Analysis
-
max time kernel
7s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
14-06-2024 07:09
Static task
static1
Behavioral task
behavioral1
Sample
a8762fcd2bca8e03d8cccc9a0e4ca9ff_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a8762fcd2bca8e03d8cccc9a0e4ca9ff_JaffaCakes118.apk
-
Size
15.0MB
-
MD5
a8762fcd2bca8e03d8cccc9a0e4ca9ff
-
SHA1
7f6f0853c6312c0f42eb1114f4d2ce41b3c3c5f9
-
SHA256
bc324a8d229b383bb3f68012b2be966b65fd2ea7b716c1c4f01ea49a30400734
-
SHA512
de4317bf343c944325b80e92cd17272a948e5832e46be5443f22a51befed8c1076c16b12baf984fa7f04d191491c6b62f9f300aee2894ddb53d3b1799df72b70
-
SSDEEP
393216:egEV8+dxZ655tOpdf/NKPMAVyHPEr78iAjeE0bGM4Lsgz5:egOxA5jOD9K1V17ueE0Yg65
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.xueqiu.androiddescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xueqiu.android -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.xueqiu.androiddescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xueqiu.android -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.xueqiu.androiddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xueqiu.android -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.xueqiu.androiddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.xueqiu.android -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.xueqiu.android1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.xueqiu.android/databases/bugly_db_Filesize
80KB
MD590b95b3bce9fd6095547687737824c7c
SHA16bdee3678498613197871556b9816768d733932e
SHA25691df2fc0f3b2f1d3d27b790dfcaff36993bca050cbad5aa35d4f13605427d5f9
SHA5123e0f4f0be1d2d3effc8da2f9e659f54fed815cc850db745a5278dc89f879b7359aab93cac97ae5a0e67eb613bd6f24693e039da7e780ace35ee09426d8a6565b
-
/data/user/0/com.xueqiu.android/databases/bugly_db_-journalFilesize
8KB
MD533f51730f7de8368313aa55bfeef1899
SHA1302acb086ba6f366675222a574417d40dfca1191
SHA2566905ec5a7457ab081548718dd1f83cefd63f3249b485fed8fd1a3db43f89225f
SHA512e40a045259e18349bd46ee7a22c595bbaead9b2c4104c993388a804002da3fb3a07e374a65b6ed01a312575ae8fb23579df3d88cef768ef0a151f59293d9f22d
-
/data/user/0/com.xueqiu.android/databases/bugly_db_-journalFilesize
52KB
MD58a60671dfa4d0f3cb006c1bb5bcd41f8
SHA14eaf13fa5e6ded64a7f7fc9f86c2abd8ac89ae81
SHA2562b3554923c38edb498d923e1908b6a1fa47dfb2f3d629310983ebbb96e84013a
SHA51280cdebe33cf46a66e70cb24330cf1196fead4c835a831e1e62badd4886f7805f9c8d8c9dfd07c751ef189349c4a13ed0a6fe78c3a3fa43a2c598d4b301c0a847
-
/data/user/0/com.xueqiu.android/databases/bugly_db_-journalFilesize
512B
MD5c139303e4fa6756b6053d9c564d9687d
SHA1f25c324d3aa241298f0f7c89d5ba33277c384044
SHA256f2550992a3db40728c5fb16010214486d0dc123dc6b0ead07042465d99608543
SHA51267e47b3d143a0d5df58a4a677aca29c8c828d57a517a7bddb6a52c8582cd24df201f9159da629429878a28de59744cbd5b325a0bae364d007f2a07bfa773d108
-
/data/user/0/com.xueqiu.android/databases/bugly_db_-journalFilesize
8KB
MD5906376345c5a0ed462d14440f87e7676
SHA1a78a0b0cd16f1345fdd2578a323bdb133516777f
SHA2560d73a877d5e868a440948c9f720f74d16456cbeeedb2787ba7eb95d906bd46fc
SHA512ac981eafb91f72b325641cfa3b244d34a888c9a0382dd847ba5eb83b554147eb8804b101fe7ce7d672861d3a3f6b91e567a60aa96fbef2d582859817ae9889e7
-
/data/user/0/com.xueqiu.android/databases/bugly_db_-journalFilesize
8KB
MD5e2e1790c1f9d3e2093481f388896c288
SHA1f3c88694b97fae246ef47c73798faf1d174b109d
SHA256c1134fec76ecee9e33a1cf1c7ebb24d6b43641eed94ad864db4b7a59a014e9fd
SHA512db9df1b035f036230fd72329fb550366620bc7c7d183ab565f901d0e7ca68d74e917bf82cbf5dcbc196ccf08ae96125ee59b7f60df6f8bf25192e632b13fef91
-
/data/user/0/com.xueqiu.android/databases/bugly_db_-journalFilesize
12KB
MD503e1176f908876346e962c4428316407
SHA19d9122a59895117268a69a4f13014a9423301232
SHA256494fd27680578a2e23ee0f6b05a53e9b007e3a4da4fed98d7165e1239ee5b886
SHA512b092453b8f3e8c4696a24aad64f1937640a77eee9003b62975e9fedc92314425664349248de52abe57d86e9269604383813148583f3f2f84b24326e73cf9e8aa
-
/data/user/0/com.xueqiu.android/files/0/db_home/00000000.jdbFilesize
992B
MD5fa1d880c2c8872b98a27c43812451527
SHA14472d70258e6af1cf1b176e555952a7ed4ffbeaa
SHA25629d2d4306cb59c24a1cb89872435b6d4e3948b2833d037caf0c399428ad29bf6
SHA512deb3cc49f8f4a14fc44ffa577d490367b0e29cd91a01cddb29423ed455acb1a971295097c690cf49398ff1c2472e78d74f2af55dfd6b44db661f6454a879e13b
-
/data/user/0/com.xueqiu.android/files/0/db_home/00000000.jdbFilesize
2KB
MD598f6faecab84ede98692894e990218d6
SHA1a0129f4076fab61d46ed752e0be33549c183aac5
SHA2567cc215213d256ae9eea351805c94432d83d08eee0fc0374d5489c032b427d3c2
SHA5124e07ff66df6545a4b6257a14b73a6b8fb969e4ad9080dee788e52cb5c2ca5ca5735549889111045416d2f8f3de6e6d81d5cb1f29680e3834f9aaaddfc635ad66
-
/data/user/0/com.xueqiu.android/files/0/db_home/je.config.csvFilesize
3KB
MD517190918a9e081874d8d93da9b01fb64
SHA1331e3f2e63d852e9c4866107f3ef8f96fb55c5e2
SHA25641132d4ca925925ff27bbbe6ac05783b6b32cd595c6e0d70ab60fc81d4031603
SHA512ef602313cda3f686b20c1894343a14b2aa7928040670eac4a3555cbb967dcb77a702d221147c00d3fd28589ae560336e4888fb0dd92bdf1ccabfa92fef7c2454
-
/data/user/0/com.xueqiu.android/files/0/db_home/je.config.csvFilesize
868B
MD572f9b6c82c22db73406accbf283c0277
SHA1a88f0fc867eb6f9670cce27e1bbda2cd571e17a5
SHA2569de5f46296a6461a83b7e8e6bdb210033725d581160de58417d3234a2ac6ba9f
SHA512828727e7d96308c5ed1a49de5a5063e33208235d31ab5e94f41615d12d5ef223c72746bd13ca3c3127c0ca10b035095ed120312edb9ecd54d964944ee9483120
-
/data/user/0/com.xueqiu.android/files/0/db_home/je.stat.csvFilesize
3KB
MD52e94749a31748e0e1bf938cebe5bae0a
SHA187705c2a8781f3e8e1a44d0b6157427d1e69c43d
SHA2564757cbd53cb3224000c92bce4d901be950834436a88c139a8e220018f055157e
SHA5120668f4ca5fb813a956caa90d8a41d69b0a230ff79bb14c2033e18690cdb96b1fda810179a632dcbb32fbd327bba81243e7cdd1b91a61218232977d7cdf829c7d
-
/data/user/0/com.xueqiu.android/files/0/db_home/je.stat.csvFilesize
414B
MD5db9633455acdf75f24494a513ae2451a
SHA15957d740acd0f66d81d1473e53509e94f81964fd
SHA2569ed384b43cc084af2037b7248bd6e4481994d712301e4c215edd3fbb4cb8d445
SHA512d5dbb75244e28d27a8744715d50c5710c16872034fe21231bc965897e3bc5f2604ed5f771c2e46e253f831a0e4499895dcd39a18ad56c11cddbb3cf128b11ac5
-
/storage/emulated/0/snowball/image_cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56