Analysis
-
max time kernel
174s -
max time network
185s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
12-06-2024 23:36
Behavioral task
behavioral1
Sample
a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk
-
Size
30.4MB
-
MD5
a2f56380193098a50bf708e37afa485e
-
SHA1
c51b916bf4b3038dc3ff62f3476015c53fbef859
-
SHA256
2b6bd2bcc06de25e402811a818dceeb5998f9730561d183572e3d92a47ae103d
-
SHA512
ec74b1d511892c1733313420445e3f030fabc2d962350db04076a4e073c8b763dc0943fadbae4fa1160a4fff62b87de394212971c81e10f5d2a9b4d9310d3fb8
-
SSDEEP
786432:saOaDwLQMuMGJXXz47doy4frGOfCuTF1vxUm/qIC7RlVY:gaDwLQ/MOnZB0uBEm/a3C
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
Processes:
com.moxianba.chat:pushcoreioc process /sbin/su com.moxianba.chat:pushcore /data/local/xbin/su com.moxianba.chat:pushcore /data/local/bin/su com.moxianba.chat:pushcore /data/local/su com.moxianba.chat:pushcore /system/xbin/su com.moxianba.chat:pushcore -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
Processes:
com.moxianba.chat:pushcoreioc process /system/lib/libc_malloc_debug_qemu.so com.moxianba.chat:pushcore /sys/qemu_trace com.moxianba.chat:pushcore /system/bin/qemu-props com.moxianba.chat:pushcore -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
com.moxianba.chat:pushcoreioc process /dev/socket/qemud com.moxianba.chat:pushcore /dev/qemu_pipe com.moxianba.chat:pushcore -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.moxianba.chatcom.moxianba.chat:ipccom.moxianba.chat:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.moxianba.chat Framework service call android.app.IActivityManager.getRunningAppProcesses com.moxianba.chat:ipc Framework service call android.app.IActivityManager.getRunningAppProcesses com.moxianba.chat:pushcore -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.moxianba.chatcom.moxianba.chat:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.moxianba.chat Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.moxianba.chat:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.moxianba.chatdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.moxianba.chat -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.moxianba.chatdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.moxianba.chat -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.moxianba.chat:pushcoredescription ioc process Framework API call javax.crypto.Cipher.doFinal com.moxianba.chat:pushcore -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.moxianba.chat1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
-
com.moxianba.chat:ipc1⤵
- Queries information about running processes on the device
-
com.moxianba.chat:pushcore1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.moxianba.chat/app_crashrecord/1004Filesize
8KB
MD52d9cabecf0774bf128d3308674eef1cf
SHA17a6b7e3b6b693a791310a790972fa2979ea75b35
SHA256272ed277034b67b294f50f6c864fd3996ab5bc9f375b6af09942514c626d5c51
SHA51274818e7ef7e20d16f45932ee126de001eb4fb741366e83fc8e4c6e4c0d03c128959c6b2112b14b444c23401ad8679015b7b551659f5c168980674be14471e174
-
/data/user/0/com.moxianba.chat/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/user/0/com.moxianba.chat/app_crashrecord/1004Filesize
300B
MD59296cc45b66bc791cf1dad9b576b858a
SHA16cb2ffef8b239637daa9edf39778bdd3cb4f9139
SHA256229bb3aea21327554a0d2f98f8b59a5d04a82c3ca4bd8112d88d1e0c4cc7457b
SHA512c225518c068c0106899b1be5bf023f4fe8a4a4c9f2e663eda003835e78a95536bc98dccee6725147c556b46c279c08989e13addf21f8112370a414753ddd88c2
-
/data/user/0/com.moxianba.chat/app_crashrecord/1004Filesize
235B
MD5acbf776b0807b5c193164662cc6f2c38
SHA1e0465ed09f51db0d0ea28f7ceae24c0ca3e2975a
SHA256baa5deae3732816e98baf9d00b177de4ecfb0d493a44fa9a266e5559f56c5b06
SHA512671b34a6e98121b11e350a258f0107c048ebd5632a46e6085ecc923e81030871c18759553a76bbfdda7e2b381e9b211efb6c48b40b98afc44defca017a296cf2
-
/data/user/0/com.moxianba.chat/cache/image/journal.tmpFilesize
28KB
MD599753edd2281986d857a1a4fe795b73b
SHA1dd0f9b2510c6a8829cd55b9008f2f8aa1f3c45a1
SHA2563b23ba05c138b74e783074738ce1a22eabee981c611b52fa13117859461661c3
SHA5128adb7cbf1d4366e36d8d0a515ab532c348793d9fec28421da672a7b8201d71b73e8a32c4f185af7e42e65388d944fbf33f4b69aeaf1cc9c4602d2c73f841bff4
-
/data/user/0/com.moxianba.chat/databases/bugly_db_Filesize
52KB
MD5e14d65a71875dc171ce5017073495cc5
SHA1d59da269594ca960b670bf53e9825433f63bd3bf
SHA2567580ce22aae6c3e27cdc1ea45539c4b66e6eb38343bad12d5baedb49763ded59
SHA51228f26134a842ace8671f62b71956a196d7cd86e691fbe242bc77e476a079fc1ff47683b28dc9610e38f5bc4bf7d32c2f042a54896987c582ad692f5897ead3f5
-
/data/user/0/com.moxianba.chat/databases/bugly_db_Filesize
28KB
MD52e06aaeea3ac9695e82a2746557462fc
SHA123763fe0323b5e25fb0995a71c178a5d3c016346
SHA256c63020add6c1f8e2a72679c71e34bedee4b93583b5e042635a8d60253c782e85
SHA512a8d18518f084aa452faec4b512c66d593ff7d3d832625e6371c216a5be1cb460640d512ce4eda153f2c602ff68eb736bb6b9c1578f8bf15770c75c3199ddddbc
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
512B
MD5c78969f64e6f0447d1016971706e65f4
SHA119b470309c9abc6c5d61b3cab4472a468a79890f
SHA25618f57c63d770d3050dacc024ec5f92c2cd898f30587a4b7ea9b52261cf48bb53
SHA5129687e27f0304f792d73c9b0894889e9226c920b955dda5f8d26d5bad42cab18d65863a4ea3b1dae7677ce3fc619f8e8ed1ef478c06b6e2719c840a5ab7063809
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
8KB
MD59ea30aeb8107007e43c6dd134eaf3e64
SHA13ef2750acd6bb48debfc2b20bba9f7c3dfa1665e
SHA25613d99e4d2aaa12b0ef368f9ecbdd9eba2898dc29a80452fb5bd3a9df5a8fdbd2
SHA5122d56bfb409d2a6c2a65edc6eb8316cddf87bab9685a049d0016f3e6415a7c2a2f623122122d4edab1120d38d3fd2cd74e22caee8757c4efb3ba2fec6c352cced
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
8KB
MD52b9e47721b12807f92098f0e43d063fb
SHA1f13fe8cb7cfd5b5bf15ec69168b8895d945c4794
SHA2564f5c45428e2bd56785f704b3dbb3e726d56045726ee069113af8bad397c52313
SHA5123ccbc3ebd08dba9682d7852a9e872b9d8dd6c6056d9f0ead8bacc2fb29a107b0393d7428834c5a33aa2f54b27a49bf05d986048f82d2fe438771f185fa67e898
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
12KB
MD5bbe5686d140120d1c4674e565abab293
SHA15b22364855e338147c1233a119e37b925e0f0839
SHA256045ce6f3bb0ef939b5bdfc826875bb30696efe361dbf63c2e95387e9b1180f86
SHA5120512d0f04a7ecaf2ad0954a81161a7ceb5c7f7ab18d17d526870b161b3108fd53e745ee4ea5e91c4b224ccf9728db718b5b1180dde8141c39363284c5fc08d35
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
8KB
MD5ccabdaad8d09e3e6524d9bc29d921342
SHA1660c1d77eecfb8ddb53eb6b3434caac9f63678c3
SHA2566315a9fa1e110f5d4db20811913529e7ad9d033ee234bb7a9b6a82609b093f90
SHA5128ce4e6c195dbcbf83f8ad3f29035d8de8da2132c19789d21f3fc8ba9edccb15f9296900bcf7f0ee6c2d98b6088bc7b7ddb35f57859aeaf5a5a643fd6f1d1561e
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
12KB
MD58adbb79ca0947dd689a9ffcc47377685
SHA14bd3dca12ca26a5ca72a2912601293904e7a2083
SHA256ae6b55cf6ffbb6a7d04ac076b83d23cae34185afd9e110b126b563c7e6eae428
SHA512ee3c9d1564129c149592c28100bb05ade5ce31cab4062e4cbf603c5d5a6b128d38678703f684b74352f9f2b833b8a00662e896cbdb10530db304a03d77bdfd23
-
/data/user/0/com.moxianba.chat/databases/bugly_db_-journalFilesize
12KB
MD56844a41208dec2af6517656f5235a049
SHA12ce26a3c282956c9e31576c5f62102bbfa31ebf9
SHA256b5487200fd2c143375491bde63e6d8dc09a0b74d2dacdd0e1bd08334cebffdd3
SHA5123dbf162c6447fb2b6ae995948be2ad4904513b6de71516477ce734f09260cdd96dff018aa323cd171d08d12036e94eaa4584f5e8d0498454af9562ccec7c23ce
-
/data/user/0/com.moxianba.chat/files/objectbox/objectbox/data.mdbFilesize
8KB
MD580260a9e3fee508fecce3838b727e7e7
SHA193873b3ce2ace808632e7ed9dbbe075455db8462
SHA25689fdbe9505f901f400687d28512fcb9374b870b578d103652637ecee954b5c2c
SHA5122c0b114808d2a78597792fdc7db8f819db87844c8e3a989d8d5ceca224676e58f744dc3721e57ac6993b2d097079eb5abc7b8bcd1412c102e34841a4509d757e
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD54626ffb8b3dead25667401c473394cb5
SHA1c90005b95b4b1dbe95f9de68b1680b3029e3ff01
SHA256db04b289aa2e9c5c322e63cc9892dfe7ec2f58b16363d8dc25d3319deabf8214
SHA512fdd00388df3fc66fa09246ae80a907e73e1bae7c546326319df1250349fd6761e37aaf744e734bb0a2e0886c653369e2f368c1fe1762b706db64990ce950d900