9a694bcfcd80c4a97426496b8e5fc6b77c96d06e84dffbcb43b9681a5a332069

Analysis

max time kernel
17s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
22/07/2024, 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ACMarket4.9.8.apk
Size

46.3MB
MD5

c61d37203246142a86450b93bb8509d3
SHA1

7942e3ffd59c27c701f0c8d466a5d0968807a45d
SHA256

9a694bcfcd80c4a97426496b8e5fc6b77c96d06e84dffbcb43b9681a5a332069
SHA512

8d61ee6ad1a8aa8f11c67c85ea50b7111da84ada64df32486fe5fac9174ec5efd37c9554f07906a11fb809c3e6aeab4b2b4f88d62c8d01c058c7b3c5a608cd28
SSDEEP

786432:xQf2sNIf8B0WWHpngXngWj1nbXEA6KFki+zlZ1ihOWuJ3PtMmzs+oRIVn+IORb/2:PmGzZpnMnVj1nvozlgQ3VrvnZOtn2

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 9 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/su	net.appcake
/system/bin/su	net.appcake
/data/local/xbin/su	net.appcake
/sbin/su	net.appcake
/system/bin/failsafe/su	net.appcake
/system/sd/xbin/su	net.appcake
/system/app/Superuser.apk	net.appcake
/system/xbin/su	net.appcake
/data/local/bin/su	net.appcake

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	net.appcake
/dev/qemu_pipe	net.appcake

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xc59d3000-0xc6142b9c	4250	net.appcake
Anonymous-DexFile@0xc33a7000-0xc3c12770	4250	net.appcake
Anonymous-DexFile@0xc4f82000-0xc59d28e8	4250	net.appcake
Anonymous-DexFile@0xc8062000-0xc814d2c8	4250	net.appcake
Anonymous-DexFile@0xc8a6b000-0xc8a96150	4250	net.appcake
/data/user/0/net.appcake/.cache/v1filter.jar	4285	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/net.appcake/.cache/v1filter.jar --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/user/0/net.appcake/.cache/oat/x86/v1filter.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/net.appcake/.cache/v1filter.jar	4250	net.appcake

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.appcake

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	net.appcake

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.appcake

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.appcake

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.appcake

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.appcake

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.appcake

net.appcake
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4250
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/net.appcake/.cache/v1filter.jar --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/user/0/net.appcake/.cache/oat/x86/v1filter.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4285

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.appcake/.cache/classes.dve

Filesize
24B

MD5
196753ab86610582d75f8d63285a2829

SHA1
a0a316283ec128026c27a860357ec0903f73f3cf

SHA256
4a7f79eb9bbff52f336d4967b74cfee11fde05998b66a1b0ce747641f4089cc8

SHA512
ea33db77d52d680338f53f0501555b3ce55f25c3040294c710c1552b155bbd9c27c478e3098d0604a766bc5a5227dd44329fd025227716c588017c9dff93a9d6

Download Submit
/data/data/net.appcake/.cache/classes.jar

Filesize
10.9MB

MD5
e7b1fe763e9eaa4b09c5fcbf3e9bcc48

SHA1
b1c38586cf58d33a810bcaa863a1832d5eb64c7f

SHA256
98d306511ee7a268a2f86f46b90b0c0aff2a759eb8f9ca309b5ae942f3e73c24

SHA512
7d2dafb5b85ee449fc43907da128508d9c6db77b536414535e2ca06f5faa5ee21a55661f8f23f1f2c3e1bc89f49d6bbee84951abe9e3d163bd145bd005a1b4a9

Download Submit
/data/data/net.appcake/.cache/oat/x86/classes.odex

Filesize
4B

MD5
f35e7d5dc024d905563806b433deaea8

SHA1
75bbbec1b5839fa59125dbf8950b6b71e2508486

SHA256
073ec7dcb1b5e3ddd62ef60b69a00125072d40b8552417195dcbe905a745d068

SHA512
2289a859127d961e19a4c497a5a8512abec0c8912f36e0b3bd145f88beb6249808788aeffdc3937cf4bd94752cd54717dd5eef937267e5b5d3a7503fb420f6eb

Download Submit
/data/data/net.appcake/.cache/v1filter.jar

Filesize
271KB

MD5
3292994354a32300b074d93097eeea58

SHA1
4c55c4bf1b3c060ecee4ac1f992a7e0c23b94ebf

SHA256
de6df971eceb2cfc76abe0d4f027d08600d9d1cf8c6d79c0c965e487f2b8aad7

SHA512
405066926c8d84d02287d2d384d08e3d4b03ace8c29fd0bf6081f5c3a31e156901398ae1068aa2fa8dd732fd99fddbed3ba7608a68a5ad1911041c32eedd2966

Download Submit
/data/data/net.appcake/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
c78fef84a034f5108f4113ad3eae3707

SHA1
82f2a5799e9ee0abcee119d6cdbd2eef79caf184

SHA256
0fcae281fe1e195772df55df7e8c9c4a368252604c0d24ae56f91aec515d96ae

SHA512
49e5f03ea67d9d689a2fc8263d23d16a60a9ecb142dca02476cdf5e175812cf94e7fd203cf63fd969d308ca3ebaff0ce39d8eccb1dacb71465dc8362d3d46aa8

Download Submit
/data/data/net.appcake/databases/StartApp-d6864f2502af7851-wal

Filesize
28KB

MD5
8541098bbd21935670e36d45a0a2de52

SHA1
e978a3a93ca74a3c0ed13fa960cfb3cf16e43407

SHA256
cee15a41d6ddc8a0b1a1a6924d844db139bde4fbb146a10e73e97c58c6830ae4

SHA512
0c0014928878402c603b24eab6932e2d8c429b9e2909bbe90ebd9743dc5f6939661d99240ba8eed9d3f47eaeb3e288ee7f3e94adbc4d39f6d9e34740023860bc

Download Submit
/data/data/net.appcake/databases/anythink.db-journal

Filesize
512B

MD5
6e48da05630072bc17d7e4230d9da54b

SHA1
014fa6672b3c3f2ee5059d4840f10c0e5469938c

SHA256
57b62e3aaf970f9ccbf9d793aeabb86fe0d9b83c42504bbd891f511583c67217

SHA512
8324f4382bd071b8d251ff1ebfdff7af03cbcb5e6bfc7c0a50de3540a3b34aa227f01e1934f6985d930abc1677d7c23bfceb1e8ef54e67cf70574d7028c4e9eb

Download Submit
/data/data/net.appcake/databases/anythink.db-wal

Filesize
68KB

MD5
b1f205b5c4422c5b920d6193bbceec89

SHA1
89f92dd0e2fb1b32ee371b6d6cc511f989e7465b

SHA256
0e03c20103833e808b1e79abef89f4fabb69feafadb3b855fe081fb85223c753

SHA512
f9e20e55a9cac279896121c205441585f7396c546c0266f5bfc48553c72fa152081303f810a7636945e189e4671e4b86e0e79c82b12d3d934702cf7f05fc37a9

Download Submit
/data/data/net.appcake/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/net.appcake/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1d710611fc75407b95162782d0b4e29b

SHA1
4b4df848ad942f70ba4d3727f60c37498533eee8

SHA256
cdd1ca925ed9bcd644c3f6b08c6252583633dc9ac38d14f31e166d7e650d3bda

SHA512
be1167d373c2567f2b0de39e93d95cf4f3f3b37cb283c49d81842498b1eb69a0bc0b684c436270a29848b1239720446d3773e432880d90d06fc75e7177ad9b46

Download Submit
/data/data/net.appcake/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/net.appcake/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
75b5caa6b51922df4fa2d1834fae3f68

SHA1
7c555714d3da351d5f427a7ab81ad41b51a085b0

SHA256
e3ca9018c674f3c1e690dff21df95b5e307bfcb4b73acc224457cc9d68399c5e

SHA512
13a57038dcc41c420910394cfe38297d89b790e97fdbdc926bc3cee55df58f276f16e05af8b28544512f4f8b7e20e76ab927a3558464b7359030fca02e2a3a4c

Download Submit
/data/data/net.appcake/files/.com.google.firebase.crashlytics/669E0D540090-0001-109A-5E313C5CB9FDBeginSession.cls_temp

Filesize
75B

MD5
c29551d600637ead4cb904a837197bd1

SHA1
afedfb18fa0c3d9f7d9edcf60a5a863a411be0a7

SHA256
f0d53ebd4fe0663373215745c14ee670d98dc902aa90dd6366c59ce5af17176c

SHA512
0b9f030b34322ed11821b767d5a43e27335c40b161aeb8a9132276c976a2f414f6fa5ceba27986d46dc0669842ba2c0b91b31c7c1a668a9f5fb633860a5c8678

Download Submit
/data/data/net.appcake/files/.com.google.firebase.crashlytics/669E0D540090-0001-109A-5E313C5CB9FDSessionApp.cls_temp

Filesize
63B

MD5
66899ee4bc2cfaa52e64f0ec26951152

SHA1
85648b997239bd495c5a374dcec970dc2f691743

SHA256
85c13fed4973727658e590d9dfbd8ef3d3bbc577cc5a0746d8f589359aefb675

SHA512
81a357ae39978dbece06e22d33f03868930ea540ff4e38b0db4fb20889b63679d31bad5e34c9a93621a41c37cde1dafcc01f86360dd59202adf5deefcaa0eec1

Download Submit
/data/data/net.appcake/files/.com.google.firebase.crashlytics/669E0D540090-0001-109A-5E313C5CB9FDSessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/net.appcake/files/.com.google.firebase.crashlytics/669E0D540090-0001-109A-5E313C5CB9FDSessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/net.appcake/files/.com.google.firebase.crashlytics/report-persistence/sessions/669E0D5400900001109A5E313C5CB9FD/report

Filesize
730B

MD5
90a13df721859043907e0326f0b0f304

SHA1
8e6734a882956bdd15fa4d1dce635fc0fae05f52

SHA256
f1dd231ac6656336b5775a52a1f0c17c7ab104f6df5d11e44d05cebf87fb0aa9

SHA512
e390b21c152c90cff7c7b312ff5787821791e48314bac18b6456076b502ecd371885dc6076aa0571bd9bc36306d23a3d58f083a0aec4a6b085fa632b2fca595e

Download Submit
/data/data/net.appcake/files/PersistedInstallation5508842207625880068tmp

Filesize
90B

MD5
08fdb0ad28ea985cb98d4e1fb256705a

SHA1
b8bd1bccc461640a09b83b19c12a2bdfc6624a0a

SHA256
b20edd3d645588007efd3a84f1f14d7d96ed89201adfc23fc98ecd79dfebf168

SHA512
1e609f97fca16a6d25e9edbbc9457aed5e7058a8e000f42a81c25c8108ee171753965c5365b61f23df6864e9c0291f2ee057bb6636e3ab87b0ce437223a4187a

Download Submit
/data/data/net.appcake/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/user/0/net.appcake/.cache/v1filter.jar

Filesize
574KB

MD5
74da21920946c9e5ee1aeeaad027c07d

SHA1
d38685699b9b3cb4231947e36243e2f283c7829c

SHA256
6bd5da5c4cf789a167713c66216730ae3957a55045e7b569832d0b42ebaa99b8

SHA512
cdd68a92e5d5c660a5389527f8a6f8aeabd184f109e2da051542f75c0d0098d8bf78395eb8934a5a5cfbf28f6f84ee458064a99f421cce9c7a805575b0648c94

Download Submit
/data/user/0/net.appcake/.cache/v1filter.jar

Filesize
574KB

MD5
405543673cccaac16cbd7bdd9be7cca9

SHA1
e84a68257b82016d94a648bed497dd82b157e248

SHA256
c82a51b978590ca4421b4eb87f74d0a71ef590fb4caec85027f90243ec429458

SHA512
089b995aeaf1472acfa5793de01559802e282e708d49b0c50c4e99dc1a718eafb52d4739b871321e15a270ffdee47366f81c801f6f0502b575eee28ba9acdcfd

Download Submit
Anonymous-DexFile@0xc33a7000-0xc3c12770

Filesize
8.4MB

MD5
a6250f80a6c13477b36649d84a47f93b

SHA1
12ea9d58e773259c0575b13ee8a1cbd563cd1555

SHA256
e9516dc1f564a5946c4b0f2781467fa58dede4afc25015de0862df304331913a

SHA512
79f64e9de866c4dc7fbf59c6fb25a49ff94264f7d69c25c7bfc877ccc65101c8055c358f8b3b26b4fb8cdf04870237206bb04c575280bb73016710653d5548e7

Download Submit
Anonymous-DexFile@0xc4f82000-0xc59d28e8

Filesize
10.3MB

MD5
ae387cda1e3cb7c282748b7303e312c8

SHA1
279763b9651134368343845c69ff1190d21a1710

SHA256
50fc595cabfa6fb9211d2c4eb70de8d177aa03018fddbe05b1e8aecae46a208f

SHA512
bddcd5d79c26d30fbd0f1e7ccb52d89f3f0ac139fd0e2bf707dcb4a95b70ccd9ebf51cc3b366955f4ff2ce294cd5ce27204df3fe0a1c0b65e493ef52cc3a3638

Download Submit
Anonymous-DexFile@0xc59d3000-0xc6142b9c

Filesize
7.4MB

MD5
89634000171591fe135ce5d08353fcdb

SHA1
488c712ce25680014df97c5137f9720716aac619

SHA256
e20de91a0a84c728d2d3d106dd1f28b6ad0abe2b8ab1eda791c5659a01dd27db

SHA512
ef13b25f1395f36ba11fa95dfa9fe264a79bbcccf9fbce5093295eca51547d129fd83d8e6534fec0efcbb2e1e14a3c25605255bc6abbc1005242765a74e67ef6

Download Submit
Anonymous-DexFile@0xc8062000-0xc814d2c8

Filesize
940KB

MD5
14c2a4452b2c6f2411b53dab91be3799

SHA1
4deb69b5814f71579cdc94ebeac2319d3aa7e2fd

SHA256
39b88dd32f7589b7f2bb6c03b33ea051648f0c1bcaa2b9e5b7647a94858e2205

SHA512
789e2b6adf76f5ab5f9b278cd53a7fd80bf6226a9c3068ddd62e74933a926c4e0f4609295396fe650b729328ab04e5f8df071c502c6e9f892b0a7bd357c2c3af

Download Submit
Anonymous-DexFile@0xc8a6b000-0xc8a96150

Filesize
172KB

MD5
f9494ff7ea5545c567437d449d309b73

SHA1
a6b0e3233f07dfd1efdd62fc9c98824e80c370c6

SHA256
562ebcdc59ea72e71b977eabefc13f5db3c6bfb082871cb73568c9226e0b27e9

SHA512
a58e3936af2614424dbb975161c989c82ede8c9a2c0772ce4385edab8ff30dc834f6c07d7756114372274edc4d6a363d53a908776258c24be6eb6fc4999439c4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads