Analysis
-
max time kernel
177s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
23-05-2024 03:52
General
-
Target
69a5ccb7408ab06eabb871d0c9112f50_JaffaCakes118.apk
-
Size
30.2MB
-
MD5
69a5ccb7408ab06eabb871d0c9112f50
-
SHA1
bbbed63d3f952cbe8dc09f1c16e94cab513f29bd
-
SHA256
3464cbada41c6c9e0d01a7de68806cff27fec5c76bea37e40f99e1a1da6c04ee
-
SHA512
f2b7c2349c06c17038247c5f889a86166a3ee567e02e37c831b418714b20bfcb417c788cacfea2e84aa76335c3df94a1e2d688ca784976e179ecae7b414d4e82
-
SSDEEP
786432:LnqvZtSJyM6sdsMXhK/VbcWK/VpprEy2VryPKRZakxQrLdV:LnqRtSt6WvRK/xrK/bp6VrxaHdV
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
cn.edsmall.eds1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
getprop ro.miui.ui.version.name2⤵
-
getprop ro.build.version.opporom2⤵
-
getprop ro.build.version.emui2⤵
-
getprop ro.vivo.os.version2⤵
-
getprop ro.smartisan.version2⤵
-
getprop ro.build.display.id2⤵
-
cn.edsmall.eds:pushcore1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
getprop ro.miui.ui.version.name2⤵
-
getprop ro.build.version.opporom2⤵
-
getprop ro.build.version.emui2⤵
-
getprop ro.vivo.os.version2⤵
-
getprop ro.smartisan.version2⤵
-
getprop ro.build.display.id2⤵
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.edsmall.eds/cache/_KStore_/cache_http_api/journal.tmpFilesize
31B
MD5fa79244c9fe70f6cc813c4bece0d1bd2
SHA1becc80a0d952cd02e9ab07408136498dbc82774b
SHA256aafeabed5f0062912cd9016f90617308e1d8e320f09ac7dd65383498dc868371
SHA512049bff76881d28a757bb8a573d9bd75ad15b6a93e9ece52b90cf29b433aba855bd6b0c39b5dd56bd86abeeae13654aa58c29f9e9483ace0963dbe5c7c8f05a55
-
/data/data/cn.edsmall.eds/cache/_KStore_/cache_http_image/journal.tmpFilesize
930B
MD53797c37103ad34451a5cebb63a00ba70
SHA1c48d5ba827607c191366d8044a64309f7506d840
SHA256d86fe434c2c96ada2eb89c59e48554cee51a6a959be22ac35aeb4bab51f2c3e6
SHA5124dd1842502d93d3ca0256c497bbcaf295f6cba26d50295afefb3f7f304e00c95539d16d120e37a891f1c9b5bc7f0f2ad1e0191e369c9f32cd473f575173efa2f
-
/data/data/cn.edsmall.eds/files/__local_ap_info_cache.jsonFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
/data/data/cn.edsmall.eds/files/__local_last_session.jsonFilesize
32KB
MD5fd0451b13b762fddc1627ef4a11b6552
SHA1f9b4da41ff7212137c2a95e4f019eab54d3af44a
SHA25689d28b28e04dbbe7f8138b37d24d8b0327bfe84b46dc4387765823c943339072
SHA512fbefb7147028d5d9b5b9111d534d9c8f000366eb71e82e23e4693d1903898be57df8d49c6e45b8b1139ac155dbc9a2c90277146475e91816d2b961d4cefa586f
-
/data/data/cn.edsmall.eds/files/__local_last_session.jsonFilesize
101B
MD523d20168bf7ddb9df2c9e9abb5636d7d
SHA19da3ed1497523160aa7de7afa42afb389839c92a
SHA2562b84f5616a5c87da09fec338296cab9c0165a0f79b52e93a60aca380fb0a7d67
SHA5123a2c8cf4eec9cc6b387c30d27a5dc4f6265ebb395f3a1244cfcd82b53e79455a0531e12233abfeea02cdf41dc474d5d751947b328aaff1c0298af21b08474f37
-
/data/data/cn.edsmall.eds/files/__local_last_session.jsonFilesize
187B
MD5328ae05f8e0fce01e846c411574c32fe
SHA178709f7788158a00138b1af7fceec94fb9b91949
SHA256763a4da919d34007603ceb245658065e08d97614e9931df3b3aa271dad8dab40
SHA512644e58f9526406d8190e9b38f36ca94c5b7f3e156686e721634bffb87181e06e368e8930d1e84f3657d2d0eac47c5c283939af5c73c29d4b457b1c5d40d8e67f
-
/data/data/cn.edsmall.eds/files/__local_last_session.jsonFilesize
245B
MD50b1d0b4c418bd3a209b65cc3560ea9a2
SHA1a85a0b8ef22bb82a07ad43efa7ce4603c2e0c5c9
SHA2564ba68a3d8d28e93bb8d7be3d00ecb540f3d69dd1fda01612f22afc03b9eea56b
SHA5126206f785aa080cd46c7ba940509877ec7df39321513faac4dfd6c733b49f3119b8acccfe12a0d7e3ba9706c48f0b63a6a11bed577dbecf70e52de05e0a56bb5e
-
/data/data/cn.edsmall.eds/files/__local_stat_cache.jsonFilesize
695B
MD5c296eca656fb5ab989c00c31fa9219ff
SHA12b7abea15809ebd92dd287424639df23f66677dd
SHA256e4bbe22d2a733f5aab4ef8134149e3910bf2774ab356b47293235d67d816e47a
SHA51278213e1ce69878e257160e66be64eb4cf0cf178aa60e0345298b8f56ebb4ec1907ac4102313e50496b14b32005a992320f3b71081e49460d1856b32859715b48
-
/data/data/cn.edsmall.eds/files/__send_data_1716436408801Filesize
883B
MD59716726acba35c39925673bf12fb59d8
SHA1da5cc202e8b679f2368720f40d9619a837f86464
SHA25650561c9c4bde1eaae7681372051444c73b3c52025abc5f97ba26cc65746a7bb8
SHA51227403a037983c6c39401c37a6a92ed58c724bda3410a5a665079749fb0d115329ceab18d0774f4f194e3aa3f3e816a7073e83b32015482c7145b69bcba22106a
-
/data/data/cn.edsmall.eds/files/jpush_stat_cache.jsonFilesize
138B
MD58f4ad126bbf41794ebe425d13eb46c17
SHA131d0265e36484271cf50e873013fef63362adc32
SHA256e1c9bde964f164002a9797f2c811a070bc3bd456cf92f0a2c86cdb3a8fc09ee9
SHA51278b59e510e3c93946f019f85e2fc252a97aa9ac7c4a9fb04ab2e3fe7452ec9c99f7b23ccae9d3826a52dcfb9169b00dc1ad76dfac5bd316b86f7a9a720f323d2
-
/data/data/cn.edsmall.eds/files/libcuid.soFilesize
129B
MD5ab541e24f2789a55d7d1c654eecaf218
SHA1dc8ab62cbc0e848387cc180f80f720a30bd7416e
SHA256f778e73249541f99d388fee9e6e143d817808adf01392345ae5bc10161ae7060
SHA512a2fc2d12f9de95bcdf5544e13fce9cb73af8e6d018e8dd73f3449d5703b393a24a7cb190c78ffba41b0e022121bbb574b3dafa935bb6327baea91d59b4b8c2db
-
/data/data/cn.edsmall.eds/files/pushcore__local_stat_cache.jsonFilesize
739B
MD525c022dd17418b6f02bcf968d2736ada
SHA142d0e158d64fef431c5aa268ab69c080a1c26c98
SHA256a4eb4e729e1de916de70de241a13b5694f8dd1943d10cc73c191ac3578e4b5e1
SHA512566a17295f6b5ee7798d39516f5be6df76235265fadd951cf820bed60c1f4d61797913f56343f376b1434775a4525394ebce6c1018f35729b76f3f49e79b4a2a
-
/storage/emulated/0/backups/.SystemConfig/.cuid2Filesize
129B
MD5010513c1ded74255a5ec9ff6e3a50f30
SHA14d4e39c9d5e1e48fdbd12dac4d45104840ac0429
SHA25673b79c96e36733418f8b5a4ad32169c9368b77672a26c829139f678ad858bc4a
SHA512c932ca825c1af63ab32b686f85c4eba75cb48b1b7a5cc03f5eaf743c8913d30ab34d4bb0006b32a6a53b90ac7e7a2bbdfd84f0127aedfc7e55fb8b3b3f93b7c0
-
/storage/emulated/0/backups/system/.confdFilesize
28KB
MD5e5e2e75073f6d052c8214535915b2fc0
SHA120a8b71bb9023fe147ef952728265f3927ba5d30
SHA256f756d1015770d17274bf6aacf1746520ae2c19cedba2eb4cf3fc2982275caa77
SHA512f176d00f354ea4a3b08bd6785135bfc3806c42ec5b3698e558473d5b6447306339cb4f1b3d8598c407f8934c5079862b80313af208177fa3db7229648784d40c
-
/storage/emulated/0/backups/system/.confdFilesize
24KB
MD5d077cbbd645a178cc234ee1ff98f49ee
SHA158154f05b884de15a2109792db25f87934b93930
SHA25604936c187ae33e2f2fd3ae949841742c28cd79669835f11bf2c3b9109e0c34fc
SHA512adb40e25fb33d1c5d58dc3ad4377da63c913a4b71af8189d2565063cb93cb07cd49f10e2e6c360f387221a91e9980b01076935f5fea5785825b2720fb4c03ae4
-
/storage/emulated/0/backups/system/.confdFilesize
24KB
MD5cb1d82d8dd98dabf1f07813d30a714cc
SHA10532d5601f3a51d9bdfa9e68d0b1b25bc9b3e9e0
SHA25694c2ed408f9f8613104f7ecbf615892dfa9921434b5c36aa19bbf37ae72812ba
SHA51283eba81aa966043a6326a83b86f13a712ceb33d2f1ed76573a0628c4267503384ea33d9016b67c4df18d34ddc463aa0e0b55b92cfd142785cf2666e45e4cb77e
-
/storage/emulated/0/backups/system/.confdFilesize
24KB
MD51cb4cc8c7f4d7b6e62ab068d4bb0f3e1
SHA1a51845b1675db5587115d940b1f506143f641586
SHA256e127dd905c0346fc2a37683e4ff606122dd1ed3fd55f4819aeae9bdfc1568311
SHA5127ae81291fccc05201e8cb9c70ba279d42dace2be89a225b0a3b913b58a7968e6f231a7b0004478372ef9f392d08efb9e63146d85a88c96a3fe4e08ff2e1dfd76
-
/storage/emulated/0/backups/system/.confd-journalFilesize
8KB
MD55b0e037947f8daea8b12be125ec83655
SHA1c59400a3fdf88db5fcf45be1a28186341d3f0cc1
SHA256e8575e8e4cc7c09127cbad59dcc11899816879e8d2fed33fb45e2afccaa37430
SHA51202634b70ec8f37c6cdb84e11dea55d688fe2b4e7f5e2425c0002cdaca8689faafc644d1f92a4cf5a98ef3f1e8082276a371cd91c5c14acc35edd70fa05daf6c4
-
/storage/emulated/0/backups/system/.confd-shmFilesize
32KB
MD58e6d5920f050df5832cc9e197801f730
SHA1db75edac7154951577b2a5ef44aff2183bd62c25
SHA2569bcc1fef6c3aca3f125179d8f0e22f75f8f9631a8d8a9e267be4f28ca58ea411
SHA51255a89ddec69ac3bd25f6936cd45151435c4aefbb89c61ad9d50894e80d56fb6672d84d7f87e7feb8774aadbd6adcdb80a9448f94b7e52db2195e85caffd17d8a
-
/storage/emulated/0/backups/system/.confd-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/storage/emulated/0/backups/system/.confd-walFilesize
36KB
MD5cf23d0658e6d83642b07618b5db22920
SHA1065595a024bd8787b6907c0ce2ee1ea0c0821b05
SHA256763dea88f0d678a9a0a8effb87b323a3a122494e85e1df5f0338e931d9375293
SHA512ceff12f7a17d42f9fe28c8ac19cd13c56cfb6aaf7da6f0ee24ae32b288acc22787c57ede829ab5cb1f62b49ac2e32634cb4373cb9222874008706d55bf9027d4
-
/storage/emulated/0/backups/system/.confd-walFilesize
32KB
MD5ac167c42bee1522cde070ea3698392fb
SHA1361feb46f7943f5e4610ab048ec9043eda976889
SHA256fd73e7f24c10ed985edae629a528fb219a4341987f0378590427753b8a29be3a
SHA512c151c8a9f19277d8aef10ea4a166fed98294418602e1f3c66005e78bc0b5e8aef9838543940c3178a2eb2f02911590572a7bd6765a1110c5e4f7be8abccd4dee
-
/storage/emulated/0/backups/system/.confd-walFilesize
8KB
MD5d2bccd8a836ea4933b8db3b0301a97d3
SHA17a399428e76acadb5a9aef7ca8c0130e7ad073f2
SHA256314ecb220ab78e7cfae6a89d95a77cb3db2b5a753cc839e08cce0cf0a8d73aa2
SHA512d38e231755bd38264b2d2f6d1138cb1e3ba0a8a05a85e3f90b3c7ee0f62720d4b207569c0e2e47486c7a8a94221fa21ab56be0ce91528e87d3564fa153cd7192
-
/storage/emulated/0/backups/system/.confd-walFilesize
8KB
MD5b2b0b4bcfddf9ecc593572b55d27f827
SHA165d18810e87f4d89c9de2c22f1b61e39cf3e065a
SHA25610f9d065492baada7051f235a27bf1c099f9b6c538b18fdc38a1630011ffc1ae
SHA512ed208a4546a23e5d59bba26ac72625737bfed07b206236b8959f78393f973c4980f0bb2b7b1e2d0a18c8fb40f704b51b0aa09bf0c66bfd53c56e593cb252603c
-
/storage/emulated/0/backups/system/.confd-walFilesize
12KB
MD57bff138bd21daa77ba2730dd9f561508
SHA1d074d2af83c8bd10a484841f0dbd29671aea7af9
SHA2562355d42073b463bc77ef6bd2cd2ce7467620a95fcd36c4f2614b5bc59c9aaef3
SHA512c89a4ecbde51772b4507ee0fe2d55ebeb8f43c96465844ae6325ce3b6676831235c1dfef144ebf10577cc9c0cce8f81ca6bb8fbc39a694d6c6e58081c1ce0833
-
/storage/emulated/0/backups/system/.confd-walFilesize
20KB
MD508b02f497bc0253afc86b4d30d8ac568
SHA1f8c6a2faadcd4ce2a39c6fc8da1379e715ba4dfe
SHA256e6a7491e6a80ddb8cd1234cba7acad9ece568a007b4186b026de6210fd7881fa
SHA5122bb5d730baacbdcfafc52f3a7b2ceb21778c1ae3ba4e3ec9bad2fd8fdd5b7f59bb55aa7fa65f012c91a40660a37b4ea3ad768dcf4efce652f858536394871609
-
/storage/emulated/0/backups/system/.confd-walFilesize
32KB
MD5c62a6979c14d14ecab07acf5ca55add9
SHA11a98b1c81ab843b441056de5856ef90e21b187db
SHA25656e23ae01d57b5e0fd50678b55fb08a81125185b3c525ef185ba36140cb81378
SHA51288d878e20012bc7e6f1ca2aaa9ad416788ee6d793b043f22324dbf0f542ccc9a875afbf55452670e885df714d2596dfadf32db86b0a422fd6e162687ed52b3c0
-
/storage/emulated/0/backups/system/.confd-walFilesize
8KB
MD5fb29f4aa33bdfff5c99acdd002ca5f65
SHA14c711682469a84cbc40169d43b4eec29dc3196dc
SHA2569867bcd383e58531ed3d1b0d6d72b51d439b41489d1dfcc5601ead55a97cd3a3
SHA512d94e31768f50f4c7a65169fc98a7f2080dd4618f3602696996d59591d5e8aa388e9b02f5f7efae6f662f8c406239e00f924d01342810cd1800495f1e0d9f96bb
-
/storage/emulated/0/backups/system/.timestampFilesize
8KB
MD5e949d304717028225046e314fd394a7a
SHA1b35ba1c79708602b978474d51a1ab0db900a862d
SHA2562776f4c686b64941e63b967b46224c06281868ee155e9650e5584ebe842e2ec8
SHA512e77db33c2737f9a807b85c1ca90084a45abfcb4a76742354fb5539ec4b289f9f52dcb06d0240f6b71fe3e47f7edd10712e4b78740022a925896d01e09f434dbb
-
/storage/emulated/0/backups/system/.timestampFilesize
55B
MD5fd95330b382809e358fb8cad0cf90357
SHA10800c5ddc5bb000a5122d7257304b35d3184cd2f
SHA2561df37b7f82e4d14b552ce12500b9a978f2955067dfc4a9309da81fd4069689a5
SHA512ddd2d4f4fc07a87338cd4cb242dc5adf9be7154c968e1a71e8f08784efeeda745a11cd8962e4eb2b72e8a566a5a7a94803db6dfdd199dce0d28dd19bea33a848
-
/storage/emulated/0/backups/system/.timestampFilesize
84B
MD51687e92a9792532c5750fa390a74163a
SHA162fa9978b3cf94554c85060b4ffa0752b2d3fd44
SHA25699ff9d227f96b0e732aca36b627ed822db361982fa7cd1f0bf7bdfa597954fda
SHA512e5c5db32b2f83208b2b17e0b4d6d149e087e3053adbdee58384f68debc27af78ac3491495c8423c7038aa177512de2d1dac22b2283da28a8dadcc06ffa7995ec
-
/storage/emulated/0/backups/system/.timestampFilesize
114B
MD5813e8c4b53cd13fea936ebe347240edb
SHA14306375d4d2bfd10344eecc0c20edba1213e3c1b
SHA256d8cb6742ac681cdb41c6b4289fad26d8555afe78db2570dc6feaafa1cbee323b
SHA5128060c7f6e1c600a9c1f908643ddab4293f5e7563b20c9135932344bb9e179f8e05ccb468a4eaa8b6cf5d69f65a69c06a4bf3c91a447d2bd52c978b25b525fcbc
-
/storage/emulated/0/backups/system/.timestampFilesize
138B
MD56e29f4b000cf9d3bf6afc517bae11f60
SHA1a2ffd6faf38783c37322c755ee12f3234d5d2cfa
SHA256b6538d97284b838219df8cbd0f63c1fe58ee3de3e8b2ee18c4ec1a63ca9b9d2d
SHA51240c95c5173d940720755854085418ade72fd93f818f81d69ded489b040837f8fa070c1b3c928155b31c8931da94a74ccc8e9e1091943614ffffdf2522f67d7bf