Analysis

  • max time kernel
    149s
  • max time network
    183s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 07:35

General

  • Target

    a88c71df45fc84aa4c51249ce5a22a50_JaffaCakes118.apk

  • Size

    30.5MB

  • MD5

    a88c71df45fc84aa4c51249ce5a22a50

  • SHA1

    fe1efbf46e80e9e67e40efcfb67ec3b1ae35b46a

  • SHA256

    75a0c29df2903ebb2c78800b38ebc3da9e65ef7fb4941f479079ea6f1347841e

  • SHA512

    9c34a11d2c634bd26c86dd9469fcec5c0ecc8c04b292cc4685f30e7f3e059382fa1bbb242dca81ed5c33168de4d52abf03e2ea8d376dc17f33b5e760cf5fddba

  • SSDEEP

    786432:tAxYYFJxEIihzX/l56XGpZPYLpFZJwCqr7wA4h0Mp1F8:C7JE1jZpYvnteixH8

Malware Config

Signatures

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 2 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.mrcq.manba.tyy
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4305
    • /system/bin/cat /sys/devices/system/cpu/present
      2⤵
        PID:4344
      • /system/bin/cat /proc/cpuinfo
        2⤵
        • Checks CPU information
        PID:4369
      • /system/bin/cat /proc/meminfo
        2⤵
        • Checks memory information
        PID:4389

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.mrcq.manba.tyy/cache/.AIR/certificates/javaTrustConverted.tmp
      Filesize

      209KB

      MD5

      716f9e5ba9b89c640a964df82c8ecd33

      SHA1

      b5cec8bb11901787248f0e87dd63c644bef451bb

      SHA256

      90654227683d65fe2db9adad80e7c13cc13a73e956462e9e25a3056d9c05a667

      SHA512

      1faab965ba2ecf12e979785c17549df8c118e8ca25f8e3264f3d2be8506c531e36e9e96d945e16955522aa83c7b6921de3ed0474b99042f7354d46da5b07620a

    • /data/data/com.mrcq.manba.tyy/cache/.AIR/certificates/javaTrustStore.tmp
      Filesize

      149KB

      MD5

      fa47a888a58e9c45b88b001a4ac72367

      SHA1

      ef46029106b6ecb561383075e43b26f3afb90fb6

      SHA256

      1628758e26b6106cdbd0b44a792d1e2f2705a53e7d0c606f5a5a21661008c858

      SHA512

      f69f21ce74990951dd1ea714ad26e62c1fac8c35d30e0c7fb057a7ccc501a32be4b2851303309c83d0f411be4af43e6afe8d24bb83bb6852f261fc5f047ab38b

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/GameLoader.swf
      Filesize

      30KB

      MD5

      6675ef6ab5720abe4c5fcc5f03d2cdc4

      SHA1

      aac4606a7b665d9cbdf27ac261b03efbf6e972a5

      SHA256

      62e55b4e453e87e88da05be73eea3bbff28e706a84eac85a3db9bc4e8188a1ca

      SHA512

      6e2286750be3db1d01471c8cc6c936073e7b9763fcccc6dab784671ba8ceafe75b83356d371edad34030a233d91dc2f4911f065a5acd71d1fa75e1d0f5268c6f

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/application.xml
      Filesize

      10KB

      MD5

      f66d9a5bb697c37f354f96b1a219f863

      SHA1

      1d8bb35cf9ffda12ea46feab3b56fe10d5cfe042

      SHA256

      e93d569b1d90ca28bffaf071aeef8eb18847402547df277324e547645ddcb444

      SHA512

      3290ebe7a58b1aa182fad04f97618787835580aec8a110fca94fe6e2af02480006309c1ecfb592bb42fa804f0d315d640bf71912549dc56e9bc24134c35002b1

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.freshplanet.KeyboardSize/META-INF/ANE/Android-ARM/library.swf
      Filesize

      2KB

      MD5

      859750b9558d44c159c22a2c09a1b3f5

      SHA1

      2cd03bfbc227a8e8eb31e3c576547c2579f9cd45

      SHA256

      295e9a9134b74522a02e983beb966639a273052690ac4bb753f6a731053eac33

      SHA512

      0b17741812addc2a2cb055afd3adb104399925e990ed88b10d5fa16d9e6de2899968758d8f37b3b6a5711ed962098dea74dc8484367ccb7bb54f06c34c77c2e4

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.freshplanet.KeyboardSize/META-INF/ANE/extension.xml
      Filesize

      1KB

      MD5

      c8bb35e45eda1c55ae62fbb6880a2bb7

      SHA1

      074b79744e270a595f7f37694a388d93b5fcd412

      SHA256

      5d67ba5690c7d91c398130725848fd82767a0495a1a36cf54519d3b3c343d78b

      SHA512

      0db3eb87f1eee12f63864059e985e321c50e0037a007f7612cb2e1ab27a64374c20c7a4d2a7fa392f4732134f633f783e3f6495d7260707e4315471724da818b

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.quicktq.Extension/META-INF/ANE/Android-ARM/library.swf
      Filesize

      6KB

      MD5

      0256cfb040cf0f00487b5936d6c1dc1c

      SHA1

      9b3a299f02e797eb5a070746848112e6aa7a9cc1

      SHA256

      25c17f5d9c47dedb59d01696cebeba0ddc556cef0a078b7e716652e04182c30c

      SHA512

      c1c6120d174dfb43a9f08accba39e4a2f66142a1056a0ef76269560729df0b181720205db6af98a09c502bc2bf44b40a0d4e0b133965350028c13b0428c25c83

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.quicktq.Extension/META-INF/ANE/extension.xml
      Filesize

      1KB

      MD5

      b4a9b33358507b0b73c80c965a498ea9

      SHA1

      a505b3e278a8095804e24f0407880cf64eb106fd

      SHA256

      ce482d7099ce58c2278ee66e7f1fc94b170178a59cdf8c68982b39cb09590bf5

      SHA512

      1d80837785a8df4960ed3a51c5cea9b2297031b1f34d6dc39a0068a6b0b32daec69fb81ad1eafba3c9e701e6da64ef208044624ef4d5636506b15da33fb2f53d

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.xyane.utils/META-INF/ANE/Android-ARM/library.swf
      Filesize

      1KB

      MD5

      0b6d13067014907230f72d1068aab7b0

      SHA1

      6ebc24dbfa7f3c54071916aeb6b72cdc3d01b4b9

      SHA256

      2aef68d2578a1bc609f0f5ce47700ce24023bf2ac74eb2e5bce4b52946feecc1

      SHA512

      b0ddf61b650a51fe15c1285cb95ffa660c7521161ded50c95903cfaa4461632a50e4c2f4c9f2ac3321c95d625b9a774bdd4ec1e1c2e59c876e1c8d61cd4e9161

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/META-INF/AIR/extensions/com.xyane.utils/META-INF/ANE/extension.xml
      Filesize

      1022B

      MD5

      ebdfb3381511b36c8bcccd6a04a17ac7

      SHA1

      85db017629590c41cbba499f863b537be2e178c2

      SHA256

      359ee3304b898b5b2aa9410174b07a11e09883df256cb295292bf3136deb8e6a

      SHA512

      f810427be59954cc88731328101ef9b7d787eba4beef6fa5c9ca892a764e9c536390642952939d0169df85c0ae18c8f27859e08a3945fbcf3e841d4d78389fc4

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/MobileMain.swf
      Filesize

      923KB

      MD5

      860da7a6da65fe0e4a99b8de3d527d8a

      SHA1

      d178d0a81a53cae2651da24679263cc17633b590

      SHA256

      0071211a34426270a8ae83c469f7c0f5c1f473833cc6400d8fbdb5240b123bca

      SHA512

      60b668dd3f5c4e830928c017dd2f08668cbe926d54995562b3a79a2ea08f38646951abf6de5fb314ce7c3d8c9b6793dac5d3896ec40724ee449f99eafd5a92cb

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/config/config.txt
      Filesize

      193B

      MD5

      31b351eb78afe2ac5e05cf30f1737601

      SHA1

      f184da333a1eae783b0e80f8238af6555107aac3

      SHA256

      52be091328a58d83c9ecafd1a760b1d3448d025675128547d465ff0f0716b0ab

      SHA512

      14b2d8552770ef03806ef7b77edb88a2f919739e6e52bac0b64c55390bacc65c682e0bcca8821e59703c4439b88e0bfd3856b2c8d841f420a15148916729b45f

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/config/parameters.txt
      Filesize

      187B

      MD5

      69d5a1e3c492415923122dd1777e281c

      SHA1

      bc986a22cc400c314313ee83a7973992ff39f44f

      SHA256

      7f766f7cb7194884bb4ad48d77095afdbb95820340116b5a19551751914a7324

      SHA512

      d5520c431ab3eff4a88a177300ba459cc1c77576cec84d3d8a1a6d4cf7013ef4346bebfb03f598157499892db1ab178e3486b9dfcab19d36c0ee6b46094ed53d

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/loadbg3.jpg
      Filesize

      890KB

      MD5

      6d7335066a75069369c681bc225c513d

      SHA1

      c74e0ac4595692b535adcab084f32c1423491d8b

      SHA256

      16239791878dee31970084f0ac5b58ea4fd42753dfea61ec67faaea627b84825

      SHA512

      896f821e4cd9bb3dc32a8cbbda77619210f79d6caa8eff6b23d77eedbe32cc1fd2a68edbbc46164025c9816ad52e90f57ff96b4dd6046371066718bf28da815b

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/loading_m/jd.wdp
      Filesize

      11KB

      MD5

      ce11b043c2039132fac3cdd0017f3744

      SHA1

      d8beb6c862ea4543293038a941662db56638c5a7

      SHA256

      39828e1362af8c616fd677bafe37433c8e2cf23e2e65bc41a7f3ee66844d38a9

      SHA512

      c5de3235beb1627dc579bca657eb08ce81c8ac9461249c8397e2ce89bcdd01a34c838b5b1eedb5c994b9e0f1780104b68d7d375fe7f00508ccbd2fddbe0e4154

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/loading_m/lan.wdp
      Filesize

      17KB

      MD5

      17b61021de213a2054158981974928d3

      SHA1

      807e94d968b9d99f1572c15232cf717fb22ad538

      SHA256

      8687f0d12c9f0e04ed4d34343854ce0ee708a978baeb748698a0e159b25a6f34

      SHA512

      9b99aa9f120355645b490cf460e5e1ca50b115cfe93a593a679e42c5f3ceac997a6e0f43fcc8c864aba7bffd7ab4707daa383590ce24e4ef6233eb4997940809

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/patch/v.txt
      Filesize

      1B

      MD5

      cfcd208495d565ef66e7dff9f98764da

      SHA1

      b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

      SHA256

      5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

      SHA512

      31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/ui_android.dat
      Filesize

      11.1MB

      MD5

      00cd24f5566ef49e3dfbe72ffb550e07

      SHA1

      9b483e27b2b0421896cf58d7362a1b3a67ca7d59

      SHA256

      e9225b5e8e612990ed0b43610e08fcb46771b08733504fc7ff0add2451a74ed2

      SHA512

      df52cfeb58f7bd16115c8d6f8614db1da5fe1cf89700d079d9b734a13e99523dc4256101409f7d57bfef3da1a5fa9671a322f824ccff086243664859b8defe39

    • /data/data/com.mrcq.manba.tyy/cache/app/eb80fcb8-baec-4c9c-a64b-75cc891354eb/assets/assets/ui_xml.dat
      Filesize

      191KB

      MD5

      935581e1d249e594b921c605ce1846c0

      SHA1

      6177588b73a2c5d25dbbbe54aadd4d05f5afae8f

      SHA256

      c7ee4d5d2fb46d488ea9863cd4c8edb9eb489cee484597085e7afccc6130582c

      SHA512

      11793e8881fa56642288eb5d14c62067fe3cb348a9de310d73aa5b5b857351bfdbd9f27d9b22e581d4b2b46cb93bccac7d100d6c44e1ba151b077029b6f98f26

    • /data/data/com.mrcq.manba.tyy/com.mrcq.tianzhan/Local Store/#SharedObjects/GameLoader.swf/delvers.sxx
      Filesize

      45B

      MD5

      21e0f9b99b2c17addbc8d0cc9c296b6e

      SHA1

      3c9b9b08650605ef03cd12aefc6087637fbab70e

      SHA256

      e4217dfbc6ad0a573d75616f27c53d30c3d437db7a6ee047234ae7322d67707d

      SHA512

      ee920fb6e4be6c5932f8b8e3db692e6968e3c38bb6b2853cf91d1b9885f00925e0e701606c58b03b522470f0197a3ce27f38dde6237329486a8d6ef219cc71d6

    • /storage/emulated/0/UcQkDir/qk.dvid.txt
      Filesize

      65B

      MD5

      c2fb36fc52bc03cd5b3ab01a3e77f9c7

      SHA1

      8ea077b39698e4accdc50a87de0c7f5f9d821193

      SHA256

      b939b20624cd953f376a64ff2f1022339af2b47281a1c3d226efd3c243d03652

      SHA512

      6603fa6b7985f79c45d7c577cead6c7798e457af8988ca0af6494412475ad9a36eb99fc5d0b60a68d64c501da790d2da6097866325f3dc00687cc47d04b09dc9