Analysis
-
max time kernel
175s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 23:36
Behavioral task
behavioral1
Sample
a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk
-
Size
30.4MB
-
MD5
a2f56380193098a50bf708e37afa485e
-
SHA1
c51b916bf4b3038dc3ff62f3476015c53fbef859
-
SHA256
2b6bd2bcc06de25e402811a818dceeb5998f9730561d183572e3d92a47ae103d
-
SHA512
ec74b1d511892c1733313420445e3f030fabc2d962350db04076a4e073c8b763dc0943fadbae4fa1160a4fff62b87de394212971c81e10f5d2a9b4d9310d3fb8
-
SSDEEP
786432:saOaDwLQMuMGJXXz47doy4frGOfCuTF1vxUm/qIC7RlVY:gaDwLQ/MOnZB0uBEm/a3C
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.moxianba.chat:pushcorecom.moxianba.chat:ipcioc process /sbin/su com.moxianba.chat:pushcore /sbin/su com.moxianba.chat:ipc -
Checks known Qemu files. 1 TTPs 6 IoCs
Checks for known Qemu files that exist on Android virtual device images.
Processes:
com.moxianba.chat:pushcorecom.moxianba.chat:ipcioc process /system/lib/libc_malloc_debug_qemu.so com.moxianba.chat:pushcore /sys/qemu_trace com.moxianba.chat:pushcore /system/bin/qemu-props com.moxianba.chat:pushcore /system/lib/libc_malloc_debug_qemu.so com.moxianba.chat:ipc /sys/qemu_trace com.moxianba.chat:ipc /system/bin/qemu-props com.moxianba.chat:ipc -
Checks known Qemu pipes. 1 TTPs 4 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
com.moxianba.chat:pushcorecom.moxianba.chat:ipcioc process /dev/qemu_pipe com.moxianba.chat:pushcore /dev/socket/qemud com.moxianba.chat:ipc /dev/qemu_pipe com.moxianba.chat:ipc /dev/socket/qemud com.moxianba.chat:pushcore -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.moxianba.chatcom.moxianba.chat:ipccom.moxianba.chat:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.moxianba.chat Framework service call android.app.IActivityManager.getRunningAppProcesses com.moxianba.chat:ipc Framework service call android.app.IActivityManager.getRunningAppProcesses com.moxianba.chat:pushcore -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.moxianba.chatcom.moxianba.chat:pushcorecom.moxianba.chat:ipcdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.moxianba.chat Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.moxianba.chat:pushcore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.moxianba.chat:ipc -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.moxianba.chatdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.moxianba.chat -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.moxianba.chatcom.moxianba.chat:ipccom.moxianba.chat:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.moxianba.chat Framework service call android.app.IActivityManager.registerReceiver com.moxianba.chat:ipc Framework service call android.app.IActivityManager.registerReceiver com.moxianba.chat:pushcore -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.moxianba.chat:pushcorecom.moxianba.chat:ipcdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.moxianba.chat:pushcore Framework API call javax.crypto.Cipher.doFinal com.moxianba.chat:ipc -
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.moxianba.chat1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.moxianba.chat:ipc1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.moxianba.chat:pushcore1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.moxianba.chat/app_crashrecord/1004Filesize
226B
MD5da6fce5f86e0f9bf7e3004b5eaf2a0ba
SHA1d97d5ba50f9eb11cf7a82688e51fba66e9e5e122
SHA25637448a6fcb000097720eb83d0f421dc22d25b27f4efbe6b45e87099e387fd758
SHA512259f98f1e68dacaf7cd9eaf9a0cbfa37da7151f96f6fc4898541df510a2b87276be9928904f5f136b67b4266bf1731f65b6604c86f4fcffbfd09c9f381701a58
-
/data/data/com.moxianba.chat/app_crashrecord/1004Filesize
300B
MD58d2300868d78b5ba7955c18e634300eb
SHA1dcca8918b1fa7b1dbedcd95b2e7925a056c15c33
SHA256cf2ac88fe2f7149372786bd680437045f0ccbf9d8d1d5be08e449fc6ce9335d0
SHA5121a88e691fb3203d2c571f816026baee501edd2af06079af12afd8ee89f80381cbf1d3b54a0bd16e993d191b6a6c6eb8c7dcead4f1b7d3ac799c20689c0df2097
-
/data/data/com.moxianba.chat/cache/image/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/data/data/com.moxianba.chat/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.moxianba.chat/databases/bugly_db_-journalFilesize
512B
MD58bcd8e3208f9f562a9ac7d67cd1eb98e
SHA19dad2129318fc96e64cf38abf413dd5075df1011
SHA2563eaddfe999871566a4af08ff088c9ff27b9944a42f190518ddc935dfa13096c9
SHA5122655a18c9adbc3362c5ce18ac6a86cff892c17dbb4b87df3226dbf26f1d1752d605c1549d06560929c17868ac9260b60508da34b38e1f676f6226dabec3141ba
-
/data/data/com.moxianba.chat/databases/bugly_db_-shmFilesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.moxianba.chat/databases/bugly_db_-walFilesize
16KB
MD5e1b80d174a7d9709b7cbb7c3c7de0d6d
SHA1762118037e687f6f31dd6a95972747afa0a22ccc
SHA25651b8aefeec302c97601442ef8fbfb67f140553660bec3a8a8bffff77c127e48e
SHA5127bf716abcb2d00ec44070e68e178d6710b5e59003696f221f70b96f883e6f5084a1da3f1be5156d828e3f0d8a1925576a9da4bdb93f91b993af86832b4b40e1a
-
/data/data/com.moxianba.chat/databases/bugly_db_-walFilesize
112KB
MD54d8a602e88a02dd6d81f9fa511d723c9
SHA1896be2ce176bd2b8fc7323f4dc937f0fa0373416
SHA2568ee6194b65462fa6aebab65b8258e5c2dacd3d1cef7048e2cf08ab1302a0cdd5
SHA5128e3f26b35f3bd7b36f34f9ed1bcc862f29baaec98e9719f0de0b5180fbc5b425b31174307666d1e488ae59e1023723e2c86acd86679b2981d623833a7d4be0f2
-
/data/data/com.moxianba.chat/databases/bugly_db_-walFilesize
342KB
MD5f75ba95d2ae874a71daaa3e523a4c8b4
SHA17a3c2143fb18fa6167728897ec8b2a58539edde1
SHA256db18cf379edff7612089a7b995b24720ca47eaa3c7fd1bc326880b4e3138bf60
SHA512dad1ce4768a3e2965fce59d9f3c76d97c131adffeb62d2d0025ac4cf378bae9db5091f3a859517424796d749e54ef37e3ce2471a5d4d69924c39056a0e8fbe72
-
/data/data/com.moxianba.chat/files/jpush_stat_history_pushcore/normal/nowrap/31708661-e9ec-42cb-aa0d-54b906e3bddaFilesize
202B
MD54066cda86d3dd7bc328a4071675ff21b
SHA1cc5d340c02cfaceac459be65661fffbaaff454ba
SHA2566ba061fefec290a4c89dc66d0c2609cdde6f5803d649e97d726b0fb799d17403
SHA5124f14f0aaaee51f9bfa73c548cd0077d9a17f7b142654cb8ccd4f9d0e653d2a90f1d4c607cda37f13ec59c7f6383934500581a415e8f689d92ab024dc1c07e664
-
/data/data/com.moxianba.chat/files/objectbox/objectbox/data.mdbFilesize
8KB
MD580260a9e3fee508fecce3838b727e7e7
SHA193873b3ce2ace808632e7ed9dbbe075455db8462
SHA25689fdbe9505f901f400687d28512fcb9374b870b578d103652637ecee954b5c2c
SHA5122c0b114808d2a78597792fdc7db8f819db87844c8e3a989d8d5ceca224676e58f744dc3721e57ac6993b2d097079eb5abc7b8bcd1412c102e34841a4509d757e
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD5373afa5beced0a6cf3a2ae951d600131
SHA1dd7379513730a5caf0d67ad3bf82e7b7064bd49f
SHA256ba0bdd191e7c2fb8ec48268b1d0f0abc675f4f726ca1a46f41d2a052168c5a60
SHA5120203c2942eaf6e6c3e013fdb49086a80d0cb4df2bcde2bccfa42d245ba1cfde2d5a05975bc6aa864d5702481e5be641db2513fd63f40c5b2115eea12c981dfb9
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD57e0a3b7f86bfed99f4eb24826be0c8f0
SHA102fe57a2f5a2f9ba9cdc76335a4cc0a5be717a30
SHA25649cc631583dda3d59b8b73f73f2f3706efe65717ff620d94f7e6b95f18d7d45e
SHA512ec5f366d79d799605e8645452890fc247679ecf7419a505b86f319d47ebba1227355ec2e40291b07925be33a5ff2f0b730df3be3e892f2b2d019fa8a24cbee07