Analysis
-
max time kernel
175s -
max time network
193s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
22-05-2024 12:55
General
-
Target
6753c366fcc11c8af785f6b20b015938_JaffaCakes118.apk
-
Size
22.5MB
-
MD5
6753c366fcc11c8af785f6b20b015938
-
SHA1
1398ea6e17f129ff5b3bf22b63c7f265bc9b1546
-
SHA256
5ac81a9bf8b28291868952d9cbc8292ef6cde7bd629678ffdacf05e502efad7b
-
SHA512
a79304e911c40c347462d30cb26d63f57e34584f25e3acb655c578f86796a49d0e36b47a4692488b3ef00bd75fcf171b0801baf14c79789f41ebbfcd63bb782f
-
SSDEEP
393216:vQXmZVfO1+cVvpPPbUsMjSUylbz5Zmicp+r2tF9YM3c7gf/dgMRGK:vWmZpi+kFQjkp3mpF95sc2MAK
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
com.xgbuy.xg1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.xgbuy.xg:pushcore1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.dbFilesize
20KB
MD5a852ebc3321d2bc807b23175a6a71edc
SHA1645a7fd33cf75a23628d576e6c6fa5b454d16f13
SHA256256fb4171fad95478a5a6615ef2bf8cdbb9948eb7f60ee6c909cf5480436128b
SHA512145ecea475401cc23e175ae5410fe8bea6f2b2aa7f9dcd40ea048cc60f57f48395cf6aab3681c35a3d275d20e79a342de3e8e2302ea2ee234e53ec9f34b5a831
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journalFilesize
512B
MD5619e5f4d0c99121504a6ea2ec53a08d0
SHA114cc0c3cf56580181f1b1e09231074c706dfd26f
SHA2561ad7ca5c5ea26b2871155e383abe6aa326df560f64833863b5202cf9f3ced4e2
SHA5127f1a1c6e48b508898f4a04d75b74d6e6752634e1c38785105db826c0139e0f6ddb4ca544b762dd01f971e9ee1d3321e832a12c60530e02aead97008b8217ecfe
-
/data/data/com.xgbuy.xg/databases/xinggouFilesize
44KB
MD5092a6786a365a4b18ee7917f13a00f13
SHA10fc85c2de0a56e165e7e300d31a126f8fa737f80
SHA256182f814967d24ff5fee6068ca32a644f973af1e1723e00d1e0d097ed39496a75
SHA512fd11591b0eecafa27a9661c464a6d5f44d5c708ef96f687894f7ebe2a1e7ae92f04d11ce18faf8d7b5405f0b5a04b17314108b6b49414f50a46e1e49a8a9cfb5
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
512B
MD54ec40a717812cb686cfbf38b7cdb08ad
SHA16f6d357f492c8119dea201c4507f4ae17ef39500
SHA2562c321dddca53a8e5a5430a278f716b3c2bbb47dbe31442b028dcba0ebdb7cd98
SHA512d7c0ff4205d12d1eef095617020f3326d72577946770ad7cbbfd6488b92ca5b092979bc07ddf48203fa18201e98edafe36a0c21281a3070d138c7534c06d8cfa
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD557ff0b1e877c2c7c6897f204f8369c8a
SHA1b4b9dd80d91ee9e2dbe9513eb7d9d86041638a24
SHA2563031bdf5f271f46cd98a41ff6bb24a83c4d14640e49c4bb512768af40e44e856
SHA51200d53ef67a7ebb619fa78a5836bec3eca5ea53195b92c845e06e6d50103f8ecdec7fc9fd3e528f55289346d1520ccddbe184d481e38a6587a2fa01714939408c
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD55ff2801905a6d3a79ad4602973f3fd48
SHA12a8b7d833ba2b39f9e7635a37c2d7b969067cd1d
SHA2560688355be85c039c66b1ad1e913cff668090b039d7899941d4d8c60964077608
SHA512802c401226fd0cbbf349e69123e37293bc9da0bba194a7fac052ae4c178810194433afb8153ef9de0cde827d1dd6da839111b031e87f7db96167543f326cf740
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD5a3d0fc751a7089eb8fef6efe997fbb20
SHA1062658f50db88370b7fdaf68f63120d2281267f4
SHA2560ca300b2da910ddbe7528ec1e97dc1a74cf06857af657e08bd1bc3e8b4b016a2
SHA5122ea0eeaa866f69cf9307759225b88784345a89a235eb4f37bfcf1d7bf4230b0ad5574b10d1ba06a0c9264adb7742e7a7b07f8a15257042905611176f866c00a0
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD574875dcc9d1910b23dc4b16468dca8fe
SHA16b7f0a8af42ba4af89974216364bdbd2bc3f947a
SHA25626e3f9da16534812859b9c8ee5a7405975241b61ce6a72dd835f286adb5e2379
SHA512ead2192271b19a0720d1e7ca595efb3195e7bbb514cdab767a38a32434c8b61ebf0138157bb126bcd6ab7b6e628854b28f020903944c4d239362cabaf682e9bf
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD50d2fc4fb7b1af3ce6c9a7d41eb698014
SHA18bfeb67647d52c94323d9344a86282bb1b574109
SHA2566b3984f4624f960b35fbb134bfa6becd5d814e9ddbdd875af222d95e5f92fea5
SHA512e7fe6b36ffd0fa7b035096b4e984ce63d86f00b32dc10527ad07efd95a750b5b2e1fa7946908fb520fe0c4f52d62ceb3d06294e3d7fcccaca1511f063c58043a
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD550fcac4b2c54031e024c1b61850d81b1
SHA1abea8fc2dcf3207e56211be9f138407dde1a483b
SHA2566239ccc10c6146d767c55baba0b791848ae7a73c4db5b63a64b210aeac161005
SHA512c5228ce1157f9b4856b5c89f9d46a617d811acccde47d76cefdd0e36e1e51f955b606c17c5dccf2f05324037ebfe6cec05815e7e63a634bce77efdf9e60eda2d
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
187B
MD5b821a0e5752081feefce1bd5b3caa985
SHA1e56d303b6cd797af115e9c530d8004a2f2e88f55
SHA256c5fc87690a31be2d7ee727e83f047089f479c6ca69b2c71637df1c2d876d7e6a
SHA5125ef3357d6bbe1b117a3012c9ed35a8c5959d30e0510bb99b58cde5507d735587594d2a681df8e9bf0f4f27e150f3852fba8febbcf286deb1fd61ee9682f23d4d
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD547af080da450c400336438c072934dbd
SHA1160c5301fe4006ad6230f72209a4be51c622fb75
SHA256d9c8d74a64f59d1de64fb6d59d428c0a11a986a95a3b44692f0f8f07268b5eb5
SHA51288b69544c634f4c8f0250e3bb4356d14cf801c29492fb7869ab7d8739e6cc0c9258b0e263b25dea721f510916131bdeb340e7268e7261cbdaa3120ba95bff01c
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD51cd884aceb9a4d3e63cd53d229165fb8
SHA1e047aef3bff2858af3e10419142fc1dc4cd1e561
SHA2562da619eeff034af7f5c4ae8f7f41122358749a4d038ce9cbece187dd61c780df
SHA5129d82743d7fb799569afe355566daeeee58cd87140b5bec8a75a9ecc933154fb5ad9d14390cab7f172d312b88345ca76c95daf79dd6b8c132191c8680b153ba5c
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
591KB
MD5c85e8919765cc22095d1b8e40601e34d
SHA122d48933b9f30a028cf4c9d993f59c767f9e8e35
SHA256f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e
SHA5126715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
8KB
MD5477923b858d02314c447569fde3ac189
SHA1ad455c563583c1866adb239a98cb634216eb310a
SHA256a037d240ce8c5111a6001242b3b14b36c378d58ec71488a25987181401396eac
SHA512cf7de58f94418453311da2b7dec6f9318e881b02dc7531e896942bd37e8e6f316f1cef3cd91cbde307b3dba1048a2324f09442cc31b72f3d7eb0ea6b2f1b3e40
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5980621babb65077aacf651dde72114ba
SHA104a40f875e4d3088a7852c32dda2d6cb0c4476a9
SHA256ff5ec38c96b5a7ed43a404f74827ba21179a8e3d1cf624b88cc9b6647b5c40a3
SHA5128099af0cc7be35992f83550342753391a776834cf3c6ce846d55d0c099eb17df92624db3c1bb1cf0f742a3a4784dbecdd0aff3f7d9717b23112a9144cd6cda34
-
/storage/emulated/0/Mob/.slwFilesize
167B
MD54ca8276a78d6914524b04fc04710b2bf
SHA1e7338f8d9f4746300d02967bead6ce15e12cf976
SHA256a36a91b2c3c142e9ecbd388889ceca5eb73e449695185f18a0f763d9ade173a5
SHA5125c3bf7a0c5daf161bd068f66d655630539235d7c00db10e2237a86279af7ffcb04d8c6c032e47eb584fdc41ac6f5f3a5fe3344bfee259cce521a9d5891e74ba9
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD59bfe561215dfd053c2418c7c512de060
SHA13c7ebd3ddee37b74afd05176c178c56747e5b728
SHA256064afdfe5a1206e7ecef74ca289dcd96aae2a5f7ede719a5d6d48363d7679111
SHA5126ab13aaacee43274050fe210348820a8c22848536bf8e4eca21b86fbe1853448a4a74bde43307e97548d03c7c94cda768db1b029f0fb0c1ad444264104ec0594