Analysis
-
max time kernel
130s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 08:07
Static task
static1
Behavioral task
behavioral1
Sample
a8a9b1f07f04219e9063d8c352076558_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a8a9b1f07f04219e9063d8c352076558_JaffaCakes118.apk
-
Size
9.6MB
-
MD5
a8a9b1f07f04219e9063d8c352076558
-
SHA1
ef6d427810df09028321eb2c22027b0307dd3928
-
SHA256
3a153d4f7a3995209cfc44cda6f0a59bd6f32ed908393d6004e4d16a9df88854
-
SHA512
fcb113206e28d4828df18e971dbd1783ef50f1a413d5225b72660bfb0c61c868a89b11c3c10019af352c7b505a5cd97b2afed28e381409dc26e17cbea409978f
-
SSDEEP
196608:F8V5zcUR69VKjUaCTVJI+pSgpjIv6/mD5eQsrUluKVby:F8rc+8V5aCTxpnp0ibtrUluKY
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
/system/bin/sh -c type sucom.txtbook.readerioc process /sbin/su /system/bin/sh -c type su /system/app/Superuser.apk com.txtbook.reader -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.txtbook.readerdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.txtbook.reader -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.txtbook.readerdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.txtbook.reader -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.txtbook.readerdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.txtbook.reader -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.txtbook.readerdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.txtbook.reader -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.txtbook.readerdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.txtbook.reader -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.txtbook.reader1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.txtbook.reader/app_crashrecord/1004Filesize
232B
MD54336755bf87986cf476241a0688b8c0f
SHA1ff64303e65a9ba038879adaa82ecd430e7ec9ca5
SHA256e58defeaa0ff497abfabd45bed66f4a73438a7cb805812b81114e7f55abf1c3c
SHA512313d6a55a8c3798e0b8795233021660fa6e677f54ac18f333f349a5ffe0e0e098f4951a81fb3442bba0e7ffd5eff42bf94209fd3a0c5edd7b509a8c6a5e03b55
-
/data/data/com.txtbook.reader/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.txtbook.reader/databases/aliclound_httpdns.dbFilesize
20KB
MD5eae6de26f251dfcb85fc3cbca903609b
SHA1f5008c61280f4fc4e7a6501e2d4361ee6edc2bc4
SHA256f01f5d5120c24e8aafb4517b0b90f8c1b975b89b958c94f49e5db33ad023dbc9
SHA512f8227b51cc64b66e0ca02b7ea47520c55e1a2187798b8cde412bef95fc6234f9254d61085baa333a28a067e8ec2a38bf465c75d99d110cac72ca95d628260792
-
/data/data/com.txtbook.reader/databases/aliclound_httpdns.db-journalFilesize
512B
MD5fbfb482ce5da38e28bfaec1e378e1e99
SHA1fe01106bd36037ea73167118ebfe25e3d6fe7560
SHA2568586999eb78a7d6980e8e8a6bc8449e4e8e9c59090ae6cd721b60fd19d57f2bc
SHA512f3b0b52a511e99f570e83d0a408417d1eb4253fc7d1f85e17d375f273b1d8560d9b440662bce18f0067a3905b7cbfe7f014baa620c9fe9bd3957ba94d88cab1f
-
/data/data/com.txtbook.reader/databases/aliclound_httpdns.db-walFilesize
32KB
MD5d9948f03a112cffaee0602bf35b7a081
SHA10cb396ef7c4fc5b2663aa4f1e85a5b240c8fe856
SHA2562d6b35bb944799463dbf21003d49b6b1394aaf967f3540153f3ab061b3e0cc18
SHA5124bdda826a8ca8f8b5e405990fd74554c0c94a13b384a43a65098887c1faca6c09efcea5f724369480ebbe2b27d321bd4576a8d26a028397e3898ed49efba23cc
-
/data/data/com.txtbook.reader/databases/bugly_db_-journalFilesize
512B
MD504928a0fbe900876e102f6af2148c0ba
SHA1a5ab6c46ce1f9673f541d90b0167f60ff58ac6f8
SHA25663b9433d16e08209c5397c7e313b18767365365fefbef2dec135aa15a4103008
SHA5123b89cfcd7c40107b7542caa0ce8fe25161933e710471d4694a5b3c557685f1810dc236be4d073741d66ab7d33b265a4ae96d6161965827df992211c5f422b55a
-
/data/data/com.txtbook.reader/databases/bugly_db_-walFilesize
80KB
MD5842308e1f4f638bb938ae7d79c7d3500
SHA10132e56ae2a01e6d8b77b83f6f0909b6c12bfd11
SHA2566da737a8fae1d6dc13caad859d0d7aefd236ea2d2441f68757c38b4f6b024bc0
SHA5129a58218b78995dd3461a04a5960f3dd7cf21af56347a78f002b3c51c9d74722eb730677a273c2036cf99fb9459d6bf0d96f80b5d170da6a0e6c308caa44e117d
-
/data/data/com.txtbook.reader/databases/cc/cc.dbFilesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
/data/data/com.txtbook.reader/databases/cc/cc.db-journalFilesize
512B
MD58f77673f07b884cda4a851413740c370
SHA17e2c91a92c1b7a734a5977ef95a970282f58f983
SHA25672821d345c7f62c93954621a9b2ba1c16303f0c57d55f52a8feec097f41fa73f
SHA5123d2429547f026ccec3b8a47f21fea3793a2719507e207c3740687ea39067890f18f4cc7a0bfe283ca8c973377557c0a8192fffdfad457634f229c3d44476fb03
-
/data/data/com.txtbook.reader/databases/cc/cc.db-walFilesize
48KB
MD547991f6d7a07bac1c606de6f4b5af600
SHA1d0907e593d8b9eb160b14a16eca11d21e1793136
SHA2560fa355d449d26e68020f93e0079819fd0c3505082fd97832c5300be60580ef9c
SHA512cec035101951daa1d524777051f9cf1ce551d890e7863dcbdf9ad2035d3b83c2fd46363ef856da24a636c13dca8e07e4d47cd06222e8007105701a7371ab2f2a
-
/data/data/com.txtbook.reader/databases/ishugui.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.txtbook.reader/databases/ishugui.db-journalFilesize
512B
MD5a19ec50e3f8a3dbc7ac2f9b02642789d
SHA147824440de99a5a01c98cffabd9e104328ed6539
SHA25659418453934368ea70743e41afee042d0df74666eea8636db15a4dbc37e13796
SHA5122b3a04dcb092d36352e5514a70be8c7040e87461717d0ef56bcee804e791e4aa6780a7946220dd42097b84a557d7fe1b24704ec10c0895c4210ee6cc627fb66a
-
/data/data/com.txtbook.reader/databases/ishugui.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.txtbook.reader/databases/ishugui.db-walFilesize
181KB
MD50d08c9dc47f5697f1f048b8f3068f5d6
SHA1ed4e04fa6385dbdb9bdad6e8b4304ff4f43a5faa
SHA256536688dc4ce6f40d47f506b1c19fb8464c789911233b40b2ad6f4f999d26ed6c
SHA5121cd5e26b22d7792fb2d729cf90ef1b53f8d846dcef3a32f54e4f5158f20e2efc0a4ff8e373a961b0edfb2e6cb0060f8a9fc4dc52f6e9c3ea3f93bc4d2338aa35
-
/data/data/com.txtbook.reader/databases/ua.dbFilesize
32KB
MD5af4360b4bf02cda50595f79b910c2416
SHA1a2fae50095026171a11143ba2af5a1fe570b6986
SHA2565f58639066e81261891677509b7ace0d91819a8d2908efb2896c4b72480ef90b
SHA512b582c235f8d9eb5af9881c1cb544e3d1a590318e37972dc3818a3ae49ce397841d394f5d5d403d5b8f91150d8223a3e6e457dbce1d69a826a0aaed8fd97cb3ec
-
/data/data/com.txtbook.reader/databases/ua.db-journalFilesize
512B
MD506a2ed52310d6e5d0cd3e79a0b252b80
SHA1db903814713beee33b19611e03a03c30a8fbd53c
SHA256b3da189630116edda7d5390676261debc8f97a7aaddbb840a805753d51b15494
SHA512a1d3efbd51d12d0101f00e3af40826984358a66fe855271413be1338a120936f2cb69a9d49346aa655955d078c294af4144a732e2dda8df401a5719713ff4e75
-
/data/data/com.txtbook.reader/databases/ua.db-walFilesize
52KB
MD587b2c1d7796302d7911ed2f72e852dce
SHA13e9ff79f0a84dddeb32eb8651ab63b8b47e351bd
SHA256c54af5198b2937876ddd0e114ebd69829858d1aab163c4457d4ded0f26913b85
SHA5122e8ac953472f0f041f62469f0bf7c8ada82f21d8478f1f3e4e72aef78a31222a422d5168bf8b5f8e81858c8baa98923f0443f314af6c7cf2c9e769ffe5ba31fc
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD50c143618fdc2b002f6f65385c13de6e1
SHA1dae2873caae395fbed504dd3771457a934b92956
SHA2569f80733bb2acb24131a23eefd03803ee0cbac42d6a49997e737dd0b661f79722
SHA512a919b0aef32a4b8f662cf7f7c6a47d22dd6acf2240870d333b245a8638972aee0cfffd37310b3b6ef0478dfbf2e2698fdbe1d7ca03f470df1da13c6b9369d210
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD54a60b97043385c429c86358e7e76943b
SHA1ebb01e140979162dc653d97fbb7cecc0076b584b
SHA256d3fea38951453fd28a04f416e6a164257bf33c1104e20a072b95facb61968c87
SHA512c3b664d51f8966fe93bc073cd19d03c8152e9e2b8b05368b5ce984c0b3c59679051e7de7b8c58cb4fa2d4fc41d6966be360736bf14f0653d264048944d02a05a
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD59a985df9e41675ecc4d767bb273347e8
SHA1fc14681a3069a3b4d64a22dc690ba936e0dad8d5
SHA256e8a9e46112ceab9ec936dc794301d2e62967002fdab0be39635f018b9805d60d
SHA512d293bd47fb1d8a391b05c952a71692363441e97cbb52e8537ff57bf2246b1b1dcfee6e314c5537ee10d5a4af62423be6acc7262eb5729d3fba003130177d5f8b
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD56c2d15ed4d7752e02239c873abfc6c0a
SHA1d747529e22c600a56ff54a0cf4e04b9499c41571
SHA25622bd8c050be8a3f4a22b54d209d5751dcaedc0316dca2bbe51b8bfb8619c62f5
SHA5129f3e20237fd131a75371c9801f9ca9167232e37ee20df2159f7aa94b923d766cdef042bbecb34ec465e18b5d50ac94e3987d0ffbc5e88fcc414c9f7f8b357b1b
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03