2b82dbe495a006849a3daa4c75c1a69f5fb1c0e7311afc63b5c554d419c572df

Analysis

max time kernel
9s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d17678dfdcd26d953803e77fba1de39_JaffaCakes118.apk
Size

20.4MB
MD5

6d17678dfdcd26d953803e77fba1de39
SHA1

aed010612f9e55846c6d6b849a71d0e2451d6426
SHA256

2b82dbe495a006849a3daa4c75c1a69f5fb1c0e7311afc63b5c554d419c572df
SHA512

dfdf7906c76df07c37a94b32210c69e68d0f33b4f7a40d2cbc393cd52d5430efecda71d3ff627892824b4276c73acf721bd82919a8e29ec73f32ba93dd795bce
SSDEEP

393216:or31Ite6zgFXfS9Ra3NZTZN7tN38HW+ftQZ5+a8ujMTzTuXy2:Kmte6zgFXqza3nZNJd8HW+1fuwTXQN

Score

8^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation org.chromium.caster_receiver_apk_piccomic
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

T1633.001

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

Accessed system property key: ro.product.model org.chromium.caster_receiver_apk_piccomic
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

File opened for read /proc/cpuinfo org.chromium.caster_receiver_apk_piccomic
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

File opened for read /proc/meminfo org.chromium.caster_receiver_apk_piccomic

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	org.chromium.caster_receiver_apk_piccomic

description	ioc	process
Accessed system property	key: ro.product.model	org.chromium.caster_receiver_apk_piccomic

description	ioc	process
File opened for read	/proc/cpuinfo	org.chromium.caster_receiver_apk_piccomic

description	ioc	process
File opened for read	/proc/meminfo	org.chromium.caster_receiver_apk_piccomic

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

org.chromium.caster_receiver_apk_piccomic/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex --output-vdex-fd=113 --oat-fd=115 --oat-location=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/oat/x86/qcast_sdk_core_client.odex --compiler-filter=quicken --class-loader-context=&org.chromium.caster_receiver_apk_piccomic:castlinkerservice/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_server.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/oat/x86/qcast_sdk_core_server.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex	4277	org.chromium.caster_receiver_apk_piccomic
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex	4429	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex --output-vdex-fd=113 --oat-fd=115 --oat-location=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/oat/x86/qcast_sdk_core_client.odex --compiler-filter=quicken --class-loader-context=&
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex	4277	org.chromium.caster_receiver_apk_piccomic
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_server.dex	4389	org.chromium.caster_receiver_apk_piccomic:castlinkerservice
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_server.dex	4462	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_server.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/oat/x86/qcast_sdk_core_server.odex --compiler-filter=quicken --class-loader-context=&
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_server.dex	4389	org.chromium.caster_receiver_apk_piccomic:castlinkerservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.chromium.caster_receiver_apk_piccomic
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults org.chromium.caster_receiver_apk_piccomic
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

Framework service call android.app.IActivityManager.registerReceiver org.chromium.caster_receiver_apk_piccomic
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

org.chromium.caster_receiver_apk_piccomic

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.chromium.caster_receiver_apk_piccomic
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

5 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.chromium.caster_receiver_apk_piccomic

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	org.chromium.caster_receiver_apk_piccomic

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.chromium.caster_receiver_apk_piccomic

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.chromium.caster_receiver_apk_piccomic

flow	ioc
5	alog.umeng.com

org.chromium.caster_receiver_apk_piccomic
1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4277

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex --output-vdex-fd=113 --oat-fd=115 --oat-location=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/oat/x86/qcast_sdk_core_client.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4429

org.chromium.caster_receiver_apk_piccomic:castlinkerservice
1⤵
- Loads dropped Dex/Jar
PID:4389

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_server.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/org.chromium.caster_receiver_apk_piccomic/dex/oat/x86/qcast_sdk_core_server.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4462

org.chromium.caster_receiver_apk_piccomic:sandboxed_process0
1⤵
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.chromium.caster_receiver_apk_piccomic/app_content_shell/icudtl.dat
Filesize
5.8MB

MD5
016b7c560b53fe4fcf41f4b2eca9f61f

SHA1
b7e60915aeb077c7e4ba54f87b4b8b8c4f335956

SHA256
86030aafd3e4128b37d50bfa63aecad20bcccacd8037925f9ada49a40620394c

SHA512
867b84f196609c212736904ed733ca9c24a0e9d1a4d3b5246955c053b743801b4e7f1d0b44aceaf2cc108b80c06b016399bb8b27b97e91e0eeca1ce95b56a609

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/app_content_shell/paks/content_shell.pak
Filesize
1.6MB

MD5
736b282401615ae39eb0f278759258f7

SHA1
730db06ab2a8409bb2ab2441848b7706bb120c47

SHA256
c487e0133b3a7e5772d5147365e41d2648a635c2ca2e66047661fc5222bf2874

SHA512
14ada472efbeaf0625e0a55f7e46b91aa2ce2a11cb86e235409f39532b2d68d904ddcc4d8c10b6e537d3e9ed9c3f43c981226f1aea752e7c5c5f34838533006f

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/README
Filesize
354B

MD5
c4288ed9d3016d465022c7ef863355b5

SHA1
0c0af8a2fc83cf1a218738c7bf34c8d86e970071

SHA256
2a3bf3ded94bbd21f46a59c2bd621daca17fea709b2ad0da6cb65aa386b582b6

SHA512
08d171df29c4ae860c766ec6793953e87ca0b24f29db2eab0a9429c5e8f64ce9b7ccbbf6637455acc44189c3637a864f798520d8bf297ffadd345c600b0f9a68

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/appcontext.js
Filesize
3KB

MD5
158ceeaff80e69ceeccbd64c4a491b5d

SHA1
e954b461c6098e284ead092b81f24a8080b58a65

SHA256
07e822150a037bf159a0495f234384ca9c1ae8cf7218a49f759bf388bea2f74b

SHA512
3a44a512e2b0edd96b25ceeb80a771d3147f61f98289d3443371924fde5a14d3de9d65cfa2a1d9176b63e60d0f6c843eddad03aa5e78ad147ee97ff52868d3fe

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/blank.html
Filesize
301B

MD5
b8639ac0df7466d734bb2a29d9da93a6

SHA1
3000732c8cbc68a569a3925d0a6a2700e07f415e

SHA256
12333f0a11a4c58c8bff33b44d4585b6bb142caf1b898985a69e44be7c6a8371

SHA512
550e8011fa7357a56aa0c1a9734767434342dacf2658d6781c03ebc226a5a7f02e82a874fec811f4c9603a48f7740debab0f8d2421682fd2f3fb42b3196a8ef9

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/call_by_java.js
Filesize
1KB

MD5
07e7eb9912ab457bc8fcc17c77976c75

SHA1
c3534c94bd1065078f6305e13fe2307d2016b070

SHA256
e73ac11ab21faf81953216d009fbe800e68918774fecc945da168b6a49b5a3f4

SHA512
bdd84d2ca87241151eea7990e39e3c15683fdefb48215341257957c9a6e30a572937c54cfe4dc292754d58b11c5b34b8158a66886ddd5432c1a4db8130356bb3

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/console_log.js
Filesize
464B

MD5
1f5cac225639ab360f6967cbeec1f59f

SHA1
0557a0e7360a02580c0fe13163779b0a60df9ee8

SHA256
97b71713e185d0cce6969c5b8f5fe9ef98aadfa523b60a20727febe6fae99cac

SHA512
ea5318e437923964ee516527d0455a124197e2130a4b87c114b3b82e9633c5236aa30f0faa7c58e643d2105b6429e587278de16f9d9620934e03b0fa8780d8ed

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/my_app.html
Filesize
426KB

MD5
2c8dbceaeb092bb6cd97a98783181510

SHA1
6241a489e63b8baa9535249aa8bd1cf25e7c0402

SHA256
79f19de2ce52f3410a7d09243c3759ec78e0a7ade5d1e486ea2d996f2de15ec0

SHA512
1bb5b729e8dff89517bc684026e184dc89f6b2212d23829aef8f6b5e108f4f41d08df01676c99fd03b47e491bdea742c587710e642349b76fa628929a0a3e1b1

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/my_app.js
Filesize
2KB

MD5
05851f630bda9f90312d8200a297091c

SHA1
4c3af46a6342fc43011f8a7b171f3a40ac11c2af

SHA256
01818ee03df489eca9456c6712e9b83996aa77ac655f8836c132bd6b5fe628ab

SHA512
f8d2bbba02b0b690a54cc01b7100e152e351e947701edb241c37f4c194245b4ee30f73b70485daaeb7a1132397cda72550e43ad626a43bae19c353315d58e20e

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/tab_blank_root.html
Filesize
171B

MD5
2603e3a7eba8b03af315c590c0ebeb76

SHA1
1843c16eaa2dac0570d41c0e3d306151289eef68

SHA256
501b8e6adc184ee1a1ccd7904e60566abf509cbcb1d17580fcd062d28b6b1e50

SHA512
1858d96de812f90e9a8d9d38ad397916e1fc606138708aac765bec26d3ded3d950852f1ee0ea5075140da6f646c4206178d58f066ef782ab15b7e8465579e152

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/utils.js
Filesize
596B

MD5
8d7b680dd495c8f0809369ce07043831

SHA1
a110f9675184357f10095cc3eb04b325f2413858

SHA256
4f9f84a9a5133f48e07c63a4541c281a4abe49097ad836414b7eec540426f45a

SHA512
8007a03cb9789345998a1e1daa015ab0daf57d2dbf346642e8af9b85964f6b2756c01acf1738e505e00490d98abe52e7e52e1aba83e3571b29572a7cd5a60556

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/asset_res/system_js/websql.js
Filesize
2KB

MD5
245fec9d9d270655ee9ab2dbc4fdf49e

SHA1
eb732387caa247982a3dde4992e2676080056188

SHA256
fe3b1e92f29e5340b2e649259aaaf4e943254300474ae167fba07bc24610ee95

SHA512
be7a2aff73dac381f2262f011ddc2ee76c6510cb55d1aa901426f7e8dab75a6e5b6f6ef919e2e2a70403e194472f320ffee5a14dc16d8f935bc371c9376b2900

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/databases/download_v3.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/databases/download_v3.db-journal
Filesize
512B

MD5
9189e02f5498afb11ab68080c772a857

SHA1
325b8108263f82adea60b53ca6a2b9cb1c8601d9

SHA256
102f6f8c638d719ea5012e7178fb635e83109364c9833e298eb0ac9f47ce8309

SHA512
eabfbdded62d21950a569ee225445e3cd961dbff531c356164d65e7c9e3d326c6c4ca2d6ebf67d78b4981b7f97bbb854627027da9e9573ce8ce15431408351ec

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/databases/download_v3.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/databases/download_v3.db-wal
Filesize
32KB

MD5
23a641ff23bca6e7e959128a21e1d7ba

SHA1
388ee954acae9b53580b5766a54d3669206cadbd

SHA256
48639792d5da07a7d4ba8cf22543d39866579da1ce32ae59d471b4015122aa00

SHA512
3aed7a295c45b23f972afefbbd77ed234af9250764985092685256250cfa3e13a20f34c44b8247533f1ce6f641cbed30154508b5ce92c6918c29c90b4956ce14

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/dex/qcast_sdk_core_client.dex
Filesize
426KB

MD5
8ea415a63e02abe51a07d1d4c7987b9f

SHA1
45abb3d8b8cb3ac8a55df29f3f3b80452507c786

SHA256
b0e1409c9e224a1765e41e5abf4b330dcd4eaa9ab043c4bc05cc80960ce08491

SHA512
9911cd78a71c5adf3dabf6cc1162d06174ebc0c618c2dca8cda21521c9ac698f9fc9f263ebd16e19c93f80ee6a6d186a20cd8ebbdfe6abfff2592eff87e3f7dc

Download Submit
/data/data/org.chromium.caster_receiver_apk_piccomic/files/umeng_it.cache
Filesize
310B

MD5
9cd2a1283d13f41f28d15c0092a46326

SHA1
5ae64bc97e88fad564904abd2da0d0abf1e99713

SHA256
9451122594354620773e6989483dbff05822bbf670331a14c41bb41d62987dee

SHA512
f73212716d2205f3454c08275d44c99f5939d9fac8e62ea5557d29deccf6156cf5ff3b6fb57622b99d9150531d89f58799a633f12d93fd79db7b83475ce2b63e

Download Submit