Analysis
-
max time kernel
176s -
max time network
166s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
23-05-2024 23:19
General
-
Target
6c9b646b54a5b612055189227a759e9d_JaffaCakes118.apk
-
Size
1.7MB
-
MD5
6c9b646b54a5b612055189227a759e9d
-
SHA1
e0ef3920bd798026efdec8b55a6d2dd846702674
-
SHA256
5eab1cd67c8c9972310dff288b66c1b684226269a9fdb69ae6f0529194a8c3ab
-
SHA512
0c53afab53cacaa7b1050f5951e58cf1442716ac10535a3f2b91e11f6979855c79ae45710a82175e94bdb2c50b40b2d388e5c1b23fa9bf905b12d4d3087f963a
-
SSDEEP
24576:8ECdwvTkQlO4u1ZpDwKS65cJ6FRUD3Ju0x5sIiiXAAPOPnQ+lpfbpI0sze5aJBrd:8WTRlgU67PU9uUzcHi08/JBrhSUrt
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes
-
com.game.mariorun.gdb1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=60 --oat-fd=61 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
com.snowfish.a.a.bg1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.game.mariorun.gdb/files/durationFilesize
12B
MD551c00bec9ff7ff8491a1f8fa55a3d51c
SHA13619ac9ad1f4710cb06fe543aab9c6d88bf6a76c
SHA256a193991dce2334a9e0b722a843ea8e1da2e71450f12a47f622792cf166fef84e
SHA51275cca08ac1d180a87361a48b0ee9e759c9f491c82a6b8ca200da9a19c888a72fae4214fa25607a790090832c6b8d99381d3c4ef4b532b01d3e42f2a4865b3099
-
/data/data/com.game.mariorun.gdb/files/durationFilesize
12B
MD5531c745342b8316e58a626f8dca0687c
SHA18efc12e4894e11e53a351868f285bb7cb76642e4
SHA256de633949b79f69a8cadc38bd0fd0202a62416c9e5db9f8492eb4a5135e098000
SHA5129095fb1321b2d23fca4b1cf83e61c7c3de490eb1b0e6b46beecb05bec2c2b4cdf9f4930f305e762b36fab99b94bff1629d373b2b1dad2501d5bda7fa160649db
-
/data/data/com.game.mariorun.gdb/files/durationFilesize
12B
MD5f06d8bc39f65bc3fd753d4eaf4b18e0c
SHA1dc40df8f3733cdfd71a9a02c0a37f9da099cae7b
SHA2567021d986efc645f78d8e3cfe2687d5e38cf4fcf7c72e78e1347a64f6d929af8e
SHA51297d992b3efae14dfb9d4d78390655ab2cdcb44081122ce0fc55a2e6ce404302fc3dc9a544ff90e115bcd71e5fe51741c352de7d479b1ef99e5165846b09b20f8
-
/data/data/com.game.mariorun.gdb/files/durationFilesize
12B
MD5260c9f819395bc4c3fab8325612cbd20
SHA104ba3f28732f8f58b5fe3b97ab46df1d2df736db
SHA25627387ddee1dacee015f3fd229e01f4c40e4e48e0358f1386a53935de0d9d7ad8
SHA512fffe93866c6f53cd2368b9a9616ee0592fc144ec774a82922c64866bfee5a58b0cae62ff96aa3cc8610f248eb6ab615e6d2a9300b64dbc3d76f8b78b225ec6a8
-
/data/data/com.game.mariorun.gdb/files/durationFilesize
12B
MD582b07429f6e6d0e1df636c212b943fb3
SHA1ba3db634ffcdbfa2bb92abec184b873bb7f3012c
SHA256405c4ef19a13da212abb6f66a99b3d576d8407a551bb0e43cfdb7e947a19d570
SHA512b7bf604c6f6e6b52bff309ef02b652f7851e4bbb3196479a59dd78bff86011fa7b9c4d4cc58a0ba1288ef07ee2cb853f1efb7197b058174630adb8463d3f5f93
-
/data/data/com.game.mariorun.gdb/files/durationFilesize
12B
MD5e878ac61e5b3586d1422211d2330c544
SHA1f44268973e8c048b6ea647e9dd6d1f6fbf241a58
SHA2568ff8ba5ef981067e7f8712a4edc72d16accd45ac7cf243cef7809097be3bdcac
SHA512801b9593c130ea579bc9680cf34a9db0adbb8d112a2be14f02238f285f1bf090b8cbe728f3fdb3981f7f6cd68beac14abb1e76585d484d6a32786bc63a520e38
-
/data/data/com.game.mariorun.gdb/files/st_database.dbFilesize
28KB
MD59a5e39c6fe173551b85120706bd0824e
SHA1781954a9a86529ce91085a20a7e80b69772f40ac
SHA256c753d3fba071dbc34e88b3c10347e12f98fae449ac618037beb8ed17b02b5a2a
SHA512a369c7c2d11987617d96a83238f3b7eb55b2de9693e575665fdd86423b065b35b9cd8e120e91e8c42bc85177fdc24420326b1a3f965e379aada5a5a1e73e4715
-
/data/data/com.game.mariorun.gdb/files/st_database.db-journalFilesize
512B
MD575f167611be473253c53beaaa9577741
SHA169abf570b920bf8e9259eba2647dc83ca28a8205
SHA256f53af6e9fd14059515b52794e3ce36c162b40b4f20d88846fcd3e36510111f5e
SHA5125107f49f3276fde491d74755b094ef89b837ec42ede8f635991193fe9941b7d2dd4db01f0da42e4db394b4dab8f9bb161282b4d80f2b1708127c630e10a8880d
-
/data/data/com.game.mariorun.gdb/files/st_database.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.game.mariorun.gdb/files/st_database.db-walFilesize
48KB
MD5e6fa87110b8c64933625ef90bbfb4bc0
SHA1acdbce7c85268cc696f91a20c78273ec313dcacc
SHA256f2720214be12304efaa4feaaad23db68a2b10580e1fc94fe340c79dc1585f014
SHA5126d91b123ec2811e6c12e4bde3a5c6066636408dee83ab74b41c746098bf6a5b308b156c9594c4231ba126289b4514e4ddb369dd333c65f13519220a6a5f4bbdb
-
/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44Filesize
143B
MD5e037d4ce0568e6c13f3d7e37921841e1
SHA109843567b66e86d66e877dcb63297f7589a6cdac
SHA2565d40dcb039e9c21e2c8e935108c3d198c3d54eef7f85c50a57306ac6f4dc6063
SHA512e3c81d7a1996831934724b68a3e324896e655812519f4a28c0222e44eeffd880c04ef41a3ae5d42e5cd820b772b4b4569d4132a03984f62eacc88816dad1e288
-
/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66Filesize
100B
MD5f338362105d2a1aa72103e225392200b
SHA19f3cac28fa8cda9b882e41d1face166b32e3e520
SHA256f0c6dad1d1276b20003734979a1c3668e8c2d752339c04faa21e88033e292900
SHA512b85566997a25a342307e13bc1c930ea170cb960f7c984f9fd13e12e5a9227599e406367892b6c9d6509786e4b0593f79df12797ff92148cf4f874c4e9cec0b4f
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
317B
MD5c49b6e9eee29f8b441fbc6c30bf40413
SHA12196cc76d6f2c1482d328ae193ad7b7086eb7647
SHA2569533b479cb40b47b57e3eeb066ca43de047d458439ce21f864554be8a541621b
SHA5125af76d602fb70fe2fb4dcd2b7ce65862b494d22c82273c4d23387eb9bf114371af989ec7733655a8917a06e404fb346bbd9372377bfac710bad5625a01241aef
-
/storage/emulated/0/Sonnenblume/docs/com.game.mariorun.gdb/user.datFilesize
353B
MD5e9331084573ef42d71f365187d816f1c
SHA11bd9b796443b9fc1962db4282ec81b30a3f305bb
SHA256edce0d630cb9b41c53aece1d20b48a040ce6782c13f690ebd930ca92055b458f
SHA51242cfeb20976b66cc9d031c8c32f3f5fce53b55479374eb001f97a6a176d630ace9bfa6d9a7b2f05eff7ba9fc155b5bc353f1e049790c334f7b39b324e9d2575f
-
/storage/emulated/0/Sonnenblume/res.apkFilesize
318KB
MD545dfafb3070b93ccb854317c3792125b
SHA135330872d79f8e28cc08890dd74002f3b4b5434a
SHA256503dc83a3c3afaeb9c953659cb4197fda84ef02d874c77ed3f7cd8aac456cc4e
SHA512b703c48a1b3d13df831e5b08def010029fd3004cf923edc820578875070417e37155011fef7793698868a18798b8de969e2f05417d542762c72f96d7ef1d6c4f
-
/storage/emulated/0/Sonnenblume/res.apkFilesize
318KB
MD5bf52072e2f0567e9c66770a71b1bac2d
SHA1d10703c39a0a5cf2cb7fef353f8feafe3cf58761
SHA2563f1c322d7e971578c018e468129e5eee4a174a9e7ce8cfd9b8526eda04fa228b
SHA51264e9d087201f8c4b162f95fb39ff8f15295ae3b058afc6c9519529759f544720db7cf49c60959346f9f51eaa113443f36777c252c22ce51e9eafeec5333d5023
-
/storage/emulated/0/Sonnenblume/res.apk.uFilesize
146KB
MD5519b8818baa546b8451ced4ef2097071
SHA12b7484bf05b8b6b3f87da71507ca7784bf32f9ec
SHA2566049b177ed91c397f8c8866d3f668c9726b5dc47f2a508b305e079c1c6e5f724
SHA512c2a0b39265b61e3d51867555d90d6b5bad82c17a4f0fad8d26eaf8f1af15b6ae088085a1e0d4df24f5ec344ae194ecb9347609a10de72216c910ee2704729e21