Overview

overview

7

Static

static

6

6d3f2055b9...18.apk

android-9-x86

7

push.apk

android-9-x86

push.apk

android-10-x64

push.apk

android-11-x64

smsplugin.apk

android-9-x86

1

smsplugin.apk

android-10-x64

1

smsplugin.apk

android-11-x64

1

Analysis

  • max time kernel
    154s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d3f2055b9bf1a61bd86c33da87cc83f_JaffaCakes118.apk

  • Size

    11.1MB

  • MD5

    6d3f2055b9bf1a61bd86c33da87cc83f

  • SHA1

    51461e10d435332f80c291d712b747cfdb492a5c

  • SHA256

    9962525df77b7e627f9620239e8231b2765acf73cbd5d126c3416fe19c2bc30a

  • SHA512

    13e149180d022c691c86b0a2f755312311be1a8cbf768dc9b1c89ac7613c769701e07140015c51da2c50f0a5750dbf7e0df16956831057b6033c6258b73be981

  • SSDEEP

    196608:EbsXDnTgg/11EJsjyvZd4VgFWWf1VadAx9nEaERcmAMNdCNCu3PGeigKtP1W:g8T9/12Z/4VtWASw8b3NigmNW

Score
7/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
    collection
  • Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
    collection
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 4 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.ali.money.shield:init
    1⤵
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4279
  • com.ali.money.shield:fore
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4306
  • com.ali.money.shield
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Reads the content of SMS inbox messages.
    • Reads the content of the browser bookmarks.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4345
  • com.ali.money.shield:feedback
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4550
    • sh
      2⤵
        PID:4618
        • ps
          3⤵
            PID:4661
          • grep /data/data/com.ali.money.shield/libfeedback.so
            3⤵
              PID:4671
          • sh
            2⤵
              PID:4702
              • ps
                3⤵
                  PID:4720
              • sh
                2⤵
                  PID:4752
                  • dd if=/data/data/com.ali.money.shield/lib/libfeedback.so of=/data/data/com.ali.money.shield/libfeedback.so
                    3⤵
                      PID:4773
                • com.ali.money.shield:feedback
                  1⤵
                  • Queries information about running processes on the device
                  • Queries information about the current Wi-Fi connection
                  • Checks if the internet connection is available
                  PID:4943

                Network

                MITRE ATT&CK Mobile v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.db
                  Filesize

                  24KB

                  MD5

                  0973c8eccb441c2951e19c0ee9a81ad1

                  SHA1

                  eabd01a88862062f2b68cb121eee3e18c5f09020

                  SHA256

                  7d6f2a21d7295aacc05233b87544dc62af5ee9e0689a47bd201de3e1fdb6e624

                  SHA512

                  be23369a0a8b7017b66d8ab6e9b0125e8119a38ac8363faacd4d6dac747f59538d6ad3ad13b9318a1f30e4a0c03b81be4c0811d7bd614f19d8be9c4d16544365

                  Download Submit
                • /data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.db
                  Filesize

                  356KB

                  MD5

                  447393b531301df6914ca39bb7cced02

                  SHA1

                  793fef1c51ca8ded43997dd7dcf52533583a098d

                  SHA256

                  c30e877d62fddf958b5c3f7d339fa40680e644316a4ae309d54270e38e0ae5e0

                  SHA512

                  c339e9b188c7a3ca0729ec22a24fa385af9d69b8d02b3dc3b4cc0944ac4380c3af2baa1378b7f893a07b4ed7f149a76241b3103baad658d325db8582d673bc09

                  Download Submit
                • /data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.db-journal
                  Filesize

                  32KB

                  MD5

                  82b2f9e68042ef343312ff759dd7bc4d

                  SHA1

                  16f0dfff1a57a82f3cbe590c4af1d0f9f4202ca8

                  SHA256

                  8f684729f3f9c7029f5e886bcd8a4abb38e404283854df35f7a9af3378104fd5

                  SHA512

                  a22d0fa4d4b3955f134d838a5dac8888c35d4958b3042136f21007ff6792942534ccb5de0ba7b211247a380289b7f180a7534c5f8318b008fb54af0695c68192

                  Download Submit
                • /data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.db-shm
                  Filesize

                  715KB

                  MD5

                  3c9828f8d21c8d578bae48c14f67ecc4

                  SHA1

                  861217e87a775c6e2d1211d5410c4784ff49ebdc

                  SHA256

                  2f717462cd954c2d2b3a276b8d3b4690463438f29c3e9e6fda3c7f64853c2e8a

                  SHA512

                  851516c25e0a5bd23a88f838408da0ab1572e4d73f1dac833a7ca6b7630d0e8dc77a6740a98e1d4b47f171da61208243beff4e34209095c4a7f6b7c3280a16ad

                  Download Submit
                • /data/data/com.ali.money.shield/databases/white_list.db
                  Filesize

                  4KB

                  MD5

                  ac0135b5513f72d2aea69314cd452988

                  SHA1

                  2ddcb68d98fab93165c9bcbba33efda08fecef2b

                  SHA256

                  ead95b5ab57b07bdcafb1b910f9dd09ed3ec3bf58974da2134506462a28cdc89

                  SHA512

                  db4e277e03a6b9a434eb84fe8a32e1dd0a80caf4b90b08247c07b268108e68895eac72f148e46b4d8bdf92b1f3c7d62fa7a91cf63f03b89aed901e4ff0669496

                  Download Submit
                • /data/data/com.ali.money.shield/databases/white_list.db-journal
                  Filesize

                  4KB

                  MD5

                  33d539958a3c800a7482c7312dccea98

                  SHA1

                  bb1458b890dfa797c566cb7eeea5306d72596dd6

                  SHA256

                  6e48e0ac56d00e6cacbb03128bbc1fa92950cf8bad1550e281e6a7d3d5892b3b

                  SHA512

                  3e190ec5d45d90bb3044a29a339db3baf0ffe6e228a40118bfa7f1b29e81fbf0fd48eadc73e498cb7bf489d651ebd0892515ada520e8b17b456b000d15213e40

                  Download Submit
                • /data/data/com.ali.money.shield/databases/white_list.db-wal
                  Filesize

                  4KB

                  MD5

                  66979c6c517f2069c3fb22cb1e8e7e50

                  SHA1

                  45352c0505fc806ca1f307446138c91000603f5b

                  SHA256

                  2c18f5f2cad6b18a36aa92ed54d1edbc0a3bf477c30b664cf1044142b4b2ee29

                  SHA512

                  426cf778037e11696412ef07a786d5a292a71e3a4e9a3597b52019d016636005e9ec847ec32e8bf312dec3d34ef3e9396a77d9a0412d12ba9d23eac1ba00f40a

                  Download Submit
                • /data/data/com.ali.money.shield/files/init.properties
                  Filesize

                  13KB

                  MD5

                  0ad0b127223ad3a1d616df66b2517cd3

                  SHA1

                  d9cfdd3ba48872720e7d9e1945da27cb2f5b4447

                  SHA256

                  9f8f6f052d735fcb85960739cadeebfbb202238c9cbd7fec67ab7afb3296e0c0

                  SHA512

                  f9bce708606fb448b76ccbf6c74177eff3f2febb940fce62fc60c742300b45a49d650297ddeda40991da2521f17c9efe88a8f235c44ce416f5c8c68e7e518574

                  Download Submit
                • /data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmp
                  Filesize

                  715KB

                  MD5

                  2d7d5cca9247064cd3df8a5f7c12574c

                  SHA1

                  c070d40f016a400a067e54287307f820369bbe52

                  SHA256

                  2a881077439f21014939df4483e7216a31905ab27fc0e6df343fec809a01ce4b

                  SHA512

                  ec50206016394eee0de814043e77d75afe8789bc32acc98cdbf8b73e4d17ffbac5f77c32c11bcbd048fa2007f0ac8dc4e5b3c66e2d9d8a1158b425c74e6edd73

                  Download Submit
                • /data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmp
                  Filesize

                  715KB

                  MD5

                  3a1b5100f7de266bf136d4ee1974dfb3

                  SHA1

                  339c42c7cb16c9e76a4e0d0ce32d0bab2a4c1f0d

                  SHA256

                  d79274a6afafeb98b1737b0d103375e95eefddd9ac5a8ce611f8554094e193ef

                  SHA512

                  4def82765cb986c6737c62a0c0c4d981a22868f9549f96948a2f4977b6a084e54dfe402a926c734c0ad6f2614fccd00b5edd814098e99b8e99bd9e5c5ac29976

                  Download Submit
                • /data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmp
                  Filesize

                  715KB

                  MD5

                  58155afa87cc2c5a23c30899338ec438

                  SHA1

                  3d20d54d7eaf381e218a6555c7d9d2bc785c7ff0

                  SHA256

                  c55539d82663a5d7c0c98c68f72e972e5ccafbc0636a48ad43a00e3fb13d447a

                  SHA512

                  ebf51823ea3558dd0232e8360bc7c18924de6154461cc3e7c0ef08670ae73dd32dc728ae825379051e1b0bfd6cef1109619dd6b56833439d36b0be1b4fd4dea1

                  Download Submit
                • /data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmp
                  Filesize

                  715KB

                  MD5

                  8aa047a11a71f15b696762226eb1a455

                  SHA1

                  52e23e4f1f3d9c6f3f2b84b922e69eab9838cd7a

                  SHA256

                  43b225b7b00ad5c1c55c596411b0d938a8603f092c55629f44558d19b8d8eb1b

                  SHA512

                  8b713c629c0f35fe9732fdc5a8a4c201e36b3b1aab25c7a8a6e2c8c059364950eccf886f438325d4cee8f25931238efd74527cf7f1eb019d93926a7a8f0f4ea2

                  Download Submit
                • /data/user/0/com.ali.money.shield/app_aliInnerPluginFolder/com.ali.callmaster.sms.apk
                  Filesize

                  736KB

                  MD5

                  f15bfb3f084d8e25239caafd17b4e5bd

                  SHA1

                  4b7af6786d5880e395eafb717837f7c301ee0bca

                  SHA256

                  af7bf0b8aa07083bc9a34858d09917223053937263e790a5fb08c6e280c5da0b

                  SHA512

                  db7b1bef0cab1ae82e8d65081387e702ab96d1c4ba631d5f48a3750a2cf3c7b5808cbc66e3b19ad5239dbfc1b8ab3d2ebf8e8dbd82226b8e97c6cb84984b2416

                  Download Submit
                • /storage/emulated/0/.DataStorage/ContextData.xml
                  Filesize

                  633KB

                  MD5

                  d54f53bde167a0e6e01c0c3090af1d70

                  SHA1

                  56e8455dc808687de00ab664deed7ae0dcf796be

                  SHA256

                  a10bf18a1807580e8b5cb8ac38127c0b6642eb747620b014329886f75e2c5937

                  SHA512

                  c8c7d2337ce448bbe41be90a8229f848a202ab3d80afb48c49cb40b406efdd439117be603424dd340334c955969e2f4f0ab7d72fe24727e1a62150203d62abdf

                  Download Submit
                • /storage/emulated/0/.DataStorage/ContextData.xml
                  Filesize

                  111B

                  MD5

                  21d3e2824a7ba9916d4217894ecf3e96

                  SHA1

                  af07ac2daf13dffb267d6c05ce5c5d27fbc54604

                  SHA256

                  d7c9f50d300f5ce43d20b203df1fb27e889487df024686a1c94127d395321ab3

                  SHA512

                  6158da5ac044250dce819aedc1f9f8792e812912f3b12814c2ea696a39ea693669bac60e411abeac74fabd5dae310b590703e0c7e142cae9f82b81695fc87fc6

                  Download Submit
                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
                  Filesize

                  381B

                  MD5

                  be88215ed0a430cd1f2f68eb10d298a3

                  SHA1

                  8e485be2a5005981380b4bf95c50cbe66ed4901a

                  SHA256

                  8c35e034bfb6fdc2e06406fd7361e26a1e9875092db83d84a32b2ee2acdf7c60

                  SHA512

                  f49dc19b30fc2c11f04881069cb23e71e6a5c32a060b1169899ebf7257495e3bea3b540fc163cfc671ea9714f04d6920bcce66a6e1941daae47b6a803019f35a

                  Download Submit
                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
                  Filesize

                  148KB

                  MD5

                  d4a7f148b9fcc4af1f399718dd68f15f

                  SHA1

                  5ed308af8fe2a6bca674af8bf11586f460ebe1e7

                  SHA256

                  a147b22f82b6139c408c65d77c02ff2d4a02b83afb5e6a805fe21ea573baff19

                  SHA512

                  23a38f23dd54418549f45164a402bdbc38c17bbc44664deea7bcd79fc6a755008e3d8ae754605eb558a595dd0e3357746e0282bee0f45c0b9a9be2cf399cd052

                  Download Submit
                • /storage/emulated/0/Android/data/com.ali.money.shield/cache/temp.text
                  Filesize

                  4B

                  MD5

                  098f6bcd4621d373cade4e832627b4f6

                  SHA1

                  a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

                  SHA256

                  9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

                  SHA512

                  ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

                  Download Submit
                • /storage/emulated/0/Android/data/com.ali.money.shield/cache/temp.text
                  Filesize

                  381B

                  MD5

                  15b2140c7953fd2251978f503ac4bb2f

                  SHA1

                  ec9f8a03ad2e8b91bc49e6dd9e0aea307a235409

                  SHA256

                  408f796703b1642bef0418e3f156873b52731ecc0de60f70c9747081d252e2ff

                  SHA512

                  0a823861f8d8bbfde1ff09af72b30134ae83331d40bed3fa63b2ee14fe74de0e2f955f719355b4756f6ca632617fe96aea151833864a3f806fb5a567b5905c6c

                  Download Submit