Analysis

  • max time kernel
    130s
  • max time network
    185s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 08:07

General

  • Target

    a8a9b1f07f04219e9063d8c352076558_JaffaCakes118.apk

  • Size

    9.6MB

  • MD5

    a8a9b1f07f04219e9063d8c352076558

  • SHA1

    ef6d427810df09028321eb2c22027b0307dd3928

  • SHA256

    3a153d4f7a3995209cfc44cda6f0a59bd6f32ed908393d6004e4d16a9df88854

  • SHA512

    fcb113206e28d4828df18e971dbd1783ef50f1a413d5225b72660bfb0c61c868a89b11c3c10019af352c7b505a5cd97b2afed28e381409dc26e17cbea409978f

  • SSDEEP

    196608:F8V5zcUR69VKjUaCTVJI+pSgpjIv6/mD5eQsrUluKVby:F8rc+8V5aCTxpnp0ibtrUluKY

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.txtbook.reader
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4196
    • /system/bin/sh -c type su
      2⤵
      • Checks if the Android device is rooted.
      PID:4292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.txtbook.reader/app_crashrecord/1004
    Filesize

    232B

    MD5

    4336755bf87986cf476241a0688b8c0f

    SHA1

    ff64303e65a9ba038879adaa82ecd430e7ec9ca5

    SHA256

    e58defeaa0ff497abfabd45bed66f4a73438a7cb805812b81114e7f55abf1c3c

    SHA512

    313d6a55a8c3798e0b8795233021660fa6e677f54ac18f333f349a5ffe0e0e098f4951a81fb3442bba0e7ffd5eff42bf94209fd3a0c5edd7b509a8c6a5e03b55

  • /data/data/com.txtbook.reader/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.txtbook.reader/databases/aliclound_httpdns.db
    Filesize

    20KB

    MD5

    eae6de26f251dfcb85fc3cbca903609b

    SHA1

    f5008c61280f4fc4e7a6501e2d4361ee6edc2bc4

    SHA256

    f01f5d5120c24e8aafb4517b0b90f8c1b975b89b958c94f49e5db33ad023dbc9

    SHA512

    f8227b51cc64b66e0ca02b7ea47520c55e1a2187798b8cde412bef95fc6234f9254d61085baa333a28a067e8ec2a38bf465c75d99d110cac72ca95d628260792

  • /data/data/com.txtbook.reader/databases/aliclound_httpdns.db-journal
    Filesize

    512B

    MD5

    fbfb482ce5da38e28bfaec1e378e1e99

    SHA1

    fe01106bd36037ea73167118ebfe25e3d6fe7560

    SHA256

    8586999eb78a7d6980e8e8a6bc8449e4e8e9c59090ae6cd721b60fd19d57f2bc

    SHA512

    f3b0b52a511e99f570e83d0a408417d1eb4253fc7d1f85e17d375f273b1d8560d9b440662bce18f0067a3905b7cbfe7f014baa620c9fe9bd3957ba94d88cab1f

  • /data/data/com.txtbook.reader/databases/aliclound_httpdns.db-wal
    Filesize

    32KB

    MD5

    d9948f03a112cffaee0602bf35b7a081

    SHA1

    0cb396ef7c4fc5b2663aa4f1e85a5b240c8fe856

    SHA256

    2d6b35bb944799463dbf21003d49b6b1394aaf967f3540153f3ab061b3e0cc18

    SHA512

    4bdda826a8ca8f8b5e405990fd74554c0c94a13b384a43a65098887c1faca6c09efcea5f724369480ebbe2b27d321bd4576a8d26a028397e3898ed49efba23cc

  • /data/data/com.txtbook.reader/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    04928a0fbe900876e102f6af2148c0ba

    SHA1

    a5ab6c46ce1f9673f541d90b0167f60ff58ac6f8

    SHA256

    63b9433d16e08209c5397c7e313b18767365365fefbef2dec135aa15a4103008

    SHA512

    3b89cfcd7c40107b7542caa0ce8fe25161933e710471d4694a5b3c557685f1810dc236be4d073741d66ab7d33b265a4ae96d6161965827df992211c5f422b55a

  • /data/data/com.txtbook.reader/databases/bugly_db_-wal
    Filesize

    80KB

    MD5

    842308e1f4f638bb938ae7d79c7d3500

    SHA1

    0132e56ae2a01e6d8b77b83f6f0909b6c12bfd11

    SHA256

    6da737a8fae1d6dc13caad859d0d7aefd236ea2d2441f68757c38b4f6b024bc0

    SHA512

    9a58218b78995dd3461a04a5960f3dd7cf21af56347a78f002b3c51c9d74722eb730677a273c2036cf99fb9459d6bf0d96f80b5d170da6a0e6c308caa44e117d

  • /data/data/com.txtbook.reader/databases/cc/cc.db
    Filesize

    36KB

    MD5

    5d7ea1a23af19b4340cc8d90f28297d5

    SHA1

    4cfe95b23a9e98378d69c4290af81b51fbe76aea

    SHA256

    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

    SHA512

    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

  • /data/data/com.txtbook.reader/databases/cc/cc.db-journal
    Filesize

    512B

    MD5

    8f77673f07b884cda4a851413740c370

    SHA1

    7e2c91a92c1b7a734a5977ef95a970282f58f983

    SHA256

    72821d345c7f62c93954621a9b2ba1c16303f0c57d55f52a8feec097f41fa73f

    SHA512

    3d2429547f026ccec3b8a47f21fea3793a2719507e207c3740687ea39067890f18f4cc7a0bfe283ca8c973377557c0a8192fffdfad457634f229c3d44476fb03

  • /data/data/com.txtbook.reader/databases/cc/cc.db-wal
    Filesize

    48KB

    MD5

    47991f6d7a07bac1c606de6f4b5af600

    SHA1

    d0907e593d8b9eb160b14a16eca11d21e1793136

    SHA256

    0fa355d449d26e68020f93e0079819fd0c3505082fd97832c5300be60580ef9c

    SHA512

    cec035101951daa1d524777051f9cf1ce551d890e7863dcbdf9ad2035d3b83c2fd46363ef856da24a636c13dca8e07e4d47cd06222e8007105701a7371ab2f2a

  • /data/data/com.txtbook.reader/databases/ishugui.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.txtbook.reader/databases/ishugui.db-journal
    Filesize

    512B

    MD5

    a19ec50e3f8a3dbc7ac2f9b02642789d

    SHA1

    47824440de99a5a01c98cffabd9e104328ed6539

    SHA256

    59418453934368ea70743e41afee042d0df74666eea8636db15a4dbc37e13796

    SHA512

    2b3a04dcb092d36352e5514a70be8c7040e87461717d0ef56bcee804e791e4aa6780a7946220dd42097b84a557d7fe1b24704ec10c0895c4210ee6cc627fb66a

  • /data/data/com.txtbook.reader/databases/ishugui.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.txtbook.reader/databases/ishugui.db-wal
    Filesize

    181KB

    MD5

    0d08c9dc47f5697f1f048b8f3068f5d6

    SHA1

    ed4e04fa6385dbdb9bdad6e8b4304ff4f43a5faa

    SHA256

    536688dc4ce6f40d47f506b1c19fb8464c789911233b40b2ad6f4f999d26ed6c

    SHA512

    1cd5e26b22d7792fb2d729cf90ef1b53f8d846dcef3a32f54e4f5158f20e2efc0a4ff8e373a961b0edfb2e6cb0060f8a9fc4dc52f6e9c3ea3f93bc4d2338aa35

  • /data/data/com.txtbook.reader/databases/ua.db
    Filesize

    32KB

    MD5

    af4360b4bf02cda50595f79b910c2416

    SHA1

    a2fae50095026171a11143ba2af5a1fe570b6986

    SHA256

    5f58639066e81261891677509b7ace0d91819a8d2908efb2896c4b72480ef90b

    SHA512

    b582c235f8d9eb5af9881c1cb544e3d1a590318e37972dc3818a3ae49ce397841d394f5d5d403d5b8f91150d8223a3e6e457dbce1d69a826a0aaed8fd97cb3ec

  • /data/data/com.txtbook.reader/databases/ua.db-journal
    Filesize

    512B

    MD5

    06a2ed52310d6e5d0cd3e79a0b252b80

    SHA1

    db903814713beee33b19611e03a03c30a8fbd53c

    SHA256

    b3da189630116edda7d5390676261debc8f97a7aaddbb840a805753d51b15494

    SHA512

    a1d3efbd51d12d0101f00e3af40826984358a66fe855271413be1338a120936f2cb69a9d49346aa655955d078c294af4144a732e2dda8df401a5719713ff4e75

  • /data/data/com.txtbook.reader/databases/ua.db-wal
    Filesize

    52KB

    MD5

    87b2c1d7796302d7911ed2f72e852dce

    SHA1

    3e9ff79f0a84dddeb32eb8651ab63b8b47e351bd

    SHA256

    c54af5198b2937876ddd0e114ebd69829858d1aab163c4457d4ded0f26913b85

    SHA512

    2e8ac953472f0f041f62469f0bf7c8ada82f21d8478f1f3e4e72aef78a31222a422d5168bf8b5f8e81858c8baa98923f0443f314af6c7cf2c9e769ffe5ba31fc

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    0c143618fdc2b002f6f65385c13de6e1

    SHA1

    dae2873caae395fbed504dd3771457a934b92956

    SHA256

    9f80733bb2acb24131a23eefd03803ee0cbac42d6a49997e737dd0b661f79722

    SHA512

    a919b0aef32a4b8f662cf7f7c6a47d22dd6acf2240870d333b245a8638972aee0cfffd37310b3b6ef0478dfbf2e2698fdbe1d7ca03f470df1da13c6b9369d210

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    213B

    MD5

    4a60b97043385c429c86358e7e76943b

    SHA1

    ebb01e140979162dc653d97fbb7cecc0076b584b

    SHA256

    d3fea38951453fd28a04f416e6a164257bf33c1104e20a072b95facb61968c87

    SHA512

    c3b664d51f8966fe93bc073cd19d03c8152e9e2b8b05368b5ce984c0b3c59679051e7de7b8c58cb4fa2d4fc41d6966be360736bf14f0653d264048944d02a05a

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    9a985df9e41675ecc4d767bb273347e8

    SHA1

    fc14681a3069a3b4d64a22dc690ba936e0dad8d5

    SHA256

    e8a9e46112ceab9ec936dc794301d2e62967002fdab0be39635f018b9805d60d

    SHA512

    d293bd47fb1d8a391b05c952a71692363441e97cbb52e8537ff57bf2246b1b1dcfee6e314c5537ee10d5a4af62423be6acc7262eb5729d3fba003130177d5f8b

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    167B

    MD5

    6c2d15ed4d7752e02239c873abfc6c0a

    SHA1

    d747529e22c600a56ff54a0cf4e04b9499c41571

    SHA256

    22bd8c050be8a3f4a22b54d209d5751dcaedc0316dca2bbe51b8bfb8619c62f5

    SHA512

    9f3e20237fd131a75371c9801f9ca9167232e37ee20df2159f7aa94b923d766cdef042bbecb34ec465e18b5d50ac94e3987d0ffbc5e88fcc414c9f7f8b357b1b

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03