Analysis

  • max time kernel
    67s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    03-06-2024 08:10

General

  • Target

    9111a9f43cd8eec64f827f2445a39b3b_JaffaCakes118.apk

  • Size

    11.9MB

  • MD5

    9111a9f43cd8eec64f827f2445a39b3b

  • SHA1

    b7132bbc28c45b8d5d8dd1d75269dfaf2ad926e6

  • SHA256

    cbd688dbe049aa0cf1c70179bc44a5dba0b7fb86c4cbf1d8805c1e4bed67aad2

  • SHA512

    ecf05d130e417e1d00cfa1b340d221d9364e66665e6a9733f2d8fd89105bfd20375d8507c839eebccae85801da04c2449dde34932ea5d4d186985e0b44ef76b9

  • SSDEEP

    196608:zRfvY6U7ITDJO7U19gOJrScrfqf1voD2BkBKNVfRj:ztZcKJfgerSifM1o6aBKNbj

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.lx.launcher
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4254
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4319

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.lx.launcher/databases/UmengLocalNotificationStore.db-journal

      Filesize

      512B

      MD5

      3f94e6f24f85bd68c819d25c8894b491

      SHA1

      7856b77bac0479e775fb3f4618416a48fdf75f25

      SHA256

      e75e10b347fafa1cec7b722f0156fe073a09d277693586fa67ea1bca28f66348

      SHA512

      3ee5abdcaeefedf8fabd0da0e34d89f39bb67c289bed3740cc43ce033059016a3bcd7b4c90fddc7ed14df992d19fcef75726c42e53f651345744386ac48fa89c

    • /data/data/com.lx.launcher/databases/UmengLocalNotificationStore.db-wal

      Filesize

      40KB

      MD5

      bad5278facc2912ae0b27a7ce8d0ca84

      SHA1

      3669a3187ef4cd346d0647e577a9611c7eeaf169

      SHA256

      0e840e5e582f23541170c9c99eae6556fd4935209ac884f17beecb632f838a0f

      SHA512

      c4c15e767b33fe94fb561836eeaf41b628cb7b4d5b6e9d9f6e23cdba7412923980aa57e752d0b7e123599e7125a06af6fa549542690b4dec77d97b13826aeafc

    • /data/data/com.lx.launcher/databases/anallLauncher.db

      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.lx.launcher/databases/anallLauncher.db-journal

      Filesize

      512B

      MD5

      1ca6e0915e3d483d8593b79109673e8a

      SHA1

      d2aef389eb2b862174e987c1c1f141003fba679c

      SHA256

      c40a97511da67dc029ecafc1a54ef4436d8b516b4e034d70b309fa3a0f931af3

      SHA512

      0ca408f28bc784290cdde6be1e1362ce65057d26973496e476e587e0ccde58d57ad7764133e5be567b7eeceb16fb1f7a72dd8350ccf8093571d07eaacb4199be

    • /data/data/com.lx.launcher/databases/anallLauncher.db-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/com.lx.launcher/databases/anallLauncher.db-wal

      Filesize

      32KB

      MD5

      7a982d84a3b1c3126f72bc75f12dcb32

      SHA1

      5b062de1a1ccdd02fbfa543ade16d7be3f64f19f

      SHA256

      4f4800388eb2aeaebd8d68650908e9bdc0dbb4a155dbf0bdd1d50da168f7346b

      SHA512

      1c24f17cd29033d385a18fbab7c4ed35ad93a19db466d85ffd587f150919163b033060c674ca199e237632e95957edf25db0b25b234bae7f6b1eda03869c567f

    • /data/data/com.lx.launcher/databases/cc/cc.db

      Filesize

      36KB

      MD5

      5d7ea1a23af19b4340cc8d90f28297d5

      SHA1

      4cfe95b23a9e98378d69c4290af81b51fbe76aea

      SHA256

      474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

      SHA512

      33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

    • /data/data/com.lx.launcher/databases/cc/cc.db

      Filesize

      36KB

      MD5

      ce6135aa1b1fe4f2c2db2a546d2a5558

      SHA1

      79b59582154017aadab783dc266fcb158c252940

      SHA256

      7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

      SHA512

      2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

    • /data/data/com.lx.launcher/databases/cc/cc.db-journal

      Filesize

      512B

      MD5

      dab162612117b8cccec923a4e8914ed1

      SHA1

      01f1f4c4f6bde051e6b9f354443270981f1d303e

      SHA256

      b8441316756469037fe6708fba56e936a23c2558b9fdb0f16305e6ce7cb56590

      SHA512

      2d4798d82558ca5d1b61023d63f071ce0ae85e01ffca5752ff505cd71ebf091e9f7c535180e9ab731082653474eac104f74700afec567c6f49bb72204d5eb322

    • /data/data/com.lx.launcher/databases/cc/cc.db-wal

      Filesize

      48KB

      MD5

      795055a84e2c2c264e6b4cd40681ee32

      SHA1

      cbf906718a37302260a9c8987a08931b1025df11

      SHA256

      c46a430e4e5d909bc1bf623df678a87f641f47e30bf374fcc9ead761de14c938

      SHA512

      c8d4062c66d4e5ff4ca87881db66b80b4456241cfd47780e06df09062e99ee9846881ddc5d45a9a227ceacec89199896e5e0d119bc0adb0d135a8ad6e2b31b4b

    • /data/data/com.lx.launcher/databases/cc/cc.db-wal

      Filesize

      16KB

      MD5

      e833cfdaca0d017b9709bdbd0ce8c4f0

      SHA1

      e2d686831624879c493d396c236575da8e3b9a30

      SHA256

      440378b145796f9527818b15613b56e2f5ac9a2e54241da491fdf1c267d8e1b1

      SHA512

      ee16899a14554c2008cc53d10a813d910e32428b72a78fc15499b64f95b076c53c1188f1615f0556f287eec26f383057abc4f64eb72fa770da9797f7a0208cbc

    • /data/data/com.lx.launcher/databases/download_status.db-journal

      Filesize

      512B

      MD5

      031a59e2c419507332d820c4ca5cc641

      SHA1

      3a3809f947d1d1d128bbec0f89b151fb4ea78af4

      SHA256

      8b46625ed386a228a78e786ce16454bfd321b46d38d479eacc9fbe1dcf5453d8

      SHA512

      2a41b648985f3df7cb879d3998d5aaa5e9f2015a2c2d12106b896186893dc8d6d3c6bf888a089adc27f398debe46dd25bc8281d79d28781441682109edb64047

    • /data/data/com.lx.launcher/databases/download_status.db-wal

      Filesize

      32KB

      MD5

      261d01525bc27cdb05a3dc11ae1f0b1c

      SHA1

      7b200697d0def402b0ebc85de2afec3208e830da

      SHA256

      9fe74eb416a7b5692de21ade26623d0e777247bc6a475866452d5fc33e93a4d4

      SHA512

      b0af1ee287d06e76db01f217a051769488acc9a1526e6635453c3bda648802402f9816faa4e8e60d3f3f3824c1f03f9d76b4b4917aa285ce80f1b0e70b81509f

    • /data/data/com.lx.launcher/databases/google_analytics_v4.db-journal

      Filesize

      512B

      MD5

      e9c34ca7e1d5fe2ae4d1e922be6c253c

      SHA1

      6de502f499a64d8bf9576de285f27eb68fb8a440

      SHA256

      6637a16a540f975f3a1c8cb0fff3bd708f84fe6b998c611f204cd54c6c084c77

      SHA512

      36a567cdc4061cf19bf8583a604e4c471158023e0f56e8c8cb5515600e2e0e6ecbeff521981e6df7043e2c1dd701e5cdd675abc67713fea2bb25899cf3c6c5ad

    • /data/data/com.lx.launcher/databases/google_analytics_v4.db-wal

      Filesize

      60KB

      MD5

      ab993d5c95dbb75fbfbe98d67c5477a6

      SHA1

      e2c2b5e912a9906e6cd613496a04b751f0ec09bd

      SHA256

      9e133e6bbd97c14dd6980d906e0950959cc8adef1842f6b80193c8761e2c7c99

      SHA512

      87bc3b38d23a0fb5b1053a746d3e3f8c155e6ffd917f209c29a240ab90108492535976bc981256a838ece650ff3b963f22591b56441719bb737d55f00f8be8fb

    • /data/data/com.lx.launcher/files/.um/um_cache_1717402325929.env

      Filesize

      1KB

      MD5

      60cf4d727e07ea549405d13c122f1963

      SHA1

      3bad05371e31c47918d365857baa9fda788cac5d

      SHA256

      1c7985130e287033484405570097545e3cb9ec9742aeef5de090d609eff01fa7

      SHA512

      887756f8ca88a44b2ae9aa95be14c6689747b11694e57584ad9bd199205e7953fea4157bad0c009a91b18a71320f87a8b0638ba2e952b70cdc204a30a43c59e0

    • /data/data/com.lx.launcher/files/.umeng/exchangeIdentity.json

      Filesize

      162B

      MD5

      0f76cc1f7616d6f39fd45a2e070ef194

      SHA1

      715c5c3881b4c872c5286114a751d9099bee66dd

      SHA256

      ed74c67df90aff7f4ef0b4f6c7b19f2f2ed9ac5210dd1b0632b8cc5eee7b6c20

      SHA512

      c3a34ff32661e8cdfd5423f4ce7df00a3b09aefa27a0731ed139964c081ddc13facf044ad346413caebdc8a150b80816bcd44718ede5e599c16f7841c9787f3d

    • /data/data/com.lx.launcher/files/gaClientId

      Filesize

      36B

      MD5

      aaee8bc1cd08c501c86f5c3b936a65b7

      SHA1

      88e99b1f04c749418867ddb5d0ab5f6f6a563923

      SHA256

      99f16e0da8bb1aaa5fa55dffc41adc55341f5d95738ff7abf622fa64774516fb

      SHA512

      c6608d0eda9d0a7f23d7471231fc506e8cb2417954fb69d6db945315fcbd544a1fc371247bdf1e194d65e7f096380c58e7c9a2b65c2cc8e037f0faa76e1d915b

    • /data/data/com.lx.launcher/files/gaClientIdData

      Filesize

      32B

      MD5

      0cef9b6a71689b689261f3ec988b04e3

      SHA1

      1cf53c2de227b532de01725766e33c0d1b1a7a2e

      SHA256

      90eaceffa52914a3bd158ecc8e6f893da8527002bd6365fec113a44e9e34967d

      SHA512

      d50d46ece58800fb8f9084f937e2b78e1bdeb23bbb368f8d927cd74aa29dc02529dd1d6122c42845ef95026408f62eda471623fb050d7e2ece85af770bfe4997

    • /data/data/com.lx.launcher/files/umeng_it.cache

      Filesize

      498B

      MD5

      601597c867e7f5216e45a7b5ddacf7ef

      SHA1

      22011d9c854d2d1e8280f4a729ea50d4ff83c33f

      SHA256

      aedd962e65000574265007148d20b19329dfe805f68fc6812c4641c2e9062014

      SHA512

      9c329657ea9b02ded3697c6bd18d8b9ea06c9c4f430dfbc0e356f97902eb15a69f374199fab789b4b0df695bf4f5059a6177f5ee757ebce744a7e7e0fb542864

    • /storage/emulated/0/.DataStorage/ContextData.xml

      Filesize

      111B

      MD5

      b86273c4a3c67ec1a6877bf3419eb02a

      SHA1

      f7a1169c72e876d5825bbb09d4bdb7515e258e83

      SHA256

      0f4fb2b7fdb89aceb661d3bfe60e07cf9cade2453961eb52f0233c825d1094c7

      SHA512

      63de6b67843ff984d57c847d76dcb09fc31465ee68b7e5183a7a39e3fe2fc75a90d53c1be5a3aa81be880aff7300f847c136270628079b91ce5806c02977f927

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

      Filesize

      65B

      MD5

      9781ca003f10f8d0c9c1945b63fdca7f

      SHA1

      4156cf5dc8d71dbab734d25e5e1598b37a5456f4

      SHA256

      3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

      SHA512

      25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

      Filesize

      111B

      MD5

      18545da5725bb504097f51b527d28fb8

      SHA1

      4ebaf9c2cb71301814594873bc519c334c17aa4f

      SHA256

      5ae59883d5ef7a437cc7b3b382dafeca7cb238e79938b5c3c5822b3276e7cec6

      SHA512

      d0d57f9e720fa55ccecbadc614f9c6ddc5f9a43c93c5fb80cae3a0c481fdf2246af37f3ec8167c0ae584bb1d1e2bfa471cc5cde81aee7b521b969864c4fd1518

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

      Filesize

      380B

      MD5

      cae2ff31888d20bb1cb1156dbf93872b

      SHA1

      16b7200bb4e8386f012352a1995638cbe041aa90

      SHA256

      e9c3d1432c1f52aee50911c830804d6e8fd42a2a43118609d79699e9fa57c9d5

      SHA512

      e6468fb1544a4ea8da1bc671f78fabe9d391d01129d7d09b2251eaa6c70f42e64cb0e6e98a0742fc46b368bbc54cdece8c1806a245225029b5f858f162d9f54b