Analysis

  • max time kernel
    130s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    18-06-2024 07:47

General

  • Target

    ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk

  • Size

    31.7MB

  • MD5

    ba8a46aa790858a5bcc32aa246fe5779

  • SHA1

    9632d8d0912b695f049136ef9b76726bc08e87f9

  • SHA256

    675a8cd1a46f585524f9ddd52b5be83fcc05de50a9e85ef50d802ad94177b770

  • SHA512

    4526d43b7ded4f945500d89a1589e61da15a89b26baa922edc102faf5ee02deda4b9547c3c938f49344989fcca9e7efcf3d56ea479a57a362a92292c6ece042f

  • SSDEEP

    786432:MOsy72TogXhkI/A5R+XYiJNZTKGelHpGv6T4P6Qh6TivT:MOZ2UgXhd/AHeYiJNZTKPlHgMO6Qj

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.suyu.planetio
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5054
  • com.suyu.planetio:local
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5250

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.suyu.planetio/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db

    Filesize

    20KB

    MD5

    1bce37c0dd72e2999a1d637ac4179ea3

    SHA1

    68235eac7140556b54c5a79c493c2c8496d3398f

    SHA256

    9aac4c5d36091c803633ae14681dcab951cefaa39e70c4d84b8e43462fed15b9

    SHA512

    c70b30014f36317c9657709509bb76668247098a0b55550164730d13326b296ec7b36735df528908ab98b421982aa283d0350cc41df1002bfc6820ec459d6584

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db-journal

    Filesize

    8KB

    MD5

    3a00b229d1810502ef4350aecc3901a8

    SHA1

    7b7f3748e6c92065bfc67b1d0cb6809751896215

    SHA256

    e1f113930ee547a2a3d1ba309e2d078c3b2c6c1e809bbf8d97700cf4f5e4e3c8

    SHA512

    30a2d881b778d2b89c900444e3624567bf5e018bfee9cbedab606545d3ae65a5746cb7b099b55bc279f0ecc08c0a69f062010aec43e38c2bc5c56b2ce153367c

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db-journal

    Filesize

    8KB

    MD5

    a0ae091521478689a57e9eb9f4d8fdf9

    SHA1

    c5bcbcc720e345044e6d4ddac6a37600331d463d

    SHA256

    6fbac34d40d453a0cf106ccd448b6b03128721d40698c73311a393e7ffcab844

    SHA512

    ea8e47986897113c67ca9458c99b104a44268e96fe2686775ed1c3c43baffe3e3613378fb99f78b1e84cec63da43d68f8a38fc3a2525422c40f6abb56f1eeff2

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db-journal

    Filesize

    12KB

    MD5

    b81c3d0fe4a0cb53957fc52bd2cf208c

    SHA1

    8f274334144efdd58bb0e9a9e3926c82eaffe662

    SHA256

    b1537c7eea194a9cdd4e952a58197903e1c040e70c93da634dcc3fd65d9799a7

    SHA512

    02e48bf44fc4e7b7b02f9e97cbe91100d8fc700d3e81daf75fb461795a716f797061b6f3b53aae3a8c70afe0ecac4c39f0b1ac0d5dcde88a1b35b1b962f36b20

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db-journal

    Filesize

    12KB

    MD5

    155df72e80da5186efc9b84532f6aef0

    SHA1

    3b46fe2953c98d42dc0578ade8d37b088a78df23

    SHA256

    9ae1182e071e4fc19afb4b5c822478f39d62025d100a027df8fbd0882d92b332

    SHA512

    26397d28c24f5aee300679d73ecd91aac507f25f62ae1e3c5c61876419265938160cfa18d0745861e90e6e18438476990cf199ba60887edcddaef0359c75c4ba

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db-journal

    Filesize

    12KB

    MD5

    87547e7f5985be49626f0048d8dc2812

    SHA1

    35c78408d058735747b6f51d3c08d8e94d63ea14

    SHA256

    7d4480c2b869da5a7eccf1e0f9db97ce7d981e43a0df04fc05381daa3f753c42

    SHA512

    88caac6758dde327f7f160c86fe2838ef9b655810c2921bb7f5fd870fe8411e29faa67207c34048e43a2b7a44c2448ad622b822f6c6651006813417e94b82a70

  • /data/data/com.suyu.planetio/databases/duscene_mobula.db-journal

    Filesize

    512B

    MD5

    7b008e36cd22b328935eeac1a94e5b6e

    SHA1

    42f98eb577531797462b09d732f571f5ca79c327

    SHA256

    2f08e7cdef5949eaa7894698cde9b461f9e178bce096f0f283f404194e70e496

    SHA512

    b9808312336e4680e72873c3bddc35c3a474b2d7ce6245dfef9aa16b2d2cd3e3ef5a7f0ed8909b4973a77185cd313464674696a8be83e6e94a61946592437922

  • /data/data/com.suyu.planetio/databases/jsb.sqlite

    Filesize

    20KB

    MD5

    aecfccd8e060084b828ad98f12551cdf

    SHA1

    83ec90e832abba23e9682622b614650f17551839

    SHA256

    c6e389d753bcc632bfbe23437ae7e7dca04e5abb6b3c8ce74396fe956d321ba1

    SHA512

    fa93302591d9dc84b07fdae01bf8791d6b0e33eaaca3ae81dc8ec616e8c38e0f669b35fdff68c7c71dfb8eb06fcf2a933e9aabed56bfece0de2e9a5b80de6c46

  • /data/data/com.suyu.planetio/databases/jsb.sqlite-journal

    Filesize

    512B

    MD5

    b64f67d180b2bd5c5d3d071f97419b43

    SHA1

    c07dfb0004b4ba1bbecec85a3f210fb359d7928e

    SHA256

    359bce318a6195b0841e6a3ac4af50a7ccf2c0f8a5e99d804404d4a5bc017d50

    SHA512

    270b861f40a50c37ca3724944eacac9f8b6bcc1589e912f7d5eceb771c404c2643e98e4de4cb61d46636757ab3f6eed73fd673287887ca865e3e30c43308ea89

  • /data/data/com.suyu.planetio/databases/jsb.sqlite-journal

    Filesize

    8KB

    MD5

    1c3bac706d99e499b2984558ecc1c746

    SHA1

    5c39a0cb99cb02409217870450396812a1c1ed0b

    SHA256

    da1091c62018dd61bf03cff89ef77543dea8ee04199248a884a2fe8aa0f97acd

    SHA512

    89eba9031b9a3e7dbb43df497cbd6e18f215efe2ee7be004bdeb36ef062b18fbcee6ad37c74f83b89a7127221c66e5a488cfe1f1a2607a92c949c5ddae85b4ba

  • /data/data/com.suyu.planetio/databases/jsb.sqlite-journal

    Filesize

    8KB

    MD5

    fa19bf0eb57883412cc3aea498f46420

    SHA1

    885baef0152d6d165e9b0014992155e3f766e78a

    SHA256

    20932d90cd74a234084d07e1f3ff55eb87799320763e9f0c0327a9d664c47bae

    SHA512

    9d28edf0570cb5f3912bd8c50a0f387e919186dd2dad3f6fe6fa665ae6a23e251e89b498efac2e5c941ae4ca2adce69966ffbb2c2c6024623d09ec14a37ee59c

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db

    Filesize

    24KB

    MD5

    b23fffcc2034716d52758db8b8abaf42

    SHA1

    4131f76bc279a6f72b120d12c264be4050f40857

    SHA256

    127897ed1eb8ae9b73653d271cf4af991143e661bd38f632595b85ceeb10e320

    SHA512

    c421ffa5d8cfe842ecc28202701c7534aca139fb6f4c65b7274f8350a705a0441297bd81962a3338b6e5206bca952b8c487bb066ae8eeb1cc8602d8375a8591c

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db-journal

    Filesize

    12KB

    MD5

    e227d3d93fe5d4833e52c6e2148b67cf

    SHA1

    c5966f7ed7873be8b4653890cd2db3d83f6a9696

    SHA256

    6d08253dea3df96a42e42f0842a220f487e2fde677296516dc40896a55ed0f92

    SHA512

    1c4610efeddd7344e20c693c034c805c9710a9fde4cef5a9941df1a3c0a5991a0c5ee3193797171ecf2c27c4ee5ea71345732350cb0d41cc000e085eeb783214

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db-journal

    Filesize

    512B

    MD5

    db004e09d5111b2a6ee8cfa53aec58da

    SHA1

    13098d71d7615e6a61282c67e829cd35753988d7

    SHA256

    8decf3462ebe9060795f20b83317ef8a0a33b543e24238f9d205cb8609f0ad20

    SHA512

    09908aa66755b16a5377fddd126eacb848e3b7c850423eae358eabb3f29af0ea50a580a0d98be6c761df8aa893906a0b98c4b2cd3b2cabef57aeea81796f31f7

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db-journal

    Filesize

    12KB

    MD5

    57d4ca7ca3ad0d3a0f92e8d1926ea644

    SHA1

    bd760bf51fabbb8b6f24aff12a653e16c19fc3dc

    SHA256

    ef10ba6416c8e0286fa1948b51e8ceb458d9a4a7cfedcc2a8ea100463408742d

    SHA512

    c0be398446083c08d5a66f30c58fd2ecf9ecc041f8558880ec24f219ab648ed94129c5edb6812236a84dbb41775a5f38315c76161dfc5e3483c077d9b67da9e6

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db-journal

    Filesize

    12KB

    MD5

    6296b1adb3c141ece5f4b154b58ae201

    SHA1

    bc47b5af09aba5cddb8c79d1d4bef468873c0bca

    SHA256

    e063d8cc0430a67b8109e482d7b7a11d5e0c0035d1d233d2dcd52a3e86a26c6a

    SHA512

    02a452df30a0eaecc8c26a90c00a9e0a34acb0266695d6cd23431abe5302d2684e2b603c3b7d62cb3c0b69736df15b20f48b3a9aba3b3a6d22a14958ab401ba6

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db-journal

    Filesize

    8KB

    MD5

    1fe0207618c0f995ba5f4e0e1ce194eb

    SHA1

    188d5e777f2dfafb500ed4f80d738b4ec9eb5825

    SHA256

    935d8ed7a8ded0a96abc916b7c0f7d73f742b6609e13cfd8c729f4d9d3ad84e6

    SHA512

    4619ed3fb40380527b21955de468cb4b23299634e4581e40f21fd1e24d786b0fa38b13d661f7f37c66b5d51e5f9ccb6071f8918c01fd395bfecae0ba098ccf31

  • /data/data/com.suyu.planetio/databases/toolbox_ts.db-journal

    Filesize

    8KB

    MD5

    af18f0519f4b3243af7ce277f28fae95

    SHA1

    7f82157eeabdd25c9c73546ceaa037f5161a3217

    SHA256

    8be59252ab480e4bc0e4f3a8a900efbd7a8a0d2c1576058a63427aab5aedae7b

    SHA512

    59b7503a6ba6c93ad1ddd7790afd5be38c749598de58c1c699270c54f5a7927f9f99516f0df6bcbf32e1bb1f17ab2904ed8093ff37e377c610914228fb254016

  • /data/user/0/com.suyu.planetio/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /storage/emulated/0/Android/data/com.suyu.planetio/cache/.ducache/.video/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56