Analysis

  • max time kernel
    125s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    17-06-2024 20:49

General

  • Target

    b9fb792680a42cc975db16a84f7c159b_JaffaCakes118.apk

  • Size

    30.6MB

  • MD5

    b9fb792680a42cc975db16a84f7c159b

  • SHA1

    d18ac3745fc702c3d6a47863fc376b23bc095b21

  • SHA256

    3392dfc6855d3fb0fb4b0eb21605372fbb82dd2a6e0116037d819a8f46e0f24f

  • SHA512

    806264c857e45dd9364d73d3f899afef5842c78f8a7dc2db6a159ceb56826cf422032015d72c89258bb59120e7b4fca8885782bbb68424f41834b9429d44eadd

  • SSDEEP

    786432:xDX352H4s68Mtjio9kWfIcstSEeefEC8DAaiKtVo2AZ:Z352H4sjMtjiqBwcsUEVfECghAZ

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 5 IoCs
  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • connect.app.sunsea
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4678

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/connect.app.sunsea/app_crashrecord/1004

    Filesize

    227B

    MD5

    695545aac82dc2fc6b3d1c8cb0349f9f

    SHA1

    8d6d0ba257da64f6bd1dc2b11b7f03a7da410691

    SHA256

    02a5911a70c8d022a718b9410c07881e70af8cff7de046fddee9666092e1fd4b

    SHA512

    9bd71bafcc892833c7f351d4a1a106b8ff4855b20a91c29129f8ce34b63cb6c36c5f95e4cea1d4f91cee415c54e7aa14648bf2dd82a382408cdbde48d8d231de

  • /data/user/0/connect.app.sunsea/app_crashrecord/1004

    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/user/0/connect.app.sunsea/databases/MessageStore.db

    Filesize

    36KB

    MD5

    f1abc67cc72bf5fe66779fa5dd1dfeac

    SHA1

    660f6d1cffa2bf57ec29105e40d08ab103cf18ad

    SHA256

    a953ef381606a6d98d98f3278e94fc1d5b58a0778f8ea3e305111586b759c14a

    SHA512

    dfbe97f3c1f3a3ebd63fc5bcee1b1dd1b91dfe01ac95af8fe897f44079e852421fa0c4cf038da6e43264d50f3e612ddc2be9aa17bf47ef604ca428fafe0858de

  • /data/user/0/connect.app.sunsea/databases/MessageStore.db-journal

    Filesize

    512B

    MD5

    682b713c2ff3e2b6d17455d7005e075f

    SHA1

    6484a462416b01e894ec1bf42c91086941283929

    SHA256

    7a1a72f52814f5af38525dc600abfe08ee1fb9f34de6d3790bc91f6ba165dc62

    SHA512

    0e1911fa527c93b62d85926156f5106b5f39e16bcd093affee810fb8d4fae40cdd57580921c471ba9ad57ad42ed09c9fb61259479d54db69a5aab53523b6a3d3

  • /data/user/0/connect.app.sunsea/databases/MessageStore.db-journal

    Filesize

    8KB

    MD5

    d880d07b2b008b7e1b9305582cd31cf5

    SHA1

    a54bf65e329c8b8633eedf56fe297f14eb72ac0c

    SHA256

    3ddfd12b40a5920734bf54cedb4f8397e408d325ac9389f18fc2d6484fcf348c

    SHA512

    43deab15a2f33a1f64624e2d49fb9a5a2c900ac59b42005ff9d183f90ebe10df8e5fe09de6b5572a8f99972c8471f1d889dcded2fbff28b0ba4a489457164983

  • /data/user/0/connect.app.sunsea/databases/MessageStore.db-journal

    Filesize

    8KB

    MD5

    e0e5d3c25779a982cf51ccd8a6ea43df

    SHA1

    82283d5f22f96c6c6fb87cc40285a2d17484bbe0

    SHA256

    3cb05207c05954701157481878f58c7552078479792e28baf0e22ac51b5b85c8

    SHA512

    0b1f9d4b91148fff2353a61043b8568cc48ab610fa3143fdfab6ac205863eaf77bf1d843de9c2c82151232d12d6ef812b29f778190ecdf82568317b0937d0f14

  • /data/user/0/connect.app.sunsea/databases/MsgLogStore.db

    Filesize

    56KB

    MD5

    a860ba3e3a648f73fc11269ff9ea9c16

    SHA1

    7167faf1666bdb05633e945dddc3d6af6c35fd0b

    SHA256

    4087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e

    SHA512

    279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0

  • /data/user/0/connect.app.sunsea/databases/MsgLogStore.db-journal

    Filesize

    512B

    MD5

    274dec737ba125527a5e0a24d8894af3

    SHA1

    564bc4b39a919ef8064f6c9d93f15c4dc7cb5b20

    SHA256

    75d9ff46f72e1182323c4315769dc82c0688f3a000ff277fe99958b7e583d02d

    SHA512

    098047523f81976b4ad632acdc81fc95e6c0c4d33c1702ea2cbc8b8e64fb7fd16e03fc0db3e3d2011ff2e17d594e0168058f20040812db290bbb059f3a9770c1

  • /data/user/0/connect.app.sunsea/databases/MsgLogStore.db-journal

    Filesize

    8KB

    MD5

    3024e7ef30379d18dd510385460dba7d

    SHA1

    f11b54461737541d12ac2b9fb7a404c33d543bb7

    SHA256

    d75338784160be6d15a7bc6132b00c8c57014970614990694c612849a09e26a8

    SHA512

    b84bf8e68b90d4b7d483107dbad771d2c6cf8f60b917b61831b5109a7c02fc560a3acdd40a1064f65f46c7e2aea2faa02d1fcccb2a27aa0d422af9b261950a72

  • /data/user/0/connect.app.sunsea/databases/MsgLogStore.db-journal

    Filesize

    8KB

    MD5

    e3efe587e278873538cdc17a76104ed3

    SHA1

    3a51d113cba7eb48eccea6597d0613e7bc950c0b

    SHA256

    dd3b26dbda89fdb32c8dc9464967c0709281cf7a5ad81cba2fbbb64a3371f114

    SHA512

    2340619e97892bd25cfb26d033ea227bff9b0fd901ee5ed806a169c130e35bd6c1743a48583e14f2b1a383ddff52b21260c9ae3dcd4b7dff99184605da487d1f

  • /data/user/0/connect.app.sunsea/databases/bugly_db_

    Filesize

    52KB

    MD5

    e8be12df1989f2de302d22b5eb5b5362

    SHA1

    2b73e508aad320e5918aea4c9fc961e961be56c6

    SHA256

    20a84c03cadf518fd2652e3aecabc9f2a16adf0a13b4ae89688fc8ea1d5f4afa

    SHA512

    80458b87a0fa60f0d2e1ee6d55cc7967a4716593e5915cfb3743c5a7d0e6310883208966b239708c2add00c962ccfc21c3cb867ae9add22dad721b65e3cfdea5

  • /data/user/0/connect.app.sunsea/databases/bugly_db_-journal

    Filesize

    512B

    MD5

    d602e3917a6f8f66f3e9150781cbc4c1

    SHA1

    0ed98daa6e6e817399c44bfed232e5ae8371d141

    SHA256

    a4670d874ef380e0a896d8b05c05d3785625a92d413dbc6bc84e92cd510a12aa

    SHA512

    caf6d32ae00253b49eba3e0b911564eb8c58a4408b5bffd373b78795501376d4a0c0af8843eefc910cb41290a5ad54252ff42ac492b2284a68702847c75b75f0

  • /data/user/0/connect.app.sunsea/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    c3ba1a81b976b619ecf1250d83a38d0e

    SHA1

    25607596df5827b37d8a7d03dae18f67a7bbdfbe

    SHA256

    0170fec74564378492794f4d5277d999b23550baea9c0420f93b92e2b10d1b4f

    SHA512

    3c083bccd2173f7febe4ed4eefcd0cfd79cbcec787ec3e56379add891122328566e5675a20905e2c9a0ffa374ce7c3886539fc5bf0d64fdbec7be668c9f60f3c

  • /data/user/0/connect.app.sunsea/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    f4a8d89d814cde786ac63e0aa52e4c64

    SHA1

    45765f68932881153a6daddd833931f095f177a4

    SHA256

    a7fe7c0a53007364dcfdf60208c386a33249432a9ae21d01516bd87bc2cfb8fd

    SHA512

    29c492bd23510e01776a0af4f531dcab456015c849f11cedaf683304cf275753dcf600331d6a70f2c60a313a331f9c98b79e8b019949892c400f588bda4f3f83

  • /data/user/0/connect.app.sunsea/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    e3d03c0a6188ba1030ecccd0e303317c

    SHA1

    59a7442a500bb148d2322cc5dba7cc1a2c3b346e

    SHA256

    6d3b5f1dd3574a214ca2dc2405856de796da576997899ea11862452125ae95e8

    SHA512

    441d4f7b7b769b34fead1a2aba73a0fe95edc4271f87d3d13d0801b6809ad7348ac28bf5f6289a3147235a74c382e197eb21a76391d775b7fe1a49fa1d20748b

  • /data/user/0/connect.app.sunsea/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    f7001b8bd9577e6aa7076a70ecb78f88

    SHA1

    739c67e2855ab4454d234200c01b97c67b7ae3a4

    SHA256

    f79c40a6228875a797352bb5e93ef4b986217dad5ddf5bc98380099a205c852f

    SHA512

    388140ae58161935c527d2ffb44ad01a02bbf4df2ed76d705296af1e2140fb24ede20064adff794c4bdb68def97dfe56668ccb094699c8395dc7145c1181ca46

  • /data/user/0/connect.app.sunsea/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    039c296d7871329ac3c7c4cd5ec169e2

    SHA1

    154d602a86444195e37ac70a6b5fcf99013d104f

    SHA256

    6b4d8d3dd8e56321da2f3f4766e25fa8af2be48bf3d8c5f28df8329ea9b6917b

    SHA512

    e55c20f4b62420dc15eaee6a43f384b50b8d4b3a669af73683a9f68cfa3bd33edbec37454fbdb93177a432670222bdbe4807a1ddd81684c8939bd717ef7689ad

  • /storage/emulated/0/Android/data/connect.app.sunsea/cache/data-cache/journal.tmp (deleted)

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56