Analysis

  • max time kernel
    158s
  • max time network
    166s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15-06-2024 03:53

General

  • Target

    accd09bf4b4ec9bb71a0d13cc7d7c5b5_JaffaCakes118.apk

  • Size

    30.5MB

  • MD5

    accd09bf4b4ec9bb71a0d13cc7d7c5b5

  • SHA1

    28930816dc9cb54f8f978beb6a6a71eb9d18d4d2

  • SHA256

    ffb1fde7a6de7df6363a06db9f277a8ec74c5c143901e4287aa8974938a88036

  • SHA512

    c27bca741aa89eb89d3157813b70c22436837952a1072b353413418d0c33acaa76d33b8c7fdea59dcb1bb2161d8323aaf1966c78a97420b4bc854d866f7fa18c

  • SSDEEP

    393216:ft7uCm/f5fN8hPXoUOa7zJ6jhEcJb86vdAIBU6mIJO7SCBcmxN6ca:f16f5fN8RXoU1Hir186VtRmP+ZmxNM

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.feelingtouch.gnz.realistic
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4319

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.feelingtouch.gnz.realistic/app_data/eventlog
    Filesize

    562B

    MD5

    f9cee186e7a754ecc9a9d6d580f406ac

    SHA1

    c01e922b2244539e4378119bcd1244df5f3711e4

    SHA256

    937fda3faa50b13932746787c41a1f6a5b34951badf82d6e00f3889d41084940

    SHA512

    c09ac5727efb1d70d44dc5a8a4aa580dc5cf9e6a3777b14df4c44fdc20dc1bc4e86117cd81b60d173bcb75c7485dad180a785f4b538b1d85b586845871b4ccf1

  • /data/data/com.feelingtouch.gnz.realistic/app_data/eventlog
    Filesize

    564B

    MD5

    de589cc95c65e07b4b7cb263bdc3a0d5

    SHA1

    c7dad549904aa960a441e5d1dd404d7c2bece846

    SHA256

    890b07da5fa6904bcf3ab871a53a41db745aa112d722832cb2e4414ff7e1fe2c

    SHA512

    1d04ed192bafaef72ddc6b10b610f54964fb04cfffc4a9e83a8b44ba4d0f4767cf5cfb3b8e5c3e9ef2feb85af6cab6cd8b9d0d51016bfebb411b1c52a84bd994

  • /data/data/com.feelingtouch.gnz.realistic/cache/inmobi.cache
    Filesize

    2B

    MD5

    99914b932bd37a50b983c5e7c90ae93b

    SHA1

    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    SHA256

    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    SHA512

    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

  • /data/data/com.feelingtouch.gnz.realistic/cache/inmobi.cache.data.events.number.network
    Filesize

    1B

    MD5

    cfcd208495d565ef66e7dff9f98764da

    SHA1

    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

    SHA256

    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

    SHA512

    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

  • /data/data/com.feelingtouch.gnz.realistic/cache/inmobi.cache.data.events.timestamp.network
    Filesize

    10B

    MD5

    8527dd788105e1a3bb3a4e541bda0bac

    SHA1

    e40641a2eb9012a740a9d8ce4072fc58efdc24ef

    SHA256

    7da76d0a884189a0c2ef19f2dba89898b2eb0a9eb88f8c8e8311968295ed45e3

    SHA512

    c002c463b3f8ce6caa0beae0fafc289f04b8fcc9a1ea91df587cf4e63dae32e66f863c763a5882686dcd05ff8f7045eab1bbb626aef5868e9f2a0066acb2a735

  • /data/data/com.feelingtouch.gnz.realistic/databases/countly
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.feelingtouch.gnz.realistic/databases/countly-journal
    Filesize

    512B

    MD5

    0e8e39606b7e70ea6b8c36ca5ae275c6

    SHA1

    7b645726959468f17584793bce55f99bc4c93a8c

    SHA256

    c182cc3f3fbf404ca2cb9d98032dddaa213f1293347d358821dcd14f5efbcd9e

    SHA512

    a57ed911943c32da84526d8c69ad83dde97ed156e27973ff030875419de9dcd4dce6a653d607d20fe0b166eae78436880de722ece1b904763d9ee0092b35492c

  • /data/data/com.feelingtouch.gnz.realistic/databases/countly-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.feelingtouch.gnz.realistic/databases/countly-wal
    Filesize

    40KB

    MD5

    43d800605fe6f6ca45632c0028e088df

    SHA1

    ea11b7d57f9d744f52eb09d2ffac081396934a81

    SHA256

    8af9b03be2847654f3792280f31941e429912c84f8e981426ca735c6808741c1

    SHA512

    e3ddfedfb4bbc0ce978ba5bccb881f243535f78b506e38cf39eeba8898823cdbe2e1da0bd6aaa5b19fc42ab4a84259fdcccff878c1a8b29f8042b1012fa3c654

  • /data/data/com.feelingtouch.gnz.realistic/databases/im.db
    Filesize

    16KB

    MD5

    446bcead19385f21fa4d50b4009f3500

    SHA1

    08c2973c98014faab74dbde0aacf8814139a8976

    SHA256

    60baa7f0b33e8055faf74e02761daa797763e42a35606f9049be15e46543fe2e

    SHA512

    2ec2403926e3b862eede11756f675ce722b44e0a14e395942e7c80247217795bda677d96f121f7356fc55ffd5bcd23144b222638542d0c35c3a9a549504ac57b

  • /data/data/com.feelingtouch.gnz.realistic/databases/im.db-journal
    Filesize

    512B

    MD5

    a6892d03bf7381119444ee1492a60624

    SHA1

    9493a8f86621b8bb09395e9cd116de21b69aa428

    SHA256

    8b85458d08b1d41e0945cc6d1e30dbf05ced624b17e880fd50bc5e91856e83cd

    SHA512

    b37a0ab032118e0ba747805c21283d5b97b49f709973d657883a8a9b9fa15458d2c7d47181b4c3ea744731fe5b1c513c3c852f3e683095d78e38b7109bbaf1e6

  • /data/data/com.feelingtouch.gnz.realistic/databases/im.db-wal
    Filesize

    28KB

    MD5

    cdca5453b2970471ccf792dfe3e3f825

    SHA1

    5ca02a911e2277e870e5b6ab7e0c6525393ba123

    SHA256

    84747bba0f7f2ea8f6d29ac0ad055df81fa8e0512f60544608409be977bf8e41

    SHA512

    9b53dd731bb7ae37dd3a1916634e514c62f3bfadefd0cb42d55fb34cfab20ecfd47616eee7ed6386147024e75132d0ddefe843a1376fa9c5002c5e3947ebc039

  • /data/data/com.feelingtouch.gnz.realistic/databases/ltvp.db
    Filesize

    48KB

    MD5

    1a5a1107f50852a18c5f8bc48a76bee2

    SHA1

    329954a2b8847b92d9613e625c0835dcfa546189

    SHA256

    110779476cfe7e01c48943a4cdb69f3489228c0d2b9665e8b6268e27eb8a2984

    SHA512

    c4f9364bc39978b787a78d94a28d5656c62067f67329ebff45159ddef9bb85521b8bce2c9411a920ef7e9f26c5d00622bcd04485d7b6fa87e758c3826028e480

  • /data/data/com.feelingtouch.gnz.realistic/databases/ltvp.db-journal
    Filesize

    512B

    MD5

    9ac6fc2499c038ed4081d06d65754b0f

    SHA1

    701bec6f297c8f2838aa32ae0e23060c08bade43

    SHA256

    c659239404d2cb2e98c8fa5090fc842b927981efad989c422b6dee4e8e1314b0

    SHA512

    d0ef5ccd9da1ac935fceec1142d06320780559fbd81fca23c032e58f720ab86f3fc77c0ebddbccc3ff7b91569e24094066bac73223d74f579af3ac9c0d001dd2

  • /data/data/com.feelingtouch.gnz.realistic/databases/ltvp.db-wal
    Filesize

    68KB

    MD5

    c8c38a55ac6be0e2bbbba531ab9bcd4b

    SHA1

    b9003bdc52424c965e20ca47ee7d3d50732a48be

    SHA256

    9d2dfe9beb7c69535a092aea9ee93343525c93ea950334e90883e78e4749e613

    SHA512

    cf67b43cf2e7e57fb91d63c467092716c83170c331e682728583ee1dd57de6f67cb9af5ef187a4e97a22fea91f7962e4b828458b873dda7c219ea897204853b9

  • /data/data/com.feelingtouch.gnz.realistic/databases/vungle-journal
    Filesize

    512B

    MD5

    8fbe3273616c38a7bfa3c46866fda1f8

    SHA1

    ac458119fa2717c3ae69896054ed3db0443caf1b

    SHA256

    53749558ce432594ab51f4762b7322d602576d0acbc497ea853a78c69e691a86

    SHA512

    7d432c6d4a9e2844fe3841218afaff549bb09bd68008ad9a7cb79324a32af83a1c8416bfbf4f4bf32ecc476e66d384bad7226e777d2f92446167cf05888d0a1a

  • /data/data/com.feelingtouch.gnz.realistic/databases/vungle-wal
    Filesize

    76KB

    MD5

    619c532832f91fb9e9e3c6235109f8ea

    SHA1

    e47d42f620dc55f9b85e0ff3ac2d1f2f3e120ee5

    SHA256

    7d74f0377abc7c162c2e9b9f86ee1fce36d783fbb508038d9b2909a64199322f

    SHA512

    2e1bb2e986f5abafe319242c3f4d919707499ffd7ee2d884ec9d39a8c5d8e92d70f015b8631e486de430ca3ad53acfca42838bc58e02a7f8923e60639aa5e2b5

  • /storage/emulated/0/.gameAd/com.feelingtouch.zf3d_LANDSCAPE.jpg
    Filesize

    113KB

    MD5

    7c9b8726e2028a3e5bf0494db1d6d0bd

    SHA1

    c357d02aa55f78b0c458f45e39fc9b2791a6337b

    SHA256

    809e5efd83df13416a5a7223d8c09eab126b1d37f9b73a7f6ad9ae0c1ee1de4e

    SHA512

    9342b01c3c567324cc9565bf0da781173e5040256609271023dd2c43f339567d0d04ce27d351418856a1a1df30d53b8bf1a4d98305b4312ec560b2107b9d2d61

  • /storage/emulated/0/.gameAd/icon/banner_ad_ew_en.jpg
    Filesize

    124KB

    MD5

    d369fe6614f1de745536560e16ae1761

    SHA1

    4e034c3caee28601ad804f72d0f84dfecd0e7618

    SHA256

    94b17cdd0513f9989e7789d2bf4475deed1ed734ff42b43f15a391c3c3b449b0

    SHA512

    e5ef1183463c8b0d7588aee1c74de94cd4f0d5ca965052440f13f2f160ee09f56146d13bf5506d0a74c3ea47bbe8e4acc0412b32b45e66dd7c39d36665ce0b3d

  • /storage/emulated/0/.gameAd/icon/com.feelingtouch.empirewar.png
    Filesize

    23KB

    MD5

    e49c0dba932ca6626bd0832fa8ddfc7f

    SHA1

    9aa717a4ebc0811401791122c8d05a6ff43cc77b

    SHA256

    3bad0da48acbec9ec7b72d16bd3c099c0c339bd94762fb0e2f892c4471bf71d7

    SHA512

    d4a28fea07f3dfa15fb7bf587cb27b6e352f720f1a26d3ce13427bc56a049f899c7a64c6796b948d1fde3ec8980f98c715c3155cb7d4432ebd225f482ae19e61

  • /storage/emulated/0/.gameAd/icon/com.feelingtouch.zf3d.png
    Filesize

    24KB

    MD5

    11d1d09d5ac7df654da6370c926f465b

    SHA1

    7774d0a7bd818b8233d60d01ae6fba34d9d006fb

    SHA256

    1a20613afb04e419b1e80489a67df0ce2140e482b3405e8eb7606c3ee5a432af

    SHA512

    87553d42a0c9baecc2a2a5ea417bb7d29383ff59c17e2dd442f39a9ad3ca3a2eaf36f14acbc3c6cf3461db7502119c1fd34af9d83b0115b677774cc21b5588d8