34a247d024b33eee39976a0bf734bd9be91d9706087ce92f103cf77c4a4a2199

Analysis

max time kernel
4s
max time network
130s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a74f71621f8e38e4bbf349a47a7625fb_JaffaCakes118.apk
Size

17.9MB
MD5

a74f71621f8e38e4bbf349a47a7625fb
SHA1

db1ac13bb4437e4fa7c41eff81331d65dbc5bc30
SHA256

34a247d024b33eee39976a0bf734bd9be91d9706087ce92f103cf77c4a4a2199
SHA512

d574898866391191f2b46b2f23762ba08805fb51f65b4d30d3f928f26848de832bec8c5b2f9acd57c5d7c07be6ed0eab7bd7b10fc8d376990ce566bd157dc57a
SSDEEP

393216:X30GfxH9zfIJi7qvtB2ipUXiFeNBWRLNuQkp24HdZ1g5:X30S3LIM7qVrpUSFuBOuQZ

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

com.imbastar.c5game

ioc	process
/system/xbin/su	com.imbastar.c5game
/sbin/su	com.imbastar.c5game
/data/local/xbin/su	com.imbastar.c5game
/data/local/bin/su	com.imbastar.c5game
/data/local/su	com.imbastar.c5game

Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.imbastar.c5game

ioc process

/system/lib/libc_malloc_debug_qemu.so com.imbastar.c5game
/sys/qemu_trace com.imbastar.c5game
/system/bin/qemu-props com.imbastar.c5game
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.imbastar.c5game

ioc process

/dev/socket/qemud com.imbastar.c5game
/dev/qemu_pipe com.imbastar.c5game
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.imbastar.c5game

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.imbastar.c5game
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.imbastar.c5game

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.imbastar.c5game
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.imbastar.c5game

description ioc process

File opened for read /proc/meminfo com.imbastar.c5game

ioc	process
/system/lib/libc_malloc_debug_qemu.so	com.imbastar.c5game
/sys/qemu_trace	com.imbastar.c5game
/system/bin/qemu-props	com.imbastar.c5game

ioc	process
/dev/socket/qemud	com.imbastar.c5game
/dev/qemu_pipe	com.imbastar.c5game

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.imbastar.c5game

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.imbastar.c5game

description	ioc	process
File opened for read	/proc/meminfo	com.imbastar.c5game

com.imbastar.c5game
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4501

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.imbastar.c5game/app_crashrecord/1004
Filesize
235B

MD5
bcbb739d07411d4c0f7083606a8a23c7

SHA1
c7b44c87507200971c26032a96a9e15e853b0b1a

SHA256
2ca95ac0d1618b8423fa69be57ee9b957dc85621c62869d6e4845e3cd4bf4e74

SHA512
af290370afc36c4c96fe9e208a11fa140aca5096ef294e0dc659418d143fc4571ea6293014b7276b8dc714a5bb5e65729231bffae03d0e379182b45f74994f7d

Download Submit
/data/user/0/com.imbastar.c5game/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq
Filesize
68KB

MD5
6f8871f0fd61cb6c995be09df364574a

SHA1
4b5fc22ea36aeb7f9649122c7a1629bca2f22292

SHA256
b1d53fd3de319c101d471f0885552ca5fdc1c6b35e5717ce1160771ba310170b

SHA512
7c244aa22a66ef86d04e4c60ea00669730d4e119503b3bb196ec821e110a5ce0200cd3d92fa62685fca5590398ab1b0ccdd9e889009e7b603828470ecd71af5f

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq-journal
Filesize
8KB

MD5
d8989700f75ce8b6995c18333807a6e8

SHA1
8b17b6d509750a5fca77ed8421a4d228a8fd08e7

SHA256
22088ebdad8da0bdcad35f86af2dd8efad6154b83aa2ac362328013c76c1673f

SHA512
b3f72bd1ed066afe5245c340ed483580b0c3faec7f05a41b6e8c0499c6ff7ae3038aea972857bcf4db3d275d06fe02d92320d64398aae16f167662a047d2e448

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq-journal
Filesize
8KB

MD5
02b873efc5e0618c365c2e6436908c2e

SHA1
58cb047c2a9e6b03b548ca42c1dab512a3042f35

SHA256
3fb23827cb3d2448c3fe131ea307076c3ea008630ad405e1b302d3e411062344

SHA512
2bc8c15c8551d55fc4987efafc7339ed0c7bca4d4882780b812f69497e800b58f7c36db86672e8fc320f1702501959af0221b8b837f8d8cdab68a4d793999bfc

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq-journal
Filesize
12KB

MD5
9e9c65a581f52fd6449b2867d3389502

SHA1
5699592b33eed8f391d2c62810011c01f658e9dc

SHA256
10b84dbec486e34b0b79bc04fb6f2a3dc4aaa63e50e1b233fd8acebedc5f90eb

SHA512
c44e624f64e337921948d1ae16d153ee5ac95739719f4119fdab55faf3d20a794fe7f12eaf93c67bf4583907fbe12725aaeeee06adf2ac9971efc995f2e62a71

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq-journal
Filesize
512B

MD5
5dc80ade5b8545546b0507a2a2e7a763

SHA1
ed346dff972e67d1173a6188b24d82ee436f667e

SHA256
ce817186aa74bb7071a2c8c547c576ae27237d8d080b59466eadd443c49bd729

SHA512
fb148dfb9d8d6615ff2b4870471534bcebff03d69a7b77b1bf9c50cb69e796825f307ed328b3365f377c391223fc69e00aff83de0a8e1b686eb6d743e16af6a1

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq-journal
Filesize
8KB

MD5
ebd1b56d3deb6ab4e8f0e73a98c16e92

SHA1
c8e85dcfca25e118fdf708fd68a66609968c13d1

SHA256
0e3dabfd032e93a0c21d26353b65ecd5f12e9909aedc271c290d9130f278fa97

SHA512
bc161da5bd49c256a556255fde7c6e7923aa9d35550776fb221cbd4244fafe62f28bbc5a6495aa5fe047ed9b60cf770e79c631d873f84099f3730cba315a6a92

Download Submit
/data/user/0/com.imbastar.c5game/databases/bugly_db_yaq-journal
Filesize
8KB

MD5
58b121cba8fd6fa79b828f6811039047

SHA1
327de505c50b0784fa1e4cc5023fa147d497fcc2

SHA256
bb172aeee54bcd5890da49ee35b3b489247947b52305a3c450bdd3dce270ddee

SHA512
efab20ba96b8796f1fde34e5a62ce26af59371711396e6a04828c1bea49a3c47214a2d52519ae06fa9eaeebc83b521b4819ec9aa0c5e0a547e3f7ef8ab5c1b0b

Download Submit
/data/user/0/com.imbastar.c5game/files/prodexdir/0OO00l111l1l
Filesize
6.9MB

MD5
bdb6373bc93440621c21970e3f2041fc

SHA1
55963e9dc8bd4139cfd2247a3525e45b6cf66c22

SHA256
82c26271597f21a98c0b459d47322d067ee41d6702208def4ddd939ce5ed3b69

SHA512
6ae556ca18bc2d2571a1db9f875503e2cd4c57f8185cee697cc5dd7e9911ad855914dbfec5155c1afb7352426b531c9abe846fdb019d2e66c20e9ef5b38569f2

Download Submit
/data/user/0/com.imbastar.c5game/files/prodexdir/o0oooOO0ooOo.dat
Filesize
144B

MD5
ca323993cc74b9dc8eed0346db81e124

SHA1
1f390e80748e0ad2ef4e94d0b8b284cf87a2c271

SHA256
8eb37cd1b34ec2e95597702cd6cd66d99638926f09c2d2ed75e995f845d843a0

SHA512
d9363faf4523704f232bfac055694039f9e8cdcc3e3a7e1f06731c3f1970b221b06499536cb66bfe39cf7eb4b356b596491a9d0ab7b22a08123bd31f524a87dd

Download Submit
/data/user/0/com.imbastar.c5game/files/prodexdir/tosversion
Filesize
31B

MD5
0d0e31fde8cbf2067ff52fa81989a048

SHA1
84b628f411f4b4b21bb178d2e412b4edc7a383d5

SHA256
915546fdab44d271ff40d2252d8c575381665d9bd4a4df806f2cdc1aba6677a8

SHA512
2d452db5ded7b146c033e610ca003d0d7abbca9386b4f45c4f4d5546a28a9fd0e7a9084433df8b2ee91a2a11d6f8b64798b9b2fc6f24c5fabb4011994c0ebd9a

Download Submit