Analysis
-
max time kernel
175s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
23-05-2024 22:22
General
-
Target
6c729ecaf3a1413cbce2cbfec9159014_JaffaCakes118.apk
-
Size
11.0MB
-
MD5
6c729ecaf3a1413cbce2cbfec9159014
-
SHA1
5f9b43b8228bbbff6e7891785eafa53f77db424e
-
SHA256
084d7d0f0f3c8378127fc27e4fa104f64c4ccbe46890718a6835fd3dfc012fc0
-
SHA512
77c7bd7ec44ebf81972eb000f3dce38991548d04d3c74423fbddecab1a42ee233319e12b53230bbeb366052669da2b6480c0b8d170969b8cba01a70ac4d64308
-
SSDEEP
196608:CmdJifUPeu1S18Hm9Oh3G5lV7ejQAQ1n6AA+tQ4IgIKl6iUobxJBOobxJ2L:tdJioMgV0l9ejQAQNA4ZINKgGZJOL
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
ibuger.jiedu1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
ibuger.jiedu:remote1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ibuger.jiedu/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/ibuger.jiedu/databases/bugly_db_-journalFilesize
52KB
MD529cf078fcb28a7551afe80f2f88df911
SHA172cde2579a7d345df0e21ddcea7bf044066ea14e
SHA2561cdaaab4fe418a08027f0413c503ea4588d158e7ddcfdf6d6665d38e961453e8
SHA5127bbd4b7695d7f6bd686504d0a2c111e772e18d52b9eb6622399143b7e551704e4ed88e0eda5d0df9bc9f5c3141db06874a070311bdbcb73cb10254b3e1bff49e
-
/data/data/ibuger.jiedu/databases/bugly_db_-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/ibuger.jiedu/databases/bugly_db_-walFilesize
48KB
MD529205c112e0628acea0f33e8f88e74bc
SHA15d8975eb3d52532305867fc86624dd4c03156072
SHA2561fca50c3109664e3b4f2874787b2fda1c9304d3da9229f6db66e65ef113661f4
SHA5122b1deebf31819f278e0cba1799bdfe7a266ba956a82036e571ab2ecdf5eca7993161ae7624f137f4b560160219ccd8f2d759e5bcc6863801e1efe690248a1802
-
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.dbFilesize
64KB
MD5c3a7606944e79690f33e9455c9160fdf
SHA16b4e98827e5d142b9d8aae143aeb5dc7582b0075
SHA256a3a2695316153067cdd0f9290bab5558b16855684357a15e5f8ce98a081e8b19
SHA5122701ba19564a6d7dfba149725a592dbc79099b27a201a699388524e45196d060ee597040045431f3ec67c0dc5307d5d2410efe5888a41a9a787bfadcea1a152b
-
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-journalFilesize
32KB
MD5e68170355ac2cd07800d3da694c16192
SHA10bcc0481d76413876efe2f58cfc1b86cde9aa5e6
SHA25604435b11c979782e3bdc00afcc83ca039cc801dd8d673bbf5df200638516e113
SHA512c37f35f94c8747ea90339bc945f9f51f058a20fc93efae9087662a1fb04ee1e51d07f74ae529a75b0ad6e90a5e4256546b369cb0461110e5c5af6ba9ecd429b0
-
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-walFilesize
52KB
MD545de6a75ecbbb962e59da2b25d311c42
SHA116a1d54604f4da4db2ba0cbfdf0ed0f7233020f7
SHA2560730085b6aa6c4752b05ed3eba4bcb10d6ab530ca9a01b4634aba29c81d44ccd
SHA51271d73dfdfbed2485aa0c2e09bbac3903992beb5669606889a977b83d75ef953e243c223977d4aa36af52ce33c37734af14e77029084f744ad76a0ad000e005b2
-
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-walFilesize
56KB
MD5a22c5b00fa1997ac5e7ffbddaa87aabf
SHA199bac4d06de88b0d2de4a8dc32925ff87e8eae1e
SHA256a829182eb6766cac9a68cf2895c17f3b2b66f1333f690604b2f17fea770a2749
SHA51216e2233596db603106e8ba149956b7adeda03b0829b558f3c563d4375c51c9ab54277f13a85bcaea6385211034d60a8914c6f79b6b1e95db68fd6d9578d19db3
-
/data/data/ibuger.jiedu/databases/tencent_analysis.dbFilesize
4KB
MD50140ada85e6240ceae304239bf0367a1
SHA14b4ff52752b8e00c74601097519dc547d6264c1f
SHA2563008b0d9a1b310e4c23738d6ad781e368f725bbb2bff13860f94c8e429164662
SHA51275538bdbce5a67cf49f3d8c291edd21a088137e420952a1488c93121127517469b21b14881a6bf636964172f7f0d475891217758ccce51f30c3089c9c19ab4ff
-
/data/data/ibuger.jiedu/databases/tencent_analysis.db-shmFilesize
40KB
MD5de873698010f21758ed4996bfcf474f8
SHA1ed55de1cfe82d42300db29c3416640161f73a589
SHA2566e6a9679f159fd91de3dfc02767163a516b69287f307fec6670c963376479171
SHA512e1acf50e8d87485d8e15f71e46c444fbd2fd0d773f5413a04d153e83392c510954571e61b8ee5036f8d1a2a66b4e0a65589b16fe0e24260933acdd9976a5b0d7
-
/data/data/ibuger.jiedu/databases/tencent_analysis.db-walFilesize
60KB
MD5c8995e7d71845a99e65e19bb8da39886
SHA15b2aa396d3c002ccdff1215e27ab0f0df65aceb6
SHA2562bd1d5fa4d77416e0551cab65d7e9aa81df58ff484eccad454935e9bab79f0fe
SHA51275248bba0ee202f70c887153d3a1b5fe1cb11a52bc5cd416f7b5bd93572efd4e9f1b56e41b98858cd31617d4f20dc8f3b02f870a3213d4a11dc268cd05af4d27
-
/storage/emulated/0/Mob/.dkFilesize
107B
MD57f9acef2e0c33c4617cd4ee06284e4bb
SHA12453af7ca8877a39e096ec505ccf50a2787ecda5
SHA256ad0077b88c224a311f502b87ec4dcf2a9c4dc237149ccc16430ec8bf6c425c43
SHA5123fe8210eee78c068aa972b3dd77051fec0b8884896286ced6961a02e0750620fe821cd1b737e654d52c1d95caa4cb1247b52f4d2bce25b870c1af6a9db35476a
-
/storage/emulated/0/Mob/comm/dbs/.duidFilesize
496B
MD59d04152329e2c4dee2412a6b10cd1812
SHA10cfc9be710fbc25726a108eaf786829ea0a1a824
SHA256050d9e1a693d8e8804c896c84c209c8b48812de7faffbe8c27b1b77b3b2b0558
SHA512918c9c12f43f523fb034d08cc6c8c3603cbbe76b038dfa7ba775bac4da4afecacd816ce7e55d3644532c27ca8f4299a5cba3a3152943c2523cb3ef3a96a8d411