Analysis

  • max time kernel
    56s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    16-06-2024 19:18

General

  • Target

    b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk

  • Size

    5.7MB

  • MD5

    b4c6b383e262e14182ad09d91bd7e70a

  • SHA1

    4b5940ae51498243dc8cbc371ea5563a8f0f1c3a

  • SHA256

    29b48fb0b4dbddb296a29db4d170a0db8b0292bbb54d3366be692de4e6024525

  • SHA512

    774f6f2326fce794735ab415a54fe63c70272e82dbee139bfe6182a31574856296d47387c7dd755ebaddd139ecfcefeb8348a5054a39b7e1d8ae6c9b5d2cc310

  • SSDEEP

    98304:hrN3jgDXGmAVDGByJBuIOGYmwUypXRf+/GS4aAvCQhnq9hIwDDZ4uv4L6b7v:lNUixcyKvmwUypXRfWVAvCsn+WwXrALG

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 6 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Checks the presence of a debugger
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.kevin.videoplay
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5120

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.kevin.videoplay/.jiagu/libjiagu.so

    Filesize

    480KB

    MD5

    6e8ea47d2d8500b7fb8855394fdf0526

    SHA1

    d3c719bda605cd787c4acf30507edb76b7fb6070

    SHA256

    cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46

    SHA512

    385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70

  • /data/data/com.kevin.videoplay/app_tbs/core_private/download_upload

    Filesize

    56B

    MD5

    4033de806432b74f105dd13e6082b7c6

    SHA1

    c06e90cd899c531d4f07668528925b2720a1d02c

    SHA256

    70d12d547804728a76e7f856f979119d9b47350d3cd698762554010529e25f82

    SHA512

    0e43bbd334569089b9514bf89c24c7d024233c379a5202ec8a35cbf22f72d06ac142d24f803290cb3d9b63a8bee46f93606f0f71051c79bca5aeffc70607e1c7

  • /data/data/com.kevin.videoplay/app_tbs/core_private/download_upload

    Filesize

    56B

    MD5

    a694bc2f5d2d77df12ac4cdede954105

    SHA1

    f540b49316a2d8933c7a3b8e70fd85c47353ee6a

    SHA256

    5414d72b21871a20f8af65efe4163d8c1a6f8117081394f98eb4475eff28085c

    SHA512

    cb282f347885dfb7ba08b51c79f9ea8b919fe461da1db2e65eaa8033b9766b6d7618bfeabc1138896a313ae061addafd24cd042c01668c86f76bd654a0dc1a05

  • /data/data/com.kevin.videoplay/app_tbs/core_private/download_upload

    Filesize

    84B

    MD5

    bce23881558db9ebb017640091f04d94

    SHA1

    4d2e6ae1069f545d5bfb815246c7bd11d0c954a0

    SHA256

    3c9050ccd3b021df78b282658f2058c475e36937a5add65b3810c475b2af165a

    SHA512

    45c1e0d61f450a993f6e8d5a555d05c151e0d2945ab0c801ed7e1d030ef703d8af675b163d4acfe10e59bef65bf62fdcba449eb567ec9150c2dcdab51cd081ab

  • /data/data/com.kevin.videoplay/app_tbs/core_private/download_upload

    Filesize

    84B

    MD5

    7f7432ea0a03e472298ba14fc1323fea

    SHA1

    02b208fb80e9c5d24171919bc65b9e8484522e26

    SHA256

    d1f042faf2c354816475d9555bf9e9331fe41f5807307227949f75695c115dfa

    SHA512

    74d3f3086f2a297309de5678cced1713612f5133aa44158a154d71f63059410caefe64a7c53f7c4d077d73cb076ca855b990c9549b76bb5fec842aa7059ee23e

  • /data/data/com.kevin.videoplay/app_tbs/core_private/download_upload

    Filesize

    84B

    MD5

    3f0450c64623d5b744d8bc15a7ef73b1

    SHA1

    589999a8d019e7725c97388ba5fddaa038304ba1

    SHA256

    6d0bab52f0aacf47956f57ca46980f9284f338c6af7dea52dffa3d9ee0e2fe6b

    SHA512

    34ab6107cba574ec7a5101a7c9f62301882d8d65c0f737b5b6009aca5cb44010109221e57be168c0db594b2f3ae310506206a1b4f8b85f5a8e48808c7992d371

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65BeginSession.cls_temp

    Filesize

    77B

    MD5

    5b55191a8b95fccf9e031ac7d6fe0513

    SHA1

    a1b0d2d2919ec879ea1c4d85b90eec70da8fda9d

    SHA256

    dbb11dcc3362a74e0add194ef1404f1aaa18979ce19518709dcbabcd385d44dc

    SHA512

    eee2999d55984eaef37f0c87c9a5cf75d96601053f93f7c9b2cff4d070cced82e4555750916956effaba518d411011b8ed4f4ebc4be9e9bd4b96c39a04c3eb66

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65BeginSession.json

    Filesize

    132B

    MD5

    d7ad9b35bfc992c08e4b99180a8fd138

    SHA1

    77281885db016b542b0a30fe6ba5e388bb22e0a5

    SHA256

    492bb1f6f144ce69f56e1bfcda308e1e9df0a3dcd4d8fce67b43e28a66923e98

    SHA512

    e1af6e95e5793546046d08f21da4b3c06ad1e462e60efc1433697c150bd97d5f6cdf6b505473ef2f89ec32b5a5252ac8c3ac853c06df5ed88e1a38b0d1c14ddc

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionApp.cls_temp

    Filesize

    120B

    MD5

    f6002ef53da2acf27d2ce63812d74e85

    SHA1

    eb76ce7eebe4c8ca83b624b3d80eb401fbced3a9

    SHA256

    9e45de90719b1afeb38f1f6457387fbe1aefd04237ede3ad5b43c251a8f50aa4

    SHA512

    91584ff3c9e3acba1bd2d034806265c3b48913155e08171d443493cd79505d8e6d5b444125d13012a14ca8f7fac24e3a7e3ebbd773ef76c514ec420ac96344e2

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionApp.json

    Filesize

    234B

    MD5

    77a72fe852cd8b47480b4358c40c97f6

    SHA1

    683be58ef7aacb7d072ff7182f3f48fd0cc3aedf

    SHA256

    6aea6890ae75c8400f7a22395dfb6f777529fba085669f5d83fa5446bd2c9a39

    SHA512

    9bb2a3ca7994eccc5d1af21097e090178e54add4dddb77fceadcedba8f73a91f5ba09663eee3c5297e0328f84178969b6397e2536278ab2f4596e553b4a8f78c

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionDevice.cls_temp

    Filesize

    48B

    MD5

    eac6d1474885f59437574c5c4d66ada8

    SHA1

    01ff3f4a28aab0cc4e573c911ef780ea4724b40b

    SHA256

    2a45113737b67eabf415879225bc555ce3d541ed8e3e2170a3039df7756fcec3

    SHA512

    eac4b3d971831de5dbb9e15adcdb4ba2d1b37db98f6c9449d73c3973bcf533f3fb654a2abb1458591b7d79735680a2ffc94194bf679fd2a0fc302c009ebe19d5

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionDevice.json

    Filesize

    202B

    MD5

    7035946b6c3aee2746d9e33c794ee882

    SHA1

    24f8081cac43bd874d2fc52ebb8accaeb3e83848

    SHA256

    54f361d33ee3d44858e934e98391fff56914442e2cf83fd8091c41fe5104608c

    SHA512

    ea06098e819716d7017cd2736ea7d71291d9abf20435f27ae084bc3d66494b824e9f3fc35e16bcb00a6f0bc27fe5d2e44aeb4e9eefb299813e660bec5d2b614c

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionOS.cls_temp

    Filesize

    15B

    MD5

    2566d27ce8c28d8961f082c375d7535e

    SHA1

    92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

    SHA256

    5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

    SHA512

    1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionOS.json

    Filesize

    55B

    MD5

    5caea4b68c57072f7f52a5a41720566c

    SHA1

    4d9712f1702c7238949da43f7d8ae6efb233a666

    SHA256

    3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

    SHA512

    fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    438B

    MD5

    952256f02a07bcbbf693f02cfa2b0a88

    SHA1

    a151f01b508739e87249dd16e3018e311c329eb0

    SHA256

    f82638449834873fccf2c8eb6a25177898bfb2ffd6fb9f8075f403bbff7d13cb

    SHA512

    6e530a5d4d2ea799c1e1ce5167f66cc6f2c1da55d1025ddc9d3731f4f6a5bc09c522e78d32ba16f13ebfccc95775d28e64cf1f880f9cb0d7e91e18ceb411024f

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    899B

    MD5

    d181067a6dbab9dd0091be46535d4129

    SHA1

    f82ef2a2e68ff17e8257a10218abe5383a222f61

    SHA256

    f278f2d74cdd53ab2a439178dfcf92532db000f0ff1caa0f0a4c8e4b641b1095

    SHA512

    07ad65a99a5eda3ace4281d0372fb11b1e70eef030ccdd012973f352750c97e3c702a811abc10cf64abb2c00c0de5d74e1877a20efd09f31e4964ca7609c1918

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_36fad8ed-57a9-4ed3-ade9-5e6e747fb9dc_1718565542049.tap

    Filesize

    348B

    MD5

    4c110ee2a193a230dfe7914383312d22

    SHA1

    4f3d780edeca761f1cc9dcf53146ae0accd67173

    SHA256

    5df750c37d8059229d81ac3273c4347e3b5a29c9d00199df6ccffbb652aa09b5

    SHA512

    f67c85ff1062160a3c5e5a8a7993c4fa887798cf459e973995d454323cd32151b52d8324f46b85b53558f026fdcff15a673a7cf92c481239aa2b9a04ab361c37

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.ac

    Filesize

    40B

    MD5

    2bd73a6218967d79fe092700f01637a1

    SHA1

    91d914c50932fcdd719c0119bd5d2fe31dbc261c

    SHA256

    e19ab9ecf32821c854e497f4cda9ce8fd50735b486d989b06a564019bd667cfb

    SHA512

    45cc3a6f9ea76b7139764388f87b2fea771064d3667cd74ba184adbbb486f44d9e70645014cfce6eb0c346ea475fd172c47565cc0e3cb0a2c911360fc7171cfd

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.ac

    Filesize

    40B

    MD5

    1c05f0c150032ca47a982392d0303aca

    SHA1

    23d2dfebd80fc3a308f91685ee6af6595abb365a

    SHA256

    88596ff524e6eb149511d8b9b00ccbeabd835a5040bf7d01cc71b4fa3af066a7

    SHA512

    4071ba8f3b3e1235bece92f0532c61ba7e4322eefaf7f89f9666370aa26bdce8ca165604d4784e2510619b6180cd3621803192ed5f3b185a19740c7a37b54d39

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.di

    Filesize

    340B

    MD5

    c2321329c21ee59c030067c6bef76a47

    SHA1

    06eb325b4535c327a678926f961536200e99f883

    SHA256

    6614b762c0d75b337c2838cda1cac15d44da25614e01db032daf02fa1018fb35

    SHA512

    ec548137487c2cfb3424f165ed28786c534013b8bba2d7b594fff2cbbc49a81301a9d942e37c617a23e94409f01242bca1938de521da73c9a977091264e674cf

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.di

    Filesize

    340B

    MD5

    2f6e1d026dbbc3933159ece78147504c

    SHA1

    8d183cdc012a11f1685f1ad6bad4bd2a417a5870

    SHA256

    4d646572a08e1f1e5f4c63439dd786400bfc4feb6986cd3e5d445c0350bde732

    SHA512

    3884e68ef092fc4feeb4c2e6e0d5d44a2d1ede668af540a1d8a3ea4f090d2cd22b07638adae78e3c9fdd6ccaeb0444246d3b76016519548c254a50518f457b9d

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.ic

    Filesize

    40B

    MD5

    6dc46aed34fd53b969f27ad3bf9dcecc

    SHA1

    0de2e9f964a16ca0aeb6bf818dc5797dd9f067f3

    SHA256

    5a0273b0861cba688818af475fca957cc38b0ef441d97a6c26bef3d246caa953

    SHA512

    c966c05427771e05b24d6eb3fdea8e87fd6c716a2c21dc7365dd4e11de1e4bf8855d11c48063f94368771d90c532143cb6919b258fa2d31c1f8a42838f3314f2

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.rd

    Filesize

    32B

    MD5

    9ccc135a3e6de847524f6da9b4337766

    SHA1

    59cc1d91332e942dccb23a91c73b7e73628719d3

    SHA256

    4d843959096ea819a5a0b07d4f7a63207758b502383bff96aa71f2c3025dca90

    SHA512

    1c85750a77f3c75bbc4fe9c414a81dfca950b8da2ed4c3eec3eed9a0a5b07bf559a1c3a167bb4994ead1dcb1e51a04e685a7c120af12f170a9c9b4b3fab37d48

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.ri

    Filesize

    314B

    MD5

    7e17b9ac22b8d2c8b5a07cb5388d46f9

    SHA1

    ff076e2c6d2469b56259c103922588c795febf22

    SHA256

    b55396a86fb3f67dddc2a3b3f2b6ea10356f38652c7bbc2ff92e4f1e1e474003

    SHA512

    e1d60c2bcdf5348719d47818e85f1808f629d6a7265a18157cf26b9fc857ff275b93cbce7bbc45c3055c6ee23be3d18044fbdfd9361b795b2a28e03116046fa0

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.store

    Filesize

    127B

    MD5

    38e0829f817d2fc1330034f34eb5a0e2

    SHA1

    5afb9beed41848197e8404bb5728cc63a9d6b8db

    SHA256

    24a92db8be0416ccf16e956464147ea7365798a8180c363424b5789441ab3b54

    SHA512

    8b95c3575dbf73e503413e89ad69f35b2a6fc4b50b91c557bb64ad47f85fedce3169e7dcf15495f2b5ab860beccb522be809582c88a7606cc0f21c5227fe5039

  • /data/data/com.kevin.videoplay/files/.jglogs/.jg.store

    Filesize

    32B

    MD5

    448e391c59eef34ee1defbe4dee4c41f

    SHA1

    df1f890987371d7d8e6963c68b787856e42bc146

    SHA256

    55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

    SHA512

    ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

  • /data/data/com.kevin.videoplay/files/.jiagu.lock

    Filesize

    27B

    MD5

    2acb72b54bcd4ed0955a5d4fb3121d11

    SHA1

    0801e6bc406b755f3dfbe4140eea823300ea08d9

    SHA256

    0761dbf7a5f1c56bfb23b8f1a96e4baaba2709747ae919f2998076ec1d8bb43b

    SHA512

    959fb537c0c41ec74c1ba58c5d5222820f6f1c8df77fa78623dfda5d17b8caea5e34e082683f006d4057476666c2f85a9f26bd09945afce06cfb56d36fb81315

  • /data/user/0/com.kevin.videoplay/[email protected]

    Filesize

    5.7MB

    MD5

    e35953ad80f4c415af2d91291ba183e0

    SHA1

    99d07afe283a5a42c29d5914614eed9504d9d930

    SHA256

    0277cd5e6846e76d59b9c56ca461e2f67c5d51743a5fbbafdfffd13020bead2c

    SHA512

    b49a118a3708229b56a7056e42f51a2f16e033ca1c0d1b8032912ef2c6f3af58b723fdd2d6733a9d1a2b5105e8116d11f875784d8305cd072fa6c32668af10de

  • /data/user/0/com.kevin.videoplay/[email protected]!classes2.dex

    Filesize

    4.1MB

    MD5

    537719937e6e68ceaa123d06e4d78a04

    SHA1

    65ff9fc8be81f4045768c19e769e68b0225a56cd

    SHA256

    308f2d300f5c47210325633bdaa1454925b68bc8d293cc62307d3ff17138d4f2

    SHA512

    e71427cb8851982f960014bc27cf7e55eaf6e270296f97c6beb2fa913e33c24615a264b7c73fab8a81ae89a42a59aec92ae41d0f692effa9f0f7d53fb516fb03

  • /storage/emulated/0/360/.deviceId

    Filesize

    48B

    MD5

    4c4c5285293d5141f582aefa4e038669

    SHA1

    e01852a72e5a8e6f7d63a21426b515118196047b

    SHA256

    36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

    SHA512

    097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

  • /storage/emulated/0/360/.iddata

    Filesize

    32B

    MD5

    47e97e321471eadce7899ee4af3ba8da

    SHA1

    f78a675a0345b846cc24b088121f966452d5b151

    SHA256

    93b7da159d6547e4f6d890b95f927fb75882c74c8c429c7822200fc58a2f1fb8

    SHA512

    0a4c7c16e9be7fed76be52a75bd9bf294deb37deda739517102a133c0636ec84834dcf1e78697da9f07003777e7c659b21ed0cddcab39a0217ef45916dea014d

  • /storage/emulated/0/Android/data/com.kevin.videoplay/files/tbslog/tbslog.txt

    Filesize

    20KB

    MD5

    05a4040505666c4df276f037f5c10fce

    SHA1

    e4cc27b812ae6518b2ff0ae8b74accd5c28b73ce

    SHA256

    c0acd34348ba3ccfe695d41dcd1db06c51ed19f31f2c530a4a0880bc94d46f24

    SHA512

    8294fba2b056440d8024c97e1caa5d43548aefcbcb59e03c8c0514bc8f2fcd35566235c154d1469ffd1096a68feb96d29c284e3d75672e996a946ce66d8c4cf2