada482acbd62df2c0d4b2cb7a921deeb0ab8f337c9807a5777950
SHA5121ccbcfacca6acb75f041162389b74b4e4f212f0cfed8616d89bec2cfcb05a64fcfe17e73625b7804b1573d8c17d5a65da5f7758cadcd40ae1dbb37283615dd5a
-
/storage/emulated/0/Android/data/com.shoyoo.fangzhisanguo.uc/files/fangzhisanguo/scriptpackFilesize
1.8MB
MD5a25716c1005e505f79ec6b670bed434b
SHA1f7568328a8231cafc1453aa0e32721c3a4ab0106
SHA256135b0ee9b4eb0d65b57a4865cf49af58ff35225707e68c6df3b1850d1d36186b
SHA512e11cc5e07a9fa28b332d62e0f1419acfae3d731ad3b38c694f661724d5e59862bea5a8fc4424c9dde379c0af2686b58fab84a5cb2640532eec345d048db3b41d
-
/storage/emulated/0/ucgamesdk/552120/logs/debuglog/debug_2024052202.sdk.logFilesize
453B
MD5e627f0861ae9cad17c8811a25d007246
SHA1d783d8410faeb28f74b3d5bb78fbcf0a17119d57
SHA25681e731056747b453542d85a0086e76a16a032fd5c5c46cdba36a4fff872eac7f
SHA5123d1a4e6c5327d6579badc35d98494c96ff9747da02cec4b6458009cd46f027b605a25e2754246eff5afa0ba387648bb9b9926bbbcc3f81545648210f856edcba
-
/storage/emulated/0/ucgamesdk/552120/logs/debuglog/debug_2024052202.sdk.logFilesize
55B
MD585b0b9b5442cbc0c0bbe5eec8dc71567
SHA10dce25f8a78b029be81ede8d17dd475dc9729cdc
SHA2569cfa3ed8969bf5f8815dea4f06f030ec71f1c7c5ac8a65d51e113457f6d0bef5
SHA5121d14a6b46a6391a0ad98550f5f8ab445a768f45f0eb8d28d760793bea3f78da478f0c2559d69a7560836e66198bfb5ea7d0cb8f431486f93f8a9b1e118161f9e
-
/storage/emulated/0/ucgamesdk/552120/logs/debuglog/debug_2024052202.sdk.logFilesize
122B
MD5c8fa9ce3e76a3e6325620fc3a026bbdd
SHA179e951cc0ae43638123969f6d64f438b98c5fae0
SHA25660c153683bbe168d5c62d94639ffe1d38713146ddb385b0fc01dbf66f76f7f88
SHA512009dca826eae9e92dd0245707adb2513989b6b75a9a74f460bfe2d29b4c794cb7bf3431c483a32fe1ce335504635fb30fb883f8c26e4952ba52b0566391954c3
-
/storage/emulated/0/ucgamesdk/552120/logs/debuglog/debug_2024052202.sdk.logFilesize
197B
MD5ec9867140b52620736062d8db2bb22ab
SHA1e4cf9fb236099bd0b0df9d1bebc32920a10b7fe1
SHA256cc523e91e53c7f678d71e3f31825ad1960f20c11cf65551d650bfe50dbca096c
SHA5129f58cc694c6a58f397161b0a5b981197a174ce2b9486cfcb05ccc41fe737e4fa3c5920a7b5a69d6e7d5124e57485ce95546394f488f5d381a8eda9a710d3646d
-
/storage/emulated/0/ucgamesdk/552120/logs/debuglog/debug_2024052202.sdk.logFilesize
264B
MD5eed94f9746454a8696e91764096b1592
SHA1a5cf5f76d77130687a2d0df1115135aac5139cd3
SHA25661f227e4cdc9859a319a421cceaaf87c80899b159b70c955ad92f9ed3305fbbe
SHA512b61c507a694d8a382a9a33025b466b7409f858dc882ccc2d743b2dda751932f497fcb5d211e2ccd3290002a92404e53cdcd69c888ca7cef28652156bb7a84875
-
/storage/emulated/0/ucgamesdk/552120/logs/debuglog/debug_2024052202.sdk.logFilesize
331B
MD56841374213fcf753dc37a8423d104541
SHA1c5a441cb3e8c05003b39877540042f601e048d74
SHA25615c8f8a9be04f7bf3e8eb4a4fb6a34e3661ca4a72e0350b0604cd8b035bad255
SHA512e3739e1dce5119b066fd0968067dc6aabeec3be1b35488150385f518912b2f7cae7b43bfc6b335ce3d1b41579cbd3fc16d3858a7d2f4727f0db4b41faabdc812