Analysis
-
max time kernel
65s -
max time network
180s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
23-05-2024 10:54
General
-
Target
6ab48143125de5598a5c4d8d80092954_JaffaCakes118.apk
-
Size
2.0MB
-
MD5
6ab48143125de5598a5c4d8d80092954
-
SHA1
53c62c6a12ffb7a54b4a27a108587656b5901c06
-
SHA256
76bc03a9c2c03fd86eef6e7e562eaa18fb184daff791b59d29c69c66604a812c
-
SHA512
8ad50bff70891def71c212208f05cf1da2d2e1438a957a14f72f56998707fc1ebe57c91cc6f48ebde1cbbc60401c2c633d06befa2fbc4fccb68e6a69832b0897
-
SSDEEP
49152:D0D77lEdgMINw6QaCza7kW9u0kzH81E954Ut:o7l5Nw6Qaya7kSnkDOE954Ut
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.losg.xiaozhulaihua1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.losg.xiaozhulaihua/databases/ua.dbFilesize
24KB
MD5f5801123bb1d825cfadc2e611e07c6e8
SHA14a44908c629723aad3e914cd69be1e1657da95cf
SHA2564581a232296f5aaa6f43d6ee625d677d897d5d7096053716d57e4f586a0087e4
SHA5120c7dd822d12f49b7d35ffc0cd283bff9079364cca42d984b510402a2f8ddc9f9526476a983722dc4903056e3c341c4b419d267ca78e43c64b9d2d7a59d7346f9
-
/data/data/com.losg.xiaozhulaihua/databases/ua.dbFilesize
36KB
MD5b7036131b84bdf2b66c67fde18d62308
SHA118b1e5a358d68c846495cab5cfef7c6679659093
SHA256c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067
-
/data/data/com.losg.xiaozhulaihua/databases/ua.db-journalFilesize
8KB
MD565c3e0fb088f92cb33c632e5d88bee66
SHA1b56922ae1b5aa4d131d6c85be372fb364b849f37
SHA256f67065e5bb045c9170ae47ab191633e7a4423c28d7cc4bb097c8224810b4331d
SHA5122693d36e53b02c3a098e336398726927985d65d99a55336ef0fea6c3d8003aecf0952c45d207c37bbad49626c03aae2b69fed864009acb7c26d34866aeb19f9d
-
/data/data/com.losg.xiaozhulaihua/databases/ua.db-journalFilesize
16KB
MD58460463a506527bfc094e82bcbe2d2bb
SHA137cc68ea0ac66eec20e73f0f26a3d14bc74ce87e
SHA256dabedcba150a9f097ad887044db8fa2139e9c8f49110dac2de607050e24edd23
SHA512537d1e93ce31b0781ed2000059f1a93201472b70c92743a8d2f740d91e97a099ada57b47e7ae3c0a2e7335133b720b9f54574fe67efb368ee1f440fbfd3a785a
-
/data/data/com.losg.xiaozhulaihua/databases/ua.db-journalFilesize
512B
MD5eec6e4a15f4661f13f84b53487e5817b
SHA16f19e01dacc0da0007ec1da2ab40093c167b0b86
SHA256ba4a5f75b2f7fb44758d5c229510dd0481ecd0cda1d6cb552386bba962d01845
SHA512bc784cd07470aef04b8f9dc19d694cf51bc3396201ee02c9495848820ef5cd0ed2b918d46b3d61e6628a49fb43d7fe4c552c5d5fd16daa6aa4a56661a0fdcba2
-
/data/data/com.losg.xiaozhulaihua/databases/ua.db-journalFilesize
8KB
MD50d13c5f0a5ca97514f580b5d849b80bb
SHA18a35f8af6003d993d50fc0b3ea6f425bc349807d
SHA25632238a19a27d99cb4aaeb39cc9d77e3b72fe2e43c9e9e0e8daac97e6e0546c95
SHA512b25eec214ea57362a968db250bc035bc705d7c5025eb820077324759a13c5bd6c9c4effcab0c32f3bbb16b32d66effd35577cbb601b1e9f73548a54f98cf40a1
-
/data/data/com.losg.xiaozhulaihua/files/.envelope/a==7.5.0&&1.0.0_1716461676628_envelope.logFilesize
1KB
MD5df1aa8f10bef4eca33af1a9a83f1fa37
SHA10d5ae11699deab0447a7e9fca6166045549569f7
SHA2560bb1a3a4e65e1cb69368b99287ef132d78e4b48f18ec52bef9dc02ed24292d7e
SHA512cc04638246fa5cee7f5a700498b99787784d0a18dee53c2f23b7e498b9412e930800bf4f968fef1c228ffc31e09a86020a1c91dbf7d5cec84ff042b6a07aedb9
-
/data/data/com.losg.xiaozhulaihua/files/.envelope/i==1.2.0&&1.0.0_1716461672158_envelope.logFilesize
2KB
MD59887e993d7d1892cc2c9d823a79f2625
SHA130482dc11cf75d1b89ab3afc0fdad0ce7aa980d9
SHA2569f78adee64abab4643ebd85d565127f8d9f83a3b5d5a06ff01fdc9601e9fed8b
SHA512a5774ed0b69d838e90da922e2b36dd3ea35d3af7f6a712a0c408eba915b581aeceab57e2c8ac5dd9a06065d18a1233260cba60839ef6beb68c4a4297db1f26a8
-
/data/data/com.losg.xiaozhulaihua/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD599d23e197147caed43ac61f36d2a906d
SHA140941c7f6d535868a95e0957af567771b28ee6ff
SHA2561011d5b7a0ed0233cca373756b824cd021195abdadd0c1cac7a18bed0d67703c
SHA51258107269e2fb73b1f7ff46ab8fa016ee6cafc67fa3d1de4798977d3a5327c6da6142c80171294188df9b32889b9b6ebd3154bda3e5edadfe21c85bdd9aa8d039
-
/data/data/com.losg.xiaozhulaihua/files/exid.datFilesize
62B
MD586370ea746350813acda0728a8388e14
SHA1938f3f164cd8f71250a31930b56e982c1657a03c
SHA25680db6e63818b1f223b22fc9254d70638cc5dc085efe26e541e38b1b4cab058ea
SHA512170c7a3cf66d547b2f1af57f9c044625cafccdc1ad3f6d6f34d9de85a5bc67da033493153dfe07c7b46627cc67d69e5443593b181be854b6cef1a1ff25b2e50b
-
/data/data/com.losg.xiaozhulaihua/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDYxNjcxMzM5Filesize
1KB
MD5c78a2d4925d13dbd42e557bc92f8e1a6
SHA1e08df2d8353ec876896d82fa44990ed7037788ec
SHA25686abeeda8d054e462bc351e432cdc349046465854115bb12bfed407f5b335823
SHA5125f718babd017b084c7f8a75b688db3dd4bd60a109aeadcd98d6cfd84630a2753513a7f9f75757546a4db66923eac7beeeaf13e24a540a5c85d56942688543490
-
/data/data/com.losg.xiaozhulaihua/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDYxNzAxNTQ4Filesize
1KB
MD52fed72f7ce4e2597508b885cd2c4f4a2
SHA130df7dae846565550eb77c263649d8a94d4e43e7
SHA256582749d410e94dde2ea7e6cf8f2e92475afe6e29dfcd6985d488f54b9d1f1b9f
SHA51248fa2d0a0d549067269b08c4ff19784d85025160e6e5c192aade5a480df8caeefad9167911e9e995cf83997a59fbf3d1e797a7154142cc415d0fa9cd41bca44f
-
/data/data/com.losg.xiaozhulaihua/files/umeng_it.cacheFilesize
350B
MD5e491e75995b2aac596443a73bfe1dad6
SHA1a894e323a292f9840e5247f8b5b69f537fee58af
SHA2566b516464c803571bfd944ab64ee6f2c1c97b19f8f228ef5e56e5b794ed9cb33a
SHA51251834bb9b48e578a6d2028774c2b21f9878c50f39ef61156a0598498389f072de6057cb1d76272a0d755d6f26060b335151845061515d618c3fe938d015fd72d