Analysis
-
max time kernel
158s -
max time network
166s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 03:53
Static task
static1
Behavioral task
behavioral1
Sample
accd09bf4b4ec9bb71a0d13cc7d7c5b5_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
accd09bf4b4ec9bb71a0d13cc7d7c5b5_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
accd09bf4b4ec9bb71a0d13cc7d7c5b5_JaffaCakes118.apk
-
Size
30.5MB
-
MD5
accd09bf4b4ec9bb71a0d13cc7d7c5b5
-
SHA1
28930816dc9cb54f8f978beb6a6a71eb9d18d4d2
-
SHA256
ffb1fde7a6de7df6363a06db9f277a8ec74c5c143901e4287aa8974938a88036
-
SHA512
c27bca741aa89eb89d3157813b70c22436837952a1072b353413418d0c33acaa76d33b8c7fdea59dcb1bb2161d8323aaf1966c78a97420b4bc854d866f7fa18c
-
SSDEEP
393216:ft7uCm/f5fN8hPXoUOa7zJ6jhEcJb86vdAIBU6mIJO7SCBcmxN6ca:f16f5fN8RXoU1Hir186VtRmP+ZmxNM
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.feelingtouch.gnz.realisticioc process /system/app/Superuser.apk com.feelingtouch.gnz.realistic -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.feelingtouch.gnz.realisticdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feelingtouch.gnz.realistic -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.feelingtouch.gnz.realisticdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.feelingtouch.gnz.realistic -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.feelingtouch.gnz.realisticdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.feelingtouch.gnz.realistic -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.feelingtouch.gnz.realisticdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.feelingtouch.gnz.realistic -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.feelingtouch.gnz.realisticdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.feelingtouch.gnz.realistic -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.feelingtouch.gnz.realistic1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.feelingtouch.gnz.realistic/app_data/eventlogFilesize
562B
MD5f9cee186e7a754ecc9a9d6d580f406ac
SHA1c01e922b2244539e4378119bcd1244df5f3711e4
SHA256937fda3faa50b13932746787c41a1f6a5b34951badf82d6e00f3889d41084940
SHA512c09ac5727efb1d70d44dc5a8a4aa580dc5cf9e6a3777b14df4c44fdc20dc1bc4e86117cd81b60d173bcb75c7485dad180a785f4b538b1d85b586845871b4ccf1
-
/data/data/com.feelingtouch.gnz.realistic/app_data/eventlogFilesize
564B
MD5de589cc95c65e07b4b7cb263bdc3a0d5
SHA1c7dad549904aa960a441e5d1dd404d7c2bece846
SHA256890b07da5fa6904bcf3ab871a53a41db745aa112d722832cb2e4414ff7e1fe2c
SHA5121d04ed192bafaef72ddc6b10b610f54964fb04cfffc4a9e83a8b44ba4d0f4767cf5cfb3b8e5c3e9ef2feb85af6cab6cd8b9d0d51016bfebb411b1c52a84bd994
-
/data/data/com.feelingtouch.gnz.realistic/cache/inmobi.cacheFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
/data/data/com.feelingtouch.gnz.realistic/cache/inmobi.cache.data.events.number.networkFilesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
/data/data/com.feelingtouch.gnz.realistic/cache/inmobi.cache.data.events.timestamp.networkFilesize
10B
MD58527dd788105e1a3bb3a4e541bda0bac
SHA1e40641a2eb9012a740a9d8ce4072fc58efdc24ef
SHA2567da76d0a884189a0c2ef19f2dba89898b2eb0a9eb88f8c8e8311968295ed45e3
SHA512c002c463b3f8ce6caa0beae0fafc289f04b8fcc9a1ea91df587cf4e63dae32e66f863c763a5882686dcd05ff8f7045eab1bbb626aef5868e9f2a0066acb2a735
-
/data/data/com.feelingtouch.gnz.realistic/databases/countlyFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.feelingtouch.gnz.realistic/databases/countly-journalFilesize
512B
MD50e8e39606b7e70ea6b8c36ca5ae275c6
SHA17b645726959468f17584793bce55f99bc4c93a8c
SHA256c182cc3f3fbf404ca2cb9d98032dddaa213f1293347d358821dcd14f5efbcd9e
SHA512a57ed911943c32da84526d8c69ad83dde97ed156e27973ff030875419de9dcd4dce6a653d607d20fe0b166eae78436880de722ece1b904763d9ee0092b35492c
-
/data/data/com.feelingtouch.gnz.realistic/databases/countly-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.feelingtouch.gnz.realistic/databases/countly-walFilesize
40KB
MD543d800605fe6f6ca45632c0028e088df
SHA1ea11b7d57f9d744f52eb09d2ffac081396934a81
SHA2568af9b03be2847654f3792280f31941e429912c84f8e981426ca735c6808741c1
SHA512e3ddfedfb4bbc0ce978ba5bccb881f243535f78b506e38cf39eeba8898823cdbe2e1da0bd6aaa5b19fc42ab4a84259fdcccff878c1a8b29f8042b1012fa3c654
-
/data/data/com.feelingtouch.gnz.realistic/databases/im.dbFilesize
16KB
MD5446bcead19385f21fa4d50b4009f3500
SHA108c2973c98014faab74dbde0aacf8814139a8976
SHA25660baa7f0b33e8055faf74e02761daa797763e42a35606f9049be15e46543fe2e
SHA5122ec2403926e3b862eede11756f675ce722b44e0a14e395942e7c80247217795bda677d96f121f7356fc55ffd5bcd23144b222638542d0c35c3a9a549504ac57b
-
/data/data/com.feelingtouch.gnz.realistic/databases/im.db-journalFilesize
512B
MD5a6892d03bf7381119444ee1492a60624
SHA19493a8f86621b8bb09395e9cd116de21b69aa428
SHA2568b85458d08b1d41e0945cc6d1e30dbf05ced624b17e880fd50bc5e91856e83cd
SHA512b37a0ab032118e0ba747805c21283d5b97b49f709973d657883a8a9b9fa15458d2c7d47181b4c3ea744731fe5b1c513c3c852f3e683095d78e38b7109bbaf1e6
-
/data/data/com.feelingtouch.gnz.realistic/databases/im.db-walFilesize
28KB
MD5cdca5453b2970471ccf792dfe3e3f825
SHA15ca02a911e2277e870e5b6ab7e0c6525393ba123
SHA25684747bba0f7f2ea8f6d29ac0ad055df81fa8e0512f60544608409be977bf8e41
SHA5129b53dd731bb7ae37dd3a1916634e514c62f3bfadefd0cb42d55fb34cfab20ecfd47616eee7ed6386147024e75132d0ddefe843a1376fa9c5002c5e3947ebc039
-
/data/data/com.feelingtouch.gnz.realistic/databases/ltvp.dbFilesize
48KB
MD51a5a1107f50852a18c5f8bc48a76bee2
SHA1329954a2b8847b92d9613e625c0835dcfa546189
SHA256110779476cfe7e01c48943a4cdb69f3489228c0d2b9665e8b6268e27eb8a2984
SHA512c4f9364bc39978b787a78d94a28d5656c62067f67329ebff45159ddef9bb85521b8bce2c9411a920ef7e9f26c5d00622bcd04485d7b6fa87e758c3826028e480
-
/data/data/com.feelingtouch.gnz.realistic/databases/ltvp.db-journalFilesize
512B
MD59ac6fc2499c038ed4081d06d65754b0f
SHA1701bec6f297c8f2838aa32ae0e23060c08bade43
SHA256c659239404d2cb2e98c8fa5090fc842b927981efad989c422b6dee4e8e1314b0
SHA512d0ef5ccd9da1ac935fceec1142d06320780559fbd81fca23c032e58f720ab86f3fc77c0ebddbccc3ff7b91569e24094066bac73223d74f579af3ac9c0d001dd2
-
/data/data/com.feelingtouch.gnz.realistic/databases/ltvp.db-walFilesize
68KB
MD5c8c38a55ac6be0e2bbbba531ab9bcd4b
SHA1b9003bdc52424c965e20ca47ee7d3d50732a48be
SHA2569d2dfe9beb7c69535a092aea9ee93343525c93ea950334e90883e78e4749e613
SHA512cf67b43cf2e7e57fb91d63c467092716c83170c331e682728583ee1dd57de6f67cb9af5ef187a4e97a22fea91f7962e4b828458b873dda7c219ea897204853b9
-
/data/data/com.feelingtouch.gnz.realistic/databases/vungle-journalFilesize
512B
MD58fbe3273616c38a7bfa3c46866fda1f8
SHA1ac458119fa2717c3ae69896054ed3db0443caf1b
SHA25653749558ce432594ab51f4762b7322d602576d0acbc497ea853a78c69e691a86
SHA5127d432c6d4a9e2844fe3841218afaff549bb09bd68008ad9a7cb79324a32af83a1c8416bfbf4f4bf32ecc476e66d384bad7226e777d2f92446167cf05888d0a1a
-
/data/data/com.feelingtouch.gnz.realistic/databases/vungle-walFilesize
76KB
MD5619c532832f91fb9e9e3c6235109f8ea
SHA1e47d42f620dc55f9b85e0ff3ac2d1f2f3e120ee5
SHA2567d74f0377abc7c162c2e9b9f86ee1fce36d783fbb508038d9b2909a64199322f
SHA5122e1bb2e986f5abafe319242c3f4d919707499ffd7ee2d884ec9d39a8c5d8e92d70f015b8631e486de430ca3ad53acfca42838bc58e02a7f8923e60639aa5e2b5
-
/storage/emulated/0/.gameAd/com.feelingtouch.zf3d_LANDSCAPE.jpgFilesize
113KB
MD57c9b8726e2028a3e5bf0494db1d6d0bd
SHA1c357d02aa55f78b0c458f45e39fc9b2791a6337b
SHA256809e5efd83df13416a5a7223d8c09eab126b1d37f9b73a7f6ad9ae0c1ee1de4e
SHA5129342b01c3c567324cc9565bf0da781173e5040256609271023dd2c43f339567d0d04ce27d351418856a1a1df30d53b8bf1a4d98305b4312ec560b2107b9d2d61
-
/storage/emulated/0/.gameAd/icon/banner_ad_ew_en.jpgFilesize
124KB
MD5d369fe6614f1de745536560e16ae1761
SHA14e034c3caee28601ad804f72d0f84dfecd0e7618
SHA25694b17cdd0513f9989e7789d2bf4475deed1ed734ff42b43f15a391c3c3b449b0
SHA512e5ef1183463c8b0d7588aee1c74de94cd4f0d5ca965052440f13f2f160ee09f56146d13bf5506d0a74c3ea47bbe8e4acc0412b32b45e66dd7c39d36665ce0b3d
-
/storage/emulated/0/.gameAd/icon/com.feelingtouch.empirewar.pngFilesize
23KB
MD5e49c0dba932ca6626bd0832fa8ddfc7f
SHA19aa717a4ebc0811401791122c8d05a6ff43cc77b
SHA2563bad0da48acbec9ec7b72d16bd3c099c0c339bd94762fb0e2f892c4471bf71d7
SHA512d4a28fea07f3dfa15fb7bf587cb27b6e352f720f1a26d3ce13427bc56a049f899c7a64c6796b948d1fde3ec8980f98c715c3155cb7d4432ebd225f482ae19e61
-
/storage/emulated/0/.gameAd/icon/com.feelingtouch.zf3d.pngFilesize
24KB
MD511d1d09d5ac7df654da6370c926f465b
SHA17774d0a7bd818b8233d60d01ae6fba34d9d006fb
SHA2561a20613afb04e419b1e80489a67df0ce2140e482b3405e8eb7606c3ee5a432af
SHA51287553d42a0c9baecc2a2a5ea417bb7d29383ff59c17e2dd442f39a9ad3ca3a2eaf36f14acbc3c6cf3461db7502119c1fd34af9d83b0115b677774cc21b5588d8