Analysis
-
max time kernel
154s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 03:47
Static task
static1
Behavioral task
behavioral1
Sample
6d3f2055b9bf1a61bd86c33da87cc83f_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
push.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
push.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
push.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral5
Sample
smsplugin.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral6
Sample
smsplugin.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral7
Sample
smsplugin.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6d3f2055b9bf1a61bd86c33da87cc83f_JaffaCakes118.apk
-
Size
11.1MB
-
MD5
6d3f2055b9bf1a61bd86c33da87cc83f
-
SHA1
51461e10d435332f80c291d712b747cfdb492a5c
-
SHA256
9962525df77b7e627f9620239e8231b2765acf73cbd5d126c3416fe19c2bc30a
-
SHA512
13e149180d022c691c86b0a2f755312311be1a8cbf768dc9b1c89ac7613c769701e07140015c51da2c50f0a5750dbf7e0df16956831057b6033c6258b73be981
-
SSDEEP
196608:EbsXDnTgg/11EJsjyvZd4VgFWWf1VadAx9nEaERcmAMNdCNCu3PGeigKtP1W:g8T9/12Z/4VtWASw8b3NigmNW
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.ali.money.shield:foredescription ioc process File opened for read /proc/cpuinfo com.ali.money.shield:fore -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.ali.money.shield:foredescription ioc process File opened for read /proc/meminfo com.ali.money.shield:fore -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.ali.money.shieldioc pid process /data/user/0/com.ali.money.shield/app_aliInnerPluginFolder/com.ali.callmaster.sms.apk 4345 com.ali.money.shield -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ali.money.shield:forecom.ali.money.shieldcom.ali.money.shield:feedbackcom.ali.money.shield:feedbackdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ali.money.shield:fore Framework service call android.app.IActivityManager.getRunningAppProcesses com.ali.money.shield Framework service call android.app.IActivityManager.getRunningAppProcesses com.ali.money.shield:feedback Framework service call android.app.IActivityManager.getRunningAppProcesses com.ali.money.shield:feedback -
Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ali.money.shield:forecom.ali.money.shieldcom.ali.money.shield:feedbackcom.ali.money.shield:feedbackdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ali.money.shield:fore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ali.money.shield Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ali.money.shield:feedback Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ali.money.shield:feedback -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ali.money.shield:foredescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ali.money.shield:fore -
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
Processes:
com.ali.money.shielddescription ioc process URI accessed for read content://sms/inbox com.ali.money.shield -
Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
Processes:
com.ali.money.shielddescription ioc process URI accessed for read content://browser/bookmarks com.ali.money.shield -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.ali.money.shield:initcom.ali.money.shield:forecom.ali.money.shielddescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ali.money.shield:init Framework service call android.app.IActivityManager.registerReceiver com.ali.money.shield:fore Framework service call android.app.IActivityManager.registerReceiver com.ali.money.shield -
Checks if the internet connection is available 1 TTPs 4 IoCs
Processes:
com.ali.money.shield:forecom.ali.money.shieldcom.ali.money.shield:feedbackcom.ali.money.shield:feedbackdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ali.money.shield:fore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ali.money.shield Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ali.money.shield:feedback Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ali.money.shield:feedback -
Reads information about phone network operator. 1 TTPs
Processes
-
com.ali.money.shield:init1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4279
-
com.ali.money.shield:fore1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4306
-
com.ali.money.shield1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Reads the content of SMS inbox messages.
- Reads the content of the browser bookmarks.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4345
-
com.ali.money.shield:feedback1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4550 -
sh2⤵PID:4618
-
ps3⤵PID:4661
-
grep /data/data/com.ali.money.shield/libfeedback.so3⤵PID:4671
-
sh2⤵PID:4702
-
ps3⤵PID:4720
-
sh2⤵PID:4752
-
dd if=/data/data/com.ali.money.shield/lib/libfeedback.so of=/data/data/com.ali.money.shield/libfeedback.so3⤵PID:4773
-
com.ali.money.shield:feedback1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4943
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.dbFilesize
24KB
MD50973c8eccb441c2951e19c0ee9a81ad1
SHA1eabd01a88862062f2b68cb121eee3e18c5f09020
SHA2567d6f2a21d7295aacc05233b87544dc62af5ee9e0689a47bd201de3e1fdb6e624
SHA512be23369a0a8b7017b66d8ab6e9b0125e8119a38ac8363faacd4d6dac747f59538d6ad3ad13b9318a1f30e4a0c03b81be4c0811d7bd614f19d8be9c4d16544365
-
/data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.dbFilesize
356KB
MD5447393b531301df6914ca39bb7cced02
SHA1793fef1c51ca8ded43997dd7dcf52533583a098d
SHA256c30e877d62fddf958b5c3f7d339fa40680e644316a4ae309d54270e38e0ae5e0
SHA512c339e9b188c7a3ca0729ec22a24fa385af9d69b8d02b3dc3b4cc0944ac4380c3af2baa1378b7f893a07b4ed7f149a76241b3103baad658d325db8582d673bc09
-
/data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.db-journalFilesize
32KB
MD582b2f9e68042ef343312ff759dd7bc4d
SHA116f0dfff1a57a82f3cbe590c4af1d0f9f4202ca8
SHA2568f684729f3f9c7029f5e886bcd8a4abb38e404283854df35f7a9af3378104fd5
SHA512a22d0fa4d4b3955f134d838a5dac8888c35d4958b3042136f21007ff6792942534ccb5de0ba7b211247a380289b7f180a7534c5f8318b008fb54af0695c68192
-
/data/data/com.ali.money.shield/databases/moneyshield_onekey_scan.db-shmFilesize
715KB
MD53c9828f8d21c8d578bae48c14f67ecc4
SHA1861217e87a775c6e2d1211d5410c4784ff49ebdc
SHA2562f717462cd954c2d2b3a276b8d3b4690463438f29c3e9e6fda3c7f64853c2e8a
SHA512851516c25e0a5bd23a88f838408da0ab1572e4d73f1dac833a7ca6b7630d0e8dc77a6740a98e1d4b47f171da61208243beff4e34209095c4a7f6b7c3280a16ad
-
/data/data/com.ali.money.shield/databases/white_list.dbFilesize
4KB
MD5ac0135b5513f72d2aea69314cd452988
SHA12ddcb68d98fab93165c9bcbba33efda08fecef2b
SHA256ead95b5ab57b07bdcafb1b910f9dd09ed3ec3bf58974da2134506462a28cdc89
SHA512db4e277e03a6b9a434eb84fe8a32e1dd0a80caf4b90b08247c07b268108e68895eac72f148e46b4d8bdf92b1f3c7d62fa7a91cf63f03b89aed901e4ff0669496
-
/data/data/com.ali.money.shield/databases/white_list.db-journalFilesize
4KB
MD533d539958a3c800a7482c7312dccea98
SHA1bb1458b890dfa797c566cb7eeea5306d72596dd6
SHA2566e48e0ac56d00e6cacbb03128bbc1fa92950cf8bad1550e281e6a7d3d5892b3b
SHA5123e190ec5d45d90bb3044a29a339db3baf0ffe6e228a40118bfa7f1b29e81fbf0fd48eadc73e498cb7bf489d651ebd0892515ada520e8b17b456b000d15213e40
-
/data/data/com.ali.money.shield/databases/white_list.db-walFilesize
4KB
MD566979c6c517f2069c3fb22cb1e8e7e50
SHA145352c0505fc806ca1f307446138c91000603f5b
SHA2562c18f5f2cad6b18a36aa92ed54d1edbc0a3bf477c30b664cf1044142b4b2ee29
SHA512426cf778037e11696412ef07a786d5a292a71e3a4e9a3597b52019d016636005e9ec847ec32e8bf312dec3d34ef3e9396a77d9a0412d12ba9d23eac1ba00f40a
-
/data/data/com.ali.money.shield/files/init.propertiesFilesize
13KB
MD50ad0b127223ad3a1d616df66b2517cd3
SHA1d9cfdd3ba48872720e7d9e1945da27cb2f5b4447
SHA2569f8f6f052d735fcb85960739cadeebfbb202238c9cbd7fec67ab7afb3296e0c0
SHA512f9bce708606fb448b76ccbf6c74177eff3f2febb940fce62fc60c742300b45a49d650297ddeda40991da2521f17c9efe88a8f235c44ce416f5c8c68e7e518574
-
/data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmpFilesize
715KB
MD52d7d5cca9247064cd3df8a5f7c12574c
SHA1c070d40f016a400a067e54287307f820369bbe52
SHA2562a881077439f21014939df4483e7216a31905ab27fc0e6df343fec809a01ce4b
SHA512ec50206016394eee0de814043e77d75afe8789bc32acc98cdbf8b73e4d17ffbac5f77c32c11bcbd048fa2007f0ac8dc4e5b3c66e2d9d8a1158b425c74e6edd73
-
/data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmpFilesize
715KB
MD53a1b5100f7de266bf136d4ee1974dfb3
SHA1339c42c7cb16c9e76a4e0d0ce32d0bab2a4c1f0d
SHA256d79274a6afafeb98b1737b0d103375e95eefddd9ac5a8ce611f8554094e193ef
SHA5124def82765cb986c6737c62a0c0c4d981a22868f9549f96948a2f4977b6a084e54dfe402a926c734c0ad6f2614fccd00b5edd814098e99b8e99bd9e5c5ac29976
-
/data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmpFilesize
715KB
MD558155afa87cc2c5a23c30899338ec438
SHA13d20d54d7eaf381e218a6555c7d9d2bc785c7ff0
SHA256c55539d82663a5d7c0c98c68f72e972e5ccafbc0636a48ad43a00e3fb13d447a
SHA512ebf51823ea3558dd0232e8360bc7c18924de6154461cc3e7c0ef08670ae73dd32dc728ae825379051e1b0bfd6cef1109619dd6b56833439d36b0be1b4fd4dea1
-
/data/data/com.ali.money.shield/files/libsecuritysdkx-2.6.24.so.tmpFilesize
715KB
MD58aa047a11a71f15b696762226eb1a455
SHA152e23e4f1f3d9c6f3f2b84b922e69eab9838cd7a
SHA25643b225b7b00ad5c1c55c596411b0d938a8603f092c55629f44558d19b8d8eb1b
SHA5128b713c629c0f35fe9732fdc5a8a4c201e36b3b1aab25c7a8a6e2c8c059364950eccf886f438325d4cee8f25931238efd74527cf7f1eb019d93926a7a8f0f4ea2
-
/data/user/0/com.ali.money.shield/app_aliInnerPluginFolder/com.ali.callmaster.sms.apkFilesize
736KB
MD5f15bfb3f084d8e25239caafd17b4e5bd
SHA14b7af6786d5880e395eafb717837f7c301ee0bca
SHA256af7bf0b8aa07083bc9a34858d09917223053937263e790a5fb08c6e280c5da0b
SHA512db7b1bef0cab1ae82e8d65081387e702ab96d1c4ba631d5f48a3750a2cf3c7b5808cbc66e3b19ad5239dbfc1b8ab3d2ebf8e8dbd82226b8e97c6cb84984b2416
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
633KB
MD5d54f53bde167a0e6e01c0c3090af1d70
SHA156e8455dc808687de00ab664deed7ae0dcf796be
SHA256a10bf18a1807580e8b5cb8ac38127c0b6642eb747620b014329886f75e2c5937
SHA512c8c7d2337ce448bbe41be90a8229f848a202ab3d80afb48c49cb40b406efdd439117be603424dd340334c955969e2f4f0ab7d72fe24727e1a62150203d62abdf
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD521d3e2824a7ba9916d4217894ecf3e96
SHA1af07ac2daf13dffb267d6c05ce5c5d27fbc54604
SHA256d7c9f50d300f5ce43d20b203df1fb27e889487df024686a1c94127d395321ab3
SHA5126158da5ac044250dce819aedc1f9f8792e812912f3b12814c2ea696a39ea693669bac60e411abeac74fabd5dae310b590703e0c7e142cae9f82b81695fc87fc6
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5be88215ed0a430cd1f2f68eb10d298a3
SHA18e485be2a5005981380b4bf95c50cbe66ed4901a
SHA2568c35e034bfb6fdc2e06406fd7361e26a1e9875092db83d84a32b2ee2acdf7c60
SHA512f49dc19b30fc2c11f04881069cb23e71e6a5c32a060b1169899ebf7257495e3bea3b540fc163cfc671ea9714f04d6920bcce66a6e1941daae47b6a803019f35a
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
148KB
MD5d4a7f148b9fcc4af1f399718dd68f15f
SHA15ed308af8fe2a6bca674af8bf11586f460ebe1e7
SHA256a147b22f82b6139c408c65d77c02ff2d4a02b83afb5e6a805fe21ea573baff19
SHA51223a38f23dd54418549f45164a402bdbc38c17bbc44664deea7bcd79fc6a755008e3d8ae754605eb558a595dd0e3357746e0282bee0f45c0b9a9be2cf399cd052
-
/storage/emulated/0/Android/data/com.ali.money.shield/cache/temp.textFilesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
/storage/emulated/0/Android/data/com.ali.money.shield/cache/temp.textFilesize
381B
MD515b2140c7953fd2251978f503ac4bb2f
SHA1ec9f8a03ad2e8b91bc49e6dd9e0aea307a235409
SHA256408f796703b1642bef0418e3f156873b52731ecc0de60f70c9747081d252e2ff
SHA5120a823861f8d8bbfde1ff09af72b30134ae83331d40bed3fa63b2ee14fe74de0e2f955f719355b4756f6ca632617fe96aea151833864a3f806fb5a567b5905c6c