Analysis

  • max time kernel
    5s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 00:25

General

  • Target

    a32256a4e8df9bf4e998bdda1548eec4_JaffaCakes118.apk

  • Size

    30.2MB

  • MD5

    a32256a4e8df9bf4e998bdda1548eec4

  • SHA1

    caa2e5006e8fa196ff10434478bc0b9e0769c4c8

  • SHA256

    fa9a8bcf4e64ae0d0fdcc039fb7fd3c5f1ce137363ead69311138407efd6a86d

  • SHA512

    eb7a0eb850bf0d3ea08d87feb6ad51191049dc0ace8119d3b1f342b86a55fe49c33b8611bd882be71467cb67033fca38445637ffdaec8e4680d15bfe98246e2d

  • SSDEEP

    786432:i3cTNF10VMMt0I8ugKseael9FBow6/a4qL2/8aZA7lVN:iQ51IpJlmweBi2JA7lVN

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 4 IoCs
  • Checks Qemu related system properties. 1 TTPs 1 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.tqhy.gameshop
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Checks Qemu related system properties.
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4295

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tqhy.gameshop/databases/okgo.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.tqhy.gameshop/databases/okgo.db-journal
    Filesize

    512B

    MD5

    a9bee019c1615b77d66a62a80de38d28

    SHA1

    7810d9e3dcd1a732cc16e8320b4d33d6ad79e106

    SHA256

    fea0203c993f4a8237c4b9b3ab8dfa50d33b8886fd7b863bc673b5e34e62ac23

    SHA512

    e8d8c46cba3253168c1808ce943371231c2527985e915b27eaccfed94885d8e2fe6c13b33bc57bc976d500afe477eec726fd2f148c737c081a4b7e9281285f87

  • /data/data/com.tqhy.gameshop/databases/okgo.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.tqhy.gameshop/databases/okgo.db-wal
    Filesize

    56KB

    MD5

    df0c38ae324d4d8058b55b1fd31407ca

    SHA1

    f7439268b70d8c806afeb9c7d954d6bee023f741

    SHA256

    bc1320c1a0d38c64e07f3abf49db7084ee71e2bd6e0f67b2ea92af2f0fadf0f5

    SHA512

    e49d778cbb438c91a49b56cde6f8bd16edc95a39cba585bbb27a58d8b373e291419df8e8666a705ab5e3220180e06c286d298f83e97da4b5e93bafb3a5c14a5c

  • /data/data/com.tqhy.gameshop/databases/ua.db
    Filesize

    68KB

    MD5

    3aa9b298a40c3dde3c6ed2504649b7c9

    SHA1

    09dc8e1f07fb288e4efa87150925e08ad08af2d5

    SHA256

    9cf11ef5df0c5698db89bd084659df93f0842da8f831a13a5430e50a935a0433

    SHA512

    c4f4b7f913b888f2e759e069bae9a1e4fa0b95800d38bd66978ed605a699b515197229bbf23aa2500320736aca367c562c5fc08ea4847007b4acb3531a534cdf

  • /data/data/com.tqhy.gameshop/databases/ua.db-journal
    Filesize

    512B

    MD5

    c3497dda43f5b6fc001c6fbd3b581733

    SHA1

    ae3229215565d0eb90c37d4cf2eaf40eb53f7036

    SHA256

    f42e7c3248ddde895a55c5705818dbd79e5bfc9e9dcb5a0946261f492c8aed5b

    SHA512

    a6c9dccc29084136921e3f5e2d3dda2aa5f004720c745f5ae7fe8175b11bd04ad0d59a1e58b65ded621c8d7598bcccc06b8842ebad49562eae7f9df2b9e1c367

  • /data/data/com.tqhy.gameshop/databases/ua.db-wal
    Filesize

    96KB

    MD5

    3129cde92fd230d9bf4dae7c8d631ed3

    SHA1

    9d566dfeec5c1c3c27355e478312a345d23db5c7

    SHA256

    7eff56716092082faf4bcd5477b9d66ebd749ef9d9f5bcc2307f91d01b5d9f6e

    SHA512

    ae0c222998b49302e8c672939b7d775ba43d23d2cb97e7af982bd4015985bfb4dc186368549b4e084dceed537b37f47a76234c68eaaec1a2261ba40d10e69c1e

  • /data/data/com.tqhy.gameshop/tinker_server/7e939543b615e894_version.info
    Filesize

    189B

    MD5

    7d84c3eb8e3b6e7e7867c7269985a2d3

    SHA1

    b9ad29a047bd80588891d896873c6d3e47254572

    SHA256

    3f92dce1f8d41c30b724cea7b39937fcf6e925d39c0d191d80b9a6280cc24db2

    SHA512

    2e6574c225a6bd8018b6abf04c197f5db08e80c7b5405fe1beda50567fd97dcea8c4a16dcde5d6ff39bbb855b554f1ddbbb342cfdaa5e6d1436557737150a79c

  • /storage/emulated/0/shumei.txt
    Filesize

    62B

    MD5

    9b2959cb107bf78c653fcde7e21230d7

    SHA1

    e18868ddbfd858c1d38d32c2b9b1ff6e3baa0c32

    SHA256

    1d0c9761709558d62cc01871ec5a0a8d1423c26c88628589e424b6afe99eee7d

    SHA512

    3681f968d2358af19bd348ef2f9afb40829b18f2d0c5eb845f751d022db2b0b842c807b9e7192e1eb40f1240f53bd1fac6ed9780377743e0747529bbd1e46cb0