Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    15/10/2024, 19:29

General

  • Target

    499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk

  • Size

    342KB

  • MD5

    499d227e53e2e0df1dc808d2529507ac

  • SHA1

    eeedbf4c50f68467e6ffd701a425b9ec8fd53a0e

  • SHA256

    0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d

  • SHA512

    864a01a2c164e33e97cfb36fd551a1dca274286ecf3242a2fc844b8ab2ce9f0cafb52f6e32a3193294c10d2be66d596032d6fecad307755a4123c4e8ee403693

  • SSDEEP

    6144:2Tplw2P+sb/S8sN/Jlf+xHssYRXBlvNqUH/wD34KSvo3oEkZvBdkqj5:2te38Elf4HARX8UOIFvHLkQ

Malware Config

Signatures

Processes

  • g.xqbooster
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4469

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/g.xqbooster/databases/.ua/ua.db

          Filesize

          32KB

          MD5

          4cac7d31fb94d5c9581893537f64c5ed

          SHA1

          96bef3288546196ac3058b5eeddbe9da1d999fe5

          SHA256

          d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

          SHA512

          0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

        • /data/data/g.xqbooster/databases/.ua/ua.db

          Filesize

          32KB

          MD5

          bd4bf956fe2d4122742d80bf9669abb3

          SHA1

          86d38865d857c5564df0641172640a79e027f4ee

          SHA256

          41d7fb934643cb4d678613a689a9f6c6ee229eb43866a436403a6fbb0b226779

          SHA512

          c2940ac597758a01ac954207dcc2356e607682c2f72fc6e6153fce59362dbd2edb2d9cda4496e02d95fc8ab25f928c963991688b22501828d57464a8439fed60

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          12KB

          MD5

          04a423b92e6f81065aa2110e946138d5

          SHA1

          ae1c30aaa63e1addc05b3354764a968333e6ba22

          SHA256

          eac6cc902b7687f2e941417f6c3d9854c0e72e7d17ca78abe402fb2361816b7f

          SHA512

          3638ab2038e360529ad540c8c21ad17e04cfd261a8d4ad6f96913dc7b3a768ecf5f8d369230713c3cd7dc8fbc65ccc804dcc0c7172a98a03eadc55f2af475c25

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          512B

          MD5

          dbb49a7e1f0621f0b4bacc19923676f8

          SHA1

          58893453acfbcd367f6478a73bd306e671661e65

          SHA256

          832ea3c0c00bd3feb9d4a8c534e95c7c6e9ab8c0a1e52b2a07db77a5d6f0d3e7

          SHA512

          23d7559f187b4306f269345fdaa8752a34bd3fe23459170bc1578ba4a3d171cc0d79b757c79de1a4fc457e733c82575be2cb502f142ef7b8a910aa942abb5704

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          8KB

          MD5

          b7669c358c20616436047bb721e779bb

          SHA1

          7731277daf1e332ec9846518b2a98a8b6c1e36f0

          SHA256

          702a0188329c94d03379837257bc7f65a9aff24a055b9ab66c80e2e73fee6e14

          SHA512

          c85ea72c8ac7e6774dfbf24e0dfc5ea62b715907f90ea8d1dab56d7354ec29c5c75506ae879d53182c11641f12d32250be309e3a7f0955c8e6624d4e50ec5253

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          8KB

          MD5

          12a8dac0be98f7b92c568462a8c18286

          SHA1

          b3ccda2861c3e4c847416ca14b3d1e875953f93e

          SHA256

          146892205dc9b7cabff8b611b60852c455ae0124aff9a6078ae9a81de0b69d90

          SHA512

          69f5800588b043096ca9c81dec26c78032e3680efd59cb43e38564035419c9ee138e395d4cb96dda568904a41a18ddf4408431f85415f23f76d02e75c1b7d356

        • /data/data/g.xqbooster/databases/.ua/ua.db-journal

          Filesize

          16KB

          MD5

          f146f068056f537742763925c45d5faf

          SHA1

          c8ce11d799b6fa57adef3c0643363fd13aa4ef5b

          SHA256

          231ec8d786acdeeee19379f17f09e91929e6b8fe19ca112756e47634bdf4e5c0

          SHA512

          6713d4806d65d959ca6cc491da8b254c8a84cc7ac37cf380cf15b511021c89ff96744be69905c74ce38b995a5fd665dce317a3e8d4299716ac20b16487d6d895

        • /data/data/g.xqbooster/databases/cc/cc.db

          Filesize

          36KB

          MD5

          4cfe777c9f6e7859f5efe2197401d8e5

          SHA1

          bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

          SHA256

          c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

          SHA512

          6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

        • /data/data/g.xqbooster/databases/cc/cc.db

          Filesize

          36KB

          MD5

          86752a4be6564d8370f2f0e403995003

          SHA1

          29f7d50675f6e59f3b808eb6dcc8619384412115

          SHA256

          50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

          SHA512

          79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          512B

          MD5

          24afa22537a75dd7b44897a9b41349cf

          SHA1

          404677f2949ef631323d255bda4505fdb4378f0b

          SHA256

          1ff3a20da732c7c2e5803f80fcb66017bb09e3c573dc7167d54a6db268e0c7cd

          SHA512

          ed5a2c7c1e347d4c5cf838a1cca16d5993a193804c9fedaafa5a3c088e8a3d7382b933053766fe57a0df7c2e39578f572a68bb011fa25e7ab7f1206a277171e9

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          ea3229c77adf666a0c1153aa31b53ee0

          SHA1

          25c7286388ce2f891a0e891e9fc0867ee28fb1da

          SHA256

          831d1193d118f5c3c812e4d56994c780a65ab2469de3fee24652b61be4668269

          SHA512

          61aff3e7d8a4fb518019ba528f3f576be84beffe09c772f4276030ebbcc830a0262948d91dee95c26d8922ccbd4043a9477c0afeea845ca67745be5a59e01ecf

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          5b9758e11e6ef407741f93b79c5ecc54

          SHA1

          b27c236991cf91bc9e537d63ad7eecbdab153145

          SHA256

          3c9aa14cad7bbf8da0e78f088add84a1afddea859d5a9eff8fb2cf725fa79dca

          SHA512

          909b9aaaaf863286f97d00f663399a25b8713b8bf5522f5a1a32d93bf886248fa8e22c75ce8f954d8ffb486219084d48c92f02fe19cdde1b339c4aa532e140d2

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          12KB

          MD5

          e2ab8c591be3897eef8eb68f1be044f7

          SHA1

          a788737db1f91adcf1d6c56adf1b6fe63fee6585

          SHA256

          bf9d1cbc2a35a9723358028b8e75af9e89b56908e15541dcbd845d96f130360c

          SHA512

          fb65c71bd0d61f2dff84e7abe99044e89d5b93cf42af648402b48ae24268ea540c99de65a9520671796c44e838ff43e2466cd6fb68b7dbb833968ec257c67ca5

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          dd4d9b0afe8fdb9e5131dd2cb9e03d53

          SHA1

          f027907e608c36fcf1b937ba3d31455c321776fc

          SHA256

          a1e5764b6a3da771c3bf5d5706afbf5dfc81ea5b44afa6514e0192b88e86bec8

          SHA512

          c163a43deb35d57fd4298ab05f206a2a3c26ec14e5b7ede50ddae84b7ba76435e2478327b6d9cf7bb6c93bfe820761b63f204f173c12503a23b5d68271e2140c

        • /data/data/g.xqbooster/databases/cc/cc.db-journal

          Filesize

          8KB

          MD5

          c2a83af8837edf01b7ac8f09de4e6568

          SHA1

          8ef0608512179dbf2fda199720423b17940ff119

          SHA256

          4492debafdd44e9ca1ff863b4634dc3c28200b25e3ad08debe641717c7dd717b

          SHA512

          8d028dba4052c9ce39d466f93e353b0b1ad6de7360e9e9e55d019f7f1bf6d6e3f6b8ee698b8099c8bc1db7d899a802ae469a0ccae002dc38deb37b7ccfb13b0e

        • /data/user/0/g.xqbooster/files/.um/um_cache_1729020724450.env

          Filesize

          1KB

          MD5

          3f5e56a29486f26678c999d1938c58ed

          SHA1

          a9af830cf446fb009bbde1aa802ae695437ba665

          SHA256

          2f9c86e1808871ba9652eb64cbbeea9747cd0eb4a72fc3887c286b728ee14869

          SHA512

          700625af6ab555b3ce88da604f779359e845473cbb249b3c43eb7858c3d2da91f0f7ba220e716aaf23a935b3ef87eb0f259166d73ea7ccd025b726a2af48a4b0

        • /data/user/0/g.xqbooster/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          e0e6f1dd185d0e0b79d1d64b6c4b63a3

          SHA1

          2b85d4e1f758734b44606c265ad5b119ddbe52c6

          SHA256

          adf9f5002ddc88100039e321ab229fe1b50e70c4cf845fe2c06741ecfe396e66

          SHA512

          aa377e422b37225976275ec0d26b0d4c36be7fb8ea773ee49c45fb7aa702682a78df1589183577b46b79b9c8a8c5c6e9ccbf7c4b9260581736378ff6b3e0e3c0

        • /data/user/0/g.xqbooster/files/exid.dat

          Filesize

          53B

          MD5

          e817597aa9e9c29b4af7f6bead1308c7

          SHA1

          1b5747d90b99072c080add45965d67e6085d4f71

          SHA256

          37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822

          SHA512

          08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5

        • /data/user/0/g.xqbooster/files/umeng_it.cache

          Filesize

          433B

          MD5

          e6e5aa9fead140bbd47c0cf6d002cd30

          SHA1

          58b5c29fce493a0e41099c54537f7fc28e1b64ca

          SHA256

          f75f2a581694ae989a7a91de6fec7d9e326ba9b3c5ffb949958c047a7cbecefb

          SHA512

          fa2f47fd722d7a66474f9f96e124201222a2807782f1ff021c896cfb840cf87e104af9d070f602f1c5a19c954ab83f03c90c69b73b9f551ea1e30e4d92ce950f

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          efee9c7d5aacd9a0ae18c14a484b1d67

          SHA1

          0abf6b35593a1ce6cd4980739b6faebab87d5a00

          SHA256

          3923306d360066c76d3e449dcb327184b0741e088a182246407c19b01e2e4dc5

          SHA512

          5694cfdf6fb3d086e96e28aac9833b4d4b8f99978ecc0d58b43e67eaf9ebdfc6e9d498ef64c8f97f08080d446d8877c75e6a7b61b71b0e8c63d96852c97fe1a6

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          e8332d2742fd831b86c4dc15726be99d

          SHA1

          fdd4dd58a5ed12f6ea7fe5781dcdfebd2029eb11

          SHA256

          09770d2dc2114e735b705e9371b9e9e85edc7ca121a21fc10390c0c4088e0dcf

          SHA512

          2be09ade0d37db38244a5d83383a5ed0fe06781cdec27ea9c065224076574f11f703acf506b32bd5c36c6205ac395266e5b364920cf651a30f4aa489179475de

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          acc5601132d8cc0e96bbf81532ead76e

          SHA1

          ca94dc051c53656ea878505cc86e65a9898d5af3

          SHA256

          c0f6cf916809cba95e24ba720d963b14de9e21be0a4f1991ef21b1def2ef231f

          SHA512

          d4e268f7e66e969fd9a65b4893a70cd4197dd14cf5373fef316cbd36cbd97e8d76eec444838f1e08ae31b7f3907d2b4c769de4cb8e031a28d40d22887e8a2ec0

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          1e2da67a7aa0ad3bb2fe4ecb7f19d3b2

          SHA1

          92f4c459f7b86dcaf2411cdafc7dffe3fc9aafed

          SHA256

          05384e5580eee6e4bdb0e7e0fafc65d3077b0bdf280e5c52bdbd9f04c46c7bb1

          SHA512

          716be4ba905c59e32aeae22d951c66e6eaa3d303c0a0d6b33e0073924f2637f57fba2d31b97d52833f6f49efb74cbf6eb329c2be3aec395b1edd7243c26b24e2