Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    15/10/2024, 19:29

General

  • Target

    499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk

  • Size

    342KB

  • MD5

    499d227e53e2e0df1dc808d2529507ac

  • SHA1

    eeedbf4c50f68467e6ffd701a425b9ec8fd53a0e

  • SHA256

    0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d

  • SHA512

    864a01a2c164e33e97cfb36fd551a1dca274286ecf3242a2fc844b8ab2ce9f0cafb52f6e32a3193294c10d2be66d596032d6fecad307755a4123c4e8ee403693

  • SSDEEP

    6144:2Tplw2P+sb/S8sN/Jlf+xHssYRXBlvNqUH/wD34KSvo3oEkZvBdkqj5:2te38Elf4HARX8UOIFvHLkQ

Malware Config

Signatures

Processes

  • g.xqbooster
    1⤵
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4220

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/g.xqbooster/databases/.ua/ua.db

          Filesize

          32KB

          MD5

          d604a3bf1f8d992cc320ea5b1f7609bd

          SHA1

          247f88df0b55c7d523ea5398637711a0e4a483a4

          SHA256

          329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

          SHA512

          67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

        • /data/data/g.xqbooster/databases/.ua/ua.db

          Filesize

          32KB

          MD5

          91aa51cec48d96b164f7ae5aab395f60

          SHA1

          195df06d36ee6cb07f665f8112eda2eff93a17b6

          SHA256

          0309ba6c36667bc32abb21badf05286f25a13d14cb9f6f25c57cf44ab3554bf9

          SHA512

          6aa7e3ff27a7e690e0d12450bb47f07f7815d9086719d2f9938d9dc27df3eab43b6fdc22741ace6479e0e0dbb6907ecd9c1f28acc4f8b14b8c58e318081f70ea

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          512B

          MD5

          36597136b3fcb09955f0671d86260a7c

          SHA1

          bf68cb717ebdb9438e1d43d9f7e3e090955e364c

          SHA256

          b2cf811dfcd852290d1b2fe7197d1a46a871e4cd7677822b0ce8b77c67e03dd3

          SHA512

          2fa62ab617dae5cd6ce47b755f3acf8710485f215e8a3984d4b5523e54dbf2d1254b972faa87bdf60a78512b57a14ddb34eda428e08309c0a4379c434ad84ec8

        • /data/data/g.xqbooster/databases/.ua/ua.db-wal

          Filesize

          8KB

          MD5

          c41463e0ed8e7ad9e57cf58ebfafd2e8

          SHA1

          1dc3fb3a0957a845c389f6c01d71b08360767da1

          SHA256

          c0d8948733e21e7ebff80e7a164085a6a74d0a94357f62b45492de72b3ffcbda

          SHA512

          0850dc9c18cde5878fa397069fcfa23c122e1c23f0115fd295e4863496843b371c27441bcddef230892f87cf8810796e2e08cc19da3f0e1b6490d75c628c40a0

        • /data/data/g.xqbooster/databases/.ua/ua.db-wal

          Filesize

          56KB

          MD5

          6882b9969aea12306fe51fa650d8e1d0

          SHA1

          a658e4e4c85e58b5d350de691311656dc2f96ada

          SHA256

          57502742dcf85bdbfd2dca9dfe2b6b259cc736a3a62e5c45664ae09e453826e0

          SHA512

          8c5d12add5e62636889c74bd10f79ab808fb2843afd3c006532f68a07d77732a7b280e8a7dbc3bc53a0ca097b895c64754449622751e995b3a33c7388626b03b

        • /data/data/g.xqbooster/databases/cc/cc.db

          Filesize

          36KB

          MD5

          5d7ea1a23af19b4340cc8d90f28297d5

          SHA1

          4cfe95b23a9e98378d69c4290af81b51fbe76aea

          SHA256

          474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

          SHA512

          33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

        • /data/data/g.xqbooster/databases/cc/cc.db

          Filesize

          36KB

          MD5

          ce6135aa1b1fe4f2c2db2a546d2a5558

          SHA1

          79b59582154017aadab783dc266fcb158c252940

          SHA256

          7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

          SHA512

          2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          512B

          MD5

          11a59f6816e0b30f8e045bc61cf81126

          SHA1

          051a2a7456059d16e1e2423dfeb8e0bab3938a75

          SHA256

          e64c65c9b0fde2df7d480a8f48976c3f49f7749499b124cc5631faa0f1e19011

          SHA512

          ba6760cb045f2e4ed7492778565ccb6b8f8ca1efd89a9dc61d0fc52d5caa0f830bb92a6ce9c2b4385bd2b886ca120f16e7e4836ace5a489cf1164a1199821f4b

        • /data/data/g.xqbooster/databases/cc/cc.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/g.xqbooster/databases/cc/cc.db-wal

          Filesize

          16KB

          MD5

          6ea13c1fda12fb41f808f150023216c2

          SHA1

          460329026028bcca9abc7d92df862f3b2a56ed87

          SHA256

          656e5f1d6f77d5306c6a622330819fb5551ce5ef941e16d536ed41c4e5876a65

          SHA512

          b4acf98d6d07e0e2b78134634e73c3dd688bc459d54bd7f64ca1bb700dee788c0eda6e8d7f46545bc85f91d67764d064a83954168991224ee59324015233e11b

        • /data/data/g.xqbooster/databases/cc/cc.db-wal

          Filesize

          48KB

          MD5

          f1b632c16686736bd407c47c734da2c5

          SHA1

          b3d75815cc390ed52f05fb2524f225cf2ab2d23b

          SHA256

          8a6d8fc98200fa512dbe1d9d56e43f8fd99744b46447040e54e189a863ad4a6c

          SHA512

          b9343b34cb6a2120708adf49406ad6c02c43304b4d40f6360c7e821f5e4d3e87bd931a163039dbfb7017dfff2f82601564ff424d78b9d4d0a4dbe94484fbd1cb

        • /data/data/g.xqbooster/files/.um/um_cache_1729020731803.env

          Filesize

          1KB

          MD5

          b9e340d5161882a4db6e067533d8a047

          SHA1

          a8f9f884dce7ccb1581e52ab6d9361561043d67e

          SHA256

          4502a7ccb9994704e730bff6a56f4f74429cd2f8caf3eed9e92f65c23327658a

          SHA512

          eb047052a2e04f4597ba6fda0485bc9ca105933750077a04edf963e280d520c6aabbfc4d36f2e3f63b6b613a1a1046e51efa40fd79203da2388ab284ef4b5937

        • /data/data/g.xqbooster/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          f462cd6e8f4009c3e5ee9b008f9594aa

          SHA1

          07bb7c8b147c08027ce7d4ef05b1e0d11ca941a1

          SHA256

          bf0852f9d7790831d3c444c5f32435d542b0eda0da3116b9463709ce258b1006

          SHA512

          9f93644a83110f8b1c2f7d00e7dcf83cb7e898ee10e3f7c4df64f76f61ff89e16b45a9a4e1b0eee497a6c7273a87888f35e4b4cff14ab8decb40014b9735b005

        • /data/data/g.xqbooster/files/exid.dat

          Filesize

          53B

          MD5

          e817597aa9e9c29b4af7f6bead1308c7

          SHA1

          1b5747d90b99072c080add45965d67e6085d4f71

          SHA256

          37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822

          SHA512

          08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5

        • /data/data/g.xqbooster/files/umeng_it.cache

          Filesize

          498B

          MD5

          ea2c8dd4e06b1adae41fae49aea41e95

          SHA1

          c8018bc6d88e184aa0bb89605f72d8e4548878a7

          SHA256

          30ef5f8e633d6a7c339dc6630c7b0698f3004177fffe29235dc9642af344a7d5

          SHA512

          78ff030368b67961e292b97fb533dac71396114a2bdf021043228388464d8dac0aa3387230551aa47960e26d4fad913d20c9631e90ac706f872d48eb087f8cf7

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          096f95c383a4608c642f8534af25b1a6

          SHA1

          d4b2b9bfd4988780acfb0b96bd5ab911702328ab

          SHA256

          b01dcc38d8483fe3d9ab301e9789f73a3f8b7cb36a6d09f657a095e912eb938e

          SHA512

          0bfe8b0910ff9bc72c9cb4de4aedfd768b60e904c03619b25a9ded071a068560d368ba94c86678ebaa91218d7410e59d6ce67237b6647e3ea9ffbc88b1855ce5

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          f512e3353368f3b71f1883f027672597

          SHA1

          333788def0c002bfbcefe42cae9a94662dc908e2

          SHA256

          d5b064810150bd25f3a0721b8ade1372e28ca2f2b75fb8223f477f614d78c608

          SHA512

          e15c648a431c48992cd91763ba2eacd1b0ea500b1546ba0dc2caa40820940d1b53648b97409058f4a02e7c7a16be24bc21861c38fc73d1ee5337851bf2fd5191

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          a3e811a6886ba374c8383b9ea98d8170

          SHA1

          84956a177d4f79d396384f9cf347d2803f5d2e42

          SHA256

          1c2d1e618219a9c3be3874208681da072c81f51b9a67370a889311f212de6855

          SHA512

          9dfec61e024c41b423bc91ee02e5b013951ec3b89f52490d6f64b697bd66035936f546cf631d095a121a7b582ff0c88e9a9baab131f73b83e59bb02e8a23d1fc

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          477cd664f372597ac3952a22c761801e

          SHA1

          cee6a6b37f3809a2193a49a23941efa0e926ef30

          SHA256

          33505835016136bd374cfcd8d238ab3c5b3ce1070088b9d8be7e299c2e41076b

          SHA512

          152acd60f13be5e050707868e1c34beef6c871093df86ecf79b3a6bd6bacce7aaaa5e22fd28fccc6c319828d48dabd8afbee26c99e76bbb1c890a68b97757a84

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03