Analysis
-
max time kernel
9s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
24-05-2024 13:50
General
-
Target
6ebb0231d695e7e76389f8823be877ea_JaffaCakes118.apk
-
Size
16.9MB
-
MD5
6ebb0231d695e7e76389f8823be877ea
-
SHA1
bfa95b5897c4dd7eb8656db693d3d44a0378c3c5
-
SHA256
25be8ed9c62ea7e2c7fab126e6fac22bf273dc8ddab66b6028ce279b0a894e36
-
SHA512
701a87e9aacefa8762f1c31be5a5a45f65a1704efe14068368fb37bdd6dfb2f643001fce2bf64903285f304f98cbdd1e951d3c5db57653f79c4b97604a030a91
-
SSDEEP
393216:dM7ZaB1lpg1Fkp9wp+Yy+Tkq2PP+5VhhWvnnJzNKgUxCStboIAX:nBXpUFkbwC+Tkq2P25XKnnJJjKCSxoIc
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.lanhai.qujingjia1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
getprop ro.build.version.emui2⤵
-
getprop ro.build.version.emui2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.lanhai.qujingjia/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.lanhai.qujingjia/databases/MessageStore.db-journalFilesize
512B
MD53b1591b0547ac491ef8b0cd8e8f18114
SHA12dfd3987957a2e460bb1e1f7fadc025fb8c60d91
SHA25607d26eb92565c7298cfbdcb813bfd1bc92f81b15ce9b576f2b1b009df5c7ea8b
SHA5123e4c69efac4ea3312562714e274980a9a35f6f94377b1db36586631a286aa628a6837bbeb994de143785b199973c596a0c531ff5fb282a51ae4f812bdc52334d
-
/data/data/com.lanhai.qujingjia/databases/MessageStore.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.lanhai.qujingjia/databases/MessageStore.db-walFilesize
48KB
MD52989367661ce8ea6fb51496f1ee3c877
SHA112d9293d9dc2e1c6de82d1593451d75f8dc2b183
SHA25624ab1fd2887efed66b55f4698cf16087670442346895410340705ce9fd87aee2
SHA5128520d59c6a830fbb0652bd03821d21ac88acab7452832606b07008da53a09ecad0c6f35eaf1174201a188ed71477dd11f44f5af58046ca97d969611f9cb1debe
-
/data/data/com.lanhai.qujingjia/databases/MsgLogStore.db-journalFilesize
512B
MD59daf3ba278de46f715225c3a422969c5
SHA1a6a65b0a6c264404e60e74fb91f5d5d35b667109
SHA2564c289bcd587597f7d189abfb6bd516e259eedf40656e0b5a0e54200c89c3435b
SHA512166e4906ac25dfcea992d5bac8eef90778a72ebc3c7e6da68709f6ce3ced959d8880d57259a3c8927e94caa54a50481ac0ba049c79fc86b3f0a03f6355bb8efa
-
/data/data/com.lanhai.qujingjia/databases/MsgLogStore.db-walFilesize
60KB
MD5722bd5e99bff9d1ac2c97243f4bab178
SHA100b7d4e6f41e1282b3de7fbd9ac17a6e0387998e
SHA256944766584b98cd0dfcc7408ef98958373e7b9f8980d93ffc8b17249791ae6c3d
SHA51277f2a0ebbd51b9f565a7ee01df144337369ec380ee02e39cf7f93069e92f56e285964a998d2ff3eabee64e8f1df55c77f3e3faa46d4c2c88906401a992e25d38
-
/data/data/com.lanhai.qujingjia/databases/downloader.db-journalFilesize
512B
MD56397b4ed3efa75ce551a57022255648b
SHA19b7752ed1163e8bbf72e78fe5aed04e2464466e6
SHA256346c936735b114154e047ea116203349b02ec10fad3a70a737e04a0bfe1683a4
SHA512145ccaa5b0cb13e2b25086719bb44cf7f7e5ee424bfea2363f6ccf9230a403b7379b3e6c9f34808f56357003ae35aaef41317117c5c7ab1ab3aa8197a253cd00
-
/data/data/com.lanhai.qujingjia/databases/downloader.db-walFilesize
32KB
MD57bb35c76e7a348ef3593ec5826da25ba
SHA1620780344fdc9012277facf1061f49c503434dd3
SHA256b8830df9748b910899a25b6be0caf72980bed2e960e749ac354f18b7359da653
SHA5122a99a27e20d58ca1022a3aac1ea8e7df01bdd70a9b2949ce58563fce04485fede98ef75b936e2ecd14c9a5d799810d4f70ba006b00d0d2b2f019d377b96f2b7e
-
/data/data/com.lanhai.qujingjia/databases/ttopensdk.db-journalFilesize
512B
MD592eeb3acf4dd3b876031a85d50c8101e
SHA1d69c49a27954efd2d4329297fa092583b12858a3
SHA2569ed9ec457db4ae62e84ef314cbfb1a72356e8f89c0154a7cc81452ba687f9263
SHA512b8cfa528503d0a0e928d2e128e9676bf6603868fa2b4b09d7e075713d8de139528b867d9bf2e80fac16b8fc46cee6fe7e9aa8570c7d41a19193c12b95d477af8
-
/data/data/com.lanhai.qujingjia/databases/ttopensdk.db-walFilesize
52KB
MD5d8cbf8a61d0cde627748038d4b060079
SHA12c8fada4fc3b4453fda47e462c5dd53075b85fd1
SHA256f6e823266793d1d84c2e226b3214e1f04341a9c170376fe22d088d48e8316b60
SHA5124c7e995b2fbf0a947cddd54059778a3548f6d3ca99e6525f87666fbac63ece88626d7942ad9e31ced0c74060b66c5fe83ed8537fa198fd4f65527347ef9df33d