Analysis
-
max time kernel
160s -
max time network
178s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 22:26
Static task
static1
Behavioral task
behavioral1
Sample
abc17a9f74487c0d0f56999d511f0c8e_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
49gamebox.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
49gamebox.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
abc17a9f74487c0d0f56999d511f0c8e_JaffaCakes118.apk
-
Size
9.2MB
-
MD5
abc17a9f74487c0d0f56999d511f0c8e
-
SHA1
9891ce6b802858230aa5876ff62eeec10b2d6881
-
SHA256
0645e802edf9fe53abac0763a36d5ef15dc65647b7705be8660b753e92e1474e
-
SHA512
3bb359709fc0f84d106959c693165f60c7d4b8005177043739805447c49f5ce0a782baedcd563f18dfbccf22bd9d5a0991667ca2e604990f854e141b83391986
-
SSDEEP
196608:tGgTg5Wn5W0WpWsWp2OH1W8v/sC/rO9pXN0rF:8gU5S5rSNu2OH1lXsw2p6R
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.sj49jdxy.comcom.sj49jdxy.com:gray/system/bin/sh -c type suioc process /system/app/Superuser.apk com.sj49jdxy.com /system/app/Superuser.apk com.sj49jdxy.com:gray /sbin/su /system/bin/sh -c type su -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.sj49jdxy.comdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.sj49jdxy.com -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sj49jdxy.comcom.sj49jdxy.com:graydescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sj49jdxy.com Framework service call android.app.IActivityManager.getRunningAppProcesses com.sj49jdxy.com:gray -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
com.sj49jdxy.comdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.sj49jdxy.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.sj49jdxy.comcom.sj49jdxy.com:graydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sj49jdxy.com Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sj49jdxy.com:gray -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sj49jdxy.com:graycom.sj49jdxy.comdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sj49jdxy.com:gray Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sj49jdxy.com -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.sj49jdxy.comdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.sj49jdxy.com -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.sj49jdxy.comcom.sj49jdxy.com:graydescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.sj49jdxy.com Framework service call android.app.IActivityManager.registerReceiver com.sj49jdxy.com:gray -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.sj49jdxy.comcom.sj49jdxy.com:graydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.sj49jdxy.com Framework API call javax.crypto.Cipher.doFinal com.sj49jdxy.com:gray -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.sj49jdxy.com1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
com.sj49jdxy.com:gray1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
/system/bin/sh -c getprop2⤵
-
getprop2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.sj49jdxy.com/app_crashrecord/1004Filesize
225B
MD5f3bb4301d180d4022ad001478946c394
SHA17d8cbc93d30c4a82a4f61a281db333be3c28ce24
SHA2566fe6c3d62667521edf8ec6f1cb8ac6ed9d49d26aed3892789eb71694db29d551
SHA512b35139cfb9ecba266b170574dad873f331fd32ab8d0428f71221db222daac6e4528d2823ecf458102647001e088457fd9d2af31b800d7fe867ac0d5dc2fe0d4b
-
/data/data/com.sj49jdxy.com/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.sj49jdxy.com/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.sj49jdxy.com/databases/bugly_db_-journalFilesize
512B
MD54e3cf05989e4fd664665d0921b6e5436
SHA187d0a4a04d7e91da87d24b1016d4733ff5541503
SHA256d696b4b19f4cd3aa19d31c776128e0e3a8b4e609671a407261ceebeff24f26c2
SHA51204021846f49a4b368d206493d2915f9fe2890a6f28acf0e1290ee16013ab6e1470af37bda697ba993ce9085fb46fda319c93af1fab63881f0b7188d3acab1a76
-
/data/data/com.sj49jdxy.com/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.sj49jdxy.com/databases/bugly_db_-walFilesize
88KB
MD5f79a50e9eefa74a58f0eb54493f5ae4e
SHA1838adf774c14739938947351aefd33193b47a38b
SHA256a1d03add15b522d1891758121ef594643c2a1c2793a92705e088103b79226c95
SHA51238ddd538be4122ff596f71e6cc620083838f4917e994891928ab06682f8ca246c11a2b951c6815e9b41bf8fe222281036979ccc10089ac4d19864c20b58b739b
-
/data/data/com.sj49jdxy.com/databases/ss_app_log.db-journalFilesize
512B
MD538ade904a7f71204194b1c3925136939
SHA16766f697117b07c215c75a1cadb648e26ba1de84
SHA256307193971295403da7eb8602cd4185750dc13560d510564a540de6cd80cf626e
SHA512754a5f2afb819b437374d6b3a88cecc5b22f2290ee574c52d23e9a33596d4dbe72d91e23bb384d96047e5b12edb8fde038aeb6302943ef23b3f14a3cded74ecf
-
/data/data/com.sj49jdxy.com/databases/ss_app_log.db-walFilesize
108KB
MD50a9847eea40686896fe3ca8964fa375b
SHA1883d2ca62a3119b8137bdd16001a5d14223e9d8b
SHA2566d593db9f7a39b025c2187c35fe9d70bdd2352fbea8f6f79b7b0e62cc705ec64
SHA5129ffeb9f95f474e537b49d1d5d37dd8d43f830e137e91c8c89b593b595391a94f686aab84cd6a2e5ebf318832db69fa31bdfb0bb957c4012ac3206ee50bea2d80
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD55c0bd9c0f0776fc45e299fcb1ee80e9c
SHA1df5d191cce5ff01d97dff53eea6e335c32c50cb5
SHA2564f8b2e6bee05c67058b7f6b463f9138d44cd1577f8cf1c4d232d1bb65e5d4fd4
SHA512141f17cc51f55e16f97df2e2b765b839c7dc964b02cddcec52482f4c5e11158346d147d1ebd1572472c45c867bcd1e06f219054192a33d3697e6e1eb54e7892a
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD59ca34f32b32c0aab54a4cdb4036aae5d
SHA138f3c28ae53308ebb50e18609a4f1cc25d843a55
SHA256251e5a1430652c9f052f8644c35723de364a25e81cd03acc75850f56aaa6ebb2
SHA512cbff99af538b65c7f435ce72f7aa88ee87b09d4aeef5321ae323b688b2556c7d45743f311a67194e7da063d7ad72dc7a4d5fdef74ca9fc751b4407e6b04fbbe1
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
230B
MD5ac8d4af68e2dd2d6905f7bbe33f46ad5
SHA1514859cca8d658ddf413eb52380bd168078ddcd6
SHA256395c7759d42e7b0230b3ae424a130f2c5eca69463dea76598f3ec230f2ca728d
SHA512377c2d3e571a65e872e3d7ca022078694a1f345eed7d83b76c8cc12ebcf4608a40ea7d07e13cd304c6312cf1dfbba63bc6cf56d25872a13b05954951bed630cd
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
80KB
MD550ebdfdbf17abbed2c0001a518f3cb75
SHA11a357f66191bd4f82bec7713e388a10f9f544ab1
SHA2561de0516bbb896c8af982b27c2d67885c3a8d20a19fe136b24f78712f3b18d959
SHA5127b63989287b9b36effc3a1e1d748b68d8c015cb99fbce28755db561442b6c62a20170e42e2e9ee521b555906b4837721816ff11d634e757c1769e98c81fe3ce2
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD53cbd88b7cd4ca45310202d78acc6a19f
SHA12cdb0888753cab7b639ba85fc75449e838fe47b9
SHA256381c296330f7eb9167708b344a80afca1aa7f46f8ceb927afc56808e5ef4b9e6
SHA512a6d8f069b36f610855ac27b11e334a170eff439e3da75400c81ca2c326c66a7878d1ee7eecabef2fae3bde7173a6dc4d7fbeede2f76905c8ff39ed61bcc4e3aa
-
/storage/emulated/0/Android/data/com.sj49jdxy.com/files/tbslog/tbslog.txtFilesize
3KB
MD54f6810478e0b02544e4aad8aacdab430
SHA1831abf723b648286dd6a94200ebf3c53180379d2
SHA2561c4f2c72deda5a2ace362004f76b4d654802f5e27c502b87d174e63d52b1f588
SHA512059827ef8540a62932f5836cfd2fd4090e07c2d220f479326a9278351b85eed067b9def4737adccea4eb29d51833f71676da819f3a43168c1338a0a7e27edfba
-
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.datFilesize
36B
MD5713690f4941bd94089df8c5e03dbb40e
SHA178856908abceb71ad1cf92be75b1e1f9052d906e
SHA2569d12386e11c0d56613f6878c656a4ffa5333b1eeae83bf7cf43b489e29dd4bfa
SHA512f6e9989ee96aa9a330351351d1e8727fd8b8bd87d5511fffea17796e8983c653bdbf21053d01e84e0acd6f19c54260ecbfd3cbd10c70f839ffb33e1c28517488