4653b95a14ed2cbbb030c4d7ac221385f29563c6fcfd8b44c04335a4414d3dc2

Analysis

max time kernel
177s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15-06-2024 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acbdad42bbdd08324d97dd9e074b8f35_JaffaCakes118.apk
Size

4.2MB
MD5

acbdad42bbdd08324d97dd9e074b8f35
SHA1

78eedaf0ba4ca3448723586028acfd24b1fbc104
SHA256

4653b95a14ed2cbbb030c4d7ac221385f29563c6fcfd8b44c04335a4414d3dc2
SHA512

6af799d5d4548f59f3b92edcd7de8d55b8eee20c24b4c2715e6d69e79b4b82a56409e14bad955eeca1cf1c087f40bcb964d2499edf17e1192d1cb814bb60bd8f
SSDEEP

98304:waEGARsBEko6CjHftv3ZoSUFJCSfBLBDI4jF:wrsBExpUFJZIe

Score

8^/10

discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.wigomobile.textviewerxd:Metrica

ioc process

/system/app/Superuser.apk com.wigomobile.textviewerxd:Metrica
/sbin/su com.wigomobile.textviewerxd:Metrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.wigomobile.textviewerxd

pid process

4272 com.wigomobile.textviewerxd

ioc	process
/system/app/Superuser.apk	com.wigomobile.textviewerxd:Metrica
/sbin/su	com.wigomobile.textviewerxd:Metrica

pid	process
4272	com.wigomobile.textviewerxd

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.wigomobile.textviewerxdcom.wigomobile.textviewerxd:Metrica

ioc	pid	process
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709	4272	com.wigomobile.textviewerxd
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex	4272	com.wigomobile.textviewerxd
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709	4342	com.wigomobile.textviewerxd:Metrica
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex	4342	com.wigomobile.textviewerxd:Metrica

Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wigomobile.textviewerxd

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wigomobile.textviewerxd
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wigomobile.textviewerxd:Metrica

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wigomobile.textviewerxd:Metrica
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wigomobile.textviewerxd

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wigomobile.textviewerxd:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.wigomobile.textviewerxdcom.wigomobile.textviewerxd:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wigomobile.textviewerxd
Framework service call	android.app.IActivityManager.registerReceiver	com.wigomobile.textviewerxd:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

com.wigomobile.textviewerxdcom.wigomobile.textviewerxd:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.wigomobile.textviewerxd
Framework service call	android.app.job.IJobScheduler.schedule	com.wigomobile.textviewerxd:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.wigomobile.textviewerxd:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wigomobile.textviewerxd:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wigomobile.textviewerxd:Metrica

com.wigomobile.textviewerxd
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4272

com.wigomobile.textviewerxd:Metrica
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4342

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
Filesize
2.6MB

MD5
f981459e2752c8747260735c3cec15db

SHA1
f8bf90ec7bed5880f3842271a78ff9c7875203fa

SHA256
204c777794eac6617d6f8aa2e739481139bfe10ee64a6d7954ecd7bb8f30246f

SHA512
7256adfe79491758f0d361373445aff9cb69f0c92a53b7417176433525065fd088076d86adfa174131b2c8a34530fe7eb70bfff680c1e4e2b5882f86f4fec27b

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb
Filesize
120KB

MD5
bc43a1887984cab03c99bf6cf9cbbe47

SHA1
896d0d5e4a0acf794701c77a999e5ffcaff17025

SHA256
e13ceef34aeb8fc0f545871d9afe59074d3711b74d0d21d3a43943d644feda0b

SHA512
7cf10ca959efb20267f6601494830ca5a90ace58adfdfcfdd57a972067a5cfa33c84a19d0587e389405b4f9e668d9cb6eac21f6285d35e0543a3637d9f10eafc

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-journal
Filesize
512B

MD5
fe317ac169098ea0be971661b104dc85

SHA1
08927d2722617a0c1b66d2efcac77f7f799df6c8

SHA256
6fb59472ef828fc6d6b8883586ac6839986ac8c8f606697b0324e20828bec4ba

SHA512
ba425bee79409f9c6678b50fd6021b4d610204504e685860c7b8fc5f500fa9e4cfbc435914c528b4150e822eca9118699f6f08f837db19203570cbbb9159252b

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
13a56de40b4531b0c0672fc329f99b27

SHA1
d9ac3ff695acd47ad27afecd86043a0849d65175

SHA256
4e02514f7d790c58f30f59bb14f807d63c13e1800de850321aec3a23c375bcbf

SHA512
98de1aa87c9c11a8972887f2b890ab3da36f1c300d0cd681b9a676aa6cb1843c5ff9c9e2be67b507460d585492be5889d0725240f1d15889fb48a552966b1944

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-wal
Filesize
422KB

MD5
08c717c1209488f41d766dd17660b5eb

SHA1
4297409e7d06e5473f7c195562ea2800bd5358a6

SHA256
cbbeb77635d370e515dabc7021434e68999dcab9d93d16d74246235913247d51

SHA512
baca43c58b3506900e2b72558401eab35438b1ebcc0af8eb08842b3d256daa8577d4c6d9d591e54e62759c9e0047a374ccc775f6d27a6e9f92cbffd8cc932350

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-wal
Filesize
16KB

MD5
e2652595552fbb9288c8707c55000776

SHA1
c87c10b6205f9e669cbd6814be9099301ca73579

SHA256
2ef3a8106bcaf1299e36da51ad85c4b3a0be4960b1c32caf750e266b3b99e097

SHA512
94ae1308da252aa57c35c75838508ac970a036f032eef7ae5a4dc460ed87f6e7d122e1112a812276a53f40c74cad71d3d416528b7e6cb32b20323f5320ad69f3

Download Submit
/data/data/com.wigomobile.textviewerxd/files/ZPkFS.log
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wigomobile.textviewerxd/files/ZPkFS.log
Filesize
512B

MD5
2ccd93eaf0f025553b6315c23eb6029f

SHA1
db5a28b41bde642985832db4ab98c8c536ed7abb

SHA256
f168cb40221779958069c8fad56795e33060cbe69879f316f9e6404956bd16c6

SHA512
955e9c3f6e2d6f041ad7a6780766cc094352d29d311508367780dd11175eba1ee182e1d80be08bacac97de21d75e46bd80d49933f41860e875a11c1375efab51

Download Submit
/data/data/com.wigomobile.textviewerxd/files/credentials.dat
Filesize
20KB

MD5
85bef9a5dcf10b2f910b8eda5390075a

SHA1
0cf1c4d0743bd51052c3d0a7bbf9119bdda14764

SHA256
63652098c9e5d76559706378aa9e0f074a1a47986ba71699e62c358d46d886f2

SHA512
167343e03551c85dae3a3bde8857622d59c1a3b94697b9de55dc7691a3f3129924aa76197b948daf9ab724ead4630c954c521c6ed96e43a633d8e69a23167409

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/credentials.dat
Filesize
8KB

MD5
06d8e67861338348ee1740fc8c5a2255

SHA1
f5814c834bf474e7fbfeba1792bb25a558e83d4c

SHA256
12baa4bf41d22473f99c5ee1f764e8e48d33e1e438d0e0f26a869548b9534301

SHA512
cb12130fb09755da5a73e56d407f16a7df6011083d2b624eb3379a15c04d13ef7fcd953e5c2d6e9cbe982c2f1b19362d11a053ca7853bb618f8916cf124fa0c8

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-shm
Filesize
32KB

MD5
c867e156881c9846a4fdc460875dad19

SHA1
32acf2534017d0c8232b503bece938d7a117f549

SHA256
a07a8f97b595cb931b0a9edd651387fe1050da69844769c9f2e974f4aa042f85

SHA512
ec4345270e5fb2f072671dd3b2a739de10933c0e4cef030dc265b8dc322f43234168e7a6f11c50a4b4764f6a7d0797397a68cd2203f34e1a3585894bfcdb106a

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
156KB

MD5
c07e334804a08748a3057eda91161813

SHA1
7984f9777b64e98772bbbf41f47a40bbeb09aed8

SHA256
8116db5c433ded12812b0f828809bc789c47d95aa56f67b25276e23f9161ef22

SHA512
0671e104327f59e6626dba3ec4c2203b42b5ebd5bf492ae95a843e294c6ca4168f9429d56f1ca83ce9716c0476e4f13e4e5a3ef1c91f862b0f71d42e89674ddd

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
32KB

MD5
d9786c6160596ce5fd06747ed2168dd9

SHA1
637baab16282d9a5359ac7d9b31e5691ca2c0953

SHA256
13669786183ce382d076ceb89d07d6703fc1d118b0e5788c9686736254df5601

SHA512
d833d6bbcfa21837685d54487797ffbc91f4621f02240ad6fe06077673cb032906eb901fc0fbffaa1e5b9b5766be1c4632302e5bc5bc872b04a0de5f2bc7dd35

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
20KB

MD5
bf834c93d7cf05b15136f8bffa938a76

SHA1
62cfb0bb5d18d81e221f846a7c5da8e48d06c340

SHA256
49471e4ed0908994f04d92f430cfcc6b3e99f03f0b98cd6ab09e070ece27a7bd

SHA512
44868f8f833efb0be7fab664dc558d3f2f2b9172624b3dc8d706c26557f2b51e471272afb0c14dae891ef8f9e46dfb7fc3c52a232236d932bc2a1e62316d3ce3

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
20KB

MD5
4116c7931ceff89745e387a7bfd38757

SHA1
eef569d9488f12b7dcd00aba6545a7ef992dfd4f

SHA256
2b19bbd612a8c18650ab22065b279e324e9185840bb1a77ccfef5b72b2768350

SHA512
6e02c4d8c7780dec5e456bd350b9b078d8c5a747c5e49ef4701ea61c3dc8def2916e51f7bd3c762e24003f325ddfacbddf0da8416272caffc42cba8bbc633d27

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
20KB

MD5
8eafb6aee555187b6dc47b35802e5db0

SHA1
b720d887f3dd757bf9205c8bb2e067d11a96c015

SHA256
227d1d926fe9a25a45d098790eae90a8840a17d874474d6b08226312e7531df4

SHA512
6b54424ee811d36e4a2a17649c9b7ad8093690f9c4db8eb1dabefc123d36842814c18e07f477ab7b6fc9d4d67ecef3f4ced1dfbdf60b7899b350a1959593392f

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
193KB

MD5
97adbde6bd616586644cf285091506fe

SHA1
eb5d818319df5b95300430b0548ce62aeddd9a37

SHA256
d14f6cad4caafa437cf2912b5302e3b263f2220c38317f5c845ef7126725056e

SHA512
fc966af9291f03d5d944993e3a321d6effb2b69363e7281275d3ab5b50c52ce461d18cfc7073e34c2bcce62763c6fa4d3b288d227164fdaff8f4e539dbe60018

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
f6da06a909e6ffb83e57a799fadce944

SHA1
1b40c3001410d7a7946e5f4020a7fca29b453bc5

SHA256
20c158de7fac2b31b613711bd66e7cd43793715366ca0243a910c1d115b302dd

SHA512
58c8dd2a9dbeec56aa1c21d8f02d4f461ee0f54a91d1d1b549f02422b45abed8c2c556a6314aa1b96dd0747d3e37afa5ad04f41616f5d2ae228906163b5322b4

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-shm
Filesize
44KB

MD5
23be7f849a6931996c4c9a2955957b54

SHA1
a7b495884ac270367c94a3f29104e88e228cf580

SHA256
4e3603d64ccebbe1f558e8c50182cb7437dd4ee5222d8b544ecb4c4a2b40308d

SHA512
be8a6d1a6a4b9b0ee575b318f3dd34db6a617cecc15afeb6b037a42ae03fcaddca91497bcb57c47bb5f3834111ac03c467bfa69948039b3cc0aeccd6016e749f

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
78f5b7c4d4c8d54d6498fd23ce18c334

SHA1
41f9f013b9cb2ee9c11f6da062a16a47e79419bd

SHA256
c4b0578d9b66005e12819783cb6dca4a1966d0d81c8094c005bc6a7430091ec7

SHA512
b611d9d9369b03ad7ec45a93f22df72297399108da9d907e0bf01190f9e8b991bd8e5b17ea7ab705e80c657d085c6d634cf387b1d702d7a6b59fb1b0c6d9b2cb

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-wal
Filesize
406KB

MD5
f4e1127845a99e04ffd8cb0333c72f3f

SHA1
5363aebde76b4ce2da854f51c07fde0688abde02

SHA256
7a4277836130e765784e06129c0b9983a88e5e66b6d5586d10f23ecde30592d5

SHA512
b3291bb6231b37192f5f76f500dceccfb6aa9f1a87c65999456b676e1028f90b60e0435dc3f48c09786bfd07639ade47f0278c0f41d845dfeffeb75d03a57acb

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-wal
Filesize
36KB

MD5
6c78879aac51664b8267a1342d4ccc94

SHA1
5986e2c87f0b4814cf615748572d70be7d1507ad

SHA256
3ff7255e479e66bd3959412e9eeb1fdb11b601156537b2a701cdba69c7515de1

SHA512
c6e29cb7f8a05fed8663620d01a785a2a0c8b9842fa6f3ea079e45a37166cf94bb28bb61bd24ed6b89070d0c74643a6d8069a363e5cff5f372825843edd6a081

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
2c3b0c9662140a415aee5afa0b98e292

SHA1
dbce48f6b51045d7c2bd6120992ec630d7d458b7

SHA256
2df0e82a0114788f51a786aa235aee6c932137711725d83f21af54765b8bcebe

SHA512
eeb7f10b5c201747154a22b46273abaf1a83747a4acec640ac4f3a6533b4c4f36b70f02a850a69593e1c1b3c2ca7018f16e8fb22d687d16b01c5b8c9195075e7

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
370ab657c70247efa62030a12e12cd64

SHA1
6e764a0ea93fc1394ef4e1dc639d20849153f041

SHA256
80d33f00e3c3fdf6f8318b3c9740e334ee422d9e413dcd8639426c28f654c24a

SHA512
f1d9083fe79ea967c10056efb49e48aa4feeb2302b5d5fb210bc4891d46d6b61e6581411d32773cca8b5cce16ba6d1d6654aca35f67d78ba3ab4d7652dd16781

Download Submit
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
Filesize
425KB

MD5
2df0cfcfe600983219e7e475618d7d87

SHA1
c33a4ee9ab3e2a7c34168799d4dce10dca03d78b

SHA256
6d1d94229af9e0ca7254b9e3adf13f766f18064f9b97191f0993988f23b70617

SHA512
06eaf1b0aa5d15fb73baa0d842fb119a2883b52ee5b90d172427741f3fae8401629ec5fd0cc186b650f3c481fb1d7ed382cc716385ef07c1b86470bd9a5c8f50

Download Submit
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
Filesize
5.6MB

MD5
dbe44c9e5de2831350e20b03fe482d1c

SHA1
7ffec994f997775af861d34286b6f384dce14f0e

SHA256
eb19d7083a246fd8e4406915c9238a6bbf3e30d7a2d84970a619414e6c10ef04

SHA512
ae2aa213389da761646e47debebc467e73656ee68d57773fde8c31cef697f4bd98c728ad9e9528abd4ef12caa44550714b1db6274fadbf43cc6745685b718d1f

Download Submit
/storage/emulated/0/Google/google.id
Filesize
32KB

MD5
6d31d7ca852a557a6e99e5b3306e9c8d

SHA1
1548a4ac3775e9f995fb3df8030878c96170511f

SHA256
866f988867f4aad63dfba311b38c7906804ec3b4a4416e6d24998777ccb9d5f0

SHA512
608d5a668323400d0e2328b1a016ee52298f707985c13d4f923735c53d4408c42659b7912498699b10b93aedbc8ebc1f7de6cd5b9056d89a10a86878505c5cc4

Download Submit