Analysis
-
max time kernel
176s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611-en -
resource tags
-
submitted
11/06/2024, 12:22
General
-
Target
9e2a5a822e02402b38a6e1945f88b9f3_JaffaCakes118.apk
-
Size
11.3MB
-
MD5
9e2a5a822e02402b38a6e1945f88b9f3
-
SHA1
9be464becb1f1d4705e49c0f57105a8770753d25
-
SHA256
38ae7fa2766039c728edb5ff170b1f34ae1140db393ba3fba4a6f850db02cb3e
-
SHA512
9a09b557edee70243adbd2aa482f67746e4568371af3c88dec2e15d1b3edfaf9776f7271a37706f159ef2950d976d6a50e76edc963099ccf70976628d0bfee0d
-
SSDEEP
196608:61vDIqXt3rhyZJhP/xcGg9jFbb/pOdYlTvCHb3lblOvrvp/ddhBifZzfIQ3pjMuI:61sqpwXhP/sxPOdYlTK7lszvp/ddvif2
Malware Config
Signatures
-
Checks known Qemu files. 1 TTPs 1 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes. 1 TTPs 1 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 2 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
-
Checks CPU information 2 TTPs 2 IoCs
Processes
-
com.shopping.discountmore1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
com.shopping.discountmore:pushcore1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shopping.discountmore/app_SGLib/libsgmain_312768000000.zip --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.shopping.discountmore/app_SGLib/oat/x86/libsgmain_312768000000.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
591KB
MD5c85e8919765cc22095d1b8e40601e34d
SHA122d48933b9f30a028cf4c9d993f59c767f9e8e35
SHA256f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e
SHA5126715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e
-
Filesize
24KB
MD5d8223e0ed47e4f257e6dbbd08402b5f2
SHA16999e367728509bd08c6210345cd85e5c9783da1
SHA25616f667f15307acff7d58ed521ba7787fe5662b11491342ca07889994629e702e
SHA5121d405dcf2d5c13f8f6c62a2e5b69394ef2c34abffd6f9adef509ddc8ba20e60391ebfce5e67f6a67a29934e9a4468add8350fcc23865770505fd5fa8a798391b
-
Filesize
512B
MD50fdc961da871a9d713f07fee5c290729
SHA152e86f0056c679331aee893a7a08a09ba3191527
SHA2563a6bf9bb69beab858fdf66ef963ebd5d690b5925e62b4dc40ba7fa4cd5d49237
SHA512c6104dab867f18314868aec2ff91c2db2d96acfb4f4e087ffcf7370ba1639ba97d0fffacaf22a27d95de97554e6e9afa0520e7075912df8d84c4dd8b4b99fdbc
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
36KB
MD55701db6b1e20cbe5355b5be6474397b5
SHA196e7cf484a3f1ae01a8e8c852d7c9f76e410d2af
SHA2560db89f515addc0e5a541b62c74da47fce9ad80f1cc91a82c360a9ab5d0574453
SHA512abbc5de3456c8608b5511fbe598f99d74a2ce83810bd076f356c7b4bb607bf7f33bae88dbf118ddd23f1ba48a476bbdab03427b7e07b5be21baa20de5be64a0d
-
Filesize
28KB
MD52285b72a5d9983733ee03009e8e58eed
SHA17c8d696b4b9031e74a62017f4c26dba7acc06206
SHA256bfaf637ecb01baa289181dec23a269152aa8d215b1ea56dbe3926e945b442621
SHA5121588e855b4b21b77c72e52bf7f8c80b03883c47639b193cc11fa7e1d449856389d87bf2572b875b32fb437d58eacb4f60f8b45d974689010ce60367508597af6
-
Filesize
32KB
MD5fb6479c8b7c753bac5cafd53f12d0d76
SHA11b1e2c4a1343290a58bfdd64afeac55767f0b82f
SHA25685c79ea22e1689a0dff5184f223ab9bc90e9dea3d15fe834f0a306002e7c24a4
SHA512ff6fb0bd0e954fd4c16353868cb45bd5178b6c2fc4ec13e1ec31ae90e7375495a8d6fd5a539397981a2e9613099335772e1ab74a27db04e2d98104222b211467
-
Filesize
24KB
MD5f71fdc41ab2689a2473b949ba05698da
SHA133be24973ee6a88fdd990808c7ec9fc402802855
SHA2567840b75034583e142f60924ad8837176b404f304eb87bce2c21d306a874624c7
SHA512f0aeece0b9da0b87fbbac0779968dd5101d9ac808207ba877a0b2b325ed4297bb4b0c613daf53070df16d33c0cb7c740e542c8ad85b77b37a0757b1acba5037e
-
Filesize
8KB
MD5617b883c2ea3eb0bc5cc050b90650f1f
SHA1ccec102c3861a292e5cfb6e3dab32a61dcc82b37
SHA256bd0284b574d7c24bb52b2984f4280d08d706ce9bac5c92984a9cd51edf2fefa0
SHA512a158477e9268b2b0e2ab4578026be8786396c9bb30762baccd3916f8e60dd88c464a4b3b0a27c5df17257023f7beb6f27341558b86e333eb16c5b30b6828daf7
-
Filesize
166B
MD504edbd1b5d5a34612c13ff8af3de4a2d
SHA16a9971fe4f1f9da37d29ec2ed0337b057bb15904
SHA256fca83f36617f418cfbf59799afc98285b15b5ee878a8de0e38bd4f880d011043
SHA51293cf930d795209eaf1abd2d50c3392ef91c9bc6fb3bf19e877dcefb6aa7bcbeaeadab81a846df771363ecf7ce2d131a95073fc4d4a04fbb935eea829774842fe
-
Filesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
65KB
MD50c2f2989749ff3910446998637c28286
SHA1054aba5cdeb4e66a4473b0a81680bc50f6a0cfc3
SHA256f3c52a07c3cb0a749aa880b5819ce43a5b76065396037f5f50c4577ae522d49d
SHA51272acb607e89f7dd62c21e9449ceba58c8917afcf4dc32c789f515d6a866e6549b2fd53e90cffbdfb7a62d577534bd9eec052d1ec9a912321f9bf25e7f719a70f
-
Filesize
65KB
MD5522947eaa37b029a247e3973f3be3621
SHA131c88e0d7c9b51904c0f598e80245bba41b1c7d9
SHA256d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156
SHA512f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c
-
Filesize
10KB
MD53204fcefcc0eefb1fa76bc6f0fda6264
SHA1b5a5fa1723ecc6c531d7728163489d72ab20cf6e
SHA25615da7c769b4a6b8c48e85a27c3e052d6b2c88c53e4098ff4713f5afbc591102c
SHA512a7ae4bcc5dec798d8b6934a361068698bba74aaae0e4443b73ed31f9696ca6f1953349e385172a5630f587ed64a17801ed3e1651c3a20d7b20ff3b6b33711a2b
-
Filesize
213B
MD589599e81fc83332c1f3cde2fd006427a
SHA15b7ce1c1cf211062c434cc53e346b4677388735f
SHA25636ed429a8e6b4b1bbd80d9bfcb2e07147c3e518083aa8ed63234b68aca9fc3eb
SHA5128465751b0d1e235e7e46ad8e2fcdd51697aaba91fb3132dacd05bc6318372fa3764f47be986fca917ba3efad43fac76fe111cacb7de38055e2d1fb65128cfd99
-
Filesize
111B
MD5e6c5d0ddd2c8c852735e6997c12451e0
SHA1cbee031e58ac4c796266ecd84358a5a1033dccac
SHA2560e6ac4d17551bbefca75fd70ec894b3cfe8f6cea724ab837c46d6d04b4d9d2c8
SHA5127e282d2846c8556233208aadfbabc26387068674d2f7e31460ac88735eb6b1345fc026faa7e26a0fe1389cf9f07e023374700305b19ab01f16fbbbdb1f8614a8
-
Filesize
355B
MD514329628d5a4b878112097e643e40774
SHA1a1be6437d41b0635167e1ba73d7d931f5317eb06
SHA25611a861dc384aeb4b306ca016177531943fa3486e1a6b8b34c2feffdcf5194312
SHA5126e1e470d9a4b3b4d2cd92ed9406e4686d0031bd4a4942bc4c81238fa8aaf249d28bebf68a2e379fe6a36ad4cb1397d43443e9eed6049d069af4a321b8341fa6e
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD54a22139eb01d64f84a864a2a31ae956f
SHA12b79977d8405653375a5b0abbb59d6020d0d3b7a
SHA2565349776265e01884d3107ffbe62e0160504399396ea08552935b19bdaab79614
SHA5126ea2f65cc03291c397b5bfe1b8e6445e31d22af41d5199fadcf7c59554a2e264d702a1928a2751f80c27326df325d895ce5671bbc80200178af90399134f34ba