Overview

overview

8

Static

static

6

828dcccf66...18.apk

android-9-x86

8

828dcccf66...18.apk

android-11-x64

8

xq_skin_blue.apk

android-9-x86

1

xq_skin_blue.apk

android-10-x64

1

xq_skin_blue.apk

android-11-x64

1

xq_skin_orange.apk

android-9-x86

1

xq_skin_orange.apk

android-10-x64

1

xq_skin_orange.apk

android-11-x64

1

xq_skin_pink.apk

android-9-x86

1

xq_skin_pink.apk

android-10-x64

1

xq_skin_pink.apk

android-11-x64

1

xq_skin_red.apk

android-9-x86

1

xq_skin_red.apk

android-10-x64

1

xq_skin_red.apk

android-11-x64

1

Analysis

  • max time kernel
    179s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    30/05/2024, 00:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    828dcccf669dfbe98c9f8d1ff0254634_JaffaCakes118.apk

  • Size

    9.0MB

  • MD5

    828dcccf669dfbe98c9f8d1ff0254634

  • SHA1

    b9b01d730e1b480af62451bb7697d920ffc548f6

  • SHA256

    c7b1caa06d634b5e975516c96479946e36f24b374e7fa0d43a9f4be1af10d66d

  • SHA512

    54d106a418c7bd53093aaa1eaedc5bb02c06a0143316e28fd10a4fbaf592fa0ae527e79c28fea5dfe96eac8cac6c832d707717fbe4482e9b021ebedced125d1a

  • SSDEEP

    196608:tmTJURmwrlwAmQaS4egz4c8hk9L6iXobxJxWobxJK:ATJq5OlXey9e3pBi

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 8 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 2 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 3 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 4 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • ibuger.shanggeshqu
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4288
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4403
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:4451
      • ibuger.shanggeshqu:remote
        1⤵
        • Checks if the Android device is rooted.
        • Checks memory information
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4350
        • /system/bin/sh -c getprop ro.board.platform
          2⤵
            PID:4425
          • getprop ro.board.platform
            2⤵
              PID:4425
          • ibuger.shanggeshqu:remote
            1⤵
            • Checks if the Android device is rooted.
            • Checks memory information
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            PID:4505
          • ibuger.shanggeshqu:remote
            1⤵
            • Checks if the Android device is rooted.
            • Requests cell location
            • Checks CPU information
            • Queries information about running processes on the device
            • Queries information about the current Wi-Fi connection
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4611

          Network

                MITRE ATT&CK Mobile v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/ibuger.shanggeshqu/databases/ThrowalbeLog.db-journal
                  Filesize

                  512B

                  MD5

                  cb6916a4086b7002a335f4ea5470dc93

                  SHA1

                  a2e170de1a162e97df638832665adc825f869201

                  SHA256

                  7ad36f2c484a0d3bde9a220e6a869fd9f3f610179422985bee6f48b9bf6169cf

                  SHA512

                  cc77f34613bb49559ab546a5ea9601777044c6fef628ca30f7a43d7c4256f25298b78199a5463f9463e0a1ee4bf9bc6bf730a9acaff73e3d1d64fca19e311bce

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/ThrowalbeLog.db-wal
                  Filesize

                  309KB

                  MD5

                  289d4d07c8c196d03da592801e64196d

                  SHA1

                  77b78c258d23c0905fc2b8d1cf278caa3ffbe2ec

                  SHA256

                  1456b9de57f5f787208e167ff8108f41d3816e05bb6ba1f8a7f3977f0356b3d6

                  SHA512

                  74bf94866017cf157d6ba87b51cdd8872505f688151290310a529e62f2c11fb6096286872ec72269ea481085251f894a6b907d4ae80dfecfd8a16c726f413e09

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/bugly_db_
                  Filesize

                  4KB

                  MD5

                  f2b4b0190b9f384ca885f0c8c9b14700

                  SHA1

                  934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                  SHA256

                  0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                  SHA512

                  ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/bugly_db_-journal
                  Filesize

                  108KB

                  MD5

                  a0e156397244bcf2b179666dfac79ad0

                  SHA1

                  9c3d3555c740fe4c5ab47649f5381fcd57a57a82

                  SHA256

                  8400bd4eacafad62056f9092aae6c6e3645baa7c7817e332360cc162eaabc16b

                  SHA512

                  d8275a45340d56f548f0f1f3e5b3e952614f2df776729d900e961bebc4036940e1f619ae52c81b7a317f82227f42f9c899d9739be762a62ead37509030651f85

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/bugly_db_-shm
                  Filesize

                  32KB

                  MD5

                  bb7df04e1b0a2570657527a7e108ae23

                  SHA1

                  5188431849b4613152fd7bdba6a3ff0a4fd6424b

                  SHA256

                  c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                  SHA512

                  768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/bugly_db_-wal
                  Filesize

                  120KB

                  MD5

                  a5b70c0524e1f6288aab2a47390e77ce

                  SHA1

                  6820aabd208479742a627ca454e0bf6cc4646310

                  SHA256

                  f997cb39806e42c48b2459f8818871b1d816e46607097c1707b282f2d7da9cd8

                  SHA512

                  e17d3692afc9693294ba78f3163fa3582e99c15325b91e157dd7950a1abe5b13f6553fc4340304479328f05ba50bd9e9281045e0ba4b3daad7bcfcdd2a429823

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/pri_tencent_analysis.db-journal
                  Filesize

                  64KB

                  MD5

                  72cdfa655a8231ab1646073d4ec069b5

                  SHA1

                  dc6a269946f8438eb05cf433dd5beb97b8535ac6

                  SHA256

                  0af28f52c4f721a6d12c20e6d1596ed2451b87e865cd4223bb6cb843dee30210

                  SHA512

                  38bc980d4ce88c7ca82166d0ef456c9cb43bc244af81a0560a12b3eeb3cfb03da2f92e4443b986b77ae6df938d9ac73c12addb94044eb093a79499b1deb8da85

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/pri_tencent_analysis.db-shm
                  Filesize

                  32KB

                  MD5

                  c08903de2a22a2128e6be6d339e07a7e

                  SHA1

                  3776ac7b8891baafaafcf0f75a14050721b13cc4

                  SHA256

                  43ca68fb536846217bc2c5c8a5fe78cde9ed075efb2cda4421cb70516f72cc97

                  SHA512

                  d61631b70a86b037ecf4a4d5b468dec3430b8c2b620a2abf73ad7e4910123c9e1c005f1eeb98a7f406cd1aa7398f2cd5d173a204fda8ed8853678eeeffec006e

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/pri_tencent_analysis.db-wal
                  Filesize

                  52KB

                  MD5

                  6de3910d593ffb2b309bf8ed0b085ea5

                  SHA1

                  aded18bf72c2c3899ca3ccac56c87d6d4d556d42

                  SHA256

                  17181b05e0af17622a2b038ac262e3485191efaa57a74b03bf530ce7ce5314b1

                  SHA512

                  a280593ae53e980b1059e44aa586027fbd29464487a4ab917237d9a7689f6e08b27fbbc62f26a18e9cc26984e4813a30d9e4509cc5226d60313cf09647ec5869

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/tencent_analysis.db
                  Filesize

                  289KB

                  MD5

                  a3eea997c1380a5e64b4af3409de69b8

                  SHA1

                  1adbb038b5e5a8ac29de2e1475bbfb40718b183b

                  SHA256

                  1ebf437037810ba6b83fb96cef3c97eb8b7c87dbabb6073b26d3302ddf948049

                  SHA512

                  2085f83511105dedb671d9aff196b36ca37963811dac228474115f0790353d11cc5d61008cb0e83372cca4628659e318453f2c51b489ef7ad0ff8dddaf73143b

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/tencent_analysis.db-journal
                  Filesize

                  512B

                  MD5

                  21b85da78471fba02b2d5a038bd1fa33

                  SHA1

                  512c3bb7140a2809295feee5b8ca53a7665631bb

                  SHA256

                  4e52a206b16e9d05a0d4c18ce576ac3aa30889e5197535f584ca5c6ce05a4d51

                  SHA512

                  cbcde1a7a41ff8d58ce8a110bb9b6adad8e1c2755cf8866fc789481df51d39b3ed075018873acfd5a74f0b149e3f6142b5b3fd93a50fd01914df4dcc5ccbf6e4

                  Download Submit

                • /data/data/ibuger.shanggeshqu/databases/tencent_analysis.db-wal
                  Filesize

                  84KB

                  MD5

                  9ad0908382f88ee396d730fe51ff1395

                  SHA1

                  80dc5098df3c039eeb36f6686a589e33b31bfbac

                  SHA256

                  c9131cf26a3c52d39a23fbc0daef73dd7a5e4bad57dd5741eff43250f0be5a03

                  SHA512

                  a6fb96bf40e88fec0a345bf7f35bfb451b7021d296894a97bd4b69a64bb3330ccfaa14770e1cb58c025c84f569fc90d6ec084f37c0ca80abdf00ae3806a8abbc

                  Download Submit

                • /storage/emulated/0/Android/data/ibuger.shanggeshqu/cache/WCache/journal.tmp
                  Filesize

                  31B

                  MD5

                  8c92de9ce46d41a22f3b20f77404cc1d

                  SHA1

                  8671a6dca00edb72be47363a7071be65cf270373

                  SHA256

                  68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

                  SHA512

                  30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

                  Download Submit

                • /storage/emulated/0/ShareSDK/.ba
                  Filesize

                  369B

                  MD5

                  70d7863d813276ef4783a9bd14e6f726

                  SHA1

                  fae47e76e048e30d4eabb5d0181ffb83d902dee0

                  SHA256

                  aa230db4f442a909dcfe7804d1e266f3d3c4ff922bf9e1dd2458d12cd9293c3f

                  SHA512

                  70c252eb27a26c5dd36c209a9a6fe6870163e61fbaea1bc6558316c02db9ed1b8172d0879bd1f73170be9b284969e413ab8cf3907f41b7e19a8d4624a69c58cf

                  Download Submit

                • /storage/emulated/0/ShareSDK/.ba
                  Filesize

                  468B

                  MD5

                  fdb7d92544fe1994a03dfea1385f6abf

                  SHA1

                  532779d6a4d5fbef89d2c0ff2b8194896f6df092

                  SHA256

                  a66226c22235df28cc69bc9ee682a61cd3f9103abf91a00fb76134266c4dc8cd

                  SHA512

                  e35f27bb8d34711da63310ba5529183224b34eb0be2e5eb4c7a95f97caccf6165946a89f4535f49adee98c2ec1c34b481372fd3b5c01791876101c89e34a5df8

                  Download Submit

                • /storage/emulated/0/ShareSDK/.dk
                  Filesize

                  107B

                  MD5

                  c9383021bd97affc44be4db7018c4d7b

                  SHA1

                  7e680409d1c86e35149bebc22f2cf8c484f0d23e

                  SHA256

                  b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

                  SHA512

                  7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

                  Download Submit