06df7b698efff49159cfd03d9eb3126eabcb3d93e708c3121ff1785eab6919fa

Analysis

max time kernel
3s
max time network
187s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cbe7dec246891e80f66c0cc881656f0_JaffaCakes118.apk
Size

9.8MB
MD5

6cbe7dec246891e80f66c0cc881656f0
SHA1

83bec6c028abbd4f83516f72a4d725a84aac6d3c
SHA256

06df7b698efff49159cfd03d9eb3126eabcb3d93e708c3121ff1785eab6919fa
SHA512

2f8dec89099a5f72c7407f0b17a6729f99470843838680536124361fa2723b68c8ef72915fb8c69f653241254ba30d4b15d305125e32d2ec7301eebebdf7d5d2
SSDEEP

196608:Gq71niu6Hfjno5PvsHDCJHrNNaP/DfH49IWdomeVyvvWLKH29mZ/nM:P1n3afU5eyHrSP/UiAvYgCmZ/nM

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.model	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.product.name	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.serialno	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.bootloader	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.bootmode	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.hardware	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.product.device	com.rongjinsuo.carpool.passenger

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemu-props	com.rongjinsuo.carpool.passenger
Accessed system property	key: qemu.hw.mainkeys	com.rongjinsuo.carpool.passenger
Accessed system property	key: qemu.sf.fake_camera	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.kernel.android.qemud	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.kernel.qemu.gles	com.rongjinsuo.carpool.passenger
Accessed system property	key: ro.kernel.qemu	com.rongjinsuo.carpool.passenger
Accessed system property	key: init.svc.qemud	com.rongjinsuo.carpool.passenger

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.rongjinsuo.carpool.passenger
/dev/qemu_pipe	com.rongjinsuo.carpool.passenger

Checks the presence of a debugger
evasion

com.rongjinsuo.carpool.passenger
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:5171

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rongjinsuo.carpool.passenger/files/libexec.so

Filesize
383KB

MD5
3c27386de44b7239567d1030b0dc722b

SHA1
c18d07bac3b9ee87e5796f8c3fb1ef3af8f02a85

SHA256
def427388ea839beede79ce5b44a191a1325b14b770ba2a0347d58ad1af0f811

SHA512
bc68312073b68b2a6b0d684a747a8987fcb7aad140b4d3bbf7d0465161b312a91820f0a3072cabef2597c9ea028314990d124f8bdbd201fef93a9890cb8ddcb5

Download Submit
/data/data/com.rongjinsuo.carpool.passenger/files/libexecmain.so

Filesize
5KB

MD5
076b040edaf855db41650a2871ccd1cd

SHA1
0c53e08ba9611dd63c6fd047fd1780889131b113

SHA256
df3146291e719e6f3d10349ff8550fb5ebda1623d4574ba18225a1ea02928d9c

SHA512
a55e91e019a01021de1967603f5019c16956a2cbd4eb6409f728c02f558357b6b236ec9545b3d76ee5eed4ee46af9dbde720d0d7f67c5e2647bb456313fb15cd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads