Overview

overview

7

Static

static

6

f0716ee608...18.apk

android-9-x86

7

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    21/09/2024, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0716ee60888a671432dd52cfe841797_JaffaCakes118.apk

  • Size

    30.2MB

  • MD5

    f0716ee60888a671432dd52cfe841797

  • SHA1

    11594c67a4ae00e326e7c295a30183c051724c50

  • SHA256

    89c7e574f7db15fec79cd4dac3559dfb6d1c7bcc54a508cbfeca9d54e915e981

  • SHA512

    d79d49c99354287f0c9b557801e91cf65d969712f2f703cb6ab42308ad8bf99547e707e56061f8e87265fc6fb0df787c94b71cc53a06934b371f948fa2ae2ac3

  • SSDEEP

    786432:vSSmnPSeOB/BmWDNFIdeP2NG5W354co2vXEHUgZh37W:vzm7qpF7pP2cALvXW37W

Score
7/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 2 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.martian.candyroom3.aibei
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4254
    • /system/bin/cat /sys/devices/system/cpu/present
      2⤵
        PID:4312
      • /system/bin/cat /proc/cpuinfo
        2⤵
        • Checks CPU information
        PID:4336
      • /system/bin/cat /proc/meminfo
        2⤵
        • Checks memory information
        PID:4356

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.martian.candyroom3.aibei/app_td-cache/tdandroidgame
      Filesize

      529B

      MD5

      7be4566ea9cc623da587c9dcfcbfa3dc

      SHA1

      464634d536a1174be2dac093604de3899f41a014

      SHA256

      60ed520fed7ca7f0366ddb564a92ad658dd4a2fa83910802b1f608c58fa7d5f1

      SHA512

      6612fab721850daacd8609aa07e3b26de262b8c3c8326b1733a68d926c567fa4211295c2000cc7989715948e9250d4c505614822061301df9f678fdae361b26b

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/cache/.AIR/certificates/javaTrustConverted.tmp
      Filesize

      209KB

      MD5

      111bd584730ac4c3c91110ea106442ca

      SHA1

      1d6226e2237b6217f6e87a3651c96e077d3fd001

      SHA256

      3ff7aaa258645ff224d87592ffd14edfd9a8b0776ba6f0e529cc8695ea99405b

      SHA512

      b1f68e27bae4bde487ea76fb4dbc44372511702d34004010fc2bc2bf60f722d3558f4e0d62889d1ba0a90f4df7d1a58303309795777890c4e7b459fb7f175b54

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/cache/.AIR/certificates/javaTrustStore.tmp
      Filesize

      149KB

      MD5

      219fbbbca29df31135e104f3d162b180

      SHA1

      6219861a176ba865b1ae249a6f771f07664e608c

      SHA256

      67653c7403dec55a801cd1c6e68dd3b8925b43cd2d9645a5a6ac5a5a3bca635c

      SHA512

      ba9db34302bce6b9f63f2be1f01157001f83691a573d052a46cfff433a40e8665f5fcf99e9845511ffdf26cccafc70078e1b0d2333a457dddf0d3bc8cff339ec

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/cache/app/ae620bf5-0811-44b6-b7d9-cb835aea6307/assets/CandyRoom1_disanfang.swf
      Filesize

      16.2MB

      MD5

      4579731d1b330f7638423d9968f018be

      SHA1

      b5f2f6d851417fb503c5f42aab1e36a2be6e8520

      SHA256

      b6d955c8f556d5f7f2c10f6dfc96a7eb877b6127be28580babdd7a3b76f40aae

      SHA512

      776921e830ffee303984fb64abf52e4e93e4ff4bed7079f418602d68054fc1146af405f6cac799803f30c3e9013fc9a1d90e3e85918c6696becdc71a9e2c89d0

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/cache/app/ae620bf5-0811-44b6-b7d9-cb835aea6307/assets/META-INF/AIR/application.xml
      Filesize

      2KB

      MD5

      b542afdcd001ba94fec76deb0b6c57cb

      SHA1

      b26393ff3d0b06da4afe21e18e7d8b2795c92930

      SHA256

      d1e8f82c5fde7a91c3a856259c58dcd14eb5ccdfaab678631625a08e3c78140d

      SHA512

      7317b2d56eccaf857e1a588cb3c352d3711f9fa720d3a965e9ccbfb2f45610ed5cf49c3a3ec0b600246aae7e63545b5f2ddccc6d660d5882fcc3bd299c95a39c

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/cache/app/ae620bf5-0811-44b6-b7d9-cb835aea6307/assets/META-INF/AIR/extensions/com.AneAndroid.Extersion/META-INF/ANE/Android-ARM/library.swf
      Filesize

      11KB

      MD5

      3478199dae1d0ea562acb85153ab18df

      SHA1

      cfa287f8b5ac97aa85affbad57337e12d87582e3

      SHA256

      427ddb1b6dbc0ee09189c1f64e25c3a92140c9790d25d82152874ad6b5c6250e

      SHA512

      6d6fe796bc881c67813f4b9cbe6e30d8132dfbd4d00fa38e5d37261404b37a1017bfa2409703fa0778464aca5d4c80bf9fdf7ba2e189a64a2ba3e07be8b3072d

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/cache/app/ae620bf5-0811-44b6-b7d9-cb835aea6307/assets/META-INF/AIR/extensions/com.AneAndroid.Extersion/META-INF/ANE/extension.xml
      Filesize

      515B

      MD5

      f3db9aad3796e6d012ed94310b905a8b

      SHA1

      3267d42fcea67917a44efb3ad1dc1e42187f22db

      SHA256

      81669cf908838f5832a43ef9db3bd4c2c0a8398463778097b5b5166ee593cc70

      SHA512

      9f4e8f838f49aeb8b504806a41f8ba6394a27d5053a324ce5aaa6dad9e71ffd588fd1bca9c757610c6860e017d8d386c462c79e4c1f3a57f801a7ef94c1c3658

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/com.martian.CandyRoom1/Local Store/#SharedObjects/CandyRoom1_disanfang.swf/com.martian.CandyRoom1.sxx
      Filesize

      55B

      MD5

      c377bafd2bf4787156fd1a6134b05378

      SHA1

      5df6ad915eff41e5a6800ae09bad89539dd423e8

      SHA256

      5d825d242515672a8c8055e718d9bbed588c322faab7721b5116b880a73b5528

      SHA512

      862232b823d8c0c896f18722394550b8a91482c6b8f5d478f43b1efd98b41788ed61173f8066a21864b9b9d2a277608a7028440de83c8ac4ad1b4d29f263958a

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/databases/talkingdata_app.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/databases/talkingdata_app.db-journal
      Filesize

      512B

      MD5

      b69b0e1a5f76f7b1c09a1afd200f78ef

      SHA1

      a7bd7109e5c88cb0ebe7640f5d3ea79d27f60a88

      SHA256

      c1c4d06e5b40440b73a7f9f9b610575a0a73b231b74a1e7b6c1f8f7b8e880967

      SHA512

      11383b84fe7abcf0e8e8f6d0c8cda16850229782126e8e801d44fd335af23e0fc87defae4f4289c10db990b4bca0bd47179569f6f29147631bf5c4fc41840355

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/databases/talkingdata_app.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/databases/talkingdata_app.db-wal
      Filesize

      48KB

      MD5

      1b6202753a39eec7528d153a27afd911

      SHA1

      471c2edf6cb7e18fe4eb38d86cb407a3468899fe

      SHA256

      9aec490d13103d351fa8f7df798e6f10d3d40649c3c5068648831214823d29bc

      SHA512

      1f2288fcb7d6799031e0363d01c4e3a83257262def08f3e6fd0c3e83ab118c22d1c4a59006e795cfa18291df99e48ad28cb00baf8cbeae55bb5c8259142f92ea

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/files/talkingdata_app_process_preferences_file
      Filesize

      33B

      MD5

      6967e2b8808caeea8d4c8855c5555104

      SHA1

      e28bff812f24093e1fd96efe59da2a12b86623a2

      SHA256

      80154cad4e07dd823cbd4270ac9bce6435cdc92432d4997e22467c00595b2986

      SHA512

      459a82578448da81803287ec32a9be4bcd077796765bfa3b48db7d80f7c467b0dc13e5b62e9789a05ed8b0baffdeee5d859b7b704c439c65584dbf2b0f0cae71

      Download Submit

    • /data/data/com.martian.candyroom3.aibei/files/talkingdata_app_version_preferences_file
      Filesize

      2B

      MD5

      4e732ced3463d06de0ca9a15b6153677

      SHA1

      887309d048beef83ad3eabf2a79a64a389ab1c9f

      SHA256

      5f9c4ab08cac7457e9111a30e4664920607ea2c115a1433d7be98e97e64244ca

      SHA512

      e053886e1b797bc5a80f932302f0201265a599d82e2502d41941d6e652614ef88fa058e009094d26655f880200df12c2100f690254fd1e5bae75d7441763cd33

      Download Submit

    • /storage/emulated/0/.tcookieid
      Filesize

      33B

      MD5

      6d32544d5a6a8121aafe084cc55be13b

      SHA1

      2c7303c414f2bff5b1e80391ba6315df9bb62fd3

      SHA256

      940514c50bcf87ca5a68eeb67f581bdac4845c6f4adbde372851a2eea836fe52

      SHA512

      ccb0f188c0ce9b8728f72cdc3edf247f8019f526e3ede5dc8d95c89f2e3a42d2ce5505d93189c1398a425e8aa9bfe803d13c022815b63e3105df8eb6af0fe940

      Download Submit

    • /storage/emulated/0/iapppay/statistics/com.martian.candyroom3.aibei/event/1726944991659.log
      Filesize

      155B

      MD5

      c84745c3b897d188cc55dcae6892e7db

      SHA1

      761273ffcf89c6b0910003e4b7cf8331823072e2

      SHA256

      6a07fa69126e35f05862247da8d99c18cc5a831233c7f4ca2d5e7da6153134cd

      SHA512

      41e7ed02f253bc281bb1d46813e00183a02f9162ed09b719ca9b2e727e141a9bc2f853a30f74a331c7dae7f6c279e7ec7f7ca1fe7b9e17ba8ccd6d0d7a4474e6

      Download Submit

    • /storage/emulated/0/iapppay/statistics/com.martian.candyroom3.aibei/header/1726944991659.log
      Filesize

      996B

      MD5

      3ba04cac14d1e90570daabed9ec5437d

      SHA1

      5877b6519288c3baefb21e4eaf35f2176575c617

      SHA256

      f1417067df49edf34eeb467934513efc8722f34b5d7df0c7010fb8f74f7d6d7b

      SHA512

      5eec22a529a73878721578659e7242dd5a98204c9836a1e23b753ab91cfd6d32a65af4dce1f2010529ec94012c44542b13d6fba602380ae6211d7616e823479b

      Download Submit