Analysis
-
max time kernel
179s -
max time network
174s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 06:46
Static task
static1
Behavioral task
behavioral1
Sample
a862e0180186c5251be015b1975c30ce_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a862e0180186c5251be015b1975c30ce_JaffaCakes118.apk
-
Size
31.7MB
-
MD5
a862e0180186c5251be015b1975c30ce
-
SHA1
f0252a8b435e6c0c612bd400bf09d6be32cd04f3
-
SHA256
cf4b8aaa000033711b14c1090b86906c94eab86f7baccb1036489900754bae15
-
SHA512
f9f740bf4aa9203e8de51555e48ba9248bc0687351c52c044f40bc470a863176108563d2c9319d4ca7b7d1da7e3e52925ddaf81b6f310ae5803236f677d8b45f
-
SSDEEP
786432:fGM7jopWXZhpHkOAsk/ExVJ9w/RVNIOboExusjIS6kzMo+dD5usux:fGMSmhpHkfv/UVXw/Rbp1x9jIS6w+dDk
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.ezfun.xyen/system/bin/sh -c type suioc process /system/app/Superuser.apk com.ezfun.xyen /sbin/su /system/bin/sh -c type su -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ezfun.xyendescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezfun.xyen -
Acquires the wake lock 1 IoCs
Processes:
com.ezfun.xyendescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.ezfun.xyen -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.ezfun.xyendescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezfun.xyen -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ezfun.xyendescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ezfun.xyen -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ezfun.xyendescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ezfun.xyen -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.ezfun.xyendescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ezfun.xyen -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.ezfun.xyen1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
-
/system/bin/sh -c getprop ro.miui.ui.version.name2⤵
-
getprop ro.miui.ui.version.name2⤵
-
/system/bin/sh -c getprop ro.build.version.emui2⤵
-
getprop ro.build.version.emui2⤵
-
/system/bin/sh -c getprop ro.lenovo.series2⤵
-
getprop ro.lenovo.series2⤵
-
/system/bin/sh -c getprop ro.build.nubia.rom.name2⤵
-
getprop ro.build.nubia.rom.name2⤵
-
/system/bin/sh -c getprop ro.meizu.product.model2⤵
-
getprop ro.meizu.product.model2⤵
-
/system/bin/sh -c getprop ro.build.version.opporom2⤵
-
getprop ro.build.version.opporom2⤵
-
/system/bin/sh -c getprop ro.vivo.os.build.display.id2⤵
-
getprop ro.vivo.os.build.display.id2⤵
-
/system/bin/sh -c getprop ro.aa.romver2⤵
-
getprop ro.aa.romver2⤵
-
/system/bin/sh -c getprop ro.lewa.version2⤵
-
getprop ro.lewa.version2⤵
-
/system/bin/sh -c getprop ro.gn.gnromvernumber2⤵
-
getprop ro.gn.gnromvernumber2⤵
-
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version2⤵
-
getprop ro.build.tyd.kbstyle_version2⤵
-
/system/bin/sh -c getprop ro.build.fingerprint2⤵
-
getprop ro.build.fingerprint2⤵
-
/system/bin/sh -c getprop ro.build.rom.id2⤵
-
getprop ro.build.rom.id2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ezfun.xyen/databases/bugly_db_Filesize
56KB
MD5ad5d109521c0a336537ffc6b37239424
SHA145ea80dc56c067e323974ed23f5fa693d35cab35
SHA2568a3ad171cedcd403c5858c5bd83b9405fd129bd33aba899be878b9e1fc367d9b
SHA512abc3a2e9ff208187867c819e83b8603ef274d2a77a2994303d93bd3ec4551e8b40bd8d50f2f6c317b59a098e9e4c963ae625b4418ebe5e3ecd7fcc4d488d8094
-
/data/data/com.ezfun.xyen/databases/bugly_db_-journalFilesize
512B
MD5f389e21b95b92fdff6b7599db62eb0f3
SHA1120bd0ac12b2e829ee73f393d97378c7d1313b45
SHA2566683c70c308bd65d436466d80302e130c25b228faf54635e3e9ec1c997bf0c86
SHA5127e268ed9de4ad2807c8b571baf9ef066be4e7db2ae74d46233bda929ee1e204dc516a2d96b1de4070643c157e5108a683ed2549d490815bccc5f6f337827be19
-
/data/data/com.ezfun.xyen/databases/bugly_db_-walFilesize
402KB
MD52d24a790d56f2d875d83daba6e0eb73d
SHA1085a68f1029d40a514658756ee32fac4d8bd6be5
SHA256f73dea1cce9d3ce1710ed3260cf34810da8fb65e66b3197597ca1e2625eb5bcf
SHA512194ea8d43edd08f98b205f79b9d02561e9448772c9f92fde78ac470993e3b88d62733bff496e90589909b8fd6f40e28349e56e423c05903021fa065aefdb1d85
-
/data/data/com.ezfun.xyen/databases/google_app_measurement.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.ezfun.xyen/databases/google_app_measurement.db-journalFilesize
512B
MD57964e5f5cfe2f05cefd7d8a2bdda3e2b
SHA159f2134366472c2db850877b48978917f331e9b0
SHA256c0e6af8f7477f0ac99454d6bfa8e4a779f145e13cc283743aa4a14294b58d506
SHA51248fec409b38b5d989bffb31f85763b06e6acdc53fbb7ce04779ac509ee06c2a425ad33708db1f3e7e688dee3a64347388a7cf69e8a0247c99dc6a4384fdcf7c0
-
/data/data/com.ezfun.xyen/databases/google_app_measurement.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ezfun.xyen/databases/google_app_measurement.db-walFilesize
100KB
MD5296181ad02f909dc1cc13444a77cdf93
SHA13ca0ec13e71c103eb854ade85c36e2057049c97c
SHA256486231d31312f175ca87a3b895279b6712ef1590f1786c8a692c02cc3e0e7b9d
SHA512dbacd7da7023c0d2ed2cfa86aaeb0dab57840d30a4d58a852ff89d44ba47ec73967717ab41f427aa19b6e66a6091c1a58a8166e580deb4ca3337f0eee4fbf3c1
-
/data/data/com.ezfun.xyen/files/AppEventsLogger.persistedsessioninfoFilesize
495B
MD57d722a81be03123dc3bcd63c3fa6e4d1
SHA1e3f76444b650ae6f30ca80cb77e68a996c2d96cb
SHA256b2ddf2d14f3d9ad1cc4ad4d62fe48275d8637197fda160df827187953a8b7c8e
SHA512c05ee055d7abba16fc08ea43b33fbea3b39272d7ff0fc3b58bef3f8570155d909ace3cae11ebdb6f25dbfa72462ebee15bbcc554054fa602e6742d38f3e70f62
-
/data/data/com.ezfun.xyen/files/buglylog_com.ezfun.xyen_.txtFilesize
5KB
MD5d1665bc9fb881f83fea829636bc71f16
SHA15a1beb8e69a0e065998f631237390dd97a988e64
SHA256400e297efbd39b148f6b14e98187ae4d74cf9191555e525c8e4192f83fc0a432
SHA512a37a27443066d39d3642f46ed1cea8bf280fcd965c780da1dae707a06681e28afb10b1decabc3d4d88c9f3dcb8aa0601355b9970a70ae7070daa518a19dc7bda
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/abDataStruct.abMapFilesize
53B
MD5a87d62ef47d476e1511a07daa4d08934
SHA18a2336e3711874a59d028addf3c651c9952f8e91
SHA2563126d0920ff4cef316d8eac2c0738e33102b46ee735083a8b57bd5d4c7d0d44a
SHA5127bb5b20ab0d1809804bd696179cc14290f7b0321f07f4929a940677715f314af14428340433affae0ed4f54a64ee61f59f7423f70ac03344bf0936d62713138e
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/asset_length.txtFilesize
6B
MD5abe7cba9a0b5b038e1087dee8321e9bf
SHA1266f50712dc9b3258e0b6b25c506dcbde0afaaa2
SHA25620cf7fa19bbaada66fbbaee5506a7e6013a4647554c9d141348ea6d2ad9675ee
SHA512cc48ffc72f61209a8c38fba9206f073b012415d21f171d1c2a75851c222c1697f60031e6d01fab23a1220a322c777b69281d2282afb48e76b1839cad81fc5e76
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/localAB.assetbundleFilesize
707KB
MD5efe0641f06c1408d2a33d1dfca956555
SHA1be384bbc06c7e20c94af621bccd6bbf909183f1c
SHA256c81051f6edf079152ac1cec4fb1d0d9e818fd404bcbbce9a3bfb2ed4aaa53961
SHA51210e3f51237420b148d196b8b8171451f423fd5bc72e1f467d93737154b9a3c9de2fac550ec4cf9c31d660c1102f41c2e39ef71a159e15b35f997e80360821f69
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/AssetsBundle/localAB.assetbundle.zipFilesize
665KB
MD594fd8bd65529e37d51d8394a071e79ec
SHA16fd784e9f4eb445ad608f3e360f2bfb8b0d72941
SHA2569040003a634293d6d4162d15eb6454a90020ce437727d3114afccbada9dcb769
SHA5120c778a7b739b54c12d64855c3728fdbc969f373ae6b01b7749ec62f867474afc174ad25855e910a3571a70cfa83cbd2f844b40fb0afe7966498ca7581d7bacfc
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/cdFilesize
6B
MD588f27a4cc881802e69d07dbef3a3a572
SHA149139c6013f7f23a5510527ab29c6d7c3a141561
SHA256ad9ba0afef7d77482c21f92da06909fd911cd7595a816cd5698918634aea8c50
SHA51265e10430fb5b6ccea13ecbb931d9921aea5bbd4162f31897550899381501763616f791d228776cdbf5187f0ceeb275c01617f63c5bbaef6e7173918f95275401
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/cdFilesize
8B
MD540c15095fba74d423df9b33c0143cf0c
SHA16c9abcdb8a2f2808bb2c13c5b5173684716a2d43
SHA2568a46a510b30b69481e6a69e527fb158fdef526f61f2cabded7082c8c8dfcc603
SHA5125bebe9cc774c9c4c5481eceb82aabd917264c5c99a8b24936085402498c496bd03958aeb3b0c51f898875cf5034c8f87f80a7b17d28eef2a57b0f1c8783bb63e
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/localAppVer.cfgFilesize
5B
MD56a154fe077b0d71fab747079562e97ff
SHA19b80ca131fbc6cb5a944359bf46b2f5f301b25fc
SHA2562c1940937d13777dc0f2c5a890921ff13e98b91a9e9d443a42651d8d0d8b448d
SHA512249e676e0deb22642d1ef367787c42cb6723ff276759b6dc50f664cf765e4697a4623fa9d03da59afacee8d6d999752051620922ab8c033ab387da6d664e729c
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/verFilesize
197B
MD593557ef28b4884ba998dcac7eb874bdc
SHA10e31a00c00ddb946ece03c9cfa82e1824db8f708
SHA256dccab60e97343b6a986646eaaa22b03fe7287dc16c3d136b76efddfa1dcbce9c
SHA512fd672bac9673317e9b951af3ea423774d861ebdc5e34381c60ffda97f53a8c4375d5f21e99b50eb03b037ddaa5f8dd4789899d529e6792b925ccbfb03842c302
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/verFilesize
187B
MD5a74458488179ecb21be59b4f215bd69b
SHA189cf82e60ebf1c835aaf911284f06dc8c10f7a44
SHA256acf0fcf21ec7d8de40a463ce5e64e704690470de2ac13e4aba69060635bf1fd7
SHA5122c909383910b196e27f1577b267bb0869559dffc602709104c87db1a35658491e9fdec494b1bcbd6a20de7211ff31687cb21a76149063c355a0f78da815c9590
-
/storage/emulated/0/Android/data/com.ezfun.xyen/files/verFilesize
192B
MD5fd576c121b9abf9c28e75498fc52de53
SHA1ce8f31dbd0ace8d32561ceb45cdf5bb0f9d3d5ce
SHA256679f95167b6b961f56f1bade99a82a953c64ffe6ab889c9d5f94454cadcb80ba
SHA512a775e49f2e8289608a74db39fcd411e14661acb4a6c3143ec346c895290f3a081a264206ef5b995d26e543b0971e9eca1578b8581096eb03e0f6ac30b6eb092d