Analysis

  • max time kernel
    15s
  • max time network
    127s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02/11/2024, 10:45

General

  • Target

    85101d383ba142e9b6fde15e8b4c6593_JaffaCakes118.apk

  • Size

    6.3MB

  • MD5

    85101d383ba142e9b6fde15e8b4c6593

  • SHA1

    6107b4921247bf206715d95f370eff8be98840de

  • SHA256

    552a6d3dc1b6c2b5edcdd1252e5bd5993c5e6e73e435a4ab791d04de7f7601d4

  • SHA512

    a3ffd59e3edc168d6d3b5acf96ac7973fb2a92bc673dbf2742d09b2b893269dc716c334009cc2227386707757c63067d5486cf5c8cc3e63ece1fbe4f0c6f3cef

  • SSDEEP

    98304:XHwzSJfRC58Sf/9D/v7WqT9ZXqv8zA399e5KdoljZEx9muMN+t0YCnu:XHwzsRC5X/979Jq0zA3m5Ky5qkN+ePnu

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.xmxxxwev.game
    1⤵
    • Loads dropped Dex/Jar
    • Reads the content of SMS inbox messages.
    • Reads the content of the SMS messages.
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4247
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.xmxxxwev.game/app_zhifulibs/zhifu.zip --output-vdex-fd=57 --oat-fd=62 --oat-location=/data/user/0/com.xmxxxwev.game/app_zhifulibs/oat/x86/zhifu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4322

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.xmxxxwev.game/app_zhifulibs/libunicompurcore.so

          Filesize

          129KB

          MD5

          1207a3edcf8e684b7e97342a243a8bc8

          SHA1

          cba0ce2e88395c7733b9d62cce8a3d6ea7df9ae1

          SHA256

          d581f30214e19929f55ee8f6c6b996956007a025a8eb21890767ef11cea14681

          SHA512

          f15fa62f2d588e37dc7dd2232cdb82636ccc3e408a74dc673692d6202af1f90b80738b9a3c222ff505dc1424b1d33d4f099207f4de0190902768b0b905aa5c5a

        • /data/data/com.xmxxxwev.game/app_zhifulibs/zhifu.zip

          Filesize

          135KB

          MD5

          8a3198c5ee6c420310455daf8d54ce67

          SHA1

          200d1eb3e30461bd70bd0f04ec7b0c7c64dd5188

          SHA256

          0f514a231b675d8e485165ef4feccf8e293bb872760ed1e2fd808af3dff4521f

          SHA512

          a93a639df99d01cf48a6d1a420702e2dcbba3e717bd628dead4a64e0140e1c390c651edcc1a5bb0acf853afcca5805ced20bc605ab52b9b05e4ec0fcf981635d

        • /data/data/com.xmxxxwev.game/databases/lepeng.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.xmxxxwev.game/databases/lepeng.db-journal

          Filesize

          512B

          MD5

          8c0f6e48f21049170ae0211631a0754e

          SHA1

          9bda6e16554feb4ef62272b081fe4e1d48dd8070

          SHA256

          7930486ed9e947c8c948cf89fa70920bf0db43bf3f9ba20407bc19b9e8513e56

          SHA512

          50c85f2029f4b55fc9eee2c0fdbb8f17ce3d57b9f4f31a3ad9fc8ef8368c205cab8ee6081854eebee8e842dc017eb97ebc320de277298bc140426e15a60c01d7

        • /data/data/com.xmxxxwev.game/databases/lepeng.db-shm

          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        • /data/data/com.xmxxxwev.game/databases/lepeng.db-wal

          Filesize

          36KB

          MD5

          07efd5118bcdb9c91c751397e2ca5437

          SHA1

          23066387fda9fd0e546a70c6b289d06d62b3caab

          SHA256

          fc9090bbf9d68762720d812e005218d5c7915ed9c90d5a78ecacaa4690f46f22

          SHA512

          3893776abe490eb3366aeca098f0a4750b1872b256a4d645bbee92e477dd128331107aeca5bc0ab2f1e8d01fbd746d5eb55b9536da999d49b3daca427c78f2fd

        • /data/data/com.xmxxxwev.game/databases/qy_db_pay-journal

          Filesize

          512B

          MD5

          1715cac2db579814d3734673c9d215b8

          SHA1

          54b58d1fca8436ab411f530187ae8fbf93c66c77

          SHA256

          32743ac529262138d92a819fd99fca82b90074603f06ab6637784af1fd2f97fe

          SHA512

          29273d30fcdb978fb0c19351be63d50e8b0c0d86e702efcac5abb9476bc0d78ff98a2a78a37d39f67193aac822e192519c190ed813850dfbe4cf868e20a23264

        • /data/data/com.xmxxxwev.game/databases/qy_db_pay-shm

          Filesize

          4KB

          MD5

          620f0b67a91f7f74151bc5be745b7110

          SHA1

          1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

          SHA256

          ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

          SHA512

          2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

        • /data/data/com.xmxxxwev.game/databases/qy_db_pay-wal

          Filesize

          40KB

          MD5

          a6a1bb0a5b8a93bcee1b8763bc68a06e

          SHA1

          66984f4090393ed83a18f4ff55bd367d514e87a3

          SHA256

          302471691e4267bf0bfe38aedb52c1f1327d38f7c28024efc888f6f775f7321a

          SHA512

          f9f558305d6370c0c52c01761e51ab06b674ad6b2837d77a941e357767cc39758f06accc0560bdb9ee839b9b76ab6f107a73cd8eaed93512b02474b54205331a

        • /data/data/com.xmxxxwev.game/files/__local_except_cache.json

          Filesize

          1KB

          MD5

          13319dd0a80faa5d98511a675b21f424

          SHA1

          9cf235fbdb097e4d64d5034d3b0a74a64784aa00

          SHA256

          794c233958c32c016b41e2a7610c0101aa007328b739db057dc9b1b108f8f510

          SHA512

          133fb09188955c102267d72df83bbc050f3bbd351f8c3cf38277b888506a4517c4063962bc6460232de21c2aa5c26b36a8472e666681104b3a52a27f7328a365

        • /data/data/com.xmxxxwev.game/files/bewq/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/F4QcGqYUmtjt7nid8zzSqX68EgU=

          Filesize

          300B

          MD5

          bd98e722585164b54ba0849b965f78c6

          SHA1

          af77b0be380a1f1f949298d8b961f9a39c221b74

          SHA256

          df1476454b8a091794f42c80dc132dd6ca8bd7ae77a8e2e36d3c622c1fa0a502

          SHA512

          af231f193963cb2b23da4afdea6921af0a35dfa3c98e26c9d57be7047302812d3e60b4ea9905b79c557f5d23fc78bfe9e0b0dae7ebf2e623f9fda58e1f70995d

        • /data/data/com.xmxxxwev.game/files/bewq/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/Q6SoI48vGt6E7NJX.zip

          Filesize

          3KB

          MD5

          3127bd37a95cf7387f0d637eab8496a4

          SHA1

          e74fe25515320946aaa88f53742d9aa3fb31151b

          SHA256

          485470b822c0b70c8582ca920df14df88ba00c8c924f5ffe947f33598482f40f

          SHA512

          b6e73663f4abe88254a880233aacba26e5c48505343fae923ee160c254a3150294295aa05ac84b665a7f9064f8e0a0be972681678f1e5525e3b841bd404cdade

        • /data/data/com.xmxxxwev.game/files/bewq/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/e77DEMA7B7Csg5vqZqZvHg==

          Filesize

          381KB

          MD5

          11f5d336138d0fe4cb2d939c00356941

          SHA1

          1f7cebaba76b4c98e793e23b594e66aa6f5f7c2a

          SHA256

          d442c57a3317657a4d4bd52e780383058289f0100b4b139ecfd8ef5fb8d49231

          SHA512

          69d437c284921a63f9d4b18908c466905e73523b4599a31921e9ed3210a01aa73930626b4ce44e1c01f6f337deac678fdbdb5ebf5cdb40c9d5613fd450665281

        • /data/data/com.xmxxxwev.game/files/bewq/Gj9FCFCVDMZEpfFyXo2emNlosUY=/data.dat.tmp

          Filesize

          351KB

          MD5

          5c4515cf14a135427926dfedcd358e99

          SHA1

          b13ba705392fea93492d68b072bddea58083a52c

          SHA256

          3c3b33267d0f051cc4a3d6ccca8d75092c4ba22034b15f482473b10b185fe9b2

          SHA512

          16f55aadf37a138f8c37309762b86ab8abfffa7418657645b69adc72018e7564a0090ab0c338745127643e71a24570839d1a0bd634b92fd2c0a1bcb5d44534c4

        • /data/data/com.xmxxxwev.game/files/bewq/TzxVa9cImSXWY3-DX1e7lhQh2-o=

          Filesize

          83B

          MD5

          d6f83149aba37ca51bee591ec398ae7c

          SHA1

          fc537d230af5aef1ccf07c015c661eb5a880e6bb

          SHA256

          6ed40ff43fcda7417ce9b2d3de00458cb518a71b70831cd6cbee0afff01b59af

          SHA512

          c6548af43bf39e5c1ea7ec715bc384a6b80bd97d3899502cb000165b0dd455284f98ab55388160c50ab2de24d97934613642a5a3994b33d2e833029d8078aa1d

        • /data/data/com.xmxxxwev.game/files/bewq/TzxVa9cImSXWY3-DX1e7lhQh2-o=

          Filesize

          94B

          MD5

          5a7da1043c7a9ada800e80fb3b327eba

          SHA1

          980a181b63afc4eaed833bfd59377965112748c9

          SHA256

          0ebe72bd43cdcd5b79e6df063608f07190656028c7565c8721eaae7c8f161e10

          SHA512

          ccd2093eb21143d320774c5e73559d8e797ecfa060cf08211f69a4f2723afbfe4cd9e62f2a284a564ca72b1678bc5ed22fa7fd0ed83328f93eecef198cc4ca5d

        • /data/data/com.xmxxxwev.game/files/bewq/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/lib/libtt.so

          Filesize

          11KB

          MD5

          39b6ac5154df77bcc92c9cb4c76560d0

          SHA1

          b985bd345461490ee6c62548a87d648413faccda

          SHA256

          ab50dcbe107ba99a5065f674f1b4b48bf3d83ff3f0b256e68c502ae483dc72f3

          SHA512

          cb1dc48f50d9ed016f75b03917e9a66d2a2a9ac751e069063a9cbccc8c76f5c32223795c77aeadfc21989d700fcedd718c9c70e878a8a3962e1152bbce005e02

        • /data/data/com.xmxxxwev.game/files/bewq/zImbgVVxT9gLotLoQo92Uf2GrgA=

          Filesize

          55B

          MD5

          3cdadf4f051a185250b443193904a553

          SHA1

          2f83348b6bc0a809d08a672f60ddbdcdb885cd40

          SHA256

          b41ddfdcae059af0742b31541fbd7a0e6d50f561db2a9a8fe745c30238cad51c

          SHA512

          d72fdf082fb08489beb83780270db3d2223b10bf007a6ae637e271d69d5191ba40c238f95fc291db4bd2393d81c97db0f1b2831325e57f5d31fb19d3f310bcdb

        • /data/user/0/com.xmxxxwev.game/app_zhifulibs/zhifu.zip

          Filesize

          398KB

          MD5

          4bae3d4fcb996fb2d0a59c824e9f60b1

          SHA1

          66ba946ad0115253e4f3c48f8c2e20f74ed66420

          SHA256

          6cbefc6f144374e24182b148a8c03dfa797af9827cb79d46388044d35f31e0f2

          SHA512

          f50da5bdc8a428ea482ff0ec311ee8ca26199b615b90fa5f171650d2dd4d621bd0b4f2e254c17456b9ccabdbab028f060a6da960e74555e971c9fa357dec2807

        • /data/user/0/com.xmxxxwev.game/files/bewq/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/DzYuRXREEQpbBBIP.zip

          Filesize

          616KB

          MD5

          8e08b2043b87bc0b45b0e8fbfecf0639

          SHA1

          77ab3061ae96c8f28a6f4c75c4fe63926a63dc8c

          SHA256

          a81996c9134aa61051dd666ac936bf32febcb7b7afc60fdec83874edb51b420a

          SHA512

          d8b0bbd6e63588c38344b35efd4ba51f798cc0db1bccc47c88ae9597b6e1c350cf3ba1754e3226d2fd5ede1e3043d5f60b927332e3d8caf0c4b5e8120baf3ac0

        • /storage/emulated/0/baidu/.cuid

          Filesize

          89B

          MD5

          1258a52ecece7f0fd201c6f4687e5d44

          SHA1

          27b59c2bbaaf1b75deceb4316b67466acb5269f6

          SHA256

          705238abc79d36033b5b4916c0495239e9cbea4f4b44f95bbdeb9d360656ad32

          SHA512

          99e3963a417400faa2c10851fb9d9d4ea5d2adb43ca552c6b56292b1d507d4b0d823e1e6bd9181dd72f498c8eede13f3f2e8cffbf5d49c026954c78b3a6e0112