Overview

overview

8

Static

static

6

b1aea2bd2d...18.apk

android-9-x86

8

Analysis

  • max time kernel
    73s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16/06/2024, 04:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b1aea2bd2df9cdcbf0dd6fc203df3774_JaffaCakes118.apk

  • Size

    22.8MB

  • MD5

    b1aea2bd2df9cdcbf0dd6fc203df3774

  • SHA1

    293ebe36e06821e937e10281aceab772d2fa27b4

  • SHA256

    f89c677125457d43557c9ad6c1de921f3bca0de71180bff34a83aecd4272703e

  • SHA512

    49005b7b2d75fad3144e9acdcee850bf5f5a61ab4f938758c68cce0663413bf5f3230c072b451688bc4924ac68cea91fc5fa7b00f339ef342b22d0a7c4d5fb2d

  • SSDEEP

    393216:9Q8aROTgDgOsmiklDoWkRxYNikby5de8UPc/wLD9cGAzCJhLPEG/Az:9ZaAwBsolDrWxYNC/wmxqPjA

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests cell location 1 TTPs 3 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact
  • Checks CPU information 2 TTPs 2 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.smile.purcotton
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4268
  • com.smile.purcotton:pushservice
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4340

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.smile.purcotton/databases/jd_reportStatExp.db
          Filesize

          4KB

          MD5

          3107362ca2dc017b0915ca0b38eb2def

          SHA1

          f3f49a3d69f8510247dcc12e99c6a238eefd702f

          SHA256

          306ddeacaa59309d426061a0729b7a212e6cf221dda4c6fbcf29d628ea48f2d0

          SHA512

          e7d4ebf649e4c33106062dc6e7ebce2153dded17352830395bbe1c44cfc2d8b0f8a0cd4aab86c0a63ac28044fba75a5e12d4a94ad535b0d3814a009228680626

          Download Submit

        • /data/data/com.smile.purcotton/databases/jd_reportStatExp.db-journal
          Filesize

          512B

          MD5

          9197b16b334f0a67b23390570fc583d1

          SHA1

          cee28b31d97cb47223a59cf5dc0c5106790a4ea9

          SHA256

          121e06b0b117048e33891412d3c8ec19147576a533b1de2a2e6cc903ff33d563

          SHA512

          65f587963cee088516bed47f0cd726bdfe92a5e905379b23edddbd1ab65dd6cf08b61ca94a8a0a2db9efe7c619bf0bbc73f3867224b89ec33f4957f9f5e2de5f

          Download Submit

        • /data/data/com.smile.purcotton/databases/jd_reportStatExp.db-wal
          Filesize

          36KB

          MD5

          3adc51e4729a975b416c0d02da564798

          SHA1

          27a5a7f65ce9945d60b788fc4885c9efd4b3266a

          SHA256

          1f890c69c5b4cb3c9dfba19f3d5df792130710e839d3fa4ba70135cde4e1a71a

          SHA512

          e9ea6727780e74c99a4677a1445c0ed36f211376531b48c148ec17883a55866096f19ec8c56b12f6563711f6cb3658bbce338a5917fef56cb91746ce9ee28e67

          Download Submit

        • /data/data/com.smile.purcotton/databases/pushsdk.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit

        • /data/data/com.smile.purcotton/files/Archimedes_p4
          Filesize

          13B

          MD5

          3a78f1ea858c582d7d5ccb1b02d6af84

          SHA1

          c02f4dddc9955254c43566751b3cbdef69c70398

          SHA256

          0ef70a934e526a3c5a219985f156f675c78cb3b0c2421a6c7519d09efbb1d8ef

          SHA512

          c5b84e089142e39fb2017367ac40d6b33baf7558bb48a2b126b349169ee25120fec952a998f8e9e84b0bb7f464e6334939b5b29ba17b9d72c65f9de360d703b5

          Download Submit

        • /data/data/com.smile.purcotton/files/Archimedes_p5
          Filesize

          13B

          MD5

          972211cbe6322161589d7338435b845b

          SHA1

          4102a2c06b6b5851295c20b49baacef5c0513554

          SHA256

          98d216442b60aab11fc854756f1ea55b489749e05b7f045292135bfdcbe82c6c

          SHA512

          17f31601b512ac2465c9f4a3f5fb3fc54e95c943fb948f12d77a9617261e1a6aff87d4b6b48d3d56709928efe2e1239fdde5d1962be5c6094c9271c398ad1ded

          Download Submit

        • /data/data/com.smile.purcotton/files/_Ladder_Project/Archimedes_p1
          Filesize

          13B

          MD5

          00680c132bdb43f7d332dc85bb54eebd

          SHA1

          f1539b2a1c922c5c486de4e4e93595fd329f4cb0

          SHA256

          50ebe870c91bf0e2d45e945df3d0998a6098d4deaf6b18d7d122363085e3290a

          SHA512

          b504053f83d7ad88d36bcc9f53790d793e13c93043923296ac9f0c5334491b3abb522e2e6d946c04fc44873cf9a50baa59985d850241e612b015dbccfd455d7a

          Download Submit

        • /data/data/com.smile.purcotton/files/_Ladder_Project/Archimedes_p2
          Filesize

          13B

          MD5

          1a6b65d01ad4692056228065af7af296

          SHA1

          f243759f3c2bc4a529702cce9a8f79e38faf8b25

          SHA256

          2e315910d17d4255ba7ff74879a8d3df7ddad3730361b03dc117d68ac19ead15

          SHA512

          2a5b5b3d4c2b0e34edec1ad351ea146dd1f0fca5128ecf744f6c2a48be185c534805de7872d386439aad68e701a7533440b98618f5990f2a2dce910ab07a13a2

          Download Submit

        • /data/data/com.smile.purcotton/files/_Ladder_Project/Archimedes_p3
          Filesize

          13B

          MD5

          f22e7a288c18ce337007d06fba270b3d

          SHA1

          cfaddea4e86c9317c350c0bdf23dd697471ef02d

          SHA256

          779fbd8251d6ae471bb161ac81fbf28eb0553a03a90dab6c3f9b02bc957bbfbf

          SHA512

          ad960493646f13e60c46dfcfa96d9d87711083246cc3c5efb9577e2aadee8d01117d8d4d9e80f19ad839d9eac176ae6ca790d5a0b8c3f6ef345fd1ea8cd6e37c

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database1SaaS/1718511360578_4340
          Filesize

          2KB

          MD5

          70cf60780473da80d645f510a6b547d7

          SHA1

          5480d19e521493ecd969dcde738353c17bd2b5f0

          SHA256

          e74a6bb52591fba20ddd110147441c162f2142d1d8e6e706aea0b8bcc0fef24c

          SHA512

          965f911cf793ca1b8f8b652fba2caacbd08990d6f2d6173e581192569fa2e350b4c16d3f1bc216fff31e493e94c1f670b8f4de46a49f44f3a0ebb747ebc5f52a

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database2SaaS/1718511360123_4340
          Filesize

          2KB

          MD5

          886b43d55d211cb0a7db6c2ec55a6f5f

          SHA1

          7ede1aa7a863276def9f479b8ff2b2e4099fdb04

          SHA256

          ce5015f4abfa568c76ace51413c7e1342a92effb533b64ed54d38c08f6ce8430

          SHA512

          de8ccd4356a27d9045587501ec0175f64d4a17ddd08a0b863042a9d0ad423137c84d19150fd00743f55e5383e0c2cbe6f9499a50185d09eea22abba560cde63b

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database2SaaS/1718511360286_4340
          Filesize

          3KB

          MD5

          60b577320c56e507bb961ef3c8cf6f5a

          SHA1

          68635d65835ddd4536ec427aad7afb35972295ea

          SHA256

          bce8423dbabf135093f4ae7623372bbdf55611da0a7b9e5ddfc7fab823b08b85

          SHA512

          6a60b8dc655932f630fc4426c0b5748845f41d9fc92c8cd6d07d02417cc80c38a68f24cb6f4c9940a348f9d57a8d38c9a1f906ba4215ad7bf1fb07cabb3cbe89

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database2SaaS/1718511360389_4340
          Filesize

          3KB

          MD5

          1ef91c580b2cdeb48c016b821c736055

          SHA1

          3c86f830f32e9d71b03ac3db4d3c3711e5f4c7a8

          SHA256

          eff10b143c174e3dc3cb24476365afb41ac0c9590acec844d78e7be6bd4d4fed

          SHA512

          ac06817841a8ff042405601586b20064dd182ccf53cff2fcf1ef43f4ff20b2c1ee05e306d459217482c7d9ee460039f62dcb41dbd9b90a51d093ab7e5c081c95

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database2SaaS/1718511360754_4340
          Filesize

          3KB

          MD5

          30568d53e41a9710e64f595e4e4c84ff

          SHA1

          a3f6a4c16c2e32b5cf4dee871d7925df580e7cc1

          SHA256

          0517c72a893fc3c7a03e57a9cf9a5c16a07300edfde2349ed869963bbdc5bed8

          SHA512

          566c345ecb8a96da1bd36d9a3282000f09de1d7a8abcd2d66a105cf44d7e843951cfeab2079eb65053fbe6b07b8f86a6e78e46bda12f550cfa837fc73396a3f9

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database2SaaS/1718511360922_4340
          Filesize

          3KB

          MD5

          1f8bffabd6acfcea7d58939b5aa19235

          SHA1

          425e142323efd8865451ebf85c247c856c2d5039

          SHA256

          6b1511bd8a30aad8c006306167193d9a27f86b56e882b66c7282fa93f5d5d9fe

          SHA512

          ca29a33d971b6608a37aea0647feb09181686b7e60d6f27cc44470afa1bebff73ab1cc675f3a83244fe838ab554518b6ed6dc3ad7af16d6276ba05ff00589b0e

          Download Submit

        • /data/data/com.smile.purcotton/files/__database_reborn_January_one__/td_database2SaaS/1718511415555_4340
          Filesize

          4KB

          MD5

          312e510bf19383bdfffbac52a6437e6f

          SHA1

          5e8e23a670809ed58297012485b458233e651223

          SHA256

          1800f0d8e73df62079f570bd5de4a5d61533e2104f057191475fe8ecc461326e

          SHA512

          900bd90ec810b993e31e0dabca6903fb811766778598f7f4575de259f944ba9b82b9c1253c34904b843b9aae089dfae4ea57de87c02f0f8a0a80bcf730a1a43c

          Download Submit

        • /data/data/com.smile.purcotton/files/init_c1.pid
          Filesize

          14B

          MD5

          db44a30b0215f93714b829abd2dc01b5

          SHA1

          47e8e6c011af40f332c8a9c79a7ac2b552d4357c

          SHA256

          58460d44398129318988c929bf0c6e0f6a5abd59cc171ac9d15cb9d212e4691c

          SHA512

          5f1b00f18c0110f10a9264ec660c4052870cfb33695c55ff79b87eeb63a7903a5ffa10cd218760375da241f575e5237df5a490a168fffdbf675094a9ed60a4d6

          Download Submit

        • /data/data/com.smile.purcotton/files/mPBE/iv
          Filesize

          63B

          MD5

          a7dfa503d8a28c1de7f8c88932f35aa1

          SHA1

          081eadb1c6f49997e13463f38d41f54663f58e68

          SHA256

          f44130a5ceb2cdcb7f94079b9d539f4860de1e6952d29b49ec9dc2c49cc180b0

          SHA512

          d65bee1d58711bf8cda0e9dc88cd6b54ada83341c01a31f9bd4104a47bb5a4d43ddb3fb7338999a9eaa2a508a7896b1e956027f02bbb564d20d8b9aa7c8df3d4

          Download Submit

        • /data/data/com.smile.purcotton/files/mPBE/salt
          Filesize

          115B

          MD5

          e191bc83eeb097bdbb32cb4502ef6e2c

          SHA1

          e6cc09fdda5510308006431b2373cf937381b723

          SHA256

          eb6ab7f866891d8c38ab95650976e598986c86412280892c943f3add81a78a15

          SHA512

          2f16780ecb91139c2ba2401069ff8d2d01555a1f79e5e8ecd2b6c720a06fa1ace0cd1d2d8b787b5f7b3dbaa96c6257da9ece58d3f7e5a429b47a108a13dbdaa5

          Download Submit

        • /data/data/com.smile.purcotton/lib-main/dso_deps
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/com.smile.purcotton/lib-main/dso_manifest
          Filesize

          512B

          MD5

          e4fb1ff748ab5aadf223794e6ca329b0

          SHA1

          aeacd64ff32b99ac4b70117aaa9ef5c9f5f865ad

          SHA256

          81ac2e033bdfe0a5ab070b0ac25b403b42c114f1f0255fb4822f229651d6ffe1

          SHA512

          e8da1305717db4b96623e71791166dabe166de462eac607737ca4152b6f33cfbb5269d5d99da171d42f346713262857b47e845022c38c7c7b1780adaada18c08

          Download Submit

        • /data/data/com.smile.purcotton/lib-main/dso_state
          Filesize

          2B

          MD5

          99914b932bd37a50b983c5e7c90ae93b

          SHA1

          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

          SHA256

          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

          SHA512

          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

          Download Submit

        • /data/data/com.smile.purcotton/lib-main/dso_state
          Filesize

          148KB

          MD5

          a4cd3db4dfa977f07024d70206005078

          SHA1

          152ac564fbbbea02cf5cb3ece240816164f35759

          SHA256

          b0a942b8c4665e0b9bba21788971201a38a4c1392834b8d5ddf50bc7538b9b11

          SHA512

          072e6f91caaea33523571c6f7ded00fc927aa983ab007bf3f034d24981a883281099b510823c226e7d2461b2b8e52b9f6207c6d51b92dfffd710b1cbe6182554

          Download Submit

        • /storage/emulated/0/.tcookieid
          Filesize

          33B

          MD5

          7a6fd7e798d82e7d271f99ee7ea567f8

          SHA1

          6abd1ec5a813e2fbfdbf22900c08b579077614dd

          SHA256

          5a2472c2c93f052873bcae0a120a779ce719d2263e75de17ef6aad59d2ac8b21

          SHA512

          d1ddb0e2788b0242ca3ea9e457747c23a273dcd4ffa7bcf6445330dcf02fafa4ccf1495bf6f847e5012c1e9b007a4f380a14d28197f7feefa085dc612e9d5a4b

          Download Submit

        • /storage/emulated/0/libs/com.smile.purcotton.bin
          Filesize

          68B

          MD5

          c180c938cbec0079215b5483382e6693

          SHA1

          9e791c5428890e36a2d7d37716b26615895cc901

          SHA256

          3655e3a4d48ad4f127f7e8bd60235e25a707724867308ae659e293080df99d81

          SHA512

          1b23890ee04b7fdc1491553286bb9e1746ae85188e66f2ed86b878e7b39c3c26841b276ad1bc8ceceab587ee9afcaf21221af094c5f2497a8bd08a6584003d08

          Download Submit

        • /storage/emulated/0/libs/com.smile.purcotton.bin
          Filesize

          68B

          MD5

          67bf6bb2fbc20a16b98ac9968d595cbf

          SHA1

          2aaa7625317db335a0af3448482578c838dc505d

          SHA256

          65d6faf4a82d5ede8cd7a531fa94194e442d09d0708e82ab4d5d583624e96300

          SHA512

          57b0b5c847c3158894ce5f928df15f448f0f128c3707a90963fa1c18a1da65a55ee0d178ffaacef9017d294d7a8bcca98e4b56332178193c776a0028c239b7f0

          Download Submit

        • /storage/emulated/0/libs/com.smile.purcotton.bin
          Filesize

          68B

          MD5

          8b1adb5bac0aa45b7f34c84015013116

          SHA1

          1cae8fab406dc4f5aa7168097fd8359d7a214eb9

          SHA256

          b695fe5d98c9bd12e1016ef42d95827af0ca1ef00287d924995338b30a717d3b

          SHA512

          389bfaa7c53488e42d51dcc1a8f4a10e3b023d2fbeb8a1f8fd88d5bee8947e4e2a0097bf49f54b6b1dd6785be9a07fb4bd2583586e8d9e91d852ed259d28ab64

          Download Submit