Analysis
-
max time kernel
179s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 07:39
General
-
Target
6681e57f5436ef60d17d9b354dfb16a0_JaffaCakes118.apk
-
Size
10.9MB
-
MD5
6681e57f5436ef60d17d9b354dfb16a0
-
SHA1
f13c1840c82a19248e2c8c29644a1e95dc80e6f7
-
SHA256
0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357
-
SHA512
5e6e34d905d9e1424a9768f875da95becbc1eebfc84474582df3fdd81e58725e6ca0e366bc7cb7d647338a564ac0e183099dd8f02649decee117f5a42413d9b9
-
SSDEEP
196608:enilNfysKvvC68Y1NOENyEYd4MdFFRQZ4cHT5Un/nKFtUbXwBk0PRN3ftBWPiNeE:bwXXRFmdgFUCtO6RN3/WPeeQmP/k
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 15 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Acquires the wake lock 1 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.mobineon.musix.lite1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mobineon.musix.lite/app_working/startapp.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.mobineon.musix.lite/app_working/oat/x86/startapp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mobineon.musix.lite/app_working/yandex.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.mobineon.musix.lite/app_working/oat/x86/yandex.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mobineon.musix.lite/app_working/facebook.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.mobineon.musix.lite/app_working/oat/x86/facebook.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.mobineon.musix.lite/app_working/oat/x86/adcolony.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mobineon.musix.lite/app_working/vungle.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.mobineon.musix.lite/app_working/oat/x86/vungle.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
com.mobineon.musix.lite:player1⤵
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.mobineon.musix.lite/app_working/adcolony.dexFilesize
303KB
MD537b5582108382d2ed012ab205ae79e17
SHA18973c56f72132634c487ab889cff4a17cdfc6ebc
SHA2560d4176c543e9d6d6f02b0b2834b3f499042fd2dcc6529eed71478b7ffc5f61df
SHA512fcdbb11f96b3ea16043c9d4fbfde0be642793b6aad23e8ebe0392c5c17317f110fb5ffabb4b8140f2fe3170ba2e498cb642db56e6a37f7cecaae349fc6fa5f5f
-
/data/data/com.mobineon.musix.lite/app_working/facebook.dexFilesize
207KB
MD585c8edfb5743ca37d63489a2b2808099
SHA12effc4cf76c44ebe32cadc9a9cdfd94afd0a2ef1
SHA256dedac9fdd8941207f57e4380ce5e9f107cb1902403f83d5882fdfb36d875569f
SHA51258aebd7fad21533a67a51bfcf137a3b0811d93d7b240b1226829951f22d80ba1aa2571793916d10ea6d97156dfa01514f56fc9ff8826030f8f67f45d3529352b
-
/data/data/com.mobineon.musix.lite/app_working/oat/startapp.dex.cur.profFilesize
126B
MD59744950378c4492f1a4c2025caa6d0a5
SHA1062a38a6c33bacccace961a2025fd5b85b10c3e6
SHA256449d88c6bacb71af3f900d204bb0c1216877cf7c7d556f66b11d74ac6b6424de
SHA512f3232260b69b6635a70f6a0ba5801e839207b12da3e3d8cf638e5aabc4d88703186650092a0994a125e3ebcf49fcebb249a1a0aaf464f9784b8799f460d19c1f
-
/data/data/com.mobineon.musix.lite/app_working/oat/vungle.dex.cur.profFilesize
90B
MD5fb71d94b453fc75c2ce368863dcbe808
SHA1aeea2ca8c82d1037dbf69a9e140f272b42f6615a
SHA256c3917bfe01a8982486ef950ee4af4385cd09f415df9b809deb8972eaa71284ef
SHA51250a7427a1ba4378a3d2af50fecc2bb43b6d84e2f745965b984a41fcd8e506f3c708d588059dc4e255723c7596a40de022fa8f037499dd961453cc73c8969a3b4
-
/data/data/com.mobineon.musix.lite/app_working/startapp.dexFilesize
544KB
MD5a7ce3758ab5597482c4d81f7b9c696b2
SHA1a197b161e1130cbacef099094f2a5d26e0f136d3
SHA25694f0616813e653cae87216f49f3f8f4988be5f792932e61c5c5a908fec858d62
SHA512c6dce2a63682b09d69fcbfc0dc99cd5ad705e1236cb7a03e099b8e83c97ce50cce206cf912819082a70c8e6946e2f8d96055cdc65af573d62b07dca9636c8b03
-
/data/data/com.mobineon.musix.lite/app_working/vungle.dexFilesize
694KB
MD54da56a4d98f4e4fa0f6eb8a56f4184e5
SHA1907a6c3362ebd00e1eebbf158e025a2c03ad9abd
SHA2568c90b442f00138496607e307e83da5a20e5b0d15c015b788902af25e50d3b7bb
SHA512b1430ddd62068fd084a4b48a8562712eff06972b486ec4adaf204e8541f33caf0808b980927bae1f137b2aac364f9d78be1dd99f986c4db6fbf959def84acafa
-
/data/data/com.mobineon.musix.lite/app_working/yandex.dexFilesize
258KB
MD5c9a1db3fadfbd6980ad0b9ec0e60635c
SHA1bfd7abdb28be7b5107426d9c0a43204efb89bd7f
SHA2560c92b22ed8607b60f88a397ac257d75e12b2f4bee1902983ebefeff9f14332ee
SHA512bc854a56f34c72323c1b101a1bf22260415d0a428c0befa588e45a41f80e96ef0d7337081db5caf5156d81ad135b9ccfbf5f3b4915120bfa5ea2ceeded553f71
-
/data/data/com.mobineon.musix.lite/cache/1582435991586.jarFilesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
/data/data/com.mobineon.musix.lite/databases/media_dbFilesize
12KB
MD5d0d2072f74d5d0d13b65f9ae60880c01
SHA1bde6c544b8f514f0b1364a7eca53040f5794cbe3
SHA2568bed685d3a30b6a4479a6ab58fbbe91c72ed57fe153846ebc3a69e03c6f61a8a
SHA5124a2376ae89451ce794b0c3fcbc3272187a421c22124f6b160bd38f3d8dadcd7c24ff8c1af923fb1b28a8805b29a6ba8321f42a3e357826991a8ed44edb9320d2
-
/data/data/com.mobineon.musix.lite/databases/media_db-journalFilesize
512B
MD5634718f36b1c4466c1502030cbf17d8f
SHA1b5f7d58b9a9ba53643c782597fe6aa6750f6a182
SHA2561ffac80fe5010bfb451a67abf1f773aebe1419dc2c55e1f7ca47d12fadfcfe49
SHA512751f0ffb69f3e8da4ea1307666343b5140977e2f7590d7541015c992938f832faa8749a7c7d136e3788305cf6cffb101ffe4f2334b53a4150f7335738cf5bb7b
-
/data/data/com.mobineon.musix.lite/databases/media_db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.mobineon.musix.lite/databases/media_db-walFilesize
44KB
MD5758f9e491d3f6795bb79dc335cc04539
SHA139dc040e89cb86c492ffb6f08978e646209744d1
SHA25635d312d008a55e47dd5099739bda104c9ee5ab64de069348cc622e9a35935ae4
SHA5121a61af5edd95b0f80744a6c942c67cc56d8e42061b4fe1efc80a054d04a7c1dcac288e19dbe53f469e9cf51ee791be066479bafd2b6e482ef6dcdd147758700b
-
/data/data/com.mobineon.musix.lite/databases/media_db-walFilesize
317KB
MD5a2a99e5b6baee0deec62f94bbf2790c7
SHA1b35db01463f4024d66417f3669d67c6ed05bebdd
SHA256f1e45ccee3e7779ae944d0ed2efabd87aaf31501e61a6fd590d9640ef960687a
SHA512c14d172bd04a6ad72406278f9c7b4ef7c40c6efe50a9aa2a6a043b4449b33c6315daa320b9ae787baa464e4a88d32dd349f421c1b6cb0102c73edecc58851c98
-
/data/data/com.mobineon.musix.lite/databases/service_media_dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.mobineon.musix.lite/databases/service_media_db-journalFilesize
512B
MD5661714d2cfba50cf9eac1c2997529f62
SHA138aeced87b9d668e8283088b2c31fd0f5bd4d0e0
SHA25673dae093c31564bb31b0b66672e862f66d1924ed3fed0cf34bc62ef61221f66e
SHA5123f64b46d7de75a505f43dbb27c33ac16f411a4e39105617c008d0450a598b94c4ca7bd415e78c6e925af6a544b4aa563f928e45d884a32e5689ccfb5999127e6
-
/data/data/com.mobineon.musix.lite/databases/service_media_db-walFilesize
20KB
MD55591e559b47e33224c040f8f3dc6254f
SHA137e6668c6a699db286ce915a9b56721d3a8f0c1d
SHA25668f96b8335dfa50a41182d4586c242c3ce8dc05c378220aed0a418631ac86394
SHA51243488601ce27339f8936320b9a9fbc8a4349eef06caadc9d7192932d7190e68a6bba7f64f473855ea18a74d886d376900c7aee2a5fe5df902c8a51d06b1ca0b0
-
/data/data/com.mobineon.musix.lite/files/.YFlurrySenderIndex.info.AnalyticsData_X2MF926N2483VKWSBQQD_216Filesize
88B
MD508ffd409191677a8841e7049d8fe0fa0
SHA1bdc6b1a900f1edca7bde61ed26e1940419c46448
SHA256d485060a1984cc28b9b2215c354fb06f564189fa773080f7656cdbb5b522f931
SHA5127db48db9440679dfa370b1a97569ff6adfc4d7353c9893b6e80e8321f2f67eda8eb8952fd411dced5bbb9f7216727a09f16c4196d1ff4f073013f8c4bdc6d1b2
-
/data/data/com.mobineon.musix.lite/files/.YFlurrySenderIndex.info.AnalyticsMainFilesize
72B
MD5211b4b70a4c03f623171f5b2e23b07a3
SHA1b7a48dfeb22f103391edf7ba70d288a0b22338d1
SHA25680208ea2b4768e6f45bde1366d59efedfcb459690b32e3179291e7e33a75bcfe
SHA512f5bc1c82e93b3dad54d16644b8165e5e4b9ad043491e1e94620eab51cf0e8b5d143c3611f43e41a8ec7d2d32b35c0ce04a48ce6ddaaac79ae4cbe746b965bcba
-
/data/data/com.mobineon.musix.lite/files/.yflurrydatasenderblock.948636a2-d088-4f17-9b23-c700bb3bc383Filesize
302B
MD549f1fe676f61f806dc930555e41ffdb2
SHA1caeb0a9b998976577a3bb21d5f23be72fa869c07
SHA25677caf9f23eba633dcd3bc93cf22ed8c9640141f480fee3608c300b190347f075
SHA5128e363490ff05f3c5d2c2d1e8304aff57fb554ada2193a2696a1d0cfcb47485af8e74f38d38d28be37900bd1698e0be459ae87fc2254b55123eeb64876c03998e
-
/data/data/com.mobineon.musix.lite/files/.yflurryreport.4eb29873733ca3b9Filesize
381B
MD51269cfe86a4cb531957bc24560eecc7e
SHA1d9570993d026a0258d7c5af1af870927bf3fa7fb
SHA2564e0813d3ce63bab59ead35f83476da393e58e86c2e35ac03102150c8d7504955
SHA512b7fa93a90016505fb7fba633e7632dcd11135416a275fff9bfa089a6f66539442e958ed29bd30634c2ec466e79615d1763a305cfc4d797f18a1088aca2069a27
-
/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dexFilesize
303KB
MD52fcfb754d83d843c3b766f2145221397
SHA1220689f4dc286ca2c0e7a8da5b41c2a8452c00d9
SHA256448dcd34dea380c10c1481edcf027aae186b9362d1552d3c10e82dd20ae0e5e2
SHA5124b268e69423f0bbd4c2e7e3ffdb9a9946b0d2df4e5cd6ae4f5e26ab7cf68e4ba17a314e48cf911dd7e03d46a582bbd75d9673b499ac2099cc19c9586cf1d2a44
-
/data/user/0/com.mobineon.musix.lite/app_working/facebook.dexFilesize
207KB
MD54fb26de31b1b337758b52f1d07b8d9fb
SHA14394dbfdaa96aaedb50c55e32efa5f5058db6705
SHA2569b705ad462b59c258556984dda7d54c82349556e2f06a83982422420d77cb26a
SHA512eeb91bed54c34fbef7b21785c5626ff989612f92c2c95b5f6400825285eed27fb1057da2f9f742c7cc98029503010edb766952f59069f5ce66c393b6481793c5
-
/data/user/0/com.mobineon.musix.lite/app_working/startapp.dexFilesize
544KB
MD5f8465e3268a279140d8d165f7e6ef13c
SHA1ef3b3d0552bc1dae12003ab2f0fbfb2bf75b0756
SHA2569a6fe64edc9dfb0f2f2bab40f09a547e0481ada5ced84f8011f6d504fef351c1
SHA512528d09f2e6dbc159330d029d5e404046fec000230ddf1396114dabaabcaba2fcc9e4ed259df20c690db74ae14b110f5caab63d08bb901317702456329212349c
-
/data/user/0/com.mobineon.musix.lite/app_working/vungle.dexFilesize
694KB
MD589b18b13c3fd37921b57ad3c67ab9b44
SHA142d0223e9c964895f14cebd3ea1a97578e9f5bb6
SHA25629d1a6bedde1ad402e28aef70c9bedffa371c1997a1822724ee920780f1544d4
SHA512bf619e4678703a7299c7bff3537690935042329f94d1dfec5ebcd7038d04287cc1f07313ba7881a7ecbec67aac91b1f945692c7f5e64b81c0742b383113939e7
-
/data/user/0/com.mobineon.musix.lite/app_working/yandex.dexFilesize
258KB
MD52fe6c7a8c52f1b67da44a9f8f25e7f47
SHA1dab50e87f8f280a6e37c5f3143e01a2c5552dbda
SHA25610904471eef547d8621fafd2206c140dce8d3b93c7fbabd607204e186d54d288
SHA51286ae41521e8394dd2f6f3b485fddc637f7ec17d97cd4aca604d352f0decfd8139cd529120cd412a0524d95a2853987b87840877bce4a71ede3a33b523d6695e8