Analysis

  • max time kernel
    8s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02-06-2024 15:10

General

  • Target

    8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk

  • Size

    14.4MB

  • MD5

    8e8069293783668c84b449f0fe24e3b2

  • SHA1

    071103dc6475ac1a57011abfc4848e907eadb551

  • SHA256

    a0b9837f9e2d60528b6e49e21a8e2770487f71607e72f56bfe6e4569e3a0e08b

  • SHA512

    3b29370520ec8b238ba280ddf9bd1e8d97f1b1ab4f75de61429ed36e47cd2f2e69aca5800df28d6f88eee7e221f03c8d7477f050c7392746d272bd9c6e9fa988

  • SSDEEP

    393216:9uzySpSDJrufTEOcxcM3ZG3iEAV9XBp7yNS1SHo0IaTg:+1cNrurE7w9AnX/yLU

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 8 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.qky.arealracing2
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4285
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/storage/emulated/0/Android/data/com.qky.arealracing2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4312
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fx.jar --output-vdex-fd=43 --oat-fd=41 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4337
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fp.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4363

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar

    Filesize

    306KB

    MD5

    903f28652432627489b5a538ea86bec9

    SHA1

    ba1f589036af496318fdd7df328e9c231e590ca0

    SHA256

    9bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe

    SHA512

    2349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f

  • /data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar

    Filesize

    306KB

    MD5

    9c9e2d273606d14831b64b59f37017a2

    SHA1

    64ea038a4d42efe54bd24a23ddbd89f0702710e2

    SHA256

    48cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c

    SHA512

    ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370

  • /data/data/com.qky.arealracing2/app_jc/dfp.jar

    Filesize

    114KB

    MD5

    1047cc5aaa16cd39cbe53cfb73002f1d

    SHA1

    560edce1216eedb4911cd06c7ab19090c08b5ec1

    SHA256

    028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714

    SHA512

    e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704

  • /data/data/com.qky.arealracing2/app_jc/dfx.jar

    Filesize

    133KB

    MD5

    59705f3af17d5b6695ddc0d11a3a63af

    SHA1

    dbf6ffb0a256cff76db302a7022c18174ed58c28

    SHA256

    7a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762

    SHA512

    fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3

  • /data/data/com.qky.arealracing2/app_jc/tfp.jar

    Filesize

    114KB

    MD5

    0941a865befbed90cf7bc86a1af0602f

    SHA1

    e161a14cd80fb88d81c7181301bb59120e1fff46

    SHA256

    d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd

    SHA512

    5fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117

  • /data/data/com.qky.arealracing2/app_jc/tfx.jar

    Filesize

    133KB

    MD5

    e6af523b04ea1f0c64c48e8e94c35f96

    SHA1

    eaa37708f0e4a7fef0d197b73a03c2e830254442

    SHA256

    820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9

    SHA512

    0faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1

  • /data/data/com.qky.arealracing2/app_jni/frame

    Filesize

    38KB

    MD5

    840dbf3852edfa1261435df285ff1e88

    SHA1

    26dc95a1ad5261207f83b4e36c783f868ae0e73c

    SHA256

    96dc394075da003d52317d18a42ff5cda408aed74c1850de0cf10b8c33ed3922

    SHA512

    05e06d7b40a975320732e4f1cc6550e87c08a438892bac3c3aadf9f1429e6bc0c092a03d672ad31f79d788721e12e1ba49a26f5c1166104c301c1b7a471e8b3a

  • /data/data/com.qky.arealracing2/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.qky.arealracing2/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    4ae5272012acac88d8985ea4a8717f3a

    SHA1

    f384106f9bda632a355fb3e2e8d23f2fbffdabdf

    SHA256

    86efcf85a4a9753ec326a828995bdccad943cc48bdc2483776b205ffac1f5e5c

    SHA512

    bd99ed6f0ac33ab34c127dd2618f0350d6319d04c591ae033014493d7a302380d5cd501e81ce4c4e4867fd934fce7a4fa44195623de2050c09f4935b4cf5bf5e

  • /data/data/com.qky.arealracing2/databases/db_default_job_manager-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.qky.arealracing2/databases/db_default_job_manager-wal

    Filesize

    32KB

    MD5

    15c6bd3f0b5aaeebc21d381ae394de3a

    SHA1

    2e7ea1ca66be75ad34b73e28c03fc17f89d8260f

    SHA256

    a14db60d140826f287f3053f1cdc8cae53ab631711b3cf9569ce4d490bb2db37

    SHA512

    92ccb16a132bfe0c2d7275f8670c45de607faec966c19b27651687b420ae6c5680651f5cc9a559a579bb4a4c3909fba3a3289b098867e5dc473339c6fb347588

  • /data/data/com.qky.arealracing2/databases/fx_dd.db-journal

    Filesize

    512B

    MD5

    51a3622b1405450b6e0bd925a4ca3f7c

    SHA1

    075af3d896c66016736938fbb9507a770615ccd8

    SHA256

    4b4961301ac7fa2c1cf0786f5fee140f90f5821779b2f033ec45069a0ebcb46d

    SHA512

    959fbe884a0145dee170980cde89d4ecff17108ebb1cc6492d86b11660eaa1171195c6312efad02d66aa4946d153f38e3dac4ca8c811ed143a28608049218913

  • /data/data/com.qky.arealracing2/databases/fx_dd.db-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.qky.arealracing2/databases/fx_dd.db-wal

    Filesize

    40KB

    MD5

    d9eaf3a080b5fbf3e9af16a3f8eb46fd

    SHA1

    235397f6d684c7da1be31e376ca32593a40b22c7

    SHA256

    3f10cc4be6b17185f35bc0c4708cd2e1f79ae909a0233218031e5aaa19a5900a

    SHA512

    dd0da047daef2a9a8e43c7c5c19e2d3060481018d44a59e152245d8adba5bdfe2afb3f0c3f0004a6ff6bd2849535cb0d8c523c3c8be6480038e03fbf7124300d

  • /data/data/com.qky.arealracing2/files/Mint-lastsavedfile

    Filesize

    34B

    MD5

    8bca52a35d540c5a6042753280995305

    SHA1

    8d536262c521e8a2d71e7c41a0845024407f9ebd

    SHA256

    1753aeb43c4318d1473be99f330d99a74a2344b0a0809eb65d1579456a584a3d

    SHA512

    3cd4252329aa0ed9ca8a678036b75eddd499f2a049a61ed58e83d4d1a478a9970505c6ddc7a98dee55a83d44ffe5b3db14b4f5585dd69b062ddbf71e514db824

  • /data/data/com.qky.arealracing2/files/MintSavedData-1-1717341070715.json

    Filesize

    566B

    MD5

    c41744ba4484a86d06e72e2b514966a4

    SHA1

    894c4c04b99cef8b75c9cf7ded5bfc1e2eaa6e1c

    SHA256

    03abed0799b1ca573c2e7cdaa3a6aa4814f360ba28ff13ffa3d3d55aaa8c2484

    SHA512

    f33872170a683fd30fe200ab3969bc1f79a80b71384166248c8791daa14dd0987d79a75290995b660cab4a2616fd71f2f3c6addbec6abcf8231d8b31c52c4376

  • /data/user/0/com.qky.arealracing2/app_jc/fp.jar

    Filesize

    171KB

    MD5

    fa6d23be417a5dec12791ffc748a5ecf

    SHA1

    c3dea4c61c83ebc3d918b1d7ed570a8ca633ad58

    SHA256

    56886a3515106e4b010a7d12c36631b67852b2ab73099309cc28d5894906e555

    SHA512

    d468d3fcb79755142de0e20557cb2592eb723ff40027a776a346b221fd1aa6169bb760be14bb7b6abcfd36627d739072aa9dd0424cd243550111a9fb3e70cb00

  • /data/user/0/com.qky.arealracing2/app_jc/fp.jar

    Filesize

    171KB

    MD5

    6ed19d0fda7f59cdc1d8f6586a3b3ed1

    SHA1

    843e50f2458eb8946a0452ff4e6fa3e72d277cd0

    SHA256

    1920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c

    SHA512

    8b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b

  • /data/user/0/com.qky.arealracing2/app_jc/fx.jar

    Filesize

    176KB

    MD5

    e785d4334614a792ffc90542432dc10d

    SHA1

    2d6b9d63864fb2d62932d23d6b8a9974b61dbd59

    SHA256

    7c5a4eb113cb46d852cc491ce7864da475104c2baaf21863163e48c9db8bcedb

    SHA512

    5c28f561bab5c7f0d49128a9a7c08ba24e8787301f06160420442ed45f47a378089a926f81fb0c987aab0efb7e37a92d7f056c114e2da190775a80327dbdc636

  • /data/user/0/com.qky.arealracing2/app_jc/fx.jar

    Filesize

    176KB

    MD5

    73f49c3686814005f266cc14e24fce54

    SHA1

    fb059dc5248a7334ab947be8cb19876af04657f6

    SHA256

    5e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef

    SHA512

    6133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b

  • /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

    Filesize

    21KB

    MD5

    d14ca1113a0e79962b5f2ce86188fcbb

    SHA1

    95aa1ae1169812f065f3ef78a7cb88342284c25f

    SHA256

    a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e

    SHA512

    14b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00

  • /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

    Filesize

    55KB

    MD5

    20393d4c6d20f59468554114cfe35d30

    SHA1

    23c536fde6b4231476cf19bf50ccd8bf3df37ae4

    SHA256

    7c2fb8e66db8557aea86f3cdb925779ed1dad2255b9485f34df73d4f4d133188

    SHA512

    4d8084537073f3397f963b3d5b8ca80d5ba9f84ad202c99c52c148003aa602a0226360e782ffd9060f0851539c727fdf1dd3c5391cde31d1e5279fe2400b827e

  • /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

    Filesize

    55KB

    MD5

    925c4be52ca0973bd2b10cd8569c3a23

    SHA1

    a7b189f3557c4461fdffde2ba888c5a815fb1a09

    SHA256

    704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c

    SHA512

    1f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8