Overview

overview

8

Static

static

6

6d12495dea...18.apk

android-9-x86

8

Analysis

  • max time kernel
    29s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d12495dea7d0ccbe7aa1901b0864fee_JaffaCakes118.apk

  • Size

    20.4MB

  • MD5

    6d12495dea7d0ccbe7aa1901b0864fee

  • SHA1

    a159438561d6ef79bb0fe70160cc7fe648dae1cc

  • SHA256

    15e02a0cf72ac63db4a691dde82cf27e9884e0c8ebd06dd6d950bcce76fdfb3e

  • SHA512

    2a529c54fea0804946ca47f25613a85191918465e2935eeb10aac45ff506b990536bd9b4077ba6bd20881fec85d372c68a80ebb83ac31e05aa8437757cf3c51f

  • SSDEEP

    393216:RrKcriYHaL9/6JvcxN9yrMPU0u8dTON8EaDOiuUs9UX1dRnJ9zP1BK/Sya:FKcriYHaRyRcf9Rvu8dyN8hDluRqF7PR

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks Android system properties for emulator presence. 1 TTPs 3 IoCs
    evasion
  • Checks CPU information 2 TTPs 3 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 3 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 14 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes

  • org.chromium.caster_receiver_apk_FMMusic
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4289
    • chmod 755 /data/user/0/org.chromium.caster_receiver_apk_FMMusic/asset_res/tab_blank_root.html
      2⤵
        PID:4339
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex --output-vdex-fd=50 --oat-fd=56 --oat-location=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/oat/x86/qcast_sdk_core_client.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4409
    • org.chromium.caster_receiver_apk_FMMusic:castlinkerservice
      1⤵
      • Loads dropped Dex/Jar
      PID:4379
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/oat/x86/qcast_sdk_core_server.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4544
    • org.chromium.caster_receiver_apk_FMMusic:sandboxed_process0
      1⤵
      • Checks Android system properties for emulator presence.
      • Checks CPU information
      • Checks memory information
      • Queries the mobile country code (MCC)
      PID:4455
    • org.chromium.caster_receiver_apk_FMMusic:sandboxed_process1
      1⤵
      • Checks Android system properties for emulator presence.
      • Checks CPU information
      • Checks memory information
      • Queries the mobile country code (MCC)
      PID:4593
    • org.chromium.caster_receiver_apk_FMMusic:castlinkerservice
      1⤵
      • Loads dropped Dex/Jar
      • Queries information about the current Wi-Fi connection
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      PID:4621
    • org.chromium.caster_receiver_apk_FMMusic:sandboxed_process1
      1⤵
        PID:4687
      • org.chromium.caster_receiver_apk_FMMusic:castlinkerservice
        1⤵
          PID:4718

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/org.chromium.caster_receiver_apk_FMMusic/app_content_shell/icudtl.dat
          Filesize

          5.8MB

          MD5

          7366b48090c90272b1b60dcf2c739306

          SHA1

          ddf950ad5290501decd433a523e70d2bb5095921

          SHA256

          af2f681c106f04016155229f528896d437447d7528c719ce8b9c4f6ad70a6558

          SHA512

          e91314c8dca664c8ed543837dec72490bcf737ee1b4190959e3e07bf36fd3b299dae6a62ff3860f042613c102ac588b43d928d4bed731dd908dc02ca4cc7e08b

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/app_content_shell/paks/content_shell.pak
          Filesize

          1.6MB

          MD5

          c56ccb438bd5a8a9fa0c888255a78fae

          SHA1

          7bc2e4752de35a005cd356a85e2afb24e720ad6f

          SHA256

          7724f2bba3c1090b20351bfb692bcaaeb16fb0329555b836b399ff55e304d811

          SHA512

          119b46732c0ec3fefc7fd933c38c555b1111b5fee021016d5970ccfe4cbc48b755757d9de4c4f7d4a989a251ba2abafef98402aea1cc24aa2d7787cefb2ef0f1

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/my_app.html
          Filesize

          20KB

          MD5

          8abe7714524b685dd33a26f2146a29f0

          SHA1

          fbb8c6166e6c9f8457947fb16a73d14005a50389

          SHA256

          a7c606f1d3bc7ee848bc9a4b25fed2063d07270659a09b1fd85281606849ce93

          SHA512

          4806d0b1a4e3f4dfe92f3a5e448185844e8dfaecdbcb4ec851cd61d6c851bed06671f67505967ef1e0d06fe0b7ed1b561df863e2ff2fab06d197c8c36004d0df

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/tab_blank_root.html
          Filesize

          408KB

          MD5

          ab147b81633250fa32ca5cf540c0ac9e

          SHA1

          62baa3c371e27525bb58c118a09ba513701e0577

          SHA256

          aa20805be4dc4d479fab4e4fc0d19361af1decf5c552a66e3bc73d7f189d4719

          SHA512

          7c4a42a3f0cec037aad4c0968e8efe020cd16f20e62ea9a1e08320e9590c088b66f835cc87d49a21be2f65585acebd8937954334e0fb7a9414410961b9071651

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db-journal
          Filesize

          512B

          MD5

          b22605e3f7d937186a79275e1c03be53

          SHA1

          6ec126843ed6d1c20407d4aff22997f3c2c0825f

          SHA256

          6fb81b3773e8150b79afe9d2a9815712671138dc73ee7e96bf1156381d9c5d46

          SHA512

          f565dc70877c44d0fef7eeb7d3925bbab35a359945f496ad9d58c2e207b0a2ab09950f8e065605e4d6e18edaf1587dfc7762334ffc491fd5d3f42e4ff36f6022

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db-wal
          Filesize

          32KB

          MD5

          61e7e9c1ee91de5e99713d140fc81ffa

          SHA1

          9d140be904d4f5c447c35f5199d22316d13a0d72

          SHA256

          bacecac24f268b5c3e255a0167c54b27149568cf9381a1117990b498bd4d9ba4

          SHA512

          b9fe0036b61a34af7a0d0f1263a7eb021dea031427c0634e574e7786a723c26244f79c0c3e5b6e3e90b8d180d2cc2ed4625ebc6fb92faa8f0b0101abb785f212

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex
          Filesize

          408KB

          MD5

          2723d7b6d7b0364c7823ff8d55703a58

          SHA1

          19976a5d74f88495b14384a0d87783610381527d

          SHA256

          1549ceb79ba8de1dd7447f9b072ddf7889cd971558447a1dc9bcf1ddfc463ed9

          SHA512

          34ed94ac0ab12d9cd4d652c782f63c5219a367423500f7333864775678986dc0a3e02de3d489a365e115b941032ccc09b7c8815848adf684a2092ab539953208

          Download Submit
        • /data/data/org.chromium.caster_receiver_apk_FMMusic/files/umeng_it.cache
          Filesize

          310B

          MD5

          2f1147b44644125b4c8650578420a7dc

          SHA1

          897f2eed04e423d3a12e88cd4bea035552b64e4c

          SHA256

          abaf0005ac64a4288f21d6ffc01330d87cacdd5d5ace76118cf123498b3c96a9

          SHA512

          2c468b6b6e148fa19363f37d1110a4f7d08591c70d588ad707a2ca7b96c04739afa6dbb7699036e2463263ea3b57c1dcb2dc8a1b8bae1a13702bf36c83a39786

          Download Submit