Analysis

  • max time kernel
    175s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    12-06-2024 23:36

General

  • Target

    a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk

  • Size

    30.4MB

  • MD5

    a2f56380193098a50bf708e37afa485e

  • SHA1

    c51b916bf4b3038dc3ff62f3476015c53fbef859

  • SHA256

    2b6bd2bcc06de25e402811a818dceeb5998f9730561d183572e3d92a47ae103d

  • SHA512

    ec74b1d511892c1733313420445e3f030fabc2d962350db04076a4e073c8b763dc0943fadbae4fa1160a4fff62b87de394212971c81e10f5d2a9b4d9310d3fb8

  • SSDEEP

    786432:saOaDwLQMuMGJXXz47doy4frGOfCuTF1vxUm/qIC7RlVY:gaDwLQ/MOnZB0uBEm/a3C

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Checks known Qemu files. 1 TTPs 6 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 1 TTPs 4 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.moxianba.chat
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4275
  • com.moxianba.chat:ipc
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4313
  • com.moxianba.chat:pushcore
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4393

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.moxianba.chat/app_crashrecord/1004
    Filesize

    226B

    MD5

    da6fce5f86e0f9bf7e3004b5eaf2a0ba

    SHA1

    d97d5ba50f9eb11cf7a82688e51fba66e9e5e122

    SHA256

    37448a6fcb000097720eb83d0f421dc22d25b27f4efbe6b45e87099e387fd758

    SHA512

    259f98f1e68dacaf7cd9eaf9a0cbfa37da7151f96f6fc4898541df510a2b87276be9928904f5f136b67b4266bf1731f65b6604c86f4fcffbfd09c9f381701a58

  • /data/data/com.moxianba.chat/app_crashrecord/1004
    Filesize

    300B

    MD5

    8d2300868d78b5ba7955c18e634300eb

    SHA1

    dcca8918b1fa7b1dbedcd95b2e7925a056c15c33

    SHA256

    cf2ac88fe2f7149372786bd680437045f0ccbf9d8d1d5be08e449fc6ce9335d0

    SHA512

    1a88e691fb3203d2c571f816026baee501edd2af06079af12afd8ee89f80381cbf1d3b54a0bd16e993d191b6a6c6eb8c7dcead4f1b7d3ac799c20689c0df2097

  • /data/data/com.moxianba.chat/cache/image/journal.tmp
    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /data/data/com.moxianba.chat/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    8bcd8e3208f9f562a9ac7d67cd1eb98e

    SHA1

    9dad2129318fc96e64cf38abf413dd5075df1011

    SHA256

    3eaddfe999871566a4af08ff088c9ff27b9944a42f190518ddc935dfa13096c9

    SHA512

    2655a18c9adbc3362c5ce18ac6a86cff892c17dbb4b87df3226dbf26f1d1752d605c1549d06560929c17868ac9260b60508da34b38e1f676f6226dabec3141ba

  • /data/data/com.moxianba.chat/databases/bugly_db_-shm
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.moxianba.chat/databases/bugly_db_-wal
    Filesize

    16KB

    MD5

    e1b80d174a7d9709b7cbb7c3c7de0d6d

    SHA1

    762118037e687f6f31dd6a95972747afa0a22ccc

    SHA256

    51b8aefeec302c97601442ef8fbfb67f140553660bec3a8a8bffff77c127e48e

    SHA512

    7bf716abcb2d00ec44070e68e178d6710b5e59003696f221f70b96f883e6f5084a1da3f1be5156d828e3f0d8a1925576a9da4bdb93f91b993af86832b4b40e1a

  • /data/data/com.moxianba.chat/databases/bugly_db_-wal
    Filesize

    112KB

    MD5

    4d8a602e88a02dd6d81f9fa511d723c9

    SHA1

    896be2ce176bd2b8fc7323f4dc937f0fa0373416

    SHA256

    8ee6194b65462fa6aebab65b8258e5c2dacd3d1cef7048e2cf08ab1302a0cdd5

    SHA512

    8e3f26b35f3bd7b36f34f9ed1bcc862f29baaec98e9719f0de0b5180fbc5b425b31174307666d1e488ae59e1023723e2c86acd86679b2981d623833a7d4be0f2

  • /data/data/com.moxianba.chat/databases/bugly_db_-wal
    Filesize

    342KB

    MD5

    f75ba95d2ae874a71daaa3e523a4c8b4

    SHA1

    7a3c2143fb18fa6167728897ec8b2a58539edde1

    SHA256

    db18cf379edff7612089a7b995b24720ca47eaa3c7fd1bc326880b4e3138bf60

    SHA512

    dad1ce4768a3e2965fce59d9f3c76d97c131adffeb62d2d0025ac4cf378bae9db5091f3a859517424796d749e54ef37e3ce2471a5d4d69924c39056a0e8fbe72

  • /data/data/com.moxianba.chat/files/jpush_stat_history_pushcore/normal/nowrap/31708661-e9ec-42cb-aa0d-54b906e3bdda
    Filesize

    202B

    MD5

    4066cda86d3dd7bc328a4071675ff21b

    SHA1

    cc5d340c02cfaceac459be65661fffbaaff454ba

    SHA256

    6ba061fefec290a4c89dc66d0c2609cdde6f5803d649e97d726b0fb799d17403

    SHA512

    4f14f0aaaee51f9bfa73c548cd0077d9a17f7b142654cb8ccd4f9d0e653d2a90f1d4c607cda37f13ec59c7f6383934500581a415e8f689d92ab024dc1c07e664

  • /data/data/com.moxianba.chat/files/objectbox/objectbox/data.mdb
    Filesize

    8KB

    MD5

    80260a9e3fee508fecce3838b727e7e7

    SHA1

    93873b3ce2ace808632e7ed9dbbe075455db8462

    SHA256

    89fdbe9505f901f400687d28512fcb9374b870b578d103652637ecee954b5c2c

    SHA512

    2c0b114808d2a78597792fdc7db8f819db87844c8e3a989d8d5ceca224676e58f744dc3721e57ac6993b2d097079eb5abc7b8bcd1412c102e34841a4509d757e

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    373afa5beced0a6cf3a2ae951d600131

    SHA1

    dd7379513730a5caf0d67ad3bf82e7b7064bd49f

    SHA256

    ba0bdd191e7c2fb8ec48268b1d0f0abc675f4f726ca1a46f41d2a052168c5a60

    SHA512

    0203c2942eaf6e6c3e013fdb49086a80d0cb4df2bcde2bccfa42d245ba1cfde2d5a05975bc6aa864d5702481e5be641db2513fd63f40c5b2115eea12c981dfb9

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    7e0a3b7f86bfed99f4eb24826be0c8f0

    SHA1

    02fe57a2f5a2f9ba9cdc76335a4cc0a5be717a30

    SHA256

    49cc631583dda3d59b8b73f73f2f3706efe65717ff620d94f7e6b95f18d7d45e

    SHA512

    ec5f366d79d799605e8645452890fc247679ecf7419a505b86f319d47ebba1227355ec2e40291b07925be33a5ff2f0b730df3be3e892f2b2d019fa8a24cbee07