be67abeafb5e6f2372ce4cb11fa4ef39ec7d7d1f7009abff8074d3e0eb06b5e8

Analysis

max time kernel
146s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
08-04-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7dbd149ba780d3645fa2cee710a1d5f_JaffaCakes118.apk
Size

9.7MB
MD5

e7dbd149ba780d3645fa2cee710a1d5f
SHA1

a7ae84fb602c68d0feb85c50c8827a2b79ae1d37
SHA256

be67abeafb5e6f2372ce4cb11fa4ef39ec7d7d1f7009abff8074d3e0eb06b5e8
SHA512

9a23c191ddcc9173321890b7d11cdcd667f482c7fe95c5c9fe13c48c32ef00b681b41fb77906a828991d6d179b8d95af5e7b0d8c4ce02a413f5a58083afdc5e7
SSDEEP

196608:RLALb9OLXxU1M8Y6I8DLkVKP0gXDBfNFbwLd3wLdL42VO1tugQ:R81FkVKP0gTvFbiWHk2

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baomu51.yuesao.android:remote

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.baomu51.yuesao.android

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baomu51.yuesao.android
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baomu51.yuesao.android:remote

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baomu51.yuesao.android

com.baomu51.yuesao.android
1⤵
- Checks CPU information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4319

com.baomu51.yuesao.android:remote
1⤵
- Requests cell location
- Queries information about running processes on the device.
PID:4391

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baomu51.yuesao.android/files/CMRequire.dat

Filesize
52KB

MD5
ca0b3576096d1c30b91888ab84d9d1fa

SHA1
b22d5e8315bbfc93723d6dfea2f2e5d771d56bcd

SHA256
5a5d8c0e95c6fe6b04a6946ec9eda37f9886ba2c6f0f999d585c24d3252245b8

SHA512
5198eed5ba404acccc09a7099b033c981a36cb9cbc125d4ff20bdc683d749d26a656fc32b033b8ac9718d96e0e6bd713314f61a70f5057c7a1ebdf6912d780c9

Download Submit
/data/data/com.baomu51.yuesao.android/files/VerDatset.dat

Filesize
172B

MD5
caaa975d7bf4952bd5dd695ade33f1da

SHA1
119373fbb2db036712df72ec9b26c0c2840dfbb1

SHA256
d0f94264a6b5c355dbf5c0516202c732bcae471a2401542b2ca43307727a0d02

SHA512
db2acdecd236eab67cb67151032f53e51c9c04e754f3c21d74e05cacb1ea5edecbbccbd66ee760624b9cac97b8dd77f568324e8abc2b9c16aa73131db81c8b06

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/a/ResPack.rs

Filesize
684KB

MD5
5569bba8871b7cf0f6e86e48c5761715

SHA1
7790d99b2681bc22fb6115f820c2d932e00c0f28

SHA256
f10372199db5c4a22f59e65348053dcfa4a6b3ca737dfabb70560749ad995224

SHA512
510776a4ddeab0e48402a8f075ecae0ad349cad39d7dd0fbb0b09b0cfdbe91dc33d011bc541b74c3d912bc9ea943c005fe52ee87485d479d709546a88cbd8192

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/a/mapstyle.sty

Filesize
131KB

MD5
db362e36518c847ae80caca571e3c8c8

SHA1
610911bf7869016fb7c9a2026b3024eacf0b4593

SHA256
95549560fbb3d96dc791c2d16fdd5f098784eee75ac293556fe9688fb2f0ec9d

SHA512
41fa2b9b61c131b0926d0f47f86eea56859ca0d4e44ac23647a73ff4b98214183cb0a523336dcae4e2ddb4be932e994e1950365fd3590eb2f7c3b96bd4bb8a41

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/a/satellitestyle.sty

Filesize
119KB

MD5
6034f2a3f8bc9639ae820bd977bde4a0

SHA1
599f7994853b61bc5ee09a75b6383a13a5a685f7

SHA256
753705cb1ab2a676a9ef48881cfb036f212c4a7e7a5d34d9f8708075078e5818

SHA512
acaf0d146e4e3739eeaa40d46f7002776ebc4074bb89d12a5c25b12f53190a0e367ef0bd3225835e7e4b39a70b06e9f7328b1e342a9c5829af7610c14d41898f

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/a/trafficstyle.sty

Filesize
3KB

MD5
1e4b535871c4feb2010b614713def5c7

SHA1
4c5dc67838d12b795b6882c6dbbcc6767e42184f

SHA256
efa3ec85127a21a8c8a74640acc5fe1d992952964d4f257682f832f63c2ad3fc

SHA512
0c5443dbfdafab2e6cb7740587f48ca9a2c971b93afafcebccd17691edaa7c7fb75dfd1b6c939dd591a5aa65977f55e64b6c3690ab0a660432269fc43bf3133c

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/h/DVDirectory.cfg

Filesize
69KB

MD5
9654b1c682044d35aa576f0f2596f867

SHA1
688884b8f0bdeb45828c609d0ab18f5173111d02

SHA256
634e6e8805ad543d01fb6befd8fa52176e72f6d758beb087a50657e7a2eb776c

SHA512
752023d6eb497f4de10f5ac6a54461ae23dc9db5e4929bda2779c742b2fb0975325cfc63e11d57293b89ceba24dcb939ac097f907e641c7bbf604a92f291dbb0

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/h/DVHotMap.cfg

Filesize
10KB

MD5
2bf2e00dcb1a5d9b6f282cc417c5d9b6

SHA1
a0f7e58808567117213b09ef6ef97f8dbb9cc7b0

SHA256
08f0a44eb8a98d692d741713d4d9b596343c7730f105cf365e9ac97f40c704ba

SHA512
00694318b6798a4d4992f24f6370e4b0d88595a35be2bf87a5046c55339dfad2f97c006e8c10cdbfde088613ede59e57fb777cbdc4ad074ed0df474b67756ee0

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/h/DVHotcity.cfg

Filesize
1KB

MD5
668e333e0828eb5c5fa4c189481f11f7

SHA1
5c9e28fac1b15e9a89cad86bf6d5a367e603b7e6

SHA256
c3a870457de7a386cecdf407396c8426a33b294e15d5e2e4fb898396a26636ba

SHA512
46f65673cbf6a34cd8e47f8c4b7c32ca46cdec6309d59421c6c9134522c363669d4671c15333c46f55e335203d51ad5bb6832d8ba5d5ce0e0ed21ea26e7ccae4

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/h/DVVersion.cfg

Filesize
127B

MD5
e962c995c0664b5cd8d067db1561cad7

SHA1
263524863998525598f663ba7134ecec2ab592b2

SHA256
b83792f572112503fa2c542595047271d632318a775061ae3a964948738639f8

SHA512
7337967c5759f8a078eed90adc45054e5642b1e319800549c80395dcdc1956baa8d9741348e1dc0be931f24cdb899b95d4beec35e52995703dad8d0feb04ab26

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/l/DVDirectory.cfg

Filesize
69KB

MD5
65685a117c72fe8fbf5a92b07073c99e

SHA1
b115b527f74e4c291edcaab19b316a446aca8f5b

SHA256
19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8

SHA512
e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/l/DVHotMap.cfg

Filesize
10KB

MD5
3f44ca873593ee15b867334e0fae3c9c

SHA1
5571e2f35ec8204cbe35d975d9f611533380a99b

SHA256
43415b419e6349c5ce4f4f35bc884ccb2548c0a33ecfbb73d62b5d9149cf0e95

SHA512
9e7f6bbc907e79e636074652cb353dfec9c9fd981e5813b6d586d8a5fbbf88d5182cb0cef37eb93428ad3a7748a7d0679e879e8db81bdc2c39afc9e752cfc937

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/l/DVHotcity.cfg

Filesize
1KB

MD5
46ca4f4192606147873230a4aeb662d2

SHA1
10676b327a33d46f57367bbed5fe69ade4cdbf6b

SHA256
58bbf74d901c20c33b2d14a2ba8ced919aa00421ef0e41f18a4299136cc03364

SHA512
5a799242a69d6913b8f9739cc189ae8c5b443d428cac91c13b2325accf406a5eed2636291bb15cc9155ae53a743b0a0e1d7cf4683f683e19aa55b49c53e71b64

Download Submit
/data/data/com.baomu51.yuesao.android/files/cfg/l/DVVersion.cfg

Filesize
127B

MD5
a96a0ab65876e56d17bd7e20b14f8021

SHA1
41fbae5db9584115d957baaa6f39483a414ed82c

SHA256
b688864704e4b3a14163409bde6b5029ec5793ac021641bc61919b857361dadb

SHA512
a78e5a52cc30b32d9c5da90c99103f2717ce5b1ecac56e5672dfc25a39e0c6f62086728fb8128434e751ffc0d5b990d65258bf886aa076235f9665449bcc4025

Download Submit
/data/data/com.baomu51.yuesao.android/files/ver.dat

Filesize
512B

MD5
15224e535d69e42a2695557bdc965721

SHA1
cb7037a049bdc70e716f811d0ec6ae7128d5784b

SHA256
9cb53e285e24d0a45d166d92eadcec0de260848822d029a2c5d2a0531732b300

SHA512
2f72e5afbe2d1228e74f4f01107be154b55d8cffdf9ca121c156c9cf51cc8f19af41d977b80579fa632e8e4e8d2af2062b5381f47e41b1ea62ff50e14a845d04

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
651a3eb46638041e54e04db20ad48945

SHA1
7688bc75209f0edcb83998e1697e44144647ae3f

SHA256
4ae66afbd0310d067577a575798ec0682479d7e4d7237231627b1f3bf9432ccb

SHA512
dd65e2c075d63d497b9c2c37e71a99da6d42906a97a4aea35188fd56fe6a9fa3cd52803cd16b736ed83bad467966c33b8ed316be36bd044b478d93cd3cdd4847

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
e34d7868076288226cafbb7de612a229

SHA1
d831a7a65834d1cdb0e0535b173c05d65b860354

SHA256
e54e6cb0b5d962b15b6438002c72afcf892c01c5232c5e65eadbc275c3d5741d

SHA512
90b6b13b426721c5911f465fe705773c6f875dda4a462cd57dd855fd9c5a64eb9f71c13781c23ca6083e754f72823c299bb2a3fa6683273d09196a65d8460226

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
96c34da758c9ffd0d54860dbf68a73a7

SHA1
f6932e9ddc54e9c55f8a5de3564c2853c27d26c6

SHA256
114177c890b187fff258337fa69ff7ce852dcd5eb1b16f66d79e2ae06df61cdb

SHA512
7ed8aa28607cf280cbdd2266fdf5df084bbdd70dcbff26a69243c95a2ffdab7cdd022c853d206f64aca3ee3351042fd2868e04e134c43d2c14cd68b98bfaab3b

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
2459470bc8957dcc743fd60182e4fca5

SHA1
26baa5b13207c3b727c2aa247ef48467feafac3d

SHA256
2ba9ce3f60074b1fb15b659b914be09f519351dd917b9891c2bedcdc72e2d108

SHA512
918d5123db67c8e4f2a449878427d9adc41602ed3d21e9965ac0e6f2e5b138eeb97f65181668916cc616d8f418d2949a5979e774faa627b53973dba7cd55a615

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
163B

MD5
e77c2d9040909099c7532439c74eb47f

SHA1
fbae86bf2defc8493880cfa86555f87666693808

SHA256
6964e4b8023a93aff37865c56b1e1e9429a8a2f9ee73bb4668fd473e083224da

SHA512
2e80eb4e0c01b2305f3aa465aef0f398e6275381a4a75e2422ec38c3738097e075726563f531676cbe79c87c7c615a9d1fb35636f34ec4a8bf27a0fb4c62f1bb

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
c1ff00f5d834363ca49b32962a8aa82a

SHA1
495a4581e5582f3a9ca6b1ccf6c38b57f4c53f8d

SHA256
e2cbc7d2ca4dfd4e2e3c07c6b979cf70cda3be12da5a5202934467bf4706b0e8

SHA512
fdea9a52ed1654e4de84350c072f65b9da2aba1249f96afd32fa38b4911b0fa5eeb951a7df05d84383cf30f7fa5703cb10db6a168ddb7d0fbb7278ce12338a1c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/baidu/tempdata/yom.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads