Analysis
-
max time kernel
4s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
23-05-2024 18:20
General
-
Target
6bd8da308c7cf8fa0da1e611d4a9b087_JaffaCakes118.apk
-
Size
30.7MB
-
MD5
6bd8da308c7cf8fa0da1e611d4a9b087
-
SHA1
73fe9508c5d1aa3ceca2ce394040c91f87b2fcf7
-
SHA256
77ad84363ada96222848165d94f8d192d574486f7ea1a7dd50963fda42afa994
-
SHA512
edc6d6bdd2fd0cb15f6a079d55c618a368f10e3711f5db2d30ddb6b75e1213e8ffc1ebc6a1a27ad2454bdab3d6bb9b6a85c4ae1d62f41eeae8065b1a0899832e
-
SSDEEP
786432:VDLNiBWUOYdzrn0YeoOlJOeLwxmlZmjQd8+z7z:N8AUVf04OlJOaSmv9d7
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.kxcube.jsdwc.baidu1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kxcube.jsdwc.baidu/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kxcube.jsdwc.baidu/databases/MessageStore.db-journalFilesize
512B
MD58699b32d618d49ff3926c70716539c84
SHA1845ed23271b845ed9f433fd77ed988c723de8a05
SHA256297b55d561a02fb09a424ae071f0b4319afb16fb2a37ad0abd4c59e575360b9d
SHA512461ac856747094726b14748b0cfc91ece1398ac60eca0e2463e5c1a5f656f604f238a4c6fbe4c85e8d938ceff68a3328ee8174778608e620f800f8d5b935f115
-
/data/data/com.kxcube.jsdwc.baidu/databases/MessageStore.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.kxcube.jsdwc.baidu/databases/MessageStore.db-walFilesize
48KB
MD502dade1da63e365b3412d8ba26818af1
SHA180a9af0a5fe1d8478476f1eb3464acfdf0b02ba4
SHA256959126b420ee082f58b61a3879d2f842c7c18a0bfe4901000c62e1df526dd211
SHA512d3c1751acc41acad64673fbc0c8606ef14406653165d3caff6dc291a26579710a9f8a1a980848dff2762bbe07d28da38eb806473cf3207e5a7256239b099dc0b
-
/data/data/com.kxcube.jsdwc.baidu/databases/MsgLogStore.db-journalFilesize
512B
MD5a823a39fb59011be70897af0566bda2f
SHA193e526539916433ce1924ff23bd135bd2a2e6bee
SHA256c6bd565c0d2ebb4943144534ccc79480dfd19d2a7eedac9e1e5b0e39c840b806
SHA512cb81c4468065898b2355b28c1a5ffab73fd44aead0f478bf13ea1e2eafec68e966aba84647fdb0b2aa636bbd83d4b04a4c1eb214b71aa0ca8acd323d94202e7f
-
/data/data/com.kxcube.jsdwc.baidu/databases/MsgLogStore.db-walFilesize
68KB
MD5c86918474a9335e882237ef460686df2
SHA1e992c64cd5ce6099e2614a0ba1923b4d82fabece
SHA25659ffa0d6e6b6c5912e558150896854821e35d4845e14e419da21342a697f4acc
SHA5128e933f68cc6b3f325af5934e9a37c93805a4c59d6109663d929212a66f3508aecac27a87af3bac5fd0c7a93011cac7a8364c633a5ab2069b6cd60843d4dd7820
-
/data/data/com.kxcube.jsdwc.baidu/databases/accs.db-journalFilesize
512B
MD56987cb7be170c54e04c518b32eed51fc
SHA14ab503f2668f0329eb29f2b2f3db7817d99cada4
SHA25645df224b4debd8613cb1ed6b3be8b94be6cc812aa6170937a3432fd0d1d20c0d
SHA5120fbcaa311c89ba101ed97d82f9f2b0310ed094b46a560a96346c412c996a6f2473e78e6e6b1420d62b0ad7d9a2398131aa33608553fc366a67b2c2b06d62b17a
-
/data/data/com.kxcube.jsdwc.baidu/databases/accs.db-walFilesize
32KB
MD55a61898c69aed39c81b45241b95fb6e2
SHA1b7d86905c57d801e423710ae60405ac8655262fa
SHA2563ef5b53adcb827a2e54bdb4f77a41816b4ae14c6c1a2c4f82d16dd37e5dc4dd0
SHA512f7e7383f2fef1bf6372fab7aa0c865c4bd1867a9885dea74e41755f532c1061c894722b65acabbbf31785b7de82843444782afaf816368d34a1271454a9f946a
-
/data/data/com.kxcube.jsdwc.baidu/files/2cb6687eb5__local_stat_cache.jsonFilesize
100B
MD55d154e5133e8f819c4747da079ad1894
SHA1031e3a2a6c053217f63eb26a06767d513c65515c
SHA2566a872436ba8595d58e453342c6ecca4da83ee8a10d7b7bfdb9090086729a2e32
SHA5120956794b0407e2213c87f0b839cc39955fca0d2f6a4200dabfe544b215aa935859ede77cf3f0be00c41c98e37dc15204c12127abede17b33736fc679bd240854
-
/data/data/com.kxcube.jsdwc.baidu/files/libcuid.soFilesize
129B
MD51052c4a60d03a24ec6208034d4cbb66f
SHA117e28bb5d7dab4599fed548ebc2b454ffe9433c3
SHA256cffded17b4ea412ee25a61f72373deac6b45c21dc663dc6d71987f19de866e1f
SHA512ab736fc52936e782d785a302e0a3af2b02fb9bfd5a60d330228e0b1a8184a1fb57164b6ecf3e2ce649db24ddff895514e98dff515fa04e1ecf5ae4f1cfb15fe9
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD51aa1de81e68537146d15cebd728af01f
SHA1d07c574957ac7148d6461557095006a0dfb3a1a8
SHA256180929f3369fdce724d6a47c32672f5b52d54ee3cb6cc2e482d6eb8065f87808
SHA512f2087ca422c5840cb086cd9c4f2934622f4da07c057bdcbb336f8eee29f4eea80ea03f1590bec70662c27b6a3b99c95d4bfd809d3890df9ab2c90210e47b8020
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5bdab1fa62755d3aae74c64545923cd3b
SHA12c26e624e3731504d937385db24678ebc97c67f2
SHA256c18128705414c1186f6d01495e8e86da5c972894376592a828e7527d681e6050
SHA512c4a1475d3e3d02c7861341a9ccfbfff3f6238c54d2fc6cb6a85167d019276873b55538f6cf909c0caa5e2ac44b379e930a39e179201cf19457f44abcfc455650
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5227a7932078e8a9b3b9eb3a970faf226
SHA11b34a090a230023edd0825914f615f66fa135789
SHA2569e43bbe8c4309462656d8a9a9bbdd0787366bb833d97764b6cff9ddcae6441c2
SHA51289a6aefcecb2d4b39e128f1fb8b88fb1f30f9babfd9d2fbc132af297c739addd418b765dcb82803e174d882729234429199c8365774f2bbfb651b766296ad546
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD504642a9b44196e0a5a14a2fff0932eaf
SHA155ca7d93f1eb4a947d49735cdcd2aac68e4f6e16
SHA256b49fdb1972181a46dc341cce20025284b66bd178e9295d43ae2d1aa0ddb89292
SHA512520b909aa6fe054557fe3e38c71c3d8f279a75ede97793bf1f4caf9573739a7b895427ee25bb87e8fac34ccfabe08e113cd87bedfdaffc9fd4eb37064517960a
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/com.kxcube.jsdwc.baidu_log.txtFilesize
77B
MD56c38cbb3ea29408f0715fd996ad79140
SHA1555732a3b9ebbff80c110ee16704deedbae3409a
SHA256c7d1d92f9fe98e278b48a35a0b9967d2d2b5682f933e2cca36dcd6a18dfcf5aa
SHA5121a71f1649a6096833443ec830deb6686549cbe1656cda813bede9b445444d616df0bcda614a4a35670c21b9944d767114f961b925bd95861adde40fcb0d66865