Analysis
-
max time kernel
179s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
23-05-2024 08:33
General
-
Target
6a5aa10d1bb1c001060b40745ec030d3_JaffaCakes118.apk
-
Size
18.9MB
-
MD5
6a5aa10d1bb1c001060b40745ec030d3
-
SHA1
44826c73c6dc795bcc7c2d3d1b0582dd8bd3fcb5
-
SHA256
3803ebef8dfa7d847caad81a7fb69ac124bf07afb904eb608374d0ae7fe97bc8
-
SHA512
69e70a255608de3bec3f74b4882da4f3f946518d6675becfd52d7bee230574f61e0a741fd2ecb0d76ff96bc650f527b1dd41336d01ba3656061d107415c2aa8b
-
SSDEEP
393216:yYfJ6URycycy69Ysy2YWH694747l75e2nycOZ6zuSMUk+qJ:+U8kYsy/5flE2nPOZQlk+qJ
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads device subscriber ID 1 TTPs 1 IoCs
Uses Android APIs to read subscriber ID (IMSI on GSM devices).
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
com.fcai88998.com68.mn1881⤵
- Checks if the Android device is rooted.
- Reads device subscriber ID
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks known Qemu files.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.fcai88998.com68.mn188:channel1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.fcai88998.com68.mn188/databases/MessageStore.dbFilesize
4KB
MD539134a96a737526fd093463646b0d73f
SHA18ea3e73ef4cb4d0819cd0d308768e42e2278f648
SHA25626d95532edb2994a8abef96b985f714163026413c5e2452517628a8064dfba1f
SHA51257fbca6fa94b7d21c7a6dcdd5bfddd6c9b489e20eb0c0886ce6d59330dea242f553685dac3134a5a0a91af46c636e80d6210c90a2b62a6a5857215a9bdc4cd41
-
/data/data/com.fcai88998.com68.mn188/databases/MessageStore.db-journalFilesize
512B
MD5c11f8e9df32a2e362275f43416a3eee8
SHA167b582b23f62dc544c5fc224c92caa6749c8615e
SHA256d2f4eb49b70b4ac3feb5e6a8bdd74b1546d273a140d701c5f5d56d5f3185079e
SHA512c6d1e54754b688f5efa3a8fd200d0f2cf1dcede7d011dcfabe798ea689a77a2b079c5e838b62dbebf0ca2b6e01428941df1b74f3d53e4728a3f72ef61839a08c
-
/data/data/com.fcai88998.com68.mn188/databases/MessageStore.db-shmFilesize
32KB
MD545d1b99640ce810324a3bdc48ffe0bbf
SHA1965d64b0a6ccd44d58c07eed646015e5df5f75aa
SHA256b50ddaa38edef84e366d3386aaa26f31eac6a5475aa67a56a7ab22d19d3a4c4d
SHA512f200f535c1371676a300dec8af1a1013943709bc7500cbf0644792e140baf4eb7ee70eef11c998be4daaee24fe8cbfde3f8294c0a0749b3a4a4526c22c0afbba
-
/data/data/com.fcai88998.com68.mn188/databases/MessageStore.db-walFilesize
64KB
MD516e8b7d00434e1c8e5d6841f27c8760f
SHA1acddcf97b2282d1b50f67b32c84a438cc20e4e2b
SHA2566c22af32f8895b860c5b438a6f8e92e568de64cdd28e86316b511e4ee981e0e3
SHA51203651fd858f1b40e14e8d3f81c17fbe9e8e8da62d1b3b3555c0b409b62d40a58273489b423639fad77ec086c2d5b8752170d9520857edfe3b82cc0e60ceef3bf
-
/data/data/com.fcai88998.com68.mn188/databases/MsgLogStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.fcai88998.com68.mn188/databases/MsgLogStore.db-journalFilesize
512B
MD59fbefd51ec02f87eee2cf7ad62d2d87f
SHA1f833a6f2b6ef25ffad12c1a05ce1b27d68991006
SHA256924893889877aa0164e757f5ecaf7c900e5e8b8093d2fd0942559a151c2a414c
SHA512dcc61b9ae604c9bfca74383666ca0b8df1bb49841bec78debb9cf3163f88f4bf37d28c4037954e679fb532aa600e89a85b26f5314e43f8680802b9ddd63f52e9
-
/data/data/com.fcai88998.com68.mn188/databases/MsgLogStore.db-shmFilesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
/data/data/com.fcai88998.com68.mn188/databases/MsgLogStore.db-walFilesize
68KB
MD553df01bcc52011c45f1c82036becf0e5
SHA1955958ab6bf73dc3a318f44da76836e21b939c45
SHA256232f32025d7faf84c002234b45fd19ae48e3b6ac91c94a53ec7d238bc507a775
SHA512fe58e857eb9d7fde613d1d7e296ecb9951c5758edd805e20ca2eda1ec9a8e7832709a22e0b3281a30cbc378cb41aa589047c599522bda2a0bee501394c3897f9
-
/data/data/com.fcai88998.com68.mn188/databases/accs.db-journalFilesize
512B
MD5b0dd8c62f437b5a6c029cc4f7cc0e501
SHA16da425236056a461babbf1b4a9c28fba8d0c68d5
SHA2569aa18d4b24139d2723b6b973505dbe3598627216513a62c068dd27194eefb2bc
SHA5126f0ecc2b947091e78df4f42357c876dde2986790e68e97b4c1114184cbd8d753f0f237862f0f729ff642c5adfbd08126a10e4121bbd0e0336ad90cf12c52c78b
-
/data/data/com.fcai88998.com68.mn188/databases/accs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.fcai88998.com68.mn188/databases/accs.db-walFilesize
32KB
MD55b79b4ccab24035e691919efde37be83
SHA1a4c38e549241ce620f82520c290b660119f77536
SHA256c16efc54a1b1676967e72ac05c360ae4ec7d2ead47b51048817bd98cc8c255f8
SHA51289775060e60759503068bc2cf80e84b9e0d85a28818ffff9a34a5de7a5459e41315f56ef6dd7b4424ed0d9f916dc037696e1995b5f2dedded0bff7ae3c9848b1
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
32KB
MD5b15b00bf90b7c93b3665eda88fbc4808
SHA15d90cbaee0798753afcad7e6555a92d2567dd02a
SHA25692882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429
SHA512cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD52f91159e775071ca92df949a107b20b5
SHA1efe3e36fc56f5e9eae3dc617b05e1f0547b076a6
SHA25696fd43568922db39a9f2fc2b708e4e89fadca0b615206c255d690d8f37ea5917
SHA512bbee71875f929341d55a68dbdba9441e1eaa67bab616632f7b351351d33ff3fc721d4b892b23ddae208b71dcd99758e8ad4bd5e917e6db7dfd5743f8e2c22be5
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD51a0909957a843e01ce2ae3eb76d02cbe
SHA1ece3a64778884d1328d0c2e4c440a3b572ac611b
SHA256395eb55814c0defcf22edce4624d88617cc367d36a5a2af85c606c4a83b9a3da
SHA512fa1f58745758a4df6913e1336117b78f84126aed18c398f4c1945a440f75604a094f2ddf0f42dc852aa42715e309bc3631a4d482b9a7624d8161eb4a27f6a057
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
48KB
MD5e205af6627b5fc128c3e761817c1d42c
SHA1b43c9c66e51f515c7372512bb92193712fb4e344
SHA256f2437c62210aa2e5fd4fcd718d0bab4434cd145294aed231dedc37a4b5b6c095
SHA512896f35fbd5e77ff536e670740220ce7c9d7c8c953a611d996f426ccd78da5461c652e0de162b652a07d077090abf45f1edef761357a08f49027f7eec7a8bb75b
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD572186759f3257baaab481bfb17958fa2
SHA12bd398ac835fa4d67c1077209b073fec950c743c
SHA2563cab9f46c72b5c36e05082b243a41989ca43a4d493b8aa2884b2da72700dcefe
SHA51204f03a6741cd945f5573548d0a3cb0e4b754b81bea1d509271591d701e3089a2ded1bd19a5c16b96663cd3137f5402e20c02a12998ad8da007eb1a8469dc16ca
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
512B
MD5667e23ac83ca1acf3d5e6981aab862e4
SHA124c5ece968c2c597fa8bcf62821a8b797e51c1ac
SHA256f33b280155be13d98faf093700555c7a155c41cf51606ab01b65dbbd01e392a9
SHA5124108d86b4628e9bab35bd601842baa7f98b7cd9ef30eb0cbd7ec500e85552e87487a8dc1c23b3793416260c3225d568e4bcfa8a3ecf2d9439d600dd5da7944c5
-
/storage/emulated/0/Android/data/.446a7aa5f882d1846062b729d9ae143aFilesize
360B
MD5d0fb6336d5c9d36a506ee5116065158c
SHA1ec53652fc8fbef850f2383efce7b79d59a364dbe
SHA256842d7cd940de7580dc59e6fecfc10d0f0c7970a9662c9076146f37c4230a4a9b
SHA51223ce8b137514478072eaa49f16781f36e883e196a2015030f09dd5bc9d0061fa0975766ffb2744cf32e65111d8a70c1e509f34e16b346d8fc830c16d3efcf9ed