Analysis

  • max time kernel
    174s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    12-06-2024 23:36

General

  • Target

    a2f56380193098a50bf708e37afa485e_JaffaCakes118.apk

  • Size

    30.4MB

  • MD5

    a2f56380193098a50bf708e37afa485e

  • SHA1

    c51b916bf4b3038dc3ff62f3476015c53fbef859

  • SHA256

    2b6bd2bcc06de25e402811a818dceeb5998f9730561d183572e3d92a47ae103d

  • SHA512

    ec74b1d511892c1733313420445e3f030fabc2d962350db04076a4e073c8b763dc0943fadbae4fa1160a4fff62b87de394212971c81e10f5d2a9b4d9310d3fb8

  • SSDEEP

    786432:saOaDwLQMuMGJXXz47doy4frGOfCuTF1vxUm/qIC7RlVY:gaDwLQ/MOnZB0uBEm/a3C

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 5 IoCs
  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.moxianba.chat
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    PID:4649
  • com.moxianba.chat:ipc
    1⤵
    • Queries information about running processes on the device
    PID:4695
  • com.moxianba.chat:pushcore
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4765

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.moxianba.chat/app_crashrecord/1004
    Filesize

    8KB

    MD5

    2d9cabecf0774bf128d3308674eef1cf

    SHA1

    7a6b7e3b6b693a791310a790972fa2979ea75b35

    SHA256

    272ed277034b67b294f50f6c864fd3996ab5bc9f375b6af09942514c626d5c51

    SHA512

    74818e7ef7e20d16f45932ee126de001eb4fb741366e83fc8e4c6e4c0d03c128959c6b2112b14b444c23401ad8679015b7b551659f5c168980674be14471e174

  • /data/user/0/com.moxianba.chat/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/user/0/com.moxianba.chat/app_crashrecord/1004
    Filesize

    300B

    MD5

    9296cc45b66bc791cf1dad9b576b858a

    SHA1

    6cb2ffef8b239637daa9edf39778bdd3cb4f9139

    SHA256

    229bb3aea21327554a0d2f98f8b59a5d04a82c3ca4bd8112d88d1e0c4cc7457b

    SHA512

    c225518c068c0106899b1be5bf023f4fe8a4a4c9f2e663eda003835e78a95536bc98dccee6725147c556b46c279c08989e13addf21f8112370a414753ddd88c2

  • /data/user/0/com.moxianba.chat/app_crashrecord/1004
    Filesize

    235B

    MD5

    acbf776b0807b5c193164662cc6f2c38

    SHA1

    e0465ed09f51db0d0ea28f7ceae24c0ca3e2975a

    SHA256

    baa5deae3732816e98baf9d00b177de4ecfb0d493a44fa9a266e5559f56c5b06

    SHA512

    671b34a6e98121b11e350a258f0107c048ebd5632a46e6085ecc923e81030871c18759553a76bbfdda7e2b381e9b211efb6c48b40b98afc44defca017a296cf2

  • /data/user/0/com.moxianba.chat/cache/image/journal.tmp
    Filesize

    28KB

    MD5

    99753edd2281986d857a1a4fe795b73b

    SHA1

    dd0f9b2510c6a8829cd55b9008f2f8aa1f3c45a1

    SHA256

    3b23ba05c138b74e783074738ce1a22eabee981c611b52fa13117859461661c3

    SHA512

    8adb7cbf1d4366e36d8d0a515ab532c348793d9fec28421da672a7b8201d71b73e8a32c4f185af7e42e65388d944fbf33f4b69aeaf1cc9c4602d2c73f841bff4

  • /data/user/0/com.moxianba.chat/databases/bugly_db_
    Filesize

    52KB

    MD5

    e14d65a71875dc171ce5017073495cc5

    SHA1

    d59da269594ca960b670bf53e9825433f63bd3bf

    SHA256

    7580ce22aae6c3e27cdc1ea45539c4b66e6eb38343bad12d5baedb49763ded59

    SHA512

    28f26134a842ace8671f62b71956a196d7cd86e691fbe242bc77e476a079fc1ff47683b28dc9610e38f5bc4bf7d32c2f042a54896987c582ad692f5897ead3f5

  • /data/user/0/com.moxianba.chat/databases/bugly_db_
    Filesize

    28KB

    MD5

    2e06aaeea3ac9695e82a2746557462fc

    SHA1

    23763fe0323b5e25fb0995a71c178a5d3c016346

    SHA256

    c63020add6c1f8e2a72679c71e34bedee4b93583b5e042635a8d60253c782e85

    SHA512

    a8d18518f084aa452faec4b512c66d593ff7d3d832625e6371c216a5be1cb460640d512ce4eda153f2c602ff68eb736bb6b9c1578f8bf15770c75c3199ddddbc

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    c78969f64e6f0447d1016971706e65f4

    SHA1

    19b470309c9abc6c5d61b3cab4472a468a79890f

    SHA256

    18f57c63d770d3050dacc024ec5f92c2cd898f30587a4b7ea9b52261cf48bb53

    SHA512

    9687e27f0304f792d73c9b0894889e9226c920b955dda5f8d26d5bad42cab18d65863a4ea3b1dae7677ce3fc619f8e8ed1ef478c06b6e2719c840a5ab7063809

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    9ea30aeb8107007e43c6dd134eaf3e64

    SHA1

    3ef2750acd6bb48debfc2b20bba9f7c3dfa1665e

    SHA256

    13d99e4d2aaa12b0ef368f9ecbdd9eba2898dc29a80452fb5bd3a9df5a8fdbd2

    SHA512

    2d56bfb409d2a6c2a65edc6eb8316cddf87bab9685a049d0016f3e6415a7c2a2f623122122d4edab1120d38d3fd2cd74e22caee8757c4efb3ba2fec6c352cced

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    2b9e47721b12807f92098f0e43d063fb

    SHA1

    f13fe8cb7cfd5b5bf15ec69168b8895d945c4794

    SHA256

    4f5c45428e2bd56785f704b3dbb3e726d56045726ee069113af8bad397c52313

    SHA512

    3ccbc3ebd08dba9682d7852a9e872b9d8dd6c6056d9f0ead8bacc2fb29a107b0393d7428834c5a33aa2f54b27a49bf05d986048f82d2fe438771f185fa67e898

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    12KB

    MD5

    bbe5686d140120d1c4674e565abab293

    SHA1

    5b22364855e338147c1233a119e37b925e0f0839

    SHA256

    045ce6f3bb0ef939b5bdfc826875bb30696efe361dbf63c2e95387e9b1180f86

    SHA512

    0512d0f04a7ecaf2ad0954a81161a7ceb5c7f7ab18d17d526870b161b3108fd53e745ee4ea5e91c4b224ccf9728db718b5b1180dde8141c39363284c5fc08d35

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    ccabdaad8d09e3e6524d9bc29d921342

    SHA1

    660c1d77eecfb8ddb53eb6b3434caac9f63678c3

    SHA256

    6315a9fa1e110f5d4db20811913529e7ad9d033ee234bb7a9b6a82609b093f90

    SHA512

    8ce4e6c195dbcbf83f8ad3f29035d8de8da2132c19789d21f3fc8ba9edccb15f9296900bcf7f0ee6c2d98b6088bc7b7ddb35f57859aeaf5a5a643fd6f1d1561e

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    12KB

    MD5

    8adbb79ca0947dd689a9ffcc47377685

    SHA1

    4bd3dca12ca26a5ca72a2912601293904e7a2083

    SHA256

    ae6b55cf6ffbb6a7d04ac076b83d23cae34185afd9e110b126b563c7e6eae428

    SHA512

    ee3c9d1564129c149592c28100bb05ade5ce31cab4062e4cbf603c5d5a6b128d38678703f684b74352f9f2b833b8a00662e896cbdb10530db304a03d77bdfd23

  • /data/user/0/com.moxianba.chat/databases/bugly_db_-journal
    Filesize

    12KB

    MD5

    6844a41208dec2af6517656f5235a049

    SHA1

    2ce26a3c282956c9e31576c5f62102bbfa31ebf9

    SHA256

    b5487200fd2c143375491bde63e6d8dc09a0b74d2dacdd0e1bd08334cebffdd3

    SHA512

    3dbf162c6447fb2b6ae995948be2ad4904513b6de71516477ce734f09260cdd96dff018aa323cd171d08d12036e94eaa4584f5e8d0498454af9562ccec7c23ce

  • /data/user/0/com.moxianba.chat/files/objectbox/objectbox/data.mdb
    Filesize

    8KB

    MD5

    80260a9e3fee508fecce3838b727e7e7

    SHA1

    93873b3ce2ace808632e7ed9dbbe075455db8462

    SHA256

    89fdbe9505f901f400687d28512fcb9374b870b578d103652637ecee954b5c2c

    SHA512

    2c0b114808d2a78597792fdc7db8f819db87844c8e3a989d8d5ceca224676e58f744dc3721e57ac6993b2d097079eb5abc7b8bcd1412c102e34841a4509d757e

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    4626ffb8b3dead25667401c473394cb5

    SHA1

    c90005b95b4b1dbe95f9de68b1680b3029e3ff01

    SHA256

    db04b289aa2e9c5c322e63cc9892dfe7ec2f58b16363d8dc25d3319deabf8214

    SHA512

    fdd00388df3fc66fa09246ae80a907e73e1bae7c546326319df1250349fd6761e37aaf744e734bb0a2e0886c653369e2f368c1fe1762b706db64990ce950d900