Analysis

  • max time kernel
    128s
  • max time network
    180s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16-06-2024 20:04

General

  • Target

    b4f4107bf1aab0b6edbb748955180de0_JaffaCakes118.apk

  • Size

    25.3MB

  • MD5

    b4f4107bf1aab0b6edbb748955180de0

  • SHA1

    3bf8738121534f9e6158580297b5133ff2e9013c

  • SHA256

    01343973409184c28d63a6928922876c3e13d340847aecdf7f4714834dd7cd7d

  • SHA512

    daee8d35dc3c4ec9cf5b384bfe6624161b5248fd67e0fde15bd67a794959a59e773740509a6c560bdd4fda4f0b2bc0efd39ce5a458a1cd2c05a8468c2f320ca4

  • SSDEEP

    393216:b7iEuqfciiWCqsdee+Xw01QB1tDUZQruEiBIEzeSBdg33KGJj6geVUStboIAXb2+:qEuqUWNsdeDSxDmEnEiJJjeUSxoIS/

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 4 IoCs
  • Checks Qemu related system properties. 1 TTPs 1 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.xixi.confidentBank
    1⤵
    • Checks Android system properties for emulator presence.
    • Checks Qemu related system properties.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4191
  • com.xixi.confidentBank:pushservice
    1⤵
    • Queries information about running processes on the device
    PID:4223

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xixi.confidentBank/databases/cc/cc.db

    Filesize

    36KB

    MD5

    5d7ea1a23af19b4340cc8d90f28297d5

    SHA1

    4cfe95b23a9e98378d69c4290af81b51fbe76aea

    SHA256

    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

    SHA512

    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

  • /data/data/com.xixi.confidentBank/databases/cc/cc.db

    Filesize

    36KB

    MD5

    ce6135aa1b1fe4f2c2db2a546d2a5558

    SHA1

    79b59582154017aadab783dc266fcb158c252940

    SHA256

    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

    SHA512

    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

  • /data/data/com.xixi.confidentBank/databases/cc/cc.db-journal

    Filesize

    512B

    MD5

    105fdb65a281a6ef2dfc0fd3ee39e4b3

    SHA1

    90879b082cc551d1f2a5b32d7614eee574ff751e

    SHA256

    d2bba28658fe780613291587c807cf4e31592a367a763b5731f2a0181b4d51db

    SHA512

    484753109a4efaef08f0beca960c2a05ad8d884f5b96b9dbff054f5435f48df14267b2c771ec0899dbd8cd98ad40cd722cebf2910d071fc95fa923de90b7af5c

  • /data/data/com.xixi.confidentBank/databases/cc/cc.db-wal

    Filesize

    48KB

    MD5

    7d6018397ca22a2e578369a1e90f706b

    SHA1

    0856720c2977b83129d9397c960376c3e21699d1

    SHA256

    cacb4c80a8f10296d28b942996f446ee2ad2e98095f8fb854eca6751d484b9d0

    SHA512

    042fff1ea2986e6462320d03e700a29f27e3081e06c86f120fb9e3f6e3dd20d99b62fc88ad347d1515e1426f1f822b00801f35774695dbad8a01ea93cf4f914b

  • /data/data/com.xixi.confidentBank/databases/cc/cc.db-wal

    Filesize

    16KB

    MD5

    f7f43a66a9eb037b22685349db83c175

    SHA1

    88d38e4bb46ab7967118f817ca552e3c414c2d03

    SHA256

    96163f8420527c988ca97b28c8ccc5019f2427d18a7e1bcec2537f3487a990b9

    SHA512

    7249a4d7ffa7177918b05b3f3c9857e2c7a46eba0e6e91bcbc067e1f1616ce46298241f8b3834ad3315650d7945ddcd1c529d50aac618ec299097dccf85b95c0

  • /data/data/com.xixi.confidentBank/databases/tracker.db

    Filesize

    4KB

    MD5

    c9c466c835b25845ebd905a4bf945645

    SHA1

    3ac8822d4278e37f12ea820db343bb55ec87fb5f

    SHA256

    0e4157eb22069d3d05683c62c7c7ca9784e6bb9628bae12f9420ac2544138d2e

    SHA512

    cf2447093f2e3adebfb433167877fb68f699d40112e1d1c574a168b1c55a2d4ca111901eb2923ca749e42828f67f7b62a2d5478f96ce6b841e8afc33247615ed

  • /data/data/com.xixi.confidentBank/databases/tracker.db-journal

    Filesize

    512B

    MD5

    26d2a6605a71cb9eed85ec9cbf90b438

    SHA1

    c98f15a57fb8127b1b0f4f4cc273a85117981338

    SHA256

    99641067a990ea65b5d36e5672712e8816609db2e9c87f0d9006c492c2cc98a1

    SHA512

    8db47d121d8fae5370ff25ce7f650fa0e303f1aedac6818d58dd47d5d77f676b8858e1b222e4ddfe1f6a3a992263597f21164ee9d7301b364feb7db796b51958

  • /data/data/com.xixi.confidentBank/databases/tracker.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.xixi.confidentBank/databases/tracker.db-wal

    Filesize

    32KB

    MD5

    68b68429cac4415fdb4541d32069f5a4

    SHA1

    f3b16c565725cb73956a06a55b537422added55b

    SHA256

    74048c04a12de56ff62f4ed43ddffff7e7e9e73d1c4d842a4e89d1876898e72d

    SHA512

    8f5762c6f4ec5345c94fbc153a149b279318975cee495a17ac80f652518446594dfe7274f1a62ca44b3312f9dee66963b4d431ce7c09ec6a8d086f06488efc44

  • /data/data/com.xixi.confidentBank/databases/ua.db

    Filesize

    32KB

    MD5

    d604a3bf1f8d992cc320ea5b1f7609bd

    SHA1

    247f88df0b55c7d523ea5398637711a0e4a483a4

    SHA256

    329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

    SHA512

    67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

  • /data/data/com.xixi.confidentBank/databases/ua.db

    Filesize

    32KB

    MD5

    d10075304c94b19adbed1eb8d937cb80

    SHA1

    3c9e0731c95a600420d9664d5de09daf8d48e0aa

    SHA256

    60ade0b7bf17a220592d3b6c8bcdec9af7f87e7f0e60ea5401fbad1f1c49bd67

    SHA512

    fab673fa5c0299a5d0eedda17db58d9673993673b9e3b668e5c6e5cdb548ecc119bb54bbdf5e8f0f426c3893ebeadfd5c0d6e3fccdec384e53ce6be0f9f14007

  • /data/data/com.xixi.confidentBank/databases/ua.db-journal

    Filesize

    512B

    MD5

    5e4b11fd97d93a6ae33ba239d3ee5aae

    SHA1

    4621182b9789017782a3ca202f7994b1d7c9c178

    SHA256

    82da406460669a611fb8ee52e1148f5867a882d789f9d4a68d2e82ebb3dd4c90

    SHA512

    fc3bd4909a75ad3c3cd20b0ad32871fd81753423268dabd50f9313239886d457593b687afca7e1d872b428949672070c0d0dd645dd3a7545fb1600903dbbaa54

  • /data/data/com.xixi.confidentBank/databases/ua.db-wal

    Filesize

    8KB

    MD5

    f18e580cee30f90f07b0cdda3f00f4ad

    SHA1

    472d885677bfa851e60e8f38d78377a6afc9162c

    SHA256

    7c69aeb5f99a82745a7f669045e3864756eecf2035e509919c3fda2ffdfc0cc6

    SHA512

    7740ac63e3179694fa9181b95e575d2b43f982ea2601d375e2f29eb31c99aa08b63155ce9007e84c55df50014386bd33a14c64ea4362cb6aaad6c2f6c31b40ed

  • /data/data/com.xixi.confidentBank/databases/ua.db-wal

    Filesize

    56KB

    MD5

    0a7cb82a06427544105fe5cfae40bc80

    SHA1

    193d412ce4f0efba512ce9f6c71bc93f34ebc594

    SHA256

    985d9d79c835059601110eecab62ae90360607d39ac5a4a1a2060c14dfb78d69

    SHA512

    f16ddc385706a1e5adb9d72fafa86f367c4ea28bca06c2f7a8a95c8e9c734f0f6fdc4115b5b42302655944bd716e035a950b39598ae7bc1082212ee6b646cae4

  • /data/data/com.xixi.confidentBank/files/.um/um_cache_1718568594492.env

    Filesize

    1KB

    MD5

    b61b383c4ec5ed3d3c251ad025090a25

    SHA1

    b409aa8bd4128d9bd4ad500f0da93fe64f47198a

    SHA256

    345f3f0181b2b6bc9c73710649366cf8ccbeb11b59130130244f23e9d0ae3679

    SHA512

    c3e23de6092384511e249b67fcbf46157468baf81fd12ecb90084cc75dd79e7aa92608c627ece292c852fe9d4d1048a65e6114dd9735f6ff9337f3275739e34c

  • /data/data/com.xixi.confidentBank/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    f4f097adf4ec71be397879825543244c

    SHA1

    844957535e1ebe8eb63d3444ae0c9ae3069a8fb0

    SHA256

    34cd8e9ca255a27f71b686e6acbf8e92e768740a3884fdb4529a0b0e0fec38d9

    SHA512

    6b081e25edb238fb9d49cd2f4d860321fbada6367d80c883e540eafd792781c7057152e1d624e9612299e7fc90a28d10a5a88c59ba00d42a07d1ba7244c3d700

  • /data/data/com.xixi.confidentBank/files/exid.dat

    Filesize

    57B

    MD5

    7a51300aff87dfbbe1ae00108e31ad92

    SHA1

    5a34c3410ad9e80f4c5ec5cf8831cbfdf0b59611

    SHA256

    4914c4eb94c37043b39c5ad29b14ce125808942b80a5e58e8b1da065029b9a6a

    SHA512

    897fc8d009be42f84a06e693aa7c066a1808bddbe660d81c1f65b832bde4f19d3e343a596c4a5e1a6e998f9b52819087a67531d2898e36e1486607bac966127b

  • /data/data/com.xixi.confidentBank/files/umeng_it.cache

    Filesize

    413B

    MD5

    d3f3e337f7d657fd7d7b1e4137defb48

    SHA1

    f0f5e585082cbf861c38bd58887a96acec20a643

    SHA256

    3bb949941c450e19905b19d537926773851389110bffb9ca6d41776453c94790

    SHA512

    1ae6ae1f42a671ad62355cab05a572580f9f3533ee0db75b098b4a94847a2624c57acd8f486bbecc03ef70db3b8894ccc9238d1f940952081087a79dc5444231

  • /storage/emulated/0/Android/.thumbcache_idx0

    Filesize

    62B

    MD5

    a74efe5106f492b8d54eea66522cd422

    SHA1

    ba8442c5477fdd27ec69b820a7b697118310292f

    SHA256

    a9d76cc6d509eb31fa3b9cddc138d0635a0186f49b87816f270035c6f3451e12

    SHA512

    ee7e144309fc1b6bf089743691ba31e6794560ffe257c0f579df24d2492580f789a3cc96f867884c2842ede57e5fd16e32d37f99f3ba1cdd6dd1f6cddbdbad8a

  • /storage/emulated/0/shumei.txt

    Filesize

    62B

    MD5

    4149179bb2ba5c4a5c61292d9857bd17

    SHA1

    ad0f07cdf1e46a987f4966b3b0f45b190e273361

    SHA256

    0ebe529732521349b3d1ebd02fab409ff3c98d935c7d444bff2690457297e645

    SHA512

    fc92e7c1fce87aa7f782e1a32461dceb46c64cc5a47fb61d611eb4e2dd6c0477fbb85f9476677d05a54d1da93b868c87e85a83ea398a8d98c5b09611a7cc4a07