Analysis
-
max time kernel
149s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:35
Static task
static1
Behavioral task
behavioral1
Sample
a88c71df45fc84aa4c51249ce5a22a50_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a88c71df45fc84aa4c51249ce5a22a50_JaffaCakes118.apk
-
Size
30.5MB
-
MD5
a88c71df45fc84aa4c51249ce5a22a50
-
SHA1
fe1efbf46e80e9e67e40efcfb67ec3b1ae35b46a
-
SHA256
75a0c29df2903ebb2c78800b38ebc3da9e65ef7fb4941f479079ea6f1347841e
-
SHA512
9c34a11d2c634bd26c86dd9469fcec5c0ecc8c04b292cc4685f30e7f3e059382fa1bbb242dca81ed5c33168de4d52abf03e2ea8d376dc17f33b5e760cf5fddba
-
SSDEEP
786432:tAxYYFJxEIihzX/l56XGpZPYLpFZJwCqr7wA4h0Mp1F8:C7JE1jZpYvnteixH8
Malware Config
Signatures
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
com.mrcq.manba.tyydescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.mrcq.manba.tyy -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.mrcq.manba.tyydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mrcq.manba.tyy -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.mrcq.manba.tyydescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mrcq.manba.tyy -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.mrcq.manba.tyydescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mrcq.manba.tyy -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.mrcq.manba.tyydescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.mrcq.manba.tyy -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.mrcq.manba.tyydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.mrcq.manba.tyy -
Checks CPU information 2 TTPs 2 IoCs
-
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.mrcq.manba.tyy1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
/system/bin/cat /sys/devices/system/cpu/present2⤵
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/meminfo2⤵
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.mrcq.manba.tyy/cache/.AIR/certificates/javaTrustConverted.tmpFilesize
209KB
MD5716f9e5ba9b89c640a964df82c8ecd33
SHA1b5cec8bb11901787248f0e87dd63c644bef451bb
SHA25690654227683d65fe2db9adad80e7c13cc13a73e956462e9e25a3056d9c05a667
SHA5121faab965ba2ecf12e979785c17549df8c118e8ca25f8e3264f3d2be8506c531e36e9e96d945e16955522aa83c7b6921de3ed0474b99042f7354d46da5b07620a
-
/data/data/com.mrcq.manba.tyy/cache/.AIR/certificates/javaTrustStore.tmpFilesize
149KB
MD5fa47a888a58e9c45b88b001a4ac72367
SHA1ef46029106b6ecb561383075e43b26f3afb90fb6
SHA2561628758e26b6106cdbd0b44a792d1e2f2705a53e7d0c606f5a5a21661008c858
SHA512f69f21ce74990951dd1ea714ad26e62c1fac8c35d30e0c7fb057a7ccc501a32be4b2851303309c83d0f411be4af43e6afe8d24bb83bb6852f261fc5f047ab38b
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/GameLoader.swfFilesize
30KB
MD56675ef6ab5720abe4c5fcc5f03d2cdc4
SHA1aac4606a7b665d9cbdf27ac261b03efbf6e972a5
SHA25662e55b4e453e87e88da05be73eea3bbff28e706a84eac85a3db9bc4e8188a1ca
SHA5126e2286750be3db1d01471c8cc6c936073e7b9763fcccc6dab784671ba8ceafe75b83356d371edad34030a233d91dc2f4911f065a5acd71d1fa75e1d0f5268c6f
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/application.xmlFilesize
10KB
MD5f66d9a5bb697c37f354f96b1a219f863
SHA11d8bb35cf9ffda12ea46feab3b56fe10d5cfe042
SHA256e93d569b1d90ca28bffaf071aeef8eb18847402547df277324e547645ddcb444
SHA5123290ebe7a58b1aa182fad04f97618787835580aec8a110fca94fe6e2af02480006309c1ecfb592bb42fa804f0d315d640bf71912549dc56e9bc24134c35002b1
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.freshplanet.KeyboardSize/META-INF/ANE/Android-ARM/library.swfFilesize
2KB
MD5859750b9558d44c159c22a2c09a1b3f5
SHA12cd03bfbc227a8e8eb31e3c576547c2579f9cd45
SHA256295e9a9134b74522a02e983beb966639a273052690ac4bb753f6a731053eac33
SHA5120b17741812addc2a2cb055afd3adb104399925e990ed88b10d5fa16d9e6de2899968758d8f37b3b6a5711ed962098dea74dc8484367ccb7bb54f06c34c77c2e4
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.freshplanet.KeyboardSize/META-INF/ANE/extension.xmlFilesize
1KB
MD5c8bb35e45eda1c55ae62fbb6880a2bb7
SHA1074b79744e270a595f7f37694a388d93b5fcd412
SHA2565d67ba5690c7d91c398130725848fd82767a0495a1a36cf54519d3b3c343d78b
SHA5120db3eb87f1eee12f63864059e985e321c50e0037a007f7612cb2e1ab27a64374c20c7a4d2a7fa392f4732134f633f783e3f6495d7260707e4315471724da818b
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.quicktq.Extension/META-INF/ANE/Android-ARM/library.swfFilesize
6KB
MD50256cfb040cf0f00487b5936d6c1dc1c
SHA19b3a299f02e797eb5a070746848112e6aa7a9cc1
SHA25625c17f5d9c47dedb59d01696cebeba0ddc556cef0a078b7e716652e04182c30c
SHA512c1c6120d174dfb43a9f08accba39e4a2f66142a1056a0ef76269560729df0b181720205db6af98a09c502bc2bf44b40a0d4e0b133965350028c13b0428c25c83
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.quicktq.Extension/META-INF/ANE/extension.xmlFilesize
1KB
MD5b4a9b33358507b0b73c80c965a498ea9
SHA1a505b3e278a8095804e24f0407880cf64eb106fd
SHA256ce482d7099ce58c2278ee66e7f1fc94b170178a59cdf8c68982b39cb09590bf5
SHA5121d80837785a8df4960ed3a51c5cea9b2297031b1f34d6dc39a0068a6b0b32daec69fb81ad1eafba3c9e701e6da64ef208044624ef4d5636506b15da33fb2f53d
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.xyane.utils/META-INF/ANE/Android-ARM/library.swfFilesize
1KB
MD50b6d13067014907230f72d1068aab7b0
SHA16ebc24dbfa7f3c54071916aeb6b72cdc3d01b4b9
SHA2562aef68d2578a1bc609f0f5ce47700ce24023bf2ac74eb2e5bce4b52946feecc1
SHA512b0ddf61b650a51fe15c1285cb95ffa660c7521161ded50c95903cfaa4461632a50e4c2f4c9f2ac3321c95d625b9a774bdd4ec1e1c2e59c876e1c8d61cd4e9161
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.xyane.utils/META-INF/ANE/extension.xmlFilesize
1022B
MD5ebdfb3381511b36c8bcccd6a04a17ac7
SHA185db017629590c41cbba499f863b537be2e178c2
SHA256359ee3304b898b5b2aa9410174b07a11e09883df256cb295292bf3136deb8e6a
SHA512f810427be59954cc88731328101ef9b7d787eba4beef6fa5c9ca892a764e9c536390642952939d0169df85c0ae18c8f27859e08a3945fbcf3e841d4d78389fc4
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/MobileMain.swfFilesize
923KB
MD5860da7a6da65fe0e4a99b8de3d527d8a
SHA1d178d0a81a53cae2651da24679263cc17633b590
SHA2560071211a34426270a8ae83c469f7c0f5c1f473833cc6400d8fbdb5240b123bca
SHA51260b668dd3f5c4e830928c017dd2f08668cbe926d54995562b3a79a2ea08f38646951abf6de5fb314ce7c3d8c9b6793dac5d3896ec40724ee449f99eafd5a92cb
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/config/config.txtFilesize
193B
MD531b351eb78afe2ac5e05cf30f1737601
SHA1f184da333a1eae783b0e80f8238af6555107aac3
SHA25652be091328a58d83c9ecafd1a760b1d3448d025675128547d465ff0f0716b0ab
SHA51214b2d8552770ef03806ef7b77edb88a2f919739e6e52bac0b64c55390bacc65c682e0bcca8821e59703c4439b88e0bfd3856b2c8d841f420a15148916729b45f
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/config/parameters.txtFilesize
187B
MD569d5a1e3c492415923122dd1777e281c
SHA1bc986a22cc400c314313ee83a7973992ff39f44f
SHA2567f766f7cb7194884bb4ad48d77095afdbb95820340116b5a19551751914a7324
SHA512d5520c431ab3eff4a88a177300ba459cc1c77576cec84d3d8a1a6d4cf7013ef4346bebfb03f598157499892db1ab178e3486b9dfcab19d36c0ee6b46094ed53d
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/loadbg3.jpgFilesize
890KB
MD56d7335066a75069369c681bc225c513d
SHA1c74e0ac4595692b535adcab084f32c1423491d8b
SHA25616239791878dee31970084f0ac5b58ea4fd42753dfea61ec67faaea627b84825
SHA512896f821e4cd9bb3dc32a8cbbda77619210f79d6caa8eff6b23d77eedbe32cc1fd2a68edbbc46164025c9816ad52e90f57ff96b4dd6046371066718bf28da815b
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/loading_m/jd.wdpFilesize
11KB
MD5ce11b043c2039132fac3cdd0017f3744
SHA1d8beb6c862ea4543293038a941662db56638c5a7
SHA25639828e1362af8c616fd677bafe37433c8e2cf23e2e65bc41a7f3ee66844d38a9
SHA512c5de3235beb1627dc579bca657eb08ce81c8ac9461249c8397e2ce89bcdd01a34c838b5b1eedb5c994b9e0f1780104b68d7d375fe7f00508ccbd2fddbe0e4154
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/loading_m/lan.wdpFilesize
17KB
MD517b61021de213a2054158981974928d3
SHA1807e94d968b9d99f1572c15232cf717fb22ad538
SHA2568687f0d12c9f0e04ed4d34343854ce0ee708a978baeb748698a0e159b25a6f34
SHA5129b99aa9f120355645b490cf460e5e1ca50b115cfe93a593a679e42c5f3ceac997a6e0f43fcc8c864aba7bffd7ab4707daa383590ce24e4ef6233eb4997940809
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/patch/v.txtFilesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/ui_android.datFilesize
11.1MB
MD500cd24f5566ef49e3dfbe72ffb550e07
SHA19b483e27b2b0421896cf58d7362a1b3a67ca7d59
SHA256e9225b5e8e612990ed0b43610e08fcb46771b08733504fc7ff0add2451a74ed2
SHA512df52cfeb58f7bd16115c8d6f8614db1da5fe1cf89700d079d9b734a13e99523dc4256101409f7d57bfef3da1a5fa9671a322f824ccff086243664859b8defe39
-
/data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/ui_xml.datFilesize
191KB
MD5935581e1d249e594b921c605ce1846c0
SHA16177588b73a2c5d25dbbbe54aadd4d05f5afae8f
SHA256c7ee4d5d2fb46d488ea9863cd4c8edb9eb489cee484597085e7afccc6130582c
SHA51211793e8881fa56642288eb5d14c62067fe3cb348a9de310d73aa5b5b857351bfdbd9f27d9b22e581d4b2b46cb93bccac7d100d6c44e1ba151b077029b6f98f26
-
/data/data/com.mrcq.manba.tyy/com.mrcq.tianzhan/Local Store/#SharedObjects/GameLoader.swf/delvers.sxxFilesize
45B
MD521e0f9b99b2c17addbc8d0cc9c296b6e
SHA13c9b9b08650605ef03cd12aefc6087637fbab70e
SHA256e4217dfbc6ad0a573d75616f27c53d30c3d437db7a6ee047234ae7322d67707d
SHA512ee920fb6e4be6c5932f8b8e3db692e6968e3c38bb6b2853cf91d1b9885f00925e0e701606c58b03b522470f0197a3ce27f38dde6237329486a8d6ef219cc71d6
-
/storage/emulated/0/UcQkDir/qk.dvid.txtFilesize
65B
MD5c2fb36fc52bc03cd5b3ab01a3e77f9c7
SHA18ea077b39698e4accdc50a87de0c7f5f9d821193
SHA256b939b20624cd953f376a64ff2f1022339af2b47281a1c3d226efd3c243d03652
SHA5126603fa6b7985f79c45d7c577cead6c7798e457af8988ca0af6494412475ad9a36eb99fc5d0b60a68d64c501da790d2da6097866325f3dc00687cc47d04b09dc9