4653b95a14ed2cbbb030c4d7ac221385f29563c6fcfd8b44c04335a4414d3dc2

Analysis

max time kernel
178s
max time network
152s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
15-06-2024 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acbdad42bbdd08324d97dd9e074b8f35_JaffaCakes118.apk
Size

4.2MB
MD5

acbdad42bbdd08324d97dd9e074b8f35
SHA1

78eedaf0ba4ca3448723586028acfd24b1fbc104
SHA256

4653b95a14ed2cbbb030c4d7ac221385f29563c6fcfd8b44c04335a4414d3dc2
SHA512

6af799d5d4548f59f3b92edcd7de8d55b8eee20c24b4c2715e6d69e79b4b82a56409e14bad955eeca1cf1c087f40bcb964d2499edf17e1192d1cb814bb60bd8f
SSDEEP

98304:waEGARsBEko6CjHftv3ZoSUFJCSfBLBDI4jF:wrsBExpUFJZIe

Score

8^/10

discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.wigomobile.textviewerxd:Metrica

ioc process

/system/app/Superuser.apk com.wigomobile.textviewerxd:Metrica
/sbin/su com.wigomobile.textviewerxd:Metrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.wigomobile.textviewerxd

pid process

5170 com.wigomobile.textviewerxd

ioc	process
/system/app/Superuser.apk	com.wigomobile.textviewerxd:Metrica
/sbin/su	com.wigomobile.textviewerxd:Metrica

pid	process
5170	com.wigomobile.textviewerxd

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.wigomobile.textviewerxdcom.wigomobile.textviewerxd:Metrica

ioc	pid	process
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709	5170	com.wigomobile.textviewerxd
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex	5170	com.wigomobile.textviewerxd
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709	5244	com.wigomobile.textviewerxd:Metrica
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex	5244	com.wigomobile.textviewerxd:Metrica

Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wigomobile.textviewerxd

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wigomobile.textviewerxd
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wigomobile.textviewerxd

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.wigomobile.textviewerxdcom.wigomobile.textviewerxd:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wigomobile.textviewerxd
Framework service call	android.app.IActivityManager.registerReceiver	com.wigomobile.textviewerxd:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

com.wigomobile.textviewerxdcom.wigomobile.textviewerxd:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.wigomobile.textviewerxd
Framework service call	android.app.job.IJobScheduler.schedule	com.wigomobile.textviewerxd:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.wigomobile.textviewerxd:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wigomobile.textviewerxd:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wigomobile.textviewerxd:Metrica

com.wigomobile.textviewerxd
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5170

com.wigomobile.textviewerxd:Metrica
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
Filesize
2.6MB

MD5
f981459e2752c8747260735c3cec15db

SHA1
f8bf90ec7bed5880f3842271a78ff9c7875203fa

SHA256
204c777794eac6617d6f8aa2e739481139bfe10ee64a6d7954ecd7bb8f30246f

SHA512
7256adfe79491758f0d361373445aff9cb69f0c92a53b7417176433525065fd088076d86adfa174131b2c8a34530fe7eb70bfff680c1e4e2b5882f86f4fec27b

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb
Filesize
120KB

MD5
edd117e1f8106881d248e1ab073be011

SHA1
8cdac3fdde3b5a22aa6f61a07cdfb4aab0659762

SHA256
c03034ba07eaaf8079a406c90c0e707b82abd311560ccdaa0039594f06736233

SHA512
6ef04e2758ab7692dac1656f43929cf5111cdaf009224e5d401fe825efea9a12d72cf976757423944715da7dd504ebb73d061a3000b3adeea1a7110c58c3ac91

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-journal
Filesize
512B

MD5
4ac92e8bd3a85931bd4c2d29ff7e8391

SHA1
d70be72f6a566bcc35674d5a04ecdd63932f2005

SHA256
eb58ae3dd94038c726cb9ff6c1a671b8fc00d82d27b7a2f1999a6e8ef6621306

SHA512
4c924b5ae0bc431a79ba88ff0c6cafe8bf9187631470b1704352d89436e7ac3842a14ab00cfa3b659473c7c47b14b3d53b141c63aacb17a9f4826628462b6145

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
e3ed8d9d0350bae9509f28f5131b8c3d

SHA1
601c7914e622502e5dd57212564591eb7a736ef7

SHA256
1be91f5b714e43dbd0cc8f510aeca61a138c50c9aa78a0f6bc80e1d132443b46

SHA512
b6696305a764b862cad712a833052eb6fa98e1e41695ec46be7e8645e1bf1cb9e89817587f5a563b8633403634faa003bf82803ea9c7dbceee3c24b97fbed16f

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
d5bb6490dca66667e55f2f47544ca390

SHA1
5f0715ac459e3ad6652259ffc31b7879f8e1dbe3

SHA256
2cee7538512848f76523ee5ebf3d67a61a563e39a08a6a2e39a60c455b6aaaba

SHA512
4ad362394dde57fff0ef480e9c5d29eaebf24bc91ba2ef3cbb6850b351a9a6ee511ebe323f0b30f4509c0d16b8dc28203713e75670c00f396f840300748aee3a

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-wal
Filesize
422KB

MD5
971096e0f91bcc5bb3de09d74ab42ec3

SHA1
18958cbe39916b0c7ba342cd32bbded229129adc

SHA256
97f512e2c80c38de21b67405bb9c991556030b75e9d6c3da7ce4db5ca395d6c0

SHA512
d71d6729e28dd7d255fc3e626f680285be1719e0e87345c965b9cbff3cdcbb7c441204d4872eee3ec265ba1ab2e3fab9b41bb08452b08aeb10dd4b405af3f4fa

Download Submit
/data/data/com.wigomobile.textviewerxd/databases/androidx.work.workdb-wal
Filesize
193KB

MD5
4ce13deb5722a0779a59cad6178d1b00

SHA1
b90324c9e35373354b34ce8118f0f3fa547927b4

SHA256
9b730abafc592472814b0984975f0161b689c0c42045883c1a479c6786ef0cf7

SHA512
980b672f1572c0913dc3b4277d2ebcda78aa3c8253e9e45062f0f82ead7e55caf6ad2922c531aa56526fd139c52a611050d41e5318ca88d27ef6b37d7616bf2f

Download Submit
/data/data/com.wigomobile.textviewerxd/files/ZPkFS.log
Filesize
8KB

MD5
8b56cae064278a2a7ad4a39f886845a0

SHA1
a7c41c7553154419da82dc8aee4458a55a150f62

SHA256
5ef742f4a66b951e0d21cad6720afad47e96e8648a84fcb4c82cc1ca01421542

SHA512
d4169a30e8ee93aaaa6dcc9fc0f8e0d7b30927c8ed55e43c3e89a7737c90df729c52430d904158272bb80f24a6bdbdbfa775accdbed2d47fa3809d151338faa1

Download Submit
/data/data/com.wigomobile.textviewerxd/files/ZPkFS.log
Filesize
12KB

MD5
a27cc6dff2dc4f3d147641626e9fe1f5

SHA1
df6611fe0ac79568de200839e368be57b901de63

SHA256
efab2d9792f589253c5b90a7df49aa5f562b732886650a83a312f580e0812c13

SHA512
0a7e763d7c01f1e33f45a291f27a05b4d6857569549140ec646a95458d633c280f6f65cef390e58b8a5bb3c9e69ce5a364d2732f82983b951a7e442c393050f3

Download Submit
/data/data/com.wigomobile.textviewerxd/files/ZPkFS.log
Filesize
12KB

MD5
f7ae0807a6bb889ce0c26e027f1dc12b

SHA1
412c816dd9123393abb92adb2725a181236f21f1

SHA256
baba35f8344bdc28ce00bd3e32e01752211c7edb410826c9a681e6a05742d6ff

SHA512
7703e7e19f49d8b72ac424c98dfc9d61a2dde624fb280a642ff760b03710bdc4841750ecb332ae0e9d1a65a42ae7c479a968630c12d7adceb47c2319aea5c1a3

Download Submit
/data/data/com.wigomobile.textviewerxd/files/credentials.dat
Filesize
3KB

MD5
9116bc222c29dd6d2cae554f6f1d0ab0

SHA1
d3833e624162c20edf980cc1ee1389b2183dd641

SHA256
938d709b39c27302f0a047f165240f54ea062347315477d576e56645a7ea7b52

SHA512
2899a48e4a138128300d7f92db2ed405df5de4063c4f56743bc8491479b9473f00889784747fc49e9a5c30cf4ebe041d7ea3d5c22e088dde0505a8da1d89282c

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/credentials.dat
Filesize
20KB

MD5
80b1d166dc9ba52e744c432643507b17

SHA1
25b7f9b0e49cdf28fd9c4d13742e6355372fdc72

SHA256
196e51fe1501df561054d44e3eea3cd39deeed10eb3920b0f9bc1904a6bfe7a6

SHA512
9b23555af59efee14bc9b8887a4506b558525f71b0550b08021133ee3be802496f67e361a89416992b31651b0237827477834665ad263ef378c10fdf5344167d

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd-journal
Filesize
12KB

MD5
e74ae11f61597dff59124e2bb28989d4

SHA1
57e296cfcecd19c97494ec8d8ad0da562f426f4f

SHA256
5c97367348ed88efca88f998bbb811a5bfa4ed1e7e7f35df145146b9f5517474

SHA512
483e3fb3ae4f57d2765883469c4d65a8f5d3bc0c0dcc6ff8985289b082a7b9ac983c3dc3c997bb7310b131f8c38485150a168d37e8cdd66b291ccd163cd3b8fb

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
52f00966c246be8f2419cc61a4191331

SHA1
252239fb6fbc1d72a7ee41837af2585c4b46b70e

SHA256
80fe5654ac8cacd76c71117f2ff1843e5acc5137de92d4840a044141f4a7fbe8

SHA512
6eda84ca14574b0c7f9b2485d251a30b6da18be6c5daca496a7bb531648910051995b03c4f61ba888262da9279f1a05a61ca5b800d287e72c505454d246a5400

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
c31420b927041bc87cf07e94618395ad

SHA1
bad669f720fc98560ddcc3215d9f81fc8809a395

SHA256
f4e959ba8345f1f700c043402f978841cd95b9737184fe3d04520038d56d4ee6

SHA512
80ec7f0be2c79f41c03d9c2356cba1a73f321faacbd7c5c322c1ab04a68838c1f1e945c04503cf68936a73fba61ec8ea4a45d472d8a69177ff429901be0432df

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
e405c655ae3ae30c4300423b50048c50

SHA1
8ed34116588331ed48b4f9bc24c6b197341e808f

SHA256
274732a732121ff497e66c571178ee424bb92db2f21061bc745fac0f31703ebd

SHA512
4b8b2eeb41e6d3ae90123fc95593cd8ebe79d6f46b89939f864692fbbde6bca8e7a0a887dc6130abfdf4c6b36ec90ad00b11828799c1fa6e343b284710426d14

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
977ef4a7d805c0dfec2dae51427052c8

SHA1
191b1346949d03637428505e939dd7060d055a56

SHA256
b9fa7e5bd283bd437d608602f594bc77101c1c607477db446e0a18aba18b9675

SHA512
2d7ff6d5ea250e04db835be1d3e4dff20ed96f1e32f1d7c7af199b956f365495d6f101a78603496e2ddb6b17fb7d59604f51d454dd45bc7590e1b7d145e37b90

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
60ffac50603b38a6b06c8d513db63995

SHA1
0e36b7bee9d1a674bb7938481c9ede1c5f5122ec

SHA256
7be845c7613ec8436554dd2419c0eb2f0d2616b0a18582d748465da6ae6105b6

SHA512
f099684a3f62cb597f32614ebd2f922d5c70673cfb047b6ce2f0a9b6c2479d215d7f9c45eb28379a345da078eff83cd6de742484f996bd0bf68d9eb9cc0bad28

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
c43ae354b99b23c3defa95901ba534df

SHA1
b96580548a68529d36331de07ea2394946dbe170

SHA256
9d842d004d414358b310a3804426a7653f3c0b09d3bc51d72b982708ccf0ef56

SHA512
32518a796319a1f9a05cf82d61bac29ad61b9b6cfc88dd75654a95183fbfe9314911b46b0ccceec520f0522d7bcb2bebf026bede2d7e00d7fc47b10bf09227e2

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/db_metrica_com.wigomobile.textviewerxd_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
9ae0460d6d8320b8e8cddf0aa4c9538c

SHA1
5b217676c7330d81aa349a5f3366bc5d41f2f145

SHA256
f6c50865aa5af11bbebc89862600c4a4877f26b9a7d46d8b3b450b29f2ca9100

SHA512
2da0a0d31c0bc1251db5ba6e10fb8eb83af8a84fb5dd4ade5c3a490d77979814695f96a841bc8d60cc8a28505d9efe6e558dae3d8f378decffdc3272d60b5680

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
20KB

MD5
83594e4e3236ef846b004a35487ef7fc

SHA1
597f4cbefa086492669c6ae08975a52f8e435e6d

SHA256
e0faeb2ac2d28688e4469dc593385e28333c3477c04728c13e506d112d8be894

SHA512
108970ccb1d24ac88931b11ac92f9b3ec5777795408a30bce0d322bc8b10c33f39f70aade8c293c5299ead2f2c50cf0c2fb666956691db1db25aa28f5f27165b

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
36KB

MD5
e216acfd8d8c80be62689f2ddc5892ff

SHA1
7f7442f8165242f01a2b4b748e0c43c5002ad298

SHA256
5f775434bc6d19893f1c04200bd9dd0ebc47b7664198ba737e16b69b2e1498bc

SHA512
d7064a76848018309a90a8d08fa174bb488397cb36a30ee2e9663ece4aa968f38e3437242e65a733f17991769fbfd900e408b10801fbf1e4f604f4aa1ce2d1d6

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db
Filesize
20KB

MD5
6da2d5a3ab1cd1bd6a1b7867aae524b5

SHA1
adbaf70d20bcda94e10c82709cd523344ae74d1d

SHA256
3aef42a07528315df7f418e4a834fc41587b8cd03b91b71ac2217a8b77685dd3

SHA512
eca17043f5dc768192abd241db4a05cfef592bdd48e6dff02c94ef5943d3eee1e4206be4e299d85c7729ba0f3f7b6147666364101887e5324c89861c2a4cace4

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
5c3816d37b7eb3bb526a252e72d9a83e

SHA1
fdda639533f773e0be14ce7cc4efa6644e95b685

SHA256
01bfc3a9f96ccd3e4ac93d219907cf76504ad3785158653617cf74ed5bafde01

SHA512
0bc4cbc2ed372b2f31d808a91b39fb17713e969a9e24b637e2a67e8bc4865ba7c29cbdabd175448099b4cfe261717280d678117a480983d6ac0ce46d4b28f90e

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
04b10d86cfdbe51036b17ff640790213

SHA1
369057d71a0c4a6caca7c2e0ceb740d286e97db1

SHA256
47b405ac43bb40754add2c6079141d0d0b42dfffa5859322428b7b00bdff5b7d

SHA512
96b6ad0a8e93391683494ef07c098cc9aa87bf7879f304ba71c28c6f6273698bee6b4ca70fe5688a3736c48930ab798fe9532406a0121d956e5a195798e9e8e4

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
e5ba11cc18870be39f5d0ea87920d4c6

SHA1
69995f80effe475ff9040ba690089673430d9fbf

SHA256
1e5b6758a137aea437e287fcc7106137e2126b1064e6e477e9b7ddc216b733f2

SHA512
ed4f578294f4f3fbb146efb6ac6c3bc173f5586958a970a8aada1cfaca15b90c8de5798944941cd789eef76173dd45040824846f438fee02e0941cdf631c475c

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
ef0eb58be37eecb148ea3be92fe47670

SHA1
3366b4bc11da6ca85b3c95e4754bf4fa2d23377d

SHA256
1e4975ae533fd8e0a686d721b1e6e11aa2bfe37c779101fe34ee87dd6c5877ea

SHA512
c2cdad7e25278ddd7eebd8588ac145b8051c3cb46b78598db79ab2dbe173eb13964f71a6b208a920a97eac969ef1da63711dff9e1855b2dd57c5f7bb787c82e8

Download Submit
/data/data/com.wigomobile.textviewerxd/no_backup/metrica_client_data.db-journal
Filesize
44KB

MD5
d6bbcf4273a1883ba997e9c1692d9571

SHA1
a82da62ac6dc961c4e75ebfd0e8340d8873441ff

SHA256
5d24b4cf5a992ac12d3af7afa99e50c36ef59cbfefe67322624428cc211c12ff

SHA512
072c4a060d25caab5f0e03b3ff0fe3c9d385fb340a026b0c664d31fe443f5d9078bf6dc55515f7bf8941502d2a1767a22e93c000451d08407e2dfe8db7d965fe

Download Submit
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
Filesize
425KB

MD5
2df0cfcfe600983219e7e475618d7d87

SHA1
c33a4ee9ab3e2a7c34168799d4dce10dca03d78b

SHA256
6d1d94229af9e0ca7254b9e3adf13f766f18064f9b97191f0993988f23b70617

SHA512
06eaf1b0aa5d15fb73baa0d842fb119a2883b52ee5b90d172427741f3fae8401629ec5fd0cc186b650f3c481fb1d7ed382cc716385ef07c1b86470bd9a5c8f50

Download Submit
/data/user/0/com.wigomobile.textviewerxd/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
Filesize
5.6MB

MD5
dbe44c9e5de2831350e20b03fe482d1c

SHA1
7ffec994f997775af861d34286b6f384dce14f0e

SHA256
eb19d7083a246fd8e4406915c9238a6bbf3e30d7a2d84970a619414e6c10ef04

SHA512
ae2aa213389da761646e47debebc467e73656ee68d57773fde8c31cef697f4bd98c728ad9e9528abd4ef12caa44550714b1db6274fadbf43cc6745685b718d1f

Download Submit
/storage/emulated/0/Google/google.id
Filesize
8KB

MD5
fb8aeec0967a1335ca7fe5f52290c71c

SHA1
f7e8ddecfced9096613b43200cdc1e10b6fd894d

SHA256
b742d9163407f950d79f3cd230db162c817f36830311f5005c06424ff06d22aa

SHA512
705a300c6815c3ce4bfede3e2568a8e33302a9b184875369368773f2e59c1a1f3a67991400ba9dd02bbe7039ef27378421e6176401343591b3625b9b4f658a44

Download Submit