Analysis
-
max time kernel
177s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 06:22
General
-
Target
664cc929cc7e5fd202e8e5979e3e6cf6_JaffaCakes118.apk
-
Size
22.5MB
-
MD5
664cc929cc7e5fd202e8e5979e3e6cf6
-
SHA1
14a75c02c5a0c4cecb1c834696347909cdd0d254
-
SHA256
aace564a6955a12e490c882f5c83f4335d9b39fbf1e9d040c0f84c89b3816764
-
SHA512
0f050b850c5eef51a70420bbf986cac1568306517940ea66c8466f4fa9f9b185182c4997711caa9ed1ca17315c9deb26bbabf3ca01b26f1ef068b421e5ce9817
-
SSDEEP
393216:vQXmZVfO1+cVvpPPbUsMjSUylbz5Zmicp+r2tF9YM3c7gf/dgMRGa:vWmZpi+kFQjkp3mpF95sc2MAa
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
com.xgbuy.xg1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /sys/class/net/wlan0/address2⤵
-
ls /sys/class/thermal2⤵
-
com.xgbuy.xg:pushcore1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /sys/class/net/wlan0/address2⤵
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journalFilesize
512B
MD5798e79dceb65f70118d23960b051d192
SHA10b53044741b139a861e4d1545fb89bfc4d63fc97
SHA2566f1159eb2d1fe80b1a350cb4ae42b5fa39489b04fcf7804f1227260111f64a4e
SHA512bad5bbc214c0f802997cfea5c3e1df8ea64e3b8470afdc82e6495cb4380c19d407dd5a202107f87f79d357e03acc947591c536d12999416dc8817170c188bb1a
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-walFilesize
112KB
MD522b25d38391f2a7ea3659b69994a70df
SHA1dd054a02ac2b6143a352662556e3d9d48a6a6bef
SHA25607bd1bc2a8733b876d488efc925e398817c7f5e6c1a23a57a336edbfd2ee0bf5
SHA512552f2e3b71b63a8d0ca3046d5d46cd2332e69bed9a09c19d8f7d1569bd3035fc4babd2085d6deb71d81f7203b08ede0532d6b0e2ccba7127a28b93ff13fc6ba3
-
/data/data/com.xgbuy.xg/databases/xinggouFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.xgbuy.xg/databases/xinggou-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.xgbuy.xg/databases/xinggou-walFilesize
88KB
MD5cc50425703adcbd18fe14c0f4f097227
SHA14f5f4484981ca0a676bbaa682b26d1e7d2523c6f
SHA25624155a20b1b10b0d5d488a16c7b808741e4d961fe15dd0893a6dadb8c2e4033b
SHA512d46aeab2a9ebcc61793e80dd29615e529339139fc0852a8a9d635fdb0fdeac2d22cdb3510bbc2e82ca550436bd8795f7af88136ceeeb568ce304e8f73481dd4a
-
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1Filesize
23B
MD58e24e79baab91c4d0604eaa9006a0cb3
SHA1e427afc94a4b957a7096f73e395a10ea404c076b
SHA25665ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA51245bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae
-
/data/data/com.xgbuy.xg/files/jpush_stat_history_pushcore/normal/nowrap/51e2a896-56d4-4a6f-b7f7-b7278bb96a1cFilesize
202B
MD5e3e1d9e8201faf6d62d13b04e2df25f0
SHA191155eaa15398c58be7cd32205e02e79cb7e9a5d
SHA256c670e7c6972c913bdbfd38c18bb20d99e020a7f2e2966a4885764ec2db980554
SHA5121ace0a0d8e7e6a025ebda72a695b1cf566f8081ee0faf34c60bf91cae52d73fc10f1769f9cf2c4a454655fe6a7c28d2046f5d356e67c64707214a34b09788b62
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5b804d0c544a223c8b38382d21e0a1260
SHA180ccf8b065eabbb56b0f79ea31c4752a313ac9fc
SHA2566bb1502bfe268929c995db89632fbeb76b6a98294780ee9f5a9fe4d4d732d87e
SHA5123833a2e919a1c6f95d1f1d9477dc7227670dcdeac72752965a93026e8f65073b0c6ab4f5bb5d4c34fae949c1779eab16ba6ada5ba39bb571b38fc463de3174d2
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD54948ef85bb5c0d6b4d5c3ff8883cc8b0
SHA106e17716f50aa315c6722a56da6e2d973dc72a61
SHA256d862add2c86d4dc284e413ae9876d0280902c32b59a45fc9b27b16af208dcda1
SHA512f5f235b7ccfd9298e763449ef8bf2c0014cf2927137e54780079bcd7f97a27f9ba860d66e538f218a7e116d263113faece20827032a2a8f0dd8ec150b71bbde1
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5ea8c58e8356485c5b4c2787a57770b3e
SHA1d35bd3535be3b2a4e2867f6e157df60bc449041d
SHA2566a4dc8649b3d44688b8ac75d411aae4f5fca3aa95a8f960483b21c03110b8dc1
SHA512c94119880ca4a141a7db638701d5178855c1b075dc7ab2828d4417e7ec8d3cbf9e4248e631568081c565bb8d66cf0e38b213502a6b1e8858aca8726d473a4c9e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5bfc25cf32448b86c9cd3ceb7f410a324
SHA16c1260361b0b812b221666691fa0a3624418e2df
SHA256861c753ba588c0f5536fb1c4a91f65073f4fa556dd7005aadecd120860e23f0c
SHA51281fa353fd27315f5fa4dd200fe5d4bd8f2715fa24f3010394d9a5ece0cbd1928fbcbc344a3b7d74a5bda82d3b0f04741c0caa700c1b080acc32a9f49f95be6d6
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
591KB
MD5c85e8919765cc22095d1b8e40601e34d
SHA122d48933b9f30a028cf4c9d993f59c767f9e8e35
SHA256f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e
SHA5126715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5e0fc34f7838e79f194e5c8643a17a736
SHA14b2ab82e4233babb06a1b331ce35554c9aa4f076
SHA25604b9d33c32c475f4c36dbb1be29ce13c90ab8bbb65cd1c369dc8385c0f4080a7
SHA5122037a425bd1126f60fdd46c199d1e71e1c0085b473f4511a14c4d61b0407b77205e94a04735b9b413e58b359320ed7506c07d19c658ff9472f0aba7fb00bfd9e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5cbe9ff8ad0d9ab2062ee46960e80ed85
SHA1510b99d23ac021530b328663f7adaec6d83ef0c5
SHA256fe9f70010b66ef262229b3ebbc690564edf8a13702507d4fd382a6f72f174cc6
SHA512def0656cc11ba5ec55ef582dd4c351cd91ece3a4f659ac88026158f496539280c1862fa57cc92ceb7c64aa11bac6f5c4204486c4f5a72083efb54e45233e8ecb
-
/storage/emulated/0/Mob/.slwFilesize
66B
MD5ac8246bf1dd7ca16b2d70b73bc5ae2d9
SHA1b68a31606145d5a666f327d5615d92adf89654c3
SHA256cb804cfa89f95b3a2ea3643e0d17a3eb10596821dea1b866fed7dce5c505dfe4
SHA5126cf057131aeb260348bb6b479f0776187d78887b03d0a7a824f9f99ee0814d66c5ab158b231ddc16eed4d941180b9dc4997b3d1629af43b1f17aa8ca4d7621c7
-
/storage/emulated/0/Mob/.slwFilesize
512B
MD5a55fc96c26a8377cbb5651955316d21c
SHA18386a709854c898207e14a68f659f909eb998dbf
SHA256b5855d228065755b99bfdc00e01e541d3023b008d31c2b6d47fc9681210f32ee
SHA5127309bc1867d151c0e38974d69cbb4873cd31f363c77125266c696bac9fdb7dc1e125cb80a06a13bf92b3165a216c79a5350ccedf88d4b718e0e7d870e9bab8ba
-
/storage/emulated/0/Mob/comm/.diFilesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c
-
/storage/emulated/0/Mob/comm/.diFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD5213e07aaf7f3b571b169d632feee4ad0
SHA145b23ec7181b07b11ef621a608574f8b9b2c3158
SHA256f1bbf60e778be59331203e51134e063d4a1174da67ca2b1a6ea7ddcdc9a1ddee
SHA512c7350a2e4ddbded3e94effe0607d6249e8843bae45226faa5c277b79bedebeca52c1022713142a6da9ff49158176367ea5e2ac1c7bb21a66be92b9ef49dd7684