8bf223e5ed6e4aa66d58c9a88a368d9cf8577dead4356a284270b360a2a30d81

Analysis

max time kernel
179s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18-08-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7d1c2c80ef71601aebd6b41952d0a05_JaffaCakes118.apk
Size

28.0MB
MD5

a7d1c2c80ef71601aebd6b41952d0a05
SHA1

c9e501c46e710e4066a866718e5d7a504afe4b6b
SHA256

8bf223e5ed6e4aa66d58c9a88a368d9cf8577dead4356a284270b360a2a30d81
SHA512

589f1244eb90c59d30faf02153f4ad10b4653afc0afe10bf5c9ef6c553df32252a0df12d939f3b126bb275bc5e7246861482506d54ff712041c7861a18e82ef4
SSDEEP

786432:hycANpwKLkyrg/I36SF0UqmD4YPZKzL7f:4cHUkyrn3DYe4YRKzLr

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.boomster.linegame.lhh/files/mt_paythird.jar	4263	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.boomster.linegame.lhh/files/mt_paythird.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.boomster.linegame.lhh/files/oat/x86/mt_paythird.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.boomster.linegame.lhh/files/mt_paythird.jar	4234	com.boomster.linegame.lhh
/data/user/0/com.boomster.linegame.lhh/app_mt/mt_support.jar	4234	com.boomster.linegame.lhh
/data/user/0/com.boomster.linegame.lhh/app_dex/hm361_ds.jar	4234	com.boomster.linegame.lhh

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.boomster.linegame.lhh

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.boomster.linegame.lhh

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.boomster.linegame.lhh

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.boomster.linegame.lhh

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.boomster.linegame.lhh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.boomster.linegame.lhh

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.boomster.linegame.lhh

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.boomster.linegame.lhh

com.boomster.linegame.lhh
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4234
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.boomster.linegame.lhh/files/mt_paythird.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.boomster.linegame.lhh/files/oat/x86/mt_paythird.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4263

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.boomster.linegame.lhh/app_dex/hm361_ds.jar

Filesize
306KB

MD5
2076295ec232d5a3a54d9be4f8d30c87

SHA1
a300cd13aaa3bb49394a92c4670d687ed3145afc

SHA256
4696cf9f122dabaeedf50430b89f848aa81c8f4db95cfb55b8604de78a0f0cfa

SHA512
67e078f0e9589f4e7063852de64ee98311bd8ea8d4e5d7721f6e86100c8038804a2efa13cb0c648e3eeb59b4c4d62c350305c6295c1b4ef3daf2edbc11281a86

Download Submit
/data/data/com.boomster.linegame.lhh/app_dex/oat/hm361_ds.jar.cur.prof

Filesize
486B

MD5
42427c08060a7b3e4ca22711acfe908c

SHA1
4239641d0c6afe9d34b274a643043026a72b7223

SHA256
754a032b4cec85bfe54fc3b1301c53a0f85e78ad00ba03f381da6b812d05c702

SHA512
2964156090695e91a43db7156d7c51831067f24e260221d505bd937b160e0ef0407d709312287bed69aa8961142ba1749375d4a72038d8cce54ef0dd4d4e36ff

Download Submit
/data/data/com.boomster.linegame.lhh/app_mt/mtDedat

Filesize
166KB

MD5
1f228b53161bb98dbaabf6e144db4f8c

SHA1
55a93b453aa5fd215843ad24f29e2628eeb4e959

SHA256
9f8a0360ceb52fa246960a49394be2b9590442507b3e97eb241227752037d933

SHA512
58777c27e7408f71e4ab2caeb7f96698c73400a9494dd6e97078d998c0904011b1b03921567a0bf6ca463b402d06e8af135cd652aedfd057090ee5f0f4ca45df

Download Submit
/data/data/com.boomster.linegame.lhh/app_mt/mtEndat

Filesize
166KB

MD5
8ca205dd17f1621f2a7b89fbae8e6202

SHA1
b0d3caffedf04a65625e0f12de84814581eb5838

SHA256
5e19681177f378e50e7ae4eb5efeca7a7c9ea36aa1e2db0c616119b231635a00

SHA512
b40af503e600449c5b07de9a4f059203dfdf849c88a5017ec52d18f7a6460ce34e2d36a57109a8abde8533fad88e7e8e9d904cfaee6856655d5432d99dc986f0

Download Submit
/data/data/com.boomster.linegame.lhh/app_mt/mt_support.jar

Filesize
167KB

MD5
f685f2652b594dcc7e9e92738c1d0fc4

SHA1
dcf7ca15ac9c41dcbcabc89bdf1c5b36fbd6fa42

SHA256
a7cb82102de5111fbb49cf61eb1d7f874ed32e877837c5b5dfd5754898d716e0

SHA512
4733d9fd0a1442777eacf0ce79b5ca59c620c00ac85c214a4e4b1814cd6a9b91bf6ceecf94d9d3ea2eeac5ed460cc94499afa4d9d6d0dcf109d581d8e140ece3

Download Submit
/data/data/com.boomster.linegame.lhh/cache/ACache/-1330580981

Filesize
6B

MD5
71152c1dbfcb91ed147de3dd6f6054d6

SHA1
60b3ef40427e82496cfce187cd8d79a0caf474a9

SHA256
196134ab15444bed1260203fd78fca6550e9f169cd9398ef2fa89aca80cf4d9f

SHA512
c39c26acbedab7e9716af4219a837e2f7fed452e314eeafd15a531e17ef66b449237e48f29f0e9a7d6afbaa4e7755699586286bb5b25157d3e7721a4d61de9cb

Download Submit
/data/data/com.boomster.linegame.lhh/databases/adhmcfg

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.boomster.linegame.lhh/databases/adhmcfg-journal

Filesize
512B

MD5
65d44e562d01dcb1698c9d2ee555154a

SHA1
ae86e94ae5d0405e8580253914774aa9ee404419

SHA256
3f1bf5d895129c9038dbd096205ebf7c55676065a04c409fafc8c7c1456795f0

SHA512
2558998fb4f43e8e48d1cb79b08fb49098d8b7f68b706adfb17e1eb281ddc9673fc4c3231c02742d9d996cf3f8065f36be5865da0dda0db53602581d32338687

Download Submit
/data/data/com.boomster.linegame.lhh/databases/adhmcfg-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.boomster.linegame.lhh/databases/adhmcfg-wal

Filesize
225KB

MD5
7f057c8c4d3e58f6fb790200d45ec34c

SHA1
22ba42c9371bdc3b4bc2925e7505d5d871717fb5

SHA256
4c440faff7a875e20d90fd69c21791fd130eaf926cf5dbc2e2b861d025230f7e

SHA512
f5b5dab04d6c68faece933d08b2ce336e0fed24303dd8f1049213f6e73a3d0165ebf2b8beb8168aedabbe0044ffb87aaba90a70575276ad52b6849852d668da2

Download Submit
/data/data/com.boomster.linegame.lhh/databases/adhmcfg_ke-journal

Filesize
512B

MD5
676fa57df7f2a35e72152c648bafb1ec

SHA1
be79c46bc8f8086a02e17b1c414bc1f837e4689e

SHA256
35ebcb6ab5e76a27806f897e77099bafc2daf8975c0681fb2ba9541350f4c1f9

SHA512
5cb23e8514c24a12460aaeaf51f653f86ae568f347d2d82c29a80a7f2be91b768708910ffef14053e91e78cd8113173f4292580e6158eea330b962b195fe363f

Download Submit
/data/data/com.boomster.linegame.lhh/databases/adhmcfg_ke-wal

Filesize
52KB

MD5
b3c6975441a639bad68727dfdd43d154

SHA1
6429966999a70fa217b60ffeec0ef3201dd0cdd2

SHA256
e32cc362df0de7991d4d9fab88cbc53aefc7e6eb9b2df42b7454880d0410012e

SHA512
33d8684edd6d8a2052a0d516d4a0b7498829714d228be27ff55325ccc9b535a1c57441774d5bf3c01979c9ccdb24ef33aefda115181f3ca839541bd266243987

Download Submit
/data/data/com.boomster.linegame.lhh/databases/mta_cfg_db-journal

Filesize
512B

MD5
a52335afc573f8bf0a0906b2265ddce5

SHA1
a18744504bffc7e14165e793c9c63be34549890c

SHA256
373b5262efdf0b5606c1f785e373ee57ee000cfd1069b70cd3176cf8f169a4d9

SHA512
33d43ccce98755996a940bbe0b24320a2c1787a644a380670186a933a3b5434601fbfa96338f8305a8f8e1046386bd602078e412f15a9d1148322d586f11076d

Download Submit
/data/data/com.boomster.linegame.lhh/databases/mta_cfg_db-wal

Filesize
52KB

MD5
b591acd4170f124ac3776e2e1509cdf8

SHA1
8991fc46c14f11c88087d05fcc47ebd4296764f1

SHA256
a068914a3ca77a5f435747528829cdab79502e0aa58e3c7f311d31c644e400eb

SHA512
a6053b5a1053d028819d26028496a3d36245d594fcfec3cff48f0ccc3e60769647a82c12a02d8d0b5a082511e62b6ae98c930702aeb12162edff7d186fbbc682

Download Submit
/data/data/com.boomster.linegame.lhh/databases/okhttputils_server.db

Filesize
24KB

MD5
2c25d43030ce6fe8847af2055173a32d

SHA1
60a4422c903bc5956406822e5469c5f825689972

SHA256
aae7651d7e13e1b8181612cd55335938e2fbc11c89a3a81cace0e6c410d6eb1d

SHA512
0c6d97d74743d506522e92548506cb9fa8bfae2a4d2f7801d4cffefa310e01506611a127afa3df2a2ab2c770191165f2aa7074ebd042ef9b7ceceef29dd017aa

Download Submit
/data/data/com.boomster.linegame.lhh/databases/okhttputils_server.db-journal

Filesize
512B

MD5
fca405813ef6b85f3a8cbeabbb00b0fb

SHA1
697f8a7d2a761d49256f25fcb40a0aa5a86d1ebe

SHA256
75dcb3f98707ecd8bea6d7f82fc50fed0b38e8189fdab55a79272436991c7ef9

SHA512
6ea3fb932020f0cf1beaa3b1ede9016d252c947a8cb45f376c363d7f8d9eeeb9cf4d8a0dbbeebaba48bf3e728bfcea07f476d962b9346e854b61a6a1e9efcb96

Download Submit
/data/data/com.boomster.linegame.lhh/databases/okhttputils_server.db-wal

Filesize
36KB

MD5
e8ea0b64e017069e66207c742b3e1851

SHA1
58058224961e797add49e6cd1b6dc89e6dfc318f

SHA256
67edd75657bf36ce2b4b25db3ffb182ce468df81d828d677cc801846c6dc0fa7

SHA512
e6141d5b4dbbbd5fc6d9a90564ac5974c146925b39b50dbe656c8b75dace2ebef4d1bec100beb364064bada0debfb32d1bcd7fbc9a4944dd955194ac7d1b8dd9

Download Submit
/data/data/com.boomster.linegame.lhh/files/hm361_pngcache/b.gif

Filesize
343KB

MD5
540c70cbcaa7d3907761f0424a8aa3d5

SHA1
7045d8c541470b3e519da517c41ee39376e65fd1

SHA256
c9e923618179f53cb026ed0a121295a01d95839bbba5c78870607689306d5847

SHA512
9d49742dd1946439efdb2f645514ea3cebcfd5e7164f4b3d63c65db25421696891660f656e11d12a69c6ddb740621ed6adcd10597d7d45c210af70cc069c3574

Download Submit
/data/data/com.boomster.linegame.lhh/files/hm361_s_p297.dat

Filesize
327KB

MD5
cbafa518637f673c3e6f91cad195245c

SHA1
0e38337ed72d22bcfa4b20d0f3d36dd717ba36dc

SHA256
c652caa6ad6b422c3c1138af80070b12080dc8d9d96e0869a324da19321891cb

SHA512
5f5db421d894d588b55a509eaa81125864bc1b5477089417c49986827bc1f0c7cff2dfbb782d0c2681d739e853b095ed294ed2a93a3cf03aebeb5f133a8884b4

Download Submit
/data/data/com.boomster.linegame.lhh/files/mt_paythird.jar

Filesize
454KB

MD5
12832632ab7f0aa3639e8b8051370d43

SHA1
3e6a0853127ec59ebedd649b5d051e6ca892ca14

SHA256
ef5fa914eed2e5771dc2181f296286647e28a3dc1a4ae25e9b9dffde48acebe9

SHA512
4daceab659a011403c8d0ed322258f82996981b905eff8789b32b514f4efd5814f1d54ca1b7c7b38cdceca48b17f228fd855ae299f4f536013d2f56d8c9df802

Download Submit
/data/data/com.boomster.linegame.lhh/files/mt_paythird.jar

Filesize
1.0MB

MD5
c1704daa14bac3b75f0375b2ccc263b0

SHA1
95b00a7350bd8d3a22cfbf194cb29350d963115c

SHA256
3a76f4404bd621a87db80a65b4c8d442e71c85d7fee029dd375227f232bbba00

SHA512
b91861ca8ba8106fef5571e62c4d4c6a28fcb9a23dd091bd1c4760d944a2a7ba8f1dcd4bc1384262b9d443be7ccabc89bf59788247862408a2bdc9106cedd958

Download Submit
/data/user/0/com.boomster.linegame.lhh/app_dex/hm361_ds.jar

Filesize
862KB

MD5
8671295362d0af3d184c9073e2b8d012

SHA1
5ed6f11dc33543384fadde76ad5db95e6af914c0

SHA256
597dcd747eaacb5ef54b8fb967386884967cffb780b4900d42e7060425645b7b

SHA512
9bc811b700194d6738f2d928f5a5ec3ecda964baa804587902f81f3fed5a00e7c84fc8fc10d44b37e29ec78c2715e3221eb15380661c6b44b422e72db3ac3630

Download Submit
/data/user/0/com.boomster.linegame.lhh/app_mt/mt_support.jar

Filesize
1.8MB

MD5
5bfc6f8b802ed07910928df78fa08256

SHA1
e5eb401629e91befb384762e2b827a07f15f2d9f

SHA256
6920369d6bf99435e62dc2ec1aa46171f43acd869cea1eaa1685cf074c080cb7

SHA512
c4a5f48c9ba09b1bddf7e7cd6932d229d1e4e31a108f5a3e204f9587499d5486ea15497ceef84d60735de069ad5bfbe0905a1cc530f770ba84e741b59e314343

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads