Analysis

  • max time kernel
    179s
  • max time network
    174s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 06:46

General

  • Target

    a862e0180186c5251be015b1975c30ce_JaffaCakes118.apk

  • Size

    31.7MB

  • MD5

    a862e0180186c5251be015b1975c30ce

  • SHA1

    f0252a8b435e6c0c612bd400bf09d6be32cd04f3

  • SHA256

    cf4b8aaa000033711b14c1090b86906c94eab86f7baccb1036489900754bae15

  • SHA512

    f9f740bf4aa9203e8de51555e48ba9248bc0687351c52c044f40bc470a863176108563d2c9319d4ca7b7d1da7e3e52925ddaf81b6f310ae5803236f677d8b45f

  • SSDEEP

    786432:fGM7jopWXZhpHkOAsk/ExVJ9w/RVNIOboExusjIS6kzMo+dD5usux:fGMSmhpHkfv/UVXw/Rbp1x9jIS6w+dDk

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.ezfun.xyen
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4182
    • /system/bin/sh -c getprop ro.board.platform
      2⤵
        PID:4298
      • getprop ro.board.platform
        2⤵
          PID:4298
        • /system/bin/sh -c type su
          2⤵
          • Checks if the Android device is rooted.
          PID:4325
        • /system/bin/sh -c getprop ro.miui.ui.version.name
          2⤵
            PID:4352
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4352
            • /system/bin/sh -c getprop ro.build.version.emui
              2⤵
                PID:4377
              • getprop ro.build.version.emui
                2⤵
                  PID:4377
                • /system/bin/sh -c getprop ro.lenovo.series
                  2⤵
                    PID:4402
                  • getprop ro.lenovo.series
                    2⤵
                      PID:4402
                    • /system/bin/sh -c getprop ro.build.nubia.rom.name
                      2⤵
                        PID:4427
                      • getprop ro.build.nubia.rom.name
                        2⤵
                          PID:4427
                        • /system/bin/sh -c getprop ro.meizu.product.model
                          2⤵
                            PID:4452
                          • getprop ro.meizu.product.model
                            2⤵
                              PID:4452
                            • /system/bin/sh -c getprop ro.build.version.opporom
                              2⤵
                                PID:4479
                              • getprop ro.build.version.opporom
                                2⤵
                                  PID:4479
                                • /system/bin/sh -c getprop ro.vivo.os.build.display.id
                                  2⤵
                                    PID:4504
                                  • getprop ro.vivo.os.build.display.id
                                    2⤵
                                      PID:4504
                                    • /system/bin/sh -c getprop ro.aa.romver
                                      2⤵
                                        PID:4529
                                      • getprop ro.aa.romver
                                        2⤵
                                          PID:4529
                                        • /system/bin/sh -c getprop ro.lewa.version
                                          2⤵
                                            PID:4558
                                          • getprop ro.lewa.version
                                            2⤵
                                              PID:4558
                                            • /system/bin/sh -c getprop ro.gn.gnromvernumber
                                              2⤵
                                                PID:4584
                                              • getprop ro.gn.gnromvernumber
                                                2⤵
                                                  PID:4584
                                                • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
                                                  2⤵
                                                    PID:4610
                                                  • getprop ro.build.tyd.kbstyle_version
                                                    2⤵
                                                      PID:4610
                                                    • /system/bin/sh -c getprop ro.build.fingerprint
                                                      2⤵
                                                        PID:4635
                                                      • getprop ro.build.fingerprint
                                                        2⤵
                                                          PID:4635
                                                        • /system/bin/sh -c getprop ro.build.rom.id
                                                          2⤵
                                                            PID:4662
                                                          • getprop ro.build.rom.id
                                                            2⤵
                                                              PID:4662

                                                          Network

                                                          MITRE ATT&CK Matrix

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • /data/data/com.ezfun.xyen/databases/bugly_db_
                                                            Filesize

                                                            56KB

                                                            MD5

                                                            ad5d109521c0a336537ffc6b37239424

                                                            SHA1

                                                            45ea80dc56c067e323974ed23f5fa693d35cab35

                                                            SHA256

                                                            8a3ad171cedcd403c5858c5bd83b9405fd129bd33aba899be878b9e1fc367d9b

                                                            SHA512

                                                            abc3a2e9ff208187867c819e83b8603ef274d2a77a2994303d93bd3ec4551e8b40bd8d50f2f6c317b59a098e9e4c963ae625b4418ebe5e3ecd7fcc4d488d8094

                                                          • /data/data/com.ezfun.xyen/databases/bugly_db_-journal
                                                            Filesize

                                                            512B

                                                            MD5

                                                            f389e21b95b92fdff6b7599db62eb0f3

                                                            SHA1

                                                            120bd0ac12b2e829ee73f393d97378c7d1313b45

                                                            SHA256

                                                            6683c70c308bd65d436466d80302e130c25b228faf54635e3e9ec1c997bf0c86

                                                            SHA512

                                                            7e268ed9de4ad2807c8b571baf9ef066be4e7db2ae74d46233bda929ee1e204dc516a2d96b1de4070643c157e5108a683ed2549d490815bccc5f6f337827be19

                                                          • /data/data/com.ezfun.xyen/databases/bugly_db_-wal
                                                            Filesize

                                                            402KB

                                                            MD5

                                                            2d24a790d56f2d875d83daba6e0eb73d

                                                            SHA1

                                                            085a68f1029d40a514658756ee32fac4d8bd6be5

                                                            SHA256

                                                            f73dea1cce9d3ce1710ed3260cf34810da8fb65e66b3197597ca1e2625eb5bcf

                                                            SHA512

                                                            194ea8d43edd08f98b205f79b9d02561e9448772c9f92fde78ac470993e3b88d62733bff496e90589909b8fd6f40e28349e56e423c05903021fa065aefdb1d85

                                                          • /data/data/com.ezfun.xyen/databases/google_app_measurement.db
                                                            Filesize

                                                            4KB

                                                            MD5

                                                            f2b4b0190b9f384ca885f0c8c9b14700

                                                            SHA1

                                                            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                                                            SHA256

                                                            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                                                            SHA512

                                                            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                                                          • /data/data/com.ezfun.xyen/databases/google_app_measurement.db-journal
                                                            Filesize

                                                            512B

                                                            MD5

                                                            7964e5f5cfe2f05cefd7d8a2bdda3e2b

                                                            SHA1

                                                            59f2134366472c2db850877b48978917f331e9b0

                                                            SHA256

                                                            c0e6af8f7477f0ac99454d6bfa8e4a779f145e13cc283743aa4a14294b58d506

                                                            SHA512

                                                            48fec409b38b5d989bffb31f85763b06e6acdc53fbb7ce04779ac509ee06c2a425ad33708db1f3e7e688dee3a64347388a7cf69e8a0247c99dc6a4384fdcf7c0

                                                          • /data/data/com.ezfun.xyen/databases/google_app_measurement.db-shm
                                                            Filesize

                                                            32KB

                                                            MD5

                                                            bb7df04e1b0a2570657527a7e108ae23

                                                            SHA1

                                                            5188431849b4613152fd7bdba6a3ff0a4fd6424b

                                                            SHA256

                                                            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                                                            SHA512

                                                            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                                                          • /data/data/com.ezfun.xyen/databases/google_app_measurement.db-wal
                                                            Filesize

                                                            100KB

                                                            MD5

                                                            296181ad02f909dc1cc13444a77cdf93

                                                            SHA1

                                                            3ca0ec13e71c103eb854ade85c36e2057049c97c

                                                            SHA256

                                                            486231d31312f175ca87a3b895279b6712ef1590f1786c8a692c02cc3e0e7b9d

                                                            SHA512

                                                            dbacd7da7023c0d2ed2cfa86aaeb0dab57840d30a4d58a852ff89d44ba47ec73967717ab41f427aa19b6e66a6091c1a58a8166e580deb4ca3337f0eee4fbf3c1

                                                          • /data/data/com.ezfun.xyen/files/AppEventsLogger.persistedsessioninfo
                                                            Filesize

                                                            495B

                                                            MD5

                                                            7d722a81be03123dc3bcd63c3fa6e4d1

                                                            SHA1

                                                            e3f76444b650ae6f30ca80cb77e68a996c2d96cb

                                                            SHA256

                                                            b2ddf2d14f3d9ad1cc4ad4d62fe48275d8637197fda160df827187953a8b7c8e

                                                            SHA512

                                                            c05ee055d7abba16fc08ea43b33fbea3b39272d7ff0fc3b58bef3f8570155d909ace3cae11ebdb6f25dbfa72462ebee15bbcc554054fa602e6742d38f3e70f62

                                                          • /data/data/com.ezfun.xyen/files/buglylog_com.ezfun.xyen_.txt
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            d1665bc9fb881f83fea829636bc71f16

                                                            SHA1

                                                            5a1beb8e69a0e065998f631237390dd97a988e64

                                                            SHA256

                                                            400e297efbd39b148f6b14e98187ae4d74cf9191555e525c8e4192f83fc0a432

                                                            SHA512

                                                            a37a27443066d39d3642f46ed1cea8bf280fcd965c780da1dae707a06681e28afb10b1decabc3d4d88c9f3dcb8aa0601355b9970a70ae7070daa518a19dc7bda

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/abDataStruct.abMap
                                                            Filesize

                                                            53B

                                                            MD5

                                                            a87d62ef47d476e1511a07daa4d08934

                                                            SHA1

                                                            8a2336e3711874a59d028addf3c651c9952f8e91

                                                            SHA256

                                                            3126d0920ff4cef316d8eac2c0738e33102b46ee735083a8b57bd5d4c7d0d44a

                                                            SHA512

                                                            7bb5b20ab0d1809804bd696179cc14290f7b0321f07f4929a940677715f314af14428340433affae0ed4f54a64ee61f59f7423f70ac03344bf0936d62713138e

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/asset_length.txt
                                                            Filesize

                                                            6B

                                                            MD5

                                                            abe7cba9a0b5b038e1087dee8321e9bf

                                                            SHA1

                                                            266f50712dc9b3258e0b6b25c506dcbde0afaaa2

                                                            SHA256

                                                            20cf7fa19bbaada66fbbaee5506a7e6013a4647554c9d141348ea6d2ad9675ee

                                                            SHA512

                                                            cc48ffc72f61209a8c38fba9206f073b012415d21f171d1c2a75851c222c1697f60031e6d01fab23a1220a322c777b69281d2282afb48e76b1839cad81fc5e76

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/localAB.assetbundle
                                                            Filesize

                                                            707KB

                                                            MD5

                                                            efe0641f06c1408d2a33d1dfca956555

                                                            SHA1

                                                            be384bbc06c7e20c94af621bccd6bbf909183f1c

                                                            SHA256

                                                            c81051f6edf079152ac1cec4fb1d0d9e818fd404bcbbce9a3bfb2ed4aaa53961

                                                            SHA512

                                                            10e3f51237420b148d196b8b8171451f423fd5bc72e1f467d93737154b9a3c9de2fac550ec4cf9c31d660c1102f41c2e39ef71a159e15b35f997e80360821f69

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/localAB.assetbundle.zip
                                                            Filesize

                                                            665KB

                                                            MD5

                                                            94fd8bd65529e37d51d8394a071e79ec

                                                            SHA1

                                                            6fd784e9f4eb445ad608f3e360f2bfb8b0d72941

                                                            SHA256

                                                            9040003a634293d6d4162d15eb6454a90020ce437727d3114afccbada9dcb769

                                                            SHA512

                                                            0c778a7b739b54c12d64855c3728fdbc969f373ae6b01b7749ec62f867474afc174ad25855e910a3571a70cfa83cbd2f844b40fb0afe7966498ca7581d7bacfc

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/cd
                                                            Filesize

                                                            6B

                                                            MD5

                                                            88f27a4cc881802e69d07dbef3a3a572

                                                            SHA1

                                                            49139c6013f7f23a5510527ab29c6d7c3a141561

                                                            SHA256

                                                            ad9ba0afef7d77482c21f92da06909fd911cd7595a816cd5698918634aea8c50

                                                            SHA512

                                                            65e10430fb5b6ccea13ecbb931d9921aea5bbd4162f31897550899381501763616f791d228776cdbf5187f0ceeb275c01617f63c5bbaef6e7173918f95275401

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/cd
                                                            Filesize

                                                            8B

                                                            MD5

                                                            40c15095fba74d423df9b33c0143cf0c

                                                            SHA1

                                                            6c9abcdb8a2f2808bb2c13c5b5173684716a2d43

                                                            SHA256

                                                            8a46a510b30b69481e6a69e527fb158fdef526f61f2cabded7082c8c8dfcc603

                                                            SHA512

                                                            5bebe9cc774c9c4c5481eceb82aabd917264c5c99a8b24936085402498c496bd03958aeb3b0c51f898875cf5034c8f87f80a7b17d28eef2a57b0f1c8783bb63e

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/localAppVer.cfg
                                                            Filesize

                                                            5B

                                                            MD5

                                                            6a154fe077b0d71fab747079562e97ff

                                                            SHA1

                                                            9b80ca131fbc6cb5a944359bf46b2f5f301b25fc

                                                            SHA256

                                                            2c1940937d13777dc0f2c5a890921ff13e98b91a9e9d443a42651d8d0d8b448d

                                                            SHA512

                                                            249e676e0deb22642d1ef367787c42cb6723ff276759b6dc50f664cf765e4697a4623fa9d03da59afacee8d6d999752051620922ab8c033ab387da6d664e729c

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/ver
                                                            Filesize

                                                            197B

                                                            MD5

                                                            93557ef28b4884ba998dcac7eb874bdc

                                                            SHA1

                                                            0e31a00c00ddb946ece03c9cfa82e1824db8f708

                                                            SHA256

                                                            dccab60e97343b6a986646eaaa22b03fe7287dc16c3d136b76efddfa1dcbce9c

                                                            SHA512

                                                            fd672bac9673317e9b951af3ea423774d861ebdc5e34381c60ffda97f53a8c4375d5f21e99b50eb03b037ddaa5f8dd4789899d529e6792b925ccbfb03842c302

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/ver
                                                            Filesize

                                                            187B

                                                            MD5

                                                            a74458488179ecb21be59b4f215bd69b

                                                            SHA1

                                                            89cf82e60ebf1c835aaf911284f06dc8c10f7a44

                                                            SHA256

                                                            acf0fcf21ec7d8de40a463ce5e64e704690470de2ac13e4aba69060635bf1fd7

                                                            SHA512

                                                            2c909383910b196e27f1577b267bb0869559dffc602709104c87db1a35658491e9fdec494b1bcbd6a20de7211ff31687cb21a76149063c355a0f78da815c9590

                                                          • /storage/emulated/0/Android/data/com.ezfun.xyen/files/ver
                                                            Filesize

                                                            192B

                                                            MD5

                                                            fd576c121b9abf9c28e75498fc52de53

                                                            SHA1

                                                            ce8f31dbd0ace8d32561ceb45cdf5bb0f9d3d5ce

                                                            SHA256

                                                            679f95167b6b961f56f1bade99a82a953c64ffe6ab889c9d5f94454cadcb80ba

                                                            SHA512

                                                            a775e49f2e8289608a74db39fcd411e14661acb4a6c3143ec346c895290f3a081a264206ef5b995d26e543b0971e9eca1578b8581096eb03e0f6ac30b6eb092d