Analysis
-
max time kernel
5s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 00:25
Static task
static1
Behavioral task
behavioral1
Sample
a32256a4e8df9bf4e998bdda1548eec4_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
UPPayPluginEx.apk
Resource
android-x64-20240611.1-en
General
-
Target
a32256a4e8df9bf4e998bdda1548eec4_JaffaCakes118.apk
-
Size
30.2MB
-
MD5
a32256a4e8df9bf4e998bdda1548eec4
-
SHA1
caa2e5006e8fa196ff10434478bc0b9e0769c4c8
-
SHA256
fa9a8bcf4e64ae0d0fdcc039fb7fd3c5f1ce137363ead69311138407efd6a86d
-
SHA512
eb7a0eb850bf0d3ea08d87feb6ad51191049dc0ace8119d3b1f342b86a55fe49c33b8611bd882be71467cb67033fca38445637ffdaec8e4680d15bfe98246e2d
-
SSDEEP
786432:i3cTNF10VMMt0I8ugKseael9FBow6/a4qL2/8aZA7lVN:iQ51IpJlmweBi2JA7lVN
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Checks Android system properties for emulator presence. 1 TTPs 4 IoCs
Processes:
com.tqhy.gameshopdescription ioc process Accessed system property key: ro.product.name com.tqhy.gameshop Accessed system property key: ro.serialno com.tqhy.gameshop Accessed system property key: ro.product.model com.tqhy.gameshop Accessed system property key: ro.product.device com.tqhy.gameshop -
Checks Qemu related system properties. 1 TTPs 1 IoCs
Checks for Android system properties related to Qemu for Emulator detection.
Processes:
com.tqhy.gameshopdescription ioc process Accessed system property key: ro.kernel.qemu com.tqhy.gameshop -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.tqhy.gameshopdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tqhy.gameshop -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.tqhy.gameshopdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tqhy.gameshop -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.tqhy.gameshopdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tqhy.gameshop -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.tqhy.gameshopdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.tqhy.gameshop -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.tqhy.gameshopdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tqhy.gameshop -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.tqhy.gameshopdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tqhy.gameshop -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.tqhy.gameshop1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.tqhy.gameshop/databases/okgo.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.tqhy.gameshop/databases/okgo.db-journalFilesize
512B
MD5a9bee019c1615b77d66a62a80de38d28
SHA17810d9e3dcd1a732cc16e8320b4d33d6ad79e106
SHA256fea0203c993f4a8237c4b9b3ab8dfa50d33b8886fd7b863bc673b5e34e62ac23
SHA512e8d8c46cba3253168c1808ce943371231c2527985e915b27eaccfed94885d8e2fe6c13b33bc57bc976d500afe477eec726fd2f148c737c081a4b7e9281285f87
-
/data/data/com.tqhy.gameshop/databases/okgo.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.tqhy.gameshop/databases/okgo.db-walFilesize
56KB
MD5df0c38ae324d4d8058b55b1fd31407ca
SHA1f7439268b70d8c806afeb9c7d954d6bee023f741
SHA256bc1320c1a0d38c64e07f3abf49db7084ee71e2bd6e0f67b2ea92af2f0fadf0f5
SHA512e49d778cbb438c91a49b56cde6f8bd16edc95a39cba585bbb27a58d8b373e291419df8e8666a705ab5e3220180e06c286d298f83e97da4b5e93bafb3a5c14a5c
-
/data/data/com.tqhy.gameshop/databases/ua.dbFilesize
68KB
MD53aa9b298a40c3dde3c6ed2504649b7c9
SHA109dc8e1f07fb288e4efa87150925e08ad08af2d5
SHA2569cf11ef5df0c5698db89bd084659df93f0842da8f831a13a5430e50a935a0433
SHA512c4f4b7f913b888f2e759e069bae9a1e4fa0b95800d38bd66978ed605a699b515197229bbf23aa2500320736aca367c562c5fc08ea4847007b4acb3531a534cdf
-
/data/data/com.tqhy.gameshop/databases/ua.db-journalFilesize
512B
MD5c3497dda43f5b6fc001c6fbd3b581733
SHA1ae3229215565d0eb90c37d4cf2eaf40eb53f7036
SHA256f42e7c3248ddde895a55c5705818dbd79e5bfc9e9dcb5a0946261f492c8aed5b
SHA512a6c9dccc29084136921e3f5e2d3dda2aa5f004720c745f5ae7fe8175b11bd04ad0d59a1e58b65ded621c8d7598bcccc06b8842ebad49562eae7f9df2b9e1c367
-
/data/data/com.tqhy.gameshop/databases/ua.db-walFilesize
96KB
MD53129cde92fd230d9bf4dae7c8d631ed3
SHA19d566dfeec5c1c3c27355e478312a345d23db5c7
SHA2567eff56716092082faf4bcd5477b9d66ebd749ef9d9f5bcc2307f91d01b5d9f6e
SHA512ae0c222998b49302e8c672939b7d775ba43d23d2cb97e7af982bd4015985bfb4dc186368549b4e084dceed537b37f47a76234c68eaaec1a2261ba40d10e69c1e
-
/data/data/com.tqhy.gameshop/tinker_server/7e939543b615e894_version.infoFilesize
189B
MD57d84c3eb8e3b6e7e7867c7269985a2d3
SHA1b9ad29a047bd80588891d896873c6d3e47254572
SHA2563f92dce1f8d41c30b724cea7b39937fcf6e925d39c0d191d80b9a6280cc24db2
SHA5122e6574c225a6bd8018b6abf04c197f5db08e80c7b5405fe1beda50567fd97dcea8c4a16dcde5d6ff39bbb855b554f1ddbbb342cfdaa5e6d1436557737150a79c
-
/storage/emulated/0/shumei.txtFilesize
62B
MD59b2959cb107bf78c653fcde7e21230d7
SHA1e18868ddbfd858c1d38d32c2b9b1ff6e3baa0c32
SHA2561d0c9761709558d62cc01871ec5a0a8d1423c26c88628589e424b6afe99eee7d
SHA5123681f968d2358af19bd348ef2f9afb40829b18f2d0c5eb845f751d022db2b0b842c807b9e7192e1eb40f1240f53bd1fac6ed9780377743e0747529bbd1e46cb0