Overview
overview
8Static
static
667bbc053a5...18.apk
android-9-x86
867bbc053a5...18.apk
android-10-x64
8xq_skin_blue.apk
android-9-x86
1xq_skin_blue.apk
android-10-x64
1xq_skin_blue.apk
android-11-x64
1xq_skin_orange.apk
android-9-x86
1xq_skin_orange.apk
android-10-x64
1xq_skin_orange.apk
android-11-x64
1xq_skin_pink.apk
android-9-x86
1xq_skin_pink.apk
android-10-x64
1xq_skin_pink.apk
android-11-x64
1xq_skin_red.apk
android-9-x86
1xq_skin_red.apk
android-10-x64
1xq_skin_red.apk
android-11-x64
1Analysis
-
max time kernel
163s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 15:30
Static task
static1
Behavioral task
behavioral1
Sample
67bbc053a511d4218be918fa1f5f24f6_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
67bbc053a511d4218be918fa1f5f24f6_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
xq_skin_blue.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
xq_skin_blue.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
xq_skin_blue.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
xq_skin_orange.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
xq_skin_orange.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
xq_skin_orange.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
xq_skin_pink.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
xq_skin_pink.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
xq_skin_pink.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
xq_skin_red.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
xq_skin_red.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral14
Sample
xq_skin_red.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
67bbc053a511d4218be918fa1f5f24f6_JaffaCakes118.apk
-
Size
11.8MB
-
MD5
67bbc053a511d4218be918fa1f5f24f6
-
SHA1
4bb366aa59b5c51c87536ddba261c098f1750e2e
-
SHA256
030736bd4310dcafc3e6c2322797b5ba842409cd8b28e1e35a5eb1de452ec2d5
-
SHA512
b4591749751bb1c63ca335131869d7d138dbae46493d970192858e061caec1bf270e2bf910a335c480baf78c92ece9625fa2d090de248c18585355d501399d29
-
SSDEEP
196608:TmZJWbK31F0LeKC1XEGjrY4XNfjteqI9dMlnJD5L6ixobxJrPobxJ8v:aZJ6+1UGjrY4XNfjUqNlJFeVzgc
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
ibuger.kejileyuanioc process /system/bin/su ibuger.kejileyuan /system/xbin/su ibuger.kejileyuan -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
ibuger.kejileyuandescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses ibuger.kejileyuan -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
ibuger.kejileyuandescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo ibuger.kejileyuan -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
ibuger.kejileyuandescription ioc process Framework service call android.app.IActivityManager.registerReceiver ibuger.kejileyuan -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
ibuger.kejileyuandescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ibuger.kejileyuan -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
Processes:
ibuger.kejileyuandescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ibuger.kejileyuan
Processes
-
ibuger.kejileyuan1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ibuger.kejileyuan/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/ibuger.kejileyuan/app_crashrecord/1004Filesize
243B
MD582b75322a6ad07bde5cdeefd5869417e
SHA1e8d3a938556fd778b38ee6c6adec55e508e6b3cb
SHA2562ea26e5b07d3ff8cb189de98d95ac0633b568b30abc491f8a1b71c94354fdfc6
SHA5120180dfcf8c20fc5ae120b300ceb19f8047e6dc04ae84bc5c4edb75c7fd6441823965be9b6247a11b3884eddecd4e1caad48e8a80c61c1789c860802046fd7c6b
-
/data/data/ibuger.kejileyuan/cache/HttpResponseCache/journal.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
/data/data/ibuger.kejileyuan/databases/0M3006CS7U0ZC2K3-access.db-journalFilesize
512B
MD5381934eaf675013f769acddcff654708
SHA16bee75c3d40d1312932fc3780754ba5045cb5ea4
SHA2560acaa83e7cf44780424a8bbca4628b1469b26aac261a8b2af33ecf9059a80e0f
SHA512fc225636e3999b17335bcbfc1a209f4234cf6726b240fac5b61ee543238f1978846e877c08b8d31c1e7ee0d13805ff2f5851d1e3c529e72fad373fd014a66c5e
-
/data/data/ibuger.kejileyuan/databases/0M3006CS7U0ZC2K3-access.db-walFilesize
32KB
MD5aecf737b5135de72a93de39d4fc4f666
SHA113ee7e57391063ca001ac91637552ed7f558e919
SHA256ce0fab2bcec5f00f83897938c23b9191c5d41bade3fc579cbaa5740088540d2a
SHA51220d3f00a753bbcf5178d4a8178d75d91b1215963212c48e5399283e048fe89ee5642573f018bc0da62c78b68b92bbac3635dbe524e8d6315746b4937d823d3a1
-
/data/data/ibuger.kejileyuan/databases/OpenComUploadFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/ibuger.kejileyuan/databases/OpenComUpload-journalFilesize
512B
MD526deb864901006d4bc560735dca5dc95
SHA10c695b3633fbfcaa006cdc44de34ca365d001106
SHA2566b34154c0fc49da36bf75c53c6c8603d29e761adf1c333f76a711b3364d041ea
SHA51223e1e8e13b4509c39a8b2f6c92cff736fa5b0c69ba49024f1e8ea91ed4371466b16450033d179a230dec0006a17d4872447a172662bbf2ede423bbf01bde7ee7
-
/data/data/ibuger.kejileyuan/databases/OpenComUpload-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/ibuger.kejileyuan/databases/OpenComUpload-walFilesize
32KB
MD5188554f016a19ae8c80b534dcb5deddc
SHA1da1c79a4241f3e33c1b5388dc219a35c5c70b9eb
SHA2564a1bc281eecdbb1cd423d7e77593ff8e5ce1ae36c78b2041f77996cc340ec7a2
SHA5128a7206f6dca26e7f677b5b518a8031d4f734c54f70724b67708a8052e97276e82c57afb13e81fa989f499cc34462c300f1156db1b8096f4cf517c278044d6ed2
-
/data/data/ibuger.kejileyuan/databases/ThrowalbeLog.db-journalFilesize
512B
MD594294c687917d95d94904cae998b6eb6
SHA17cc3eed7c75d26a1b2fac5a2d58d519c754c634e
SHA256bc8477f7f3fd1800008cdcc40896c4b06b41c2906a9f636f3a3f7b6509f6ad74
SHA5127a46bd3d8d8c8e93f6a2beca79009cfe90072923ca3a2f9bd8963db5031395b501c68202f375f7bbac47007c8819f09c9411831945fd53b2326978c67e635174
-
/data/data/ibuger.kejileyuan/databases/ThrowalbeLog.db-walFilesize
40KB
MD5ba9e74d88d18f03cbd8f30cf678e7439
SHA185d401ffd4be9bbe9834ce5b8ce56d9138e24f45
SHA2565be20cdb0051fe1c0e00eef44248378d13495ed0ff101a333d8ebf7b15097956
SHA512f0964369cb5b9c2c0c007a60adf9898ec98e38d2a66ae0ec78b9d09dcb20d44727d58f9777c061f6c6fe85af07f4dd0f5e9608b72791b7fa6a5a71e5c9b4fd6c
-
/data/data/ibuger.kejileyuan/databases/bugly_db_-journalFilesize
512B
MD5aa23a2c11eebde60c534a0a4b31df3a4
SHA18034694454d6b7567ddfdb21c5b1030e5b891aa8
SHA2566508e2de3ea0293258dfa2607188675e4dfe81ec354fb930d8ec345bb33a13df
SHA512a470f6160d20c0e1923436ab95a81d32969ba915ecfa201f532b7d3b29df40fb19e02b4f4fc5b751fa10b27fea639ec990c1f06978b4a958fc7d41bf5dc41059
-
/data/data/ibuger.kejileyuan/databases/bugly_db_-walFilesize
80KB
MD536f4bc64a696cded0e8fb6a99b4733f5
SHA1e3972a84a7f304c50817119a2b829d551531fbd8
SHA256d28bfb85b672082de01b60b5823c169f8b2151b7f917b67f2fc5cdf7dccb04cd
SHA5128c2d5ed1a4fbe2b3e0934525335a5126a01eb4d690e2529e929853d7b83430efbd42e7b8a6fc211503d181fe340de9812fb67b2daeaa6ccce61cb46e3a7a2e3b
-
/data/data/ibuger.kejileyuan/databases/pri_tencent_analysis.db-journalFilesize
512B
MD5a7f27c6782bbfe0c2600ab2845915d75
SHA1c5177e032da21aa6313b594f66382ca5d072a4e0
SHA2563332f53c9b117a745be33be0d557512806584a1f36fc9cd46c5c74bce450eb14
SHA512e09ef76c04151937d45879115b5132cf5c6e13a37023e9256ab8d6eb3ec73982482d8886da268eff9654ec2bd107c82619ca11967664a4cc6613e14fd334e634
-
/data/data/ibuger.kejileyuan/databases/pri_tencent_analysis.db-walFilesize
52KB
MD5e8b837a5eb0ce23e6c3f70590b6217a5
SHA1452fea7e292236b33749e8c8864abf96efce67d4
SHA256c2bb682067c2bc66dd36020e841b8e5ae8fae149f993dc54a81e3aee4830a0f0
SHA512bb23eb2d4916f79eadf9195ae487dec1dca5af47b8c4c9fa9c49f451969282e9120333b34b01f6693614d1cea9c97b64788ec9d1ad916df9fa981f5bf9be473f
-
/data/data/ibuger.kejileyuan/databases/tencent_analysis.db-journalFilesize
512B
MD53ff4315d45982ddf62b3cefdf9242c2b
SHA1d4e5f28cc2468ff0f3c8b310b0a6d51256070d62
SHA256b2ebed73011ce03c5d41e1d6899fd6ac3e8e88ffd78a27538f5ba6612c165973
SHA512f61c305ca879e7b0082c693b583bdf5194c03cd7a515eeeb171cf6e96e0e4d2f7e3de58c7a4bef00776a6984924f84344d18d4ec0d70b2f3da6765b2b0aa3db5
-
/data/data/ibuger.kejileyuan/databases/tencent_analysis.db-walFilesize
60KB
MD5c2e464346c563c6c52737a1916b91bb7
SHA1284189910e1e348a44e80aba444ad1ef66e2029e
SHA256161522cc440bae7fb5265088e91c67384d83dbad8065c81a356d200f85d7bb25
SHA51237730d9bfdff3bfe484e337c601ed4357efc931a24a2766b8802c38e196b55206b42cc4d05c84d96c5c0a62b538e5ba5d46b0d13c7e351126856bd041e3f4e09
-
/storage/emulated/0/Mob/comm/dbs/.duidFilesize
496B
MD53040fd56cba5f52fd986dc99ef57e22b
SHA109207ab0ae4a98e15a371f054484487f034bf41c
SHA2562cd1f62daefb0a5befbcd66d5cbaa06e0ed437ccc44d4b49b48e97df7f318cba
SHA512d91e3147c21814ed5de0a28bfe2a607c9df4baeb5dba346518bcfaaa8f753fba36f161fe48d11ebe3d0072eebf557ee58a11f13dc9786a1903e23b144372f54d