a998555789ea41c5abff509bca2d8a55c9061bdf4117ada90315abe88a37989d

Analysis

max time kernel
129s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-04-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8c29f4ca46c282780e660d968bbf520_JaffaCakes118.apk
Size

15.4MB
MD5

f8c29f4ca46c282780e660d968bbf520
SHA1

a47817f2338e2c7a26702b77fffcb8f1faf0f029
SHA256

a998555789ea41c5abff509bca2d8a55c9061bdf4117ada90315abe88a37989d
SHA512

5461d5fffd34083b557d45dbe48d61e453ee7f9c52ea1a19cda597a476edfff72cafb5e687498228efa0ccde31c35811cdf8ad382f149f61f24f41ae43ff60b5
SSDEEP

393216:QxZJYdOCFLJF6DOOzeNWt8fq4wnfXI/SXAlXwzj6tFuE2yuyg:s3qzOzekKqJfXDXAliU0z1

Score

8^/10

banker collection discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

T1430

Processes:

com.yueren.pyyx

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yueren.pyyx

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yueren.pyyx

Queries information about running processes on the device. 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yueren.pyyx:corecom.yueren.pyyx:corecom.yueren.pyyx

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yueren.pyyx:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yueren.pyyx:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yueren.pyyx

Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yueren.pyyx

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yueren.pyyx
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.yueren.pyyx

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.yueren.pyyx
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.yueren.pyyx

description ioc process

URI accessed for read content://com.android.contacts/raw_contacts com.yueren.pyyx
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.yueren.pyyx

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yueren.pyyx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yueren.pyyx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yueren.pyyx

description	ioc	process
URI accessed for read	content://com.android.contacts/raw_contacts	com.yueren.pyyx

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yueren.pyyx

com.yueren.pyyx
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Reads the contacts stored on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4468

com.yueren.pyyx:core
1⤵
- Queries information about running processes on the device.
PID:4501

com.yueren.pyyx:core
1⤵
- Queries information about running processes on the device.
PID:4590

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yueren.pyyx/databases/dynamicamapfile.db
Filesize
20KB

MD5
d5950b4302984c62ae015c70f8359000

SHA1
44de2b51c2942afc6706cfd591bd17e0b22732a2

SHA256
b25855280d949ff775756116e72d78ac73561352dfa33866835ccd355d037f9d

SHA512
39c732e681ba5913a12d78056a128a2f7a2cf3b78f5735727e629b15bd5f498ea22ca1bee6bd0c7580c2443cc08e4416c454679bf52ca34fb91366f6374b334c

Download Submit
/data/data/com.yueren.pyyx/databases/dynamicamapfile.db-journal
Filesize
512B

MD5
48890d71f497e77766d87909be28acb4

SHA1
fc129a1296f08babc5ee8512be1e9c4453db6048

SHA256
38fe6eb91c863e86d98965fd50ab8d92f18b85bf00653ed4fd5e158090bf00cb

SHA512
0d7c5e2b96ff394c43949071f652959b7b2644be3780016557c28939e1751bcd7a93f2fd6625ce9a235f6c6339105aba89e8fcecb58a3f31a3ca7f4930d7ed9b

Download Submit
/data/data/com.yueren.pyyx/databases/dynamicamapfile.db-wal
Filesize
32KB

MD5
5def54c218374de244cc8899431c7ccd

SHA1
18570b8c449aabcc708fd13e3380c0bf37b087f8

SHA256
ee3092a89cf0b6024b304cce2f6b2e32006453d7ecb8d08a3f007e5905f0ee7b

SHA512
1d0b62c6254e607bf0a9e78bee4fda4dfc62c165364fe5bddb200d37c748b4b030d8491fb9f3c6e42cdba2e38ccfcabb2d8365a8d7ddf2c717fd42abd54f07dd

Download Submit
/data/data/com.yueren.pyyx/databases/hmdb
Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.yueren.pyyx/databases/hmdb-journal
Filesize
512B

MD5
d896f0c4f9f48a30e81f0a91be406488

SHA1
1a6c29047284af88417e79911e167ffb56c4cbad

SHA256
e5f5cc4f191fe0cc4641d22c649a81a0014653d422494cc7bfa8c5033113bfe2

SHA512
ac817279556a60381ecc9170fbc1c68af3f1c46d9ed99b0c2feb7685f0a9cd877ad8cb4bd254eab25147246ac7441bdc924c0c959ce7e81dc3651c4340973445

Download Submit
/data/data/com.yueren.pyyx/databases/hmdb-wal
Filesize
16KB

MD5
0676a30d64237d170b58f0e354b892ab

SHA1
7a5b47977f8e79ab5ebb1e514977e4a27ada6c3c

SHA256
25dbab4401b460d04e04a8fd694364676f71539b354a559e93143ed5fe34ab21

SHA512
8fb5342afa07915ee690125495cd3367a8c329655dbbf5088d12221b7fbdc635f353546457ada0cd68b5dccc795316ac60117bdbac841285e4b421b1aeed669c

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db
Filesize
4KB

MD5
8645ef970ff4a2f465a0df7112deafc2

SHA1
e34ed1f3ac1e4d349dce3ebe3710c4a410d66a7b

SHA256
77f3b700f6d39209f340af2e7d9010397bc4dcf0fb3d87b366535c3ef6e466bf

SHA512
2363aae80738d1917719e39ac2aaec23d2084a8667f3a042423de43c5461976a94210969655083794c232f3039eb509cb92978bcd7abc14da9d5d0a865a76813

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-journal
Filesize
512B

MD5
214bfbce7fc117e87c52387adbd1700b

SHA1
f5e50adab55b3b9bdb0ed1bddbeefa0e6acd1886

SHA256
bf87783db5a88c6d3512812f3766562042468e31d1732b0e81630fa4d4ac5600

SHA512
b3863ab325377b1a3d905d5bd5582f70bac9f0565b89f55f8d3c9595e8facf1a0d56a498fab87d6cf419cc05922c60073dde8495137056d7705a6e0196a67dd6

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-wal
Filesize
201KB

MD5
8b6fab371d392d85f09825bd3ceb6c6a

SHA1
2525dc1dacc16d59bfa17124098065ac981377b5

SHA256
d46ebafae961c253d569a213c66beaac51a74124e3f3c90f72d926aa83e86fff

SHA512
0d42974643e2f1a2509ae7d29b20ec8ae75103a162edeb08bc75ee3abf21580a0e1954b8cfd2ccc3396847fd4f6ec06c8580b5e398d0de4caa0b5261907aff29

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
fb614251d47d412248fc0cf093f1462f

SHA1
1023a65b176c4345559a7d03dd0184aefbf72e28

SHA256
935fb602b8db3a622a41c706f7c410c2ad41f9105eafef76b8bb7c53828bae58

SHA512
6d62de8d12c2dc0627e8801e4eef3c9e17843e5d11bff77c998591137eea289fe5d7fc841f74bb2a046b031053e72b48d5488d1bd9b0409958b821913b1ee823

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
17712e618ad36e916aaa205155a063d7

SHA1
2ba4b4c26c9b7aa867eb0a45c3c2da8e373ebbdd

SHA256
00fec29495532f0e4b3f33e3880007297815d5354d6bb5650fe8a54d8648186c

SHA512
b1fb00ebea54b4409b7547bc99febfffa6bff71a1f47f0ed831a2b9a09be76efc49f67b20036530b8d425f4923b306d3710a73778297fd0e0595e8d7f5b4b899

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
ec5e9223c7d8859ce29db41d6c935e30

SHA1
fc6bea724e0035fa908cff735ecab1e0acd69d53

SHA256
d4741368d795e128665b876508a39fa18800b7b7a7f5819447443d17ca240e68

SHA512
5b3a1cf729515577a545a0d9a8edb9babb557b02c4c505a084b4128174c3ef1c8e704618f17e8d67ffdca9711def53d40dce30479a38e12394cef62cefd2525e

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
12cc918d67d5e458e92898724a921b77

SHA1
a568e98cdc717b570a95807407ffbf4e06398fc1

SHA256
881dd8ad0de739cdab69d1e49b66bf6b5454f6e2531e0c09679177ec56bdd4d6

SHA512
88e97ff4909496b07a10606a514aea9c208eadaac389a87b537f1a14e1a9fc6cde71ce1bef5809d592e11c2936c0fe3fdd38bbd8e3637a590d12ad802c13f172

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
512B

MD5
da84b42eea774e38ab3a0d98d6340460

SHA1
3e14d24e1e890f56c79ea4037b9f6171c2f2b684

SHA256
e4bacc3176c412766f6865619eb3da5b3d359e45f6c4260d2b4ce1d92170dba9

SHA512
88c1f8b218a785b6bac1d21c75d28589dab8118e55e33b5b0ff28eaa105512433918b362130f39213e5c9a033e44314156c7c540d2871b5960e8854f51891a2c

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-wal
Filesize
48KB

MD5
3f70397c11ec6fca6dba7652254c671b

SHA1
dd44bab7a82990a23cf41b7c583f4c703361e55f

SHA256
7d0c68d6744ecabf676457e334a90fdaffb998cf475aba62a6b52a2cf511f469

SHA512
30c5cff508046adc37a5a9fb7bc56b9bfda1c736ac7749686370bfaacf16df7bbd32933d5fee45a7765ca7aae8047397ecee6dc9bb3c40e5803a1def0d53185b

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-wal
Filesize
12KB

MD5
5bdac6aa2f731a81cf47b8d568e0dd0b

SHA1
35ed2d699ad1a283d05e68d31369bb25d9407dfc

SHA256
96aac8edd128090b51143361ad7f995d6d17f72f2feb82fa5cb48da9ea157f83

SHA512
8904482ab1126e60f1d7d14dbcc8453976128fc25a036fcd9bd14da622caeaefb875f1392cbc6fc25d42df9aa3e092c92998150edf4e595b48e8211e347c4e17

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-wal
Filesize
12KB

MD5
25dbb3bae97a474cdad9dee595afe44a

SHA1
c878252096e7b8c2a78ddb559fe388205a4dcceb

SHA256
a36e2b29351e323fbf0db6c966d20dd3caf642bc785257187800223f936b9777

SHA512
7ac29b0c7a59f5e31980ab2d80fe1862be035085cb8fb653ecdeee7d35f499372eb4f652dd34fc20bba5974f0e849e4ab003f755450787ef2d0a208a1cb75120

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-wal
Filesize
12KB

MD5
797e80268d1c8544a6dbb50a98c38efc

SHA1
412c4d17ac96387f4d9ada16c60065696cae68e1

SHA256
7ea1a4409253a18898608a277cd41cc8b7cccfb71c301f2b5594df92039ac972

SHA512
957ff2c35b259f3fdc1ba70efbbc77db1ecf462247a18cc77fca688ce3b30cc918bd015f9014ae5f0b63dede8ac02a8104e3f50e5f7b87c108112e39d3f94cd6

Download Submit
/storage/emulated/0/Android/data/com.yueren.pyyx/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
135B

MD5
089ca2ad4f8bed34b4f241f82682561a

SHA1
c7e541fa626038a36994753086d39b924063b727

SHA256
0b8aac7272adbeb1c631678f9865f03f68a7fede5faad4c8943604b98dcea5d3

SHA512
0c5e7232d7f71c43fee1cc48150d9cac99c8497d14b154dcc5443f97364336620cb35d5998884df3f76bb086f2363e219a469c83e9e0464e7331dd2137f70c9b

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
130B

MD5
e83a05acbac50fe6cfd3ea56d176696b

SHA1
25bf8fa9c3bcc81dd3865e8b47140f96b61dd7d4

SHA256
26b78ea87d64669c4adfd434a1faef22825430d9ba49fdb4d3144dbe7dc28ca3

SHA512
693d4842216cc24d1130afa29ea267490d8aeb5e41d855428ce79685aba861b96ee84e57079e93250a91d948f5df9d30fb03b766a357c06ba48722fe7d2d7ef2

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
79B

MD5
bd43dd0ecd787d5fcf041d9785fe1c99

SHA1
2538b5df6a9e3164f047c35a483ee6f18b9634d8

SHA256
e9e34fde4d66439711581830663cb6228e25c09c831c78e54d2d383de9a51c00

SHA512
5eb095e4d1e776fdf089f424e63dca2b0ee3bc5d28985fb9d44f22433645c71c03ea232bbe3af9fca65f7dbf9d8e7ef541611b75a4649aab54b97109c5732beb

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
93B

MD5
69d0db70d4570dd1fb7769c7b8521713

SHA1
297b8c4f820e88366906ec7900d501853b1253fe

SHA256
c19fad821f117979fb7d0f53b6d858536fa81df4860f63c54b4ab2664017c8fd

SHA512
d40859ad70bdab6d2f19ebbc8d343d510f43e933d6390a21ec4ad08c1ab84b3b78d955131ea08adce7b7a142957bf8e026ce7aa03a58d6c3677ad3b0a871959d

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
133B

MD5
3c2e584d4ab329a3e5014da75b88606d

SHA1
3f19246f108a3a4e109826da742a213f492e71b9

SHA256
321b25cc8117a26e485fc5a3b3f5e9afb27ac43ca0272385b129ed88d8121fb2

SHA512
e3be56deef51398457e7148c4b2de825860aa879fca7b7fedb8a42d5fc5a990b1c02cc4c61be22c12a4c8dba0fc12201fe3669e50962ca1012efe49f4d4bbaf2

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
136B

MD5
e66b993579e295edafa55ccf28d11bef

SHA1
a4bed869111e805200758f35c011f5ea361000f3

SHA256
3161493f7686a637182fa49a8396ea641a98a55847bc01867d46939c52c08f7d

SHA512
1e34655e12bcb614697943ef190682eaab0b8b2bc0bf1b2d082c0877e4ec032605b24131857c27b052f68ddb74aafce58f69052342972803fb1d55ec5857667d

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
118B

MD5
e032d56214d8b25ffed7616104635e44

SHA1
611cc7ef7fb18059f49fc2e17f2f701166b64bf1

SHA256
1e946bc90260aafabae3b4268ee443421ae9989af1ad0c04f2f7acd9311cd941

SHA512
c365ecac18d551ef31ad6479b74c2a229114410b38f11d8d60e34a0be87bec24126109b87656cd2bdf5f661b2abbdc4cb1c53cf7b95688e54dfe4f1d5749e8cb

Download Submit