Analysis
-
max time kernel
161s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 04:50
Static task
static1
Behavioral task
behavioral1
Sample
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
package.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
package.apk
Resource
android-x64-20240514-en
General
-
Target
package.apk
-
Size
23.5MB
-
MD5
80940131f04d0ad8b646e676bd605354
-
SHA1
e20444427ff3924da0382c73e93920ab6519202c
-
SHA256
88491654c1973434c59c6f5096648976492758790ba88af7d39db3c6cd589d62
-
SHA512
4221687cc69fdc2ba8475d5de42f77961b72109400c11a85ff63e18a418b5716ac928e10dcc25a26c4b3b98bcd766134ccfa8385179f9bed833516bca63ac033
-
SSDEEP
393216:y1933fq5D3s7xvIKtS8xqZewuqYuY+Cs8mNYFoclOHUxn8XQ5Lcpcru5cbxbywfJ:wHWsNvp3xq0kYuPzNYGcl4UJRLcpcru8
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.rexetstudio.deathrunportabledescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rexetstudio.deathrunportable -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.rexetstudio.deathrunportabledescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.rexetstudio.deathrunportable -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.rexetstudio.deathrunportabledescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.rexetstudio.deathrunportable -
Acquires the wake lock 1 IoCs
Processes:
com.rexetstudio.deathrunportabledescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.rexetstudio.deathrunportable -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.rexetstudio.deathrunportabledescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rexetstudio.deathrunportable -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.rexetstudio.deathrunportabledescription ioc process Framework API call javax.crypto.Cipher.doFinal com.rexetstudio.deathrunportable
Processes
-
com.rexetstudio.deathrunportable1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.rexetstudio.deathrunportable/app_data/eventlogFilesize
355B
MD5be52ac6f47418f07f66ca654deffc159
SHA14987b0a683cc324ea18eff966f2b4d876a20cfda
SHA25675fedfe87fe4a18dd505be5c390841851b0cdb4acc6f3b2fa74e528aa79c5e65
SHA512cfc0d90bd5f3f51055b63b7e8763d2e1c964963fe401d6b832560d967f2d650c3513c970297e4d653b87240bf85c55f09bde4da0ea0f3773227fa7abe64f50cd
-
/data/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBRequestManager/65580818060Filesize
139B
MD5746b09464e8032fe923b19bca0474063
SHA15bbc9fdf505ef53602d5b5e8b359d38bbf90d11a
SHA256e2aed0e1ab3f688a70a4a50a9f7d8f6a24fc7cab94c4b9d908a07352d6705f01
SHA5128d492887d3b59dbf91fb2e0ac83a08c60c3e67c2af4d00e91143e32d9f6379271ad24b8b7bc27d9b21621805f70fa5e34f149c3277821c040cd9539c28cb1aeb
-
/data/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBTrackingDirectory/cb_previous_session_infoFilesize
189B
MD58b2f2f8a2e33e35e97a7337b154806cb
SHA1a82a975550dc087a5cc52cc1afc80858ee5a4333
SHA256ba07c34da95089031607c904636902ec79f03cf8aee38bee736ac548e1898b98
SHA512ad1045b344cbb386d18a79b91c580a0a89f1dd83e354af120805d19c5dde634f02732d02065d9ff5b5a5adbbb4c678e75078f035a36479e5dea557ac1344d388
-
/data/data/com.rexetstudio.deathrunportable/cache/inmobi.cacheFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
/data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache.data.events.number.networkFilesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
/data/data/com.rexetstudio.deathrunportable/cache/inmobi.cache.data.events.timestamp.networkFilesize
10B
MD50a3d2376996f4cd9ae502d9eff75ea3f
SHA149f2e0474ce670e8336e52c0da9b329414b6411f
SHA256e80a734e28344830855f36da7b21b4af26c4c64754110e0f09401d2d468041d3
SHA51254c26caee64c6e1fa52e2203f5074c32e2d87a1ecde5958a1b69ccf0da95d53664206c10da648f4d21d5ed7951090f2e0a5672f6da8094e4953c9c77384b5a68
-
/data/data/com.rexetstudio.deathrunportable/databases/im.dbFilesize
16KB
MD5446bcead19385f21fa4d50b4009f3500
SHA108c2973c98014faab74dbde0aacf8814139a8976
SHA25660baa7f0b33e8055faf74e02761daa797763e42a35606f9049be15e46543fe2e
SHA5122ec2403926e3b862eede11756f675ce722b44e0a14e395942e7c80247217795bda677d96f121f7356fc55ffd5bcd23144b222638542d0c35c3a9a549504ac57b
-
/data/data/com.rexetstudio.deathrunportable/databases/im.db-journalFilesize
512B
MD5dbcd544d16e94a79c4249cf8728cf554
SHA1d0c9250e720ce5657d1d10b54c966947ad2f97f5
SHA2569209e26fc60019cb3d783a39bbbd6254f26f2de7c75fe28b6a1f9850bffa4f74
SHA512f7e4866a993a8227461db069a344923a4e42b111b85e3d17e5c1f0d8d5fa58e00d79c52694b3c22bf03d9726d402aedbf998a1865aebb501caff8e8e68f3c1aa
-
/data/data/com.rexetstudio.deathrunportable/databases/im.db-walFilesize
28KB
MD50010fd3049f41eac64ce64468f2ad148
SHA15e2d32d363e93089d839b3e4e0ca524261204538
SHA256feba158710be1aba7081035c3834c68435a3ef302c12f4fb4cc958fbb61e73c0
SHA5120ba2eb57bd909c4954c9d9c13bdc1e35ec327888376c12777a526a197363770d026abe9ab917044aefcd269682670e796b205a14c995e4b25a0ab105448d59e2
-
/data/data/com.rexetstudio.deathrunportable/databases/ltvp.dbFilesize
16KB
MD5d5e43cb1cd098bd29f5cd9e498cbd39e
SHA1108986bbfc0e9c742e3f31daebd830b99dd435e1
SHA256a4290d896a3ea6ac52924b2b6d9fc58e7dd95387b2ffff3a4b1e2899fbf88aa3
SHA5120299703cbabaf16a38bbcd444edd699614f76bf7bba5a4e751717dbc3fe84fe850c89945d29c4acbaeb1ddf5237faabd6c89e6ee8f77d4e587ebf8c99f2cb84c
-
/data/data/com.rexetstudio.deathrunportable/databases/ltvp.dbFilesize
48KB
MD547aecb84cc14ac322b7466aee7066de9
SHA1648ed016d28dafb0162e459253e541d0ad037fba
SHA25610be2b5d05791c7b6775f6481067bb848680eeb26ac832350389ecbb027c14d6
SHA512a2f13c55f60dc4ea31f3c39c90ba7fa389099f429829c75f43c42aadbdef71d65b3d9e2cc82e51c1c31d3fae46ad979778bcb07f4498c0434aeef436893843c4
-
/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-journalFilesize
512B
MD50a59e238d180dea85647941813be9faf
SHA16b938082b1eeed708f4d840fb9534f722d7fa816
SHA2564567c6b5146b372c400d5185974aa8bfe17fee69b98cf1ae9bf7696d9049ac69
SHA512fb7ce4a9e65d587261cf84b9f671d2996e182309677a64689ce2776642fef7c98db9f5522e0a98a663c00690b63a851e3e3d8f324d04ab9a5ce9bb06dba3a2f5
-
/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-walFilesize
4KB
MD5017e1a264b9c85c17120fdaace17ea30
SHA1a15248a7b5ecaf4ce2a9c0c5d9c0a0697236e3d7
SHA256215750b40f39fb1a16530f5aac1ded60a35ed4695df6e2368bb412195019243a
SHA51256da66e36874d8c8a54e2a3fc2c100796bcc99211c3ff3cc5a11a3e2010aa7cdf018b18a823d42f8569ece4909217bdeeef9fdab5c87f8d0ada20be066ab6ac7
-
/data/data/com.rexetstudio.deathrunportable/databases/ltvp.db-walFilesize
68KB
MD582a768a3b2663e0817223363551fcd37
SHA1f94273fab8847f871ab4958812ef83db6b460a6c
SHA256e4ec15481fd3f1ea8547d64aafe71e2dbfb3d0fa8e64336beb800ad08bfc4e25
SHA5129b737ded51b0e67c60593cabf7f2b71afef38e1abd2b934bcb5a56b9d1cb47b34b9de9a6709952ce033459003c0b24b7074547b79422d84edf029e9ab7eafbe7
-
/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/5ecba0a617a57109d1598989_568-1590403238.mp4Filesize
1.4MB
MD58cbc50bb417ce03df3370cfbbd298b3f
SHA1e1f1777a16cc9a5b2f5ae6947c06d830820c16f9
SHA256d070b43c84638c2db991e10f9ca4c0320688813ab7499fcf287df8a1d9e270a4
SHA5124536ed5a30ab2568bcb4da973a8bea3a875867649b9e62eae4a511a54b9105051bbce76f7be893d4c87652b64622daf92966c6f8674bf4a18a1baa04f67f592a
-
/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/65292cd90a56dd167d0d9585_568-1697197273.mp4Filesize
1.4MB
MD5f08cc535f59ca1d78f5b5538241dd44e
SHA1d2e72ebccccdce5042022efcf7c474b43a2b9ea7
SHA256cea6bd61b795207f02c52a5509b48ac8189e92ff1ad23023943473411fad3ff2
SHA512f85e7c0e6cb919fe41d1efd96fca0ac7be57d9cc8fb091b79f7c4e7fa1493e7b9eeccc3ae74e00337649982ebd6a5518fc975c2a145c714429fca4e5fa2652b3
-
/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/65292ed8200dec2f4dedca4c_568-1697197784.mp4Filesize
1.7MB
MD505b5ffe604557271d1c4fed59f714796
SHA1e18d0c8a11dc1bf3f154f90a5736b590182e25a0
SHA2568e564489fc5377403fd2231c862402a30360a34c90eb087b6495d690633bcfac
SHA512eccc03245a03b68c577b9091284eaa2ac41cb86fc9d92ea17ffccc1cfae394743ea6f19b92e6dd4fd892870eb69ce955b93d38f03acc56a2ee762a63187c40c4
-
/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/6529302b123eae3e43eacec9_568-1697198124.mp4Filesize
1.3MB
MD5a019aae02ef4c58538e01ff4c2a1a2a8
SHA1f01d807e00889aacec60bc092f705328a4a7c28b
SHA25680acdacf51a80a74b477b1151a10912581fef7518899e201a7ddfb6549e4266d
SHA51203360b9006c61378caa1d664630b06c249f549ab4d2d37e842eaea3f70e12566fe0f252752323c41df429a28c9e0c90b617077af8f828640cad4616b3f218341
-
/storage/emulated/0/Android/data/com.rexetstudio.deathrunportable/cache/__chartboost/CBVideoDirectory/6529306ecea591dc0157fb2b_568-1697198190.mp4Filesize
2.1MB
MD5cb85003fff6952cd12c6810d72ca27c7
SHA1fe8bfa4dc90bb88e53d23085dee12e3a0ad235fb
SHA256c4a282febd760452c887b5986d5b3ae1613598bee0e39cf8f194c64b959a027c
SHA512bf28a9430f9873fbe59be69decedfd516f84b9025a1a1adac26b6d4f91fee1a4cf6235071f680dc1bf5f76b466c3dd15e6107dd19bc89fe6049e940324e40b6b