b4bdef95ba6ca5d7108dbe4f8e37c13232380714b045666a9563d015cae3ea30

Analysis

max time kernel
179s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a834fa8cdb86a88794aff04c4e61486_JaffaCakes118.apk
Size

11.7MB
MD5

6a834fa8cdb86a88794aff04c4e61486
SHA1

2c621eb94fa5959b43d66af1de46b7518ea6e254
SHA256

b4bdef95ba6ca5d7108dbe4f8e37c13232380714b045666a9563d015cae3ea30
SHA512

0732c0dc0502feb7300ae0f4f26c5fe58a34492c9f12569b7e1ec3250b2ebf5fb887e85ea6ba483245aa82e4555e1f0137a7baf6c2dd63c582a6d40535eed001
SSDEEP

196608:RTu638ZsM7PV3NoxRyuTgAd34LAO52oYSRSk06PWi42FPNZsqP1q8918PHQhy/Ai:V3YZyxRrX34MO52oMbqtlgqP1Awmd

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.play.tbgamechess

description ioc process

File opened for read /proc/cpuinfo com.play.tbgamechess
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.play.tbgamechess

ioc process

/system/bin/qemu-props com.play.tbgamechess
/system/lib/libc_malloc_debug_qemu.so com.play.tbgamechess
/sys/qemu_trace com.play.tbgamechess
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.play.tbgamechesscom.play.tbgamechess:pushcore

description ioc process

File opened for read /proc/meminfo com.play.tbgamechess
File opened for read /proc/meminfo com.play.tbgamechess:pushcore

description	ioc	process
File opened for read	/proc/cpuinfo	com.play.tbgamechess

ioc	process
/system/bin/qemu-props	com.play.tbgamechess
/system/lib/libc_malloc_debug_qemu.so	com.play.tbgamechess
/sys/qemu_trace	com.play.tbgamechess

description	ioc	process
File opened for read	/proc/meminfo	com.play.tbgamechess
File opened for read	/proc/meminfo	com.play.tbgamechess:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.play.tbgamechesscom.play.tbgamechess:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.play.tbgamechess
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.play.tbgamechess:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.play.tbgamechess

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.play.tbgamechess
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

T1533

Processes:

com.play.tbgamechess

description ioc process

URI accessed for read content://media/external/images/media com.play.tbgamechess
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.play.tbgamechess:pushcore

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.play.tbgamechess:pushcore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.play.tbgamechess

description	ioc	process
URI accessed for read	content://media/external/images/media	com.play.tbgamechess

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.play.tbgamechess:pushcore

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	114.114.114.114
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	114.114.114.114
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	223.6.6.6
Destination IP	223.6.6.6
Destination IP	1.0.0.1
Destination IP	223.6.6.6
Destination IP	114.114.114.114
Destination IP	1.0.0.1
Destination IP	114.114.114.114
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	114.114.114.114
Destination IP	223.6.6.6
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	9.9.9.9
Destination IP	114.114.114.114
Destination IP	9.9.9.9
Destination IP	223.6.6.6
Destination IP	9.9.9.9
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	1.0.0.1
Destination IP	223.6.6.6
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	223.6.6.6
Destination IP	114.114.114.114
Destination IP	1.0.0.1
Destination IP	9.9.9.9
Destination IP	223.6.6.6
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	9.9.9.9
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	223.6.6.6
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	114.114.114.114
Destination IP	223.6.6.6

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.play.tbgamechesscom.play.tbgamechess:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.play.tbgamechess
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.play.tbgamechess:pushcore

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.play.tbgamechess:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.play.tbgamechess:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.play.tbgamechess:pushcore

com.play.tbgamechess
1⤵
- Checks CPU information
- Checks known Qemu files.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Reads the content of photos stored on the user's device.
- Checks if the internet connection is available
PID:4305

com.play.tbgamechess:pushcore
1⤵
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4359

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.play.tbgamechess/databases/jsb.sqlite
Filesize
20KB

MD5
4ac8d1f59512c4a348c3caa7fb4d980a

SHA1
82ef4b6c71edec1fcf78a31250861c06e75f02fd

SHA256
51665c58c1158d1f2e70035f07b4d53a1c54b1cdb2f4fed5db6f09818c5715c4

SHA512
ee53a44d67f1d7d81ac688c6b3465bc971eb96b6c7a71acaae6872c3498a503fac3f332d46a2fdecd1867f6824c4640a41048c956c84f12211d366d0ca09aae7

Download Submit
/data/data/com.play.tbgamechess/databases/jsb.sqlite-journal
Filesize
512B

MD5
56ed0a97be5f4b689b091241685120c4

SHA1
7d5fe0925be77cb6fa1d555d3e4724c8248c7809

SHA256
1804168c7b45e7f8e112bfdc786563d60df6da25832bcbdf95f68dbb1d0e59cf

SHA512
954a9151e49dce0ce1352568b405fbf56b9098c4b66f57fe05ad2f32d071bac5deb72afe0b5e18656701888aea2945cd55444472f2afa5c092488508f556dcf8

Download Submit
/data/data/com.play.tbgamechess/databases/jsb.sqlite-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.play.tbgamechess/databases/jsb.sqlite-wal
Filesize
48KB

MD5
5e6a531693158a45bc44e922d3085c6d

SHA1
7e992a21a07ab4bf1bd74d63f5ebe0ab7fb67b98

SHA256
53eec59945a0a10446750eabccc6241709c19e28c2c1b533f69be56c73bae74d

SHA512
015a4688523f7fe6c7dd4eff5e08bc526617caadd4f3df99b848d39adf13c333274039cb4ea41068a7f22681c1e03e8e69c945fbc86467924d682b70dc715d12

Download Submit
/data/data/com.play.tbgamechess/files/jpush_stat_history/active_user/nowrap/9db3cb42-3792-43e2-9280-c29621f9b5e9
Filesize
159B

MD5
01557f43a5c29d8b173caeedfd52314d

SHA1
7557ce2f2161a7627397dafdde3fc86487f8dbe8

SHA256
7fa038fa45889b299755121291aac4f1de0fcdad6c4153f317320c83c758a988

SHA512
5f69f4f0cff1f8466ccc3464868c7fb1c0ddb68f635feb2b236a774d2833ba19dc47493f92959c6a832424f83cbc1f8b35e2f1e4861244f66cbcfb09ff618219

Download Submit
/data/data/com.play.tbgamechess/files/jpush_stat_history_pushcore/normal/nowrap/45e4c8ba-533a-4c6e-a74f-362a1fc471c4
Filesize
202B

MD5
430a6d09c0a873b5eb2b560162ac9409

SHA1
f8f2e9b9a49ecde1190f4e181aa22df686625672

SHA256
5c9980a3b591de63ab60a11bf2719eec9cd1f69a08f8a4e32e58d3161044c15d

SHA512
dec860318cb474e00cc98348dcdbf16970affd5c958133a74ab507525c3a937b856d9899071d3808ce442b3cc4f0b7211eb460ed486da2b9b18982ffe7acc51b

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
803d75802d5a6b106e027a92841f5399

SHA1
d3da21eaedb10b2a178d169cb26561bc3488fb35

SHA256
0021521dedbef7c9a2f31946354442a12675ae2fc2ee17bf38686d1e9c3e533a

SHA512
9f424b5fae11d36b459ff77b850f3ff243eeaae6c6e9020309fa1ba6adc624732c288181d761ddf28f8129eb45ba98eb0f7dd7fb10393eced1de8c563eae8d12

Download Submit