910bb070a20acb859d771e105fb9ccc650f68bb8dda6af7dd582675490586294

Analysis

max time kernel
48s
max time network
148s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7a24b455b3596cf81956168c3ddb713_JaffaCakes118.apk
Size

31.4MB
MD5

a7a24b455b3596cf81956168c3ddb713
SHA1

e8f8d94bab306b3aaca6046c01c863475591f615
SHA256

910bb070a20acb859d771e105fb9ccc650f68bb8dda6af7dd582675490586294
SHA512

f7de7c731129d04a0b84ee4536335f7c5a31288ef88b1cd70e42abdff0b1bd8b22b6ad5373874c74fbbdc9cd0f9720cae8f2e5dc3203927eb61f112ac173f30b
SSDEEP

786432:8SdCzB5tzq4cvikRCZEwf3JT/siw4C6elQNQsX1Vj:mViQZEgYkWleXD

Score

8^/10

evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

it.rortos.extremelandings

ioc process

/system/app/Superuser.apk it.rortos.extremelandings
/system/xbin/su it.rortos.extremelandings
Checks Qemu related system properties. 1 TTPs 1 IoCs
Checks for Android system properties related to Qemu for Emulator detection.
evasion

T1633.001

Processes:

it.rortos.extremelandings

description ioc process

Accessed system property key: ro.kernel.qemu it.rortos.extremelandings
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

it.rortos.extremelandings

description ioc process

Framework service call android.app.IActivityManager.registerReceiver it.rortos.extremelandings
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

it.rortos.extremelandings

description ioc process

Framework API call javax.crypto.Cipher.doFinal it.rortos.extremelandings
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

it.rortos.extremelandings

description ioc process

File opened for read /proc/cpuinfo it.rortos.extremelandings
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

it.rortos.extremelandings

description ioc process

File opened for read /proc/meminfo it.rortos.extremelandings

ioc	process
/system/app/Superuser.apk	it.rortos.extremelandings
/system/xbin/su	it.rortos.extremelandings

description	ioc	process
Accessed system property	key: ro.kernel.qemu	it.rortos.extremelandings

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	it.rortos.extremelandings

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	it.rortos.extremelandings

description	ioc	process
File opened for read	/proc/cpuinfo	it.rortos.extremelandings

description	ioc	process
File opened for read	/proc/meminfo	it.rortos.extremelandings

it.rortos.extremelandings
1⤵
- Checks if the Android device is rooted.
- Checks Qemu related system properties.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/it.rortos.extremelandings/databases/DownloadsDB
Filesize
28KB

MD5
fe85c0e4f5d8251763da4dade594124a

SHA1
b2196d13d889168808cc301e34a1a5259877e8f9

SHA256
68a0ceb2b4920452dc324fd95859fa999f4c1648e765c59a5483a82b8c4587de

SHA512
50bfff7541d4cac4d85c923963f37301320b24bf4b190b83773f2ae52cae572671f99fdba1d1b7f952e571a459a96f5d775c3410f36edcceceef8f7c324d5e4d

Download Submit
/data/data/it.rortos.extremelandings/databases/DownloadsDB-journal
Filesize
512B

MD5
73cea0eb001c4b6c0efbf0de1a0f14d2

SHA1
7fd65f139a779871d848e8b3ea0567e73b2937e1

SHA256
04093b590d6a42702511cb70226401b3c9df2e95c78c2d66b9dbdcd3473369e4

SHA512
3c80647a8f92d2ab43280ac57cf732fb2b26c8554a9f5a22fe55c5db408bd86c082991cdb5547da8b775d9e4c8f25493168320080a07d5aac461b530725e5e19

Download Submit
/data/data/it.rortos.extremelandings/databases/DownloadsDB-journal
Filesize
8KB

MD5
882dfcaa685a66fc60ee5cad334fa63b

SHA1
034765d3268e700307128c6c63ead9f30716ba49

SHA256
516e0af27a795b957bbf8f917db2cc3a3c86baccff184e82500ae379bba80c5b

SHA512
5194a6cdea6f0bb02bc76f545ff5e9fe117d63a9bb47926e321f439bfa02216742a260b2f5b29a736df7b9eae42976697fad8de532c901a3f33ac855930015df

Download Submit
/data/data/it.rortos.extremelandings/databases/DownloadsDB-journal
Filesize
8KB

MD5
844d9b13707efff993b5beb3be63e6d6

SHA1
7aa56043d58be60cb9a7594989905b7db64da50a

SHA256
a0dfe19f6637f251991a47046d155f134f32c3a64a1fa250fe5262f3ed17498d

SHA512
40829d9c0224380ed60a511bb192ffcdd550ba4b18becc2f2b213e088fbaf012be14441ab7663a3beb3e64a05a385d886c6d6ce7875443493e985bcf03edfb79

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BA2BE02EC-0001-13C8-4F64AF580F54BeginSession.cls_temp
Filesize
79B

MD5
f92c156f03471f9c702a13dd89669d8e

SHA1
bb5d11967c792f2eba0818f5d7a8e2e9b50b813b

SHA256
185408a72884ed526df112110a1c74124c2a04444cffb6a591d6bc692666be15

SHA512
4b451e53962c445e416cf3acae4f5ef748cc5f703009ee2ab0721afce7a4cdbdba44ff201b6a11ca4caae838e4bec6dea43b52f18327567c7d83cb0e08f0fe89

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BA2BE02EC-0001-13C8-4F64AF580F54SessionApp.cls_temp
Filesize
138B

MD5
7c71fe2b646bdbee1b415a9f28c3028f

SHA1
480c5d3a5a059ef00245ff47632264b9c9da3248

SHA256
9469af23d2b5145708bc1184551edbb06838cb50eefbf4865ed2b82035edfb68

SHA512
7189174994487f074fa7bbd7f6cdc80de22a72fd9007481b7fb97581e28e5de4a625f3b8df96905f1eccd9bc6c7ac8e2fec7f2dc3c077e5180e54ab696afbafe

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BA2BE02EC-0001-13C8-4F64AF580F54SessionDevice.cls_temp
Filesize
131B

MD5
68bdf5148e3bcd419dba967c5235139d

SHA1
7680e292f7797c9fb9196342ddde7c7eb4d02a1e

SHA256
3095583822cdd68108d37ddac29b05206016e9b4f2ddea083f433f2b699caad9

SHA512
448c515e5ff3174f2d91545d4075fb4c167351755fc26278ea7e48dd4007549c3060886868a7a2dc1dba05cafae4b36b09be88271615dfda567edeefcd28492b

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BA2BE02EC-0001-13C8-4F64AF580F54SessionOS.cls_temp
Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
527B

MD5
3711a970be67af2d21330ca1e8127263

SHA1
28a6aa5e8ce3d7fe4750f46a8527eb42eea80d26

SHA256
9d2c37a8e073dfe67f4b9c9490ff578046caa534ca19a06847b2661acf90e321

SHA512
cf2e0883d88ef6f82fcc9135f69ebdcd65390e629af2bdb8797674b63e6950387b0d4efc43ee1ffbb0a4ad24027d9e39922709147a8a17fad0d5f28ef0187b5d

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
3KB

MD5
fcc3c16016fdff64ff140cd0ab99457d

SHA1
7a06986cafb29be9cc6d069b64833a756e519047

SHA256
4da777a1f6c0f9e18e427f488dffc7595c9f9f0113e46e0c1111e285c3926c0d

SHA512
f25af293326694fc386ebeec35b7c01e646ddc29aa52c7289937a29bea186d206245d76bb6db5f7acaacd94ac841a6447b6c96083242ba8be846bdd5d1b21efa

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/it.rortos.extremelandings/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_236b819e-b9ba-42ea-aa93-f49de600d3a5_1718330047399.tap
Filesize
400B

MD5
6a7fa68c78890c4980b3cf92009d1300

SHA1
fec0dc453984d3d8019b44faeccb042a17e72fe0

SHA256
eccb21f03b4cc0dceb3c7076365da77d24de8fffb5938ef71ad646fc3b8b40b4

SHA512
aa9ee5260de8214452abcfb1e507446e3d99696e79cf04c88262b8ac613e5d0fef13d7b4f376935aed234a96d29b79199df7243105a4b46001f6840c24773d79

Download Submit
/storage/emulated/0/Android/data/it.rortos.extremelandings/files/Unity/533f7175-deb3-45cc-ad62-af7cef3f3a7a/Analytics/config
Filesize
293B

MD5
8673a8ac0b06a9d056d08d62f857ba4b

SHA1
a351bea1932270bafbe468584058fef20dcfc31e

SHA256
83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96

SHA512
edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

Download Submit
/storage/emulated/0/Android/data/it.rortos.extremelandings/files/Unity/533f7175-deb3-45cc-ad62-af7cef3f3a7a/Analytics/values
Filesize
132B

MD5
f4fc584463db18d2f51a352d427604f8

SHA1
5b89ac635522ac62012e8a55853904399988da7e

SHA256
db0aad0aee5372043afaa8b758fd7cc28dd2e755bae748e238277f410861f6ad

SHA512
02aaafc391d5cdaae7cc988794d9611007f3eed1bec268a8376fd91eec2b06681bc5e98cd028c48653e0fb7a36a495e80fb8ddeac7137005b92261fa139edb50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads