Analysis
-
max time kernel
172s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 11:06
Static task
static1
Behavioral task
behavioral1
Sample
6e4b32fd70af981e51d1dc019bc8e734_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6e4b32fd70af981e51d1dc019bc8e734_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
6e4b32fd70af981e51d1dc019bc8e734_JaffaCakes118.apk
-
Size
12.3MB
-
MD5
6e4b32fd70af981e51d1dc019bc8e734
-
SHA1
41a0cd3fe31110e3f5f95dfd495947eae8ccfaaa
-
SHA256
b584429c7909dd1a03eaec9caa71a3d9811481ea6ed8d0f016f0d0d73234c440
-
SHA512
b3318988ae28fb1d7b0b1c4458116b9e54ba0b871b7b167f2f69a2dec7ccd87f855e68f288a8887ddfc0ad37c92d864d0f514538bff2912f71903ff53c377ec6
-
SSDEEP
393216:20dlpS71B6PxvEdCsOtC4bBpMdT0slTKUTzcRRD:dSZB60FkCKBmJ0GTKNR
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 6 IoCs
Processes:
com.mobiletool.appstorecom.mobiletool.appstore:channelcom.mobiletool.appstore:remote_proxycom.mobiletool.appstore:push_service/system/bin/sh -c type suioc process /sbin/su com.mobiletool.appstore /sbin/su com.mobiletool.appstore:channel /sbin/su com.mobiletool.appstore:remote_proxy /sbin/su com.mobiletool.appstore:push_service /system/app/Superuser.apk com.mobiletool.appstore:push_service /sbin/su /system/bin/sh -c type su -
Requests cell location 2 TTPs 4 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.mobiletool.appstore:remote_proxycom.mobiletool.appstore:push_servicecom.mobiletool.appstorecom.mobiletool.appstore:channeldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:remote_proxy Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:push_service Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:channel -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.mobiletool.appstore:remote_proxycom.mobiletool.appstore:push_servicecom.mobiletool.appstorecom.mobiletool.appstore:remote_proxycom.mobiletool.appstore:channeldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:channel -
Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.mobiletool.appstorecom.mobiletool.appstore:channelcom.mobiletool.appstore:remote_proxycom.mobiletool.appstore:push_servicedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:channel Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:push_service -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.mobiletool.appstore:channelcom.mobiletool.appstore:push_servicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:channel Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:push_service -
Checks if the internet connection is available 1 TTPs 4 IoCs
Processes:
com.mobiletool.appstorecom.mobiletool.appstore:channelcom.mobiletool.appstore:remote_proxycom.mobiletool.appstore:push_servicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:remote_proxy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:push_service -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.mobiletool.appstore:push_servicedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore:push_service
Processes
-
com.mobiletool.appstore1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵
-
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵
-
com.mobiletool.appstore:remote_proxy1⤵
- Queries information about running processes on the device
-
com.mobiletool.appstore:channel1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵
-
getprop ro.miui.ui.version.name2⤵
-
chmod 777 /data/user/0/com.mobiletool.appstore/files2⤵
-
com.mobiletool.appstore:remote_proxy1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵
-
com.mobiletool.appstore:push_service1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.mobiletool.appstore/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journalFilesize
261KB
MD5b7c30cf4d50f10735a02523249d7e101
SHA1c1e17516af2922a81e8c1a530b0012048c565529
SHA256947689fe063e5e768fc616a35e1c729377f7d21f6c72e5b0b727d471570ec0da
SHA512d715277db15ecfe81a30a4739b634a31a9a399181901e5376e1984f566057171ebb5ab2d732678ce5a6ee301c688dc3355b2ae095e32414a882e75640e0d33ea
-
/data/data/com.mobiletool.appstore/databases/MessageStore.db-shmFilesize
28KB
MD5adb69e36f084190e0e1fb967a9bcbb85
SHA10b70e866f233155d2a4279196cff1ae0d5bd0a71
SHA2562e84d22c2ecc5f9591ee91152b69fe381d831111bcb615107d92c2b58a0326d0
SHA512ed3a239702b6680ed40cb981845e8e36896d823ebbe535eafaf245e5e6ad05a64b61fd02b1df6ecbfed89b73803d6b5a90ffeacdaf8f4bef781e94e5e62a6093
-
/data/data/com.mobiletool.appstore/databases/MessageStore.db-walFilesize
48KB
MD5f8a5d2b13375301bb21e9d63e32ccc06
SHA116d4297871191bb402d7ba31d9cef47967bdb4f6
SHA256a947b96e597e5537e659ac5f5c9b12737ee7020cf5b2d5f7b8d28ef264790df7
SHA512f0f382751bb509cd251ace8687803a7bdfa7db85fd9bfad01868932e53634d007839c2a1d3c83bb79650f31bc2ceb629e4a854691c2d9874dba50a6e09561f8a
-
/data/data/com.mobiletool.appstore/databases/MsgLogStore.dbFilesize
4KB
MD554765c50d733e3fc939b127896c24746
SHA1594b1b135049d60cf57d523016053acfd67f2b94
SHA2569fabb3973e3ef0f7ab9472471c84e4874e1399531fa30fbb003f082c212f1e21
SHA5125ad64bafed752623d67de6fbf9b9b62429fff930ed2c9032c432e308232da5d9cb60d22cd5db9cd153c28f89f800f6779a5d69bcfa5aba10b1be09c07c3e12a0
-
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journalFilesize
512B
MD53f4629ad8f38c23eb9625c475b9f4b7f
SHA1438cc2b2b21049ff1c03fa65d42a592d83a3ef35
SHA2565907665508ea39a21c1ccf5f45d8195e644dd5efc71533bb8559b240a01ecd6c
SHA51216752eff3132b871031db41a5c15a4e9b28cf14ee9cf5f9505d1f4d57706c8c9585a467e29ed0239c76700c174ad016b4db74385cea813357a6db7c9579cb80e
-
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-walFilesize
68KB
MD52d0758c2b7bd49266e380a6c8d383f59
SHA1644e3454b6a31caea2834eeaaa21471682611ab3
SHA256d2fe25f03a61b379a7e0639b92611cf5f5fa7aae51b3aff64a279cd35472cb38
SHA512575ebbe2e778a0220862e6683f05410d24e5ed492b23dfd856347483e4344bb91141705283bef3a7d0950cfec86ba6b5a1f1f30d9154eeeaa48fdb5c378db164
-
/data/data/com.mobiletool.appstore/databases/bugly_db_Filesize
4KB
MD594f69e9d9df26662c5a16844085f5f9d
SHA10f113632712c128ada96ec952de6f7dd9fd930f0
SHA2566cd7b3a332757e69a1b2ec73ad8a7e5832e454d5132a6218e619f4044bdad17a
SHA51282f3da50a141c4d5c3c656e2af8404508d18a9f2eb210b8354488b6929fa96088a7485385bd7ace469112439b05a04f8b97ef1a40f11aa19ddd8d8063fc49867
-
/data/data/com.mobiletool.appstore/databases/bugly_db_-journalFilesize
512B
MD596d2ccad4e8f4a1d022243ee9e69ceb1
SHA1e467e6d3f8815f09991f51f9df530221eba6a58a
SHA2560860d0fc3322a29dffcda46e64f3c0e59edede9ebc8c09554a36f135344b6ecd
SHA5125327c857b1b60a0a1a36a0a0b86f5a5cee7277b85949121d19700ca6f900975601824358123b5c966242411cfc72eb878181ccf48b45125bc6c067b71130d72e
-
/data/data/com.mobiletool.appstore/databases/bugly_db_-shmFilesize
51B
MD5aeb2cbc563254085cbac7d4c9a035174
SHA190ee49fbeec8a0b5f1a6d3b03582e9e542ac8bca
SHA256d74cb13902926fde20530e29f9995303db57d58c4f39226132c25d2c97dd6cdd
SHA512c6bef5cc117982ea7bc53ba93e1e797986ef4034a8d3c13baa373caffaf14ed09d128208294e60ee64aef1dd2d2cdad5c705cb529ad1774dc20499e9ab3a99fa
-
/data/data/com.mobiletool.appstore/databases/bugly_db_-walFilesize
88KB
MD5e446e64710a67725b5a6f6ae0b372b51
SHA16ebde05da6daaebfc6fbae449186ecc8e4c99741
SHA256b5bfaf4821127c9597fe60071286cb6084998c687cea1f44a5fb79c50acdd1ef
SHA5124af9162b9746cbe404b0cd760fca9c957f83c6950eea2740ec13538c92e916caab4bbf38f460f8621a8611cf06425d83b58f3234a22e6521fc43d00586a9d6b2
-
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journalFilesize
512B
MD560ed8e4c21c62ce368ddbd9637df04e8
SHA166a6604f20df3efdb9b61b8765eb41011abd575b
SHA256c09a82f293a7c15a80e07ad44edb0e4e047012da10a4c6ddd972536a6efcdb0e
SHA512f14892c293f26f17b4683f63bce592839fda777ae11633cafad4cd9b981db12db1de66dd5c6392fa13de39089ecf7176d2c2aeb560454b80ec547baa8b3df865
-
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-shmFilesize
63B
MD5bc1e7ca9310d74e43418bf4e12f443e7
SHA13ef3da122fb58bd6c5692bd1bef3b28b6a3768c1
SHA256038da95a294c3f5298226587f9e95ed3945c58d9f0566819f19452ef8c42aa6a
SHA5122c4b022aa71ca11b90dc32cf6725c37967e6d88d19171a8c43cac382c13453b8433bf364b0f853165e444af6dea1d93740c4e9e5c9d47ea122faad4ce1087652
-
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-walFilesize
40KB
MD50feada1458f7a7f4ec579e5ac119f4aa
SHA1e089be0116d2be903b0e25e21b7dc112a2ea3715
SHA256148aa19ec7f7730f11131d376d090858e89da41f457e211b6d7cc2492c728e26
SHA51262d5291d38d60a212d906abc6b8db816ae43999cc63b77bc53ce4d99947b98d9860859783fc01cdfeb8fa9929f95d46f11d4adc6c06edc6c745e885d58bf8d41