Analysis

  • max time kernel
    143s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    15/10/2024, 19:29

General

  • Target

    499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk

  • Size

    342KB

  • MD5

    499d227e53e2e0df1dc808d2529507ac

  • SHA1

    eeedbf4c50f68467e6ffd701a425b9ec8fd53a0e

  • SHA256

    0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d

  • SHA512

    864a01a2c164e33e97cfb36fd551a1dca274286ecf3242a2fc844b8ab2ce9f0cafb52f6e32a3193294c10d2be66d596032d6fecad307755a4123c4e8ee403693

  • SSDEEP

    6144:2Tplw2P+sb/S8sN/Jlf+xHssYRXBlvNqUH/wD34KSvo3oEkZvBdkqj5:2te38Elf4HARX8UOIFvHLkQ

Malware Config

Signatures

Processes

  • g.xqbooster
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4994

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/g.xqbooster/databases/.ua/ua.db

          Filesize

          32KB

          MD5

          38564ad4c73e5619bc2264b0c44997a5

          SHA1

          e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

          SHA256

          1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

          SHA512

          30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

        • /data/data/g.xqbooster/databases/.ua/ua.db

          Filesize

          32KB

          MD5

          980e560befd1a01fee13025a03a396fc

          SHA1

          570c3ff960efe4ecddfec15d024e8febb66403a0

          SHA256

          a876727a5ae1821832849b6e8a4c9c2523888bc52d62744760017ffacd22b5c4

          SHA512

          69f9db1ccfaf2f084d8643fc4e76da84d4241b2cf4155d1f345adfbf6bd0adcc45f53d2a0e89b4bce6d2a0789d71f68bf19abebc1ec396eb13ed12fee9660cf3

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          12KB

          MD5

          bb939029070eeaea1fffd317f3ac2631

          SHA1

          6c9fc4c90467aaf0d35694ffd0f2fa97592662ef

          SHA256

          3f39db6015c7f7fb1b9035bbb9fbfbbc626909a5b8951fc926e3030964add316

          SHA512

          146b169e3f6046c1f759112e10c9e1029b66091534800286601020c8a06cd340e6ff4a163dffb3cf32cd1535bea793a32e916f3b056e7f14e3072831316fe95b

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          512B

          MD5

          75a6ba0fc2ed69b20adaa5014dc77248

          SHA1

          5b22b455afbdeea06ea56bc3df6877221c835fe6

          SHA256

          98b2e758a177f773406b4755fda92fc48b669cb4c1fb79dbd6eb190b212825c2

          SHA512

          3caa191dd212b6d187fc7ed6a5987d3483d7bd241cb467de8101db2ab4f37a02e7c3f7eadeddb9ec57e03d28097280e62a003ca369084d4b8fd1888e9dfb0b07

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          8KB

          MD5

          3801fde58b06bd4c14401d88e3c20604

          SHA1

          0f40b68f2ff33375eea813fb93b59ecc9a2df4b4

          SHA256

          a8afdaeba76053d770c20f582d93d1844f43f31d8989d500e61d28c8bfde1f24

          SHA512

          0a56f4ccd268cf011b9eb9ab6441c810f6ecdd4d7ebb67172d12dd6d151e13bc23e7a08528cf9a1c0849a362d089be1a2b2e3af77657bfc4c5e96244a82d4802

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          8KB

          MD5

          73a3de1936fce46f9743f023d9d3a633

          SHA1

          7da689510bc961b360ba1140065ed1c4e57a19c6

          SHA256

          88dd9f03571dcc463c3b8167de5ff6213cf1b655719fc47207b707b47b093fb6

          SHA512

          a1dfae48fd1cb94a031446d0fdfe669a170eb65d0d182c2bcf0934836556d60ef4bc6aaeb10e66f28ea0c2959b825da0255a72de2bed4d59aed4ff57ea6ed8bc

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          16KB

          MD5

          980b511153858c9c10eb75632a00f858

          SHA1

          265c9e36bbc81e27dc048ae58ab9507c09ff6bbd

          SHA256

          0b84407a42c161e4f5976686753fe3e03fda658215fbabf165d5fc483c480700

          SHA512

          94feb5ad96a22c25db36f24aa4c032aff120a09a7bb1becf59f184a83c3227418627bff8ed7721c588cc2e2b3cf0203c1164ca7b1d89112147b046bc538e9943

        • /data/data/g.xqbooster/databases/cc/cc.db

          Filesize

          36KB

          MD5

          0908e924aa236931dc7166fef6e00862

          SHA1

          7782648d6d8f6e835bd47058d4852932c096a467

          SHA256

          38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

          SHA512

          3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

        • /data/data/g.xqbooster/databases/cc/cc.db

          Filesize

          36KB

          MD5

          67c12933d1e0e63d9801a6aa43092ce7

          SHA1

          b6936908554e4a1986b8eb08289e2d3545e8ff74

          SHA256

          abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

          SHA512

          db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          512B

          MD5

          6c65a8de9f8e216279bd998b4c3e961c

          SHA1

          5c35aa16828106b207c66f475a2781d07a67055e

          SHA256

          3d2db116b1fb242fbfac883aaa9da589410ed2ecd7c2a4cb67d9ad9b45174999

          SHA512

          e64f929e2b221ffbfbd419a978f905b3ffb8eb1522898256ef4fcbb31e947ccaf1a4d801c8fb0415e3e55dc75cdc578d73466a923815cd95795ca0712372e96c

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          7eea89272a94aa2841c466582b995187

          SHA1

          587ebb7bc8760f6aabca68365ff006d1d2171210

          SHA256

          6e99837d40ce80e26594bf928b71a901ebc44ac641e93bf2d4682358daf579ac

          SHA512

          ebfbf731ee49d6adbde9402196a4f9c8a8147e37f08a391fe542cdf141f905fd04d9970f1df2eb775e2f5c8961b21d4c4ce065d9a50c4247309fec96275ca646

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          6a53fdfcb3b2db6b665dd7fd568911ca

          SHA1

          5575d441ee1a3aa332ecbf4041055a3feb8b9ca9

          SHA256

          2d8f3edc5e105bf34eb0c44ed8869fc4a9cba0f43b4a405faa17e8a384a5054c

          SHA512

          9e344848e10e99212ea92695f7d3bd9c9e00d6cf8950c18f1375957abf1188baa645e05d4e3d92b3e88d3847b4d44fa2796aa147f98796184a686b772a80546a

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          12KB

          MD5

          0c5cae18f877097a06c881240e0541e5

          SHA1

          37e1d8cb9d95defc8d9d7bed695d0d84829362b1

          SHA256

          40f83f3a7b51b4e1d62fe4fbf3a2e574100a9978783323ab26957b401f3d7d31

          SHA512

          6fb0fb9599d2a697adc6a9f4e58ddefc9b889cf87679f400d601cfba93a79db2f46fbb9a63e639d510eb33c26d6fed4c1acd397090de9c73f095c2ef8fd0f251

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          58eeddaa5c13c1849c48cbfa7bc4cedd

          SHA1

          d021c80dd71b1665596426dfb60440d90b500879

          SHA256

          a3e4fe7b4e81cba92ab2774d0b1e0efcc417e8e81166909c27428745adc45ef5

          SHA512

          191ef4d86b7d02ab8a32a2d1c5409bed04057f46c2ef71888b3b4deb770775a19df7d048135c0b9c2ab496e2eb58110aedc11c5dc096fb1dc0a840c18abc6d0c

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          6958e7cfa4c1b0f3f779d2de0b58dee0

          SHA1

          c338cdbaf75ba3051543c85f96241414e14b1762

          SHA256

          2de3d4dfebd4adbe2958a3bf40624b8047a4d5014761a9c0f2a1a6ce1187207e

          SHA512

          7e393bac8fe2af52afb4bc6d08d02e2352bab70acde59502e22d502cccbdf0acace52e389b46d554f55bf6837deb0a85dba09fcf4a654ad6d298b363254a7bfb

        • /data/data/g.xqbooster/files/.um/um_cache_1729020722292.env

          Filesize

          1KB

          MD5

          03ab41d4b93cdecc35539f711bc04f5f

          SHA1

          99f1b2ffec2e7a9ec994e03c5f090d85289dc1fe

          SHA256

          97c7c0a038545ea2d6d33ad9eb6bbf441a4abc785e3eab82964a796bcd32c4a7

          SHA512

          02a420e0012f4a61cfd03f662654fe00dc2f8c5f1227081ca3e8e6f380a7ba12fd82389766f766c578eef9b3f6e568e09c4ae493395bd0f08a702205f7f77a5b

        • /data/data/g.xqbooster/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          c4503dab92b509579a6387779bb43dfc

          SHA1

          ac007edea707c9a12a746bff62c9c11b2f612884

          SHA256

          c375aefde30a4efbeb00272ed3a7c009da89dbcceb09523b977b3501f3643f95

          SHA512

          0597927cb157a21a4bb6193a04d9c91aa639c2349de77a09076007604650a4f8a0091a98053f9f2eab73fe5340b07a486737e70fe7b6f5c8e0148c80b1fefc9c

        • /data/data/g.xqbooster/files/exid.dat

          Filesize

          53B

          MD5

          e817597aa9e9c29b4af7f6bead1308c7

          SHA1

          1b5747d90b99072c080add45965d67e6085d4f71

          SHA256

          37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822

          SHA512

          08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5

        • /data/data/g.xqbooster/files/umeng_it.cache

          Filesize

          433B

          MD5

          a3e4d765d9e22a2b327760a6a23c55ba

          SHA1

          4a9bf72e9dbf8fef7457b80ee8dcf2ecc0bda9fa

          SHA256

          e2589f7b15f5b3450186806282234bc65f440102f0d73199f71b45692aacc472

          SHA512

          e5ae31c91544407113ad2e81056e786e7828544934473840fadf90f2d2d312bc748ecb00cf6b88aef5df1b64c7e6348d36713b1265ed661cf5b5a75845b07138

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          6b671d57925a60542bc6d6a0c1b91b6a

          SHA1

          f008b4ac8701643ba88daf34860fad2cd34f98fb

          SHA256

          6644989a8e988bb6b6db5e1e03d6f18df0b276473ae8e570d94813a53d51ccb8

          SHA512

          6c8769460cebf91749ad2b302956f0164c2ebf94a8edee8022b69890c19865e60a6b401d14206e2bd60f33d04b19fd5155ca3721e1ff96c556b3372a0c8a0e17

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          03a2eca7399607e1e31bccbb39f70e12

          SHA1

          8bae38625e610896faa23d9afebfb049e2ac27eb

          SHA256

          648e754f6cbc41a2ee6048d0be7ec352af0f9fe3e081854bb8f8be352e29dc28

          SHA512

          3a4c633513f4346eeed31197052d825582a0ebcf327410f46be257864dfa868ab122765fe82649abbef062477dec2007a824dfba16bbb444395a067ed7b9667f

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          0df63f381627f43dcbce3c3a301b174e

          SHA1

          b6f24b1d270268f47b4e97dafa17c2716533e753

          SHA256

          0cb48b9573e9d1c8ec2e8381a412fa6785009eb91fd38c4f9e4eb19c2b1d33be

          SHA512

          47fdcf6ae7d8edf064ffb72b03d235c61d9cc116d2da4a029d6b6ec607fe90d661195fd9ecf1948c21d4a7f2da1031195c18aecd0c1d71d4994a63f5644e2346

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          a18be682db58409e3fa7576c2bda6cff

          SHA1

          625f308d4f2d88141ad8590c5c1670e4ef336f73

          SHA256

          319470e6da1135fbaf8806f5a5fed632848942114841850a5d70b1df2380fc4d

          SHA512

          a4ad92032e0c73b0a941cd4921540a48ad9f4f128826d147135aca13d4b0d2a52ae15f6757266d2736eaff14e637907fd76403a28ece3131211be1f63a03c15c