Analysis

  • max time kernel
    7s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15-06-2024 04:27

General

  • Target

    ace22f6605190d1dd03d9e251ec9d795_JaffaCakes118.apk

  • Size

    15.6MB

  • MD5

    ace22f6605190d1dd03d9e251ec9d795

  • SHA1

    d464bfd65598c5361cbbe241135ccf434a61e76d

  • SHA256

    348d26ac2267c9785208b205ec6389744f63ae9cc464f51048c447103345a412

  • SHA512

    d4555b9ca4af76acbcb5d6696d179311ae0e1fd5fb6b00ef4a3dcc69752bcb64010d25f8d42318bd03221e63b9822c53297e916209cc6df10719fcff767017e8

  • SSDEEP

    393216:yohNc5bN74KW0WKADcd6CAi81lai5XJt5QG9isT4LCoDOtfbpNP:rhNc5x74KWrzG6CYvaiFaGw3LEzP

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.kidplay.bbtgs
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4218

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.kidplay.bbtgs/app_plugin/PlayerUIApk.apk

    Filesize

    125KB

    MD5

    4c300a61d0d96ebe8a74cc1219c7d489

    SHA1

    851cd913f1c6bdfc18d451197120369c7235d8b1

    SHA256

    861d63ed266c4f63f3061a1a05fb2076615248534f400e48216e67f25e6be92e

    SHA512

    11288c439961a723ce68499769e9c14a4bedf2047d1609b204d2ee0776f81ffdba1b474d169c4e0c0c52c1fb43199893701fffef7b682d6c25adf557002868be

  • /data/data/com.kidplay.bbtgs/databases/MessageStore.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.kidplay.bbtgs/databases/MessageStore.db-journal

    Filesize

    512B

    MD5

    e0c55a4263cb0d73fe1630052e7fe966

    SHA1

    4ee5142dffd725f03785d9f300d413d539fd14e0

    SHA256

    66f2ec80d403ff224126ff6e99be337b6e33df891208bff72fb7b49d1ea9af2c

    SHA512

    7c29d6f6c8d21095f2f1dc80e6e0682d0770b1b5d969fdf49856e8cb2e015bdbfbe326a43c188afcc95b69275a62b6e18521c0ac7e4a2d8fd93fd4e02ebb0ada

  • /data/data/com.kidplay.bbtgs/databases/MessageStore.db-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.kidplay.bbtgs/databases/MessageStore.db-wal

    Filesize

    56KB

    MD5

    a3c200cb1b384ba262b093cd7e248a55

    SHA1

    98aee39b97db679cd2b4be5a8eb5393003a14ede

    SHA256

    a007ebdf2fddba922bffbea6ec721197e04be25f104a4cd2b2e1265e5998cf22

    SHA512

    f8a5038f2f771a184dfd7c0b82f4f002086e00da2584ee93c4146f6e3e1b9fb5ae01f09f6ec706f9bc6eaed03085963f8a1720d479b261140ef851d9aabf1a91

  • /data/data/com.kidplay.bbtgs/databases/MsgLogStore.db-journal

    Filesize

    512B

    MD5

    489d313cd66390641eede4409ca32262

    SHA1

    4c6b9ed277994221f7d2ad609668887f7a1e8563

    SHA256

    051dcf929313fdc7dbeb2fa341240a7536555773a9723c272694411af32ad1b5

    SHA512

    998aca7f350c9f7f446f7ed2c7e9ff02ade57b22e4ccc1d30bca7d853466889d732482223c4dc76de0954965b165504bdd00629701412ca9df13fdd58b9a2ad2

  • /data/data/com.kidplay.bbtgs/databases/MsgLogStore.db-wal

    Filesize

    68KB

    MD5

    30b877046479ab1944bf58af4691d826

    SHA1

    1019d4da6770a069b9a112c5df03d77e32f5df17

    SHA256

    f46a3c25616ca0b2e0dc35ade0ac47bc75901c5fbc32ed57870d2f33019c6f2f

    SHA512

    b5d3d8864ea50b64321e02933f3703b02a9b524347fe00767b1ded574c727dc33a4bfdcf208bd6efa44dd46627dde6c01e3a4849bca97b450056708ad5b42d37

  • /data/data/com.kidplay.bbtgs/databases/accs.db-journal

    Filesize

    512B

    MD5

    854be3b10ca25a6d5e043d7f64226a16

    SHA1

    9ae89748847bd83eccc585adcae8ae472a41fc59

    SHA256

    7ef7e6246427c0e7e09d1916e8bcd0e91aa1d308d6188d1ff058207b4c742c63

    SHA512

    54fa48f65305397c78ba179deb628c823d0777d5d0aa8a09a91b4e3dff8b2d5dc38f11c0e174d92534ed369af2020ade411dbfa693751090f39c5060ec0f8484

  • /data/data/com.kidplay.bbtgs/databases/accs.db-wal

    Filesize

    32KB

    MD5

    f36dbb2791d6b5852d656acba1d3b629

    SHA1

    6412c522ea22f1951df1bf9c33f1503a2acb3f2d

    SHA256

    9139eccf943e7d93dca180a24d65e2f91a55e7029769e240c5cc2f6181e91868

    SHA512

    bd4560a35c3209d42d894df2f7377698aaffcc5944d11fcec501618c41be58a84b6f13a6a01bb2e6990c28a220c4955c54ac41e557c920843dd82f22fc69f319

  • /data/data/com.kidplay.bbtgs/databases/ua.db

    Filesize

    36KB

    MD5

    ef6878e55b39d82d774e9d212bcb6f17

    SHA1

    0c860b84ffd662266c074bb2854c4010a2befa2e

    SHA256

    83ec92923e7fa7c9e7276ee8a7f0f5d4dfaa615006252dad0d4a6932a93119f9

    SHA512

    4365974602cd29411543798ea4a8afb146151511952fed263e300cd44cdf90b558a4f23f7144e98de8492c9b00bd4e0f52c3e2a73bb7c3111ea6593dc71ce5d8

  • /data/data/com.kidplay.bbtgs/databases/ua.db-journal

    Filesize

    512B

    MD5

    2aadc766c69d778049930737ece24dcb

    SHA1

    428aec6b861ee8d2bafc947aa76325c0e3cdd144

    SHA256

    1f7a360263fb5b9217d0f86de29fa1d0d0bdec3b66b1edf4bba8ef8ce871ef07

    SHA512

    5e53ca86fa3b7c070492ceb24864baebeaf12f527dfe315ee7a3762f4e458ff5023bdb098b9ccb0a9b5f74e7bf2c60bafe7397700f428e832a3451be360a1ed2

  • /data/data/com.kidplay.bbtgs/databases/ua.db-wal

    Filesize

    56KB

    MD5

    e13c7f50b492a882e7b6651c109ffcca

    SHA1

    3c765930b2828be276c566935bde984526f057bf

    SHA256

    c9a928b98d29be885faf378fd2b25600bd266dceb734c252ca23c1fe9a0d7421

    SHA512

    604ad64a9a66726b6200a9a8c84c50c4a85e1a911b34181db87f708f8fba0220e2c302bd61237042f9c5b04b0af70a162e58d0f21e08ac87bc5a2383e6333b9b

  • /data/user/0/com.kidplay.bbtgs/app_plugin/PlayerUIApk.apk

    Filesize

    257KB

    MD5

    99e99c9ee2184a722ca10b850b221516

    SHA1

    5a946d7157a028b9356675950e189a2e44c06ffb

    SHA256

    18120f8875cdf7bb542337748fb8998bb3be5393ce27165db56ed163954211b3

    SHA512

    fd8bc479b18e8310931f6285ef8e8834e94ee7a4b042e8fe67581bef8c35edf0bad09515c332cf383d2737eea1ee05b5770972d91703cc50a9db894bfb577313

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    b04789083f6135d5242536c06afb5f6f

    SHA1

    a68e3368319190c0ea8a604f7c23f34edc9c3bf7

    SHA256

    7a65cc366074d4344e7b90680cb263a67b2609bc0e9b678a7d3faa26ae770d3a

    SHA512

    939e6cb9799b543752850b0aa76188852fed947a52a0b3fd6aca2188430484632de1ebb69fc58ebed03182ca080eb61a08294939125d771bea080e6252e11608

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    213B

    MD5

    5b1f75f4d0b149eb43039f327b8365ea

    SHA1

    f9d73f87bc0f4b7bbb3c0b4d1ddb01b1a57d4d4a

    SHA256

    7d2c519ad438f16a7a339c2285e31f4ed3c8e1be99ba40c8e0accf5193dada0c

    SHA512

    d38ae8c881b7bc17b9ab91e4330dfb34a4f23cb683a3e63c9b3de861ed90c280e04d033a5343f88bc95811c9dd154067037362d51ef520a4604a62ee80933617

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    c3e6ed45023a0bd17abf49893417cba2

    SHA1

    105ebe6b9d282f87ef44f5e21f05462ce249448a

    SHA256

    30624d8d44d2932c4502c690a82e67972d9f2fc013a3527088ca34e34fb2ebfe

    SHA512

    13f379f821f337c1fb87e6f41e2a7bed494b96e8563e2485be8ddae7247f0bd68afeeb95bc00ace949591dac1c04e0df7a04038b32e2184b21e6a71b5408fe18

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    167B

    MD5

    f85df6052af13f1cda677758723e25d9

    SHA1

    3607374920f108bc6d7a20d6544cace5b87258fc

    SHA256

    7df0cbce3f8c11af55685dfae7fa3986ebaa53cd4c4481b05fe3e4cab90a547f

    SHA512

    75d8de42e16cecdc916baa9b0145dcf62ff9bd02fad21d96a527bbddc2118c5a29c287a677da1a3962b382a79f9b646c155898fe1838084f401252d6a65f9ec3

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03