a998555789ea41c5abff509bca2d8a55c9061bdf4117ada90315abe88a37989d

Analysis

max time kernel
130s
max time network
162s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
18-04-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8c29f4ca46c282780e660d968bbf520_JaffaCakes118.apk
Size

15.4MB
MD5

f8c29f4ca46c282780e660d968bbf520
SHA1

a47817f2338e2c7a26702b77fffcb8f1faf0f029
SHA256

a998555789ea41c5abff509bca2d8a55c9061bdf4117ada90315abe88a37989d
SHA512

5461d5fffd34083b557d45dbe48d61e453ee7f9c52ea1a19cda597a476edfff72cafb5e687498228efa0ccde31c35811cdf8ad382f149f61f24f41ae43ff60b5
SSDEEP

393216:QxZJYdOCFLJF6DOOzeNWt8fq4wnfXI/SXAlXwzj6tFuE2yuyg:s3qzOzekKqJfXDXAliU0z1

Score

8^/10

banker collection discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

T1430

Processes:

com.yueren.pyyx

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yueren.pyyx

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yueren.pyyx

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yueren.pyyxcom.yueren.pyyx:core

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yueren.pyyx
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yueren.pyyx:core

Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yueren.pyyx

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yueren.pyyx
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.yueren.pyyx

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.yueren.pyyx
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

T1636.003

Processes:

com.yueren.pyyx

description ioc process

URI accessed for read content://com.android.contacts/raw_contacts com.yueren.pyyx
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.yueren.pyyx

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yueren.pyyx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yueren.pyyx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yueren.pyyx

description	ioc	process
URI accessed for read	content://com.android.contacts/raw_contacts	com.yueren.pyyx

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yueren.pyyx

com.yueren.pyyx
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Reads the contacts stored on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5050

com.yueren.pyyx:core
1⤵
- Queries information about running processes on the device.
PID:5090

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yueren.pyyx/databases/dynamicamapfile.db
Filesize
20KB

MD5
d505db4bb9a0c36589db4d1853867791

SHA1
aad475b5974f46d8cb5eae497a1fa541ffee99c6

SHA256
6d82ef6a44919e1e77d94e4d6fcfb33b0f04d48a7846fafa58d343b20968af32

SHA512
2edfc04b01683a4df0ae3b5ceb7b34448f06551743689842f18ce88ff979577171ccbc179ca6f06f1e238dfdbe035e411239797ae23780ddb35a778fe6d03a87

Download Submit
/data/data/com.yueren.pyyx/databases/dynamicamapfile.db-journal
Filesize
512B

MD5
0fd315d432bce93dd2b4e35b83fc9455

SHA1
0f272f0b6460e33fedc35a3a01fa8f457fc3b710

SHA256
bbda961e0aca113b627f962e076bd3248222350513de3832762bd5bafc3650a5

SHA512
dacbe128788afe6916c64fce7a56ed7a35421095f5cbe01b1fd7439587c1f218bcfc1148daf4a1066950172bd3ee1eb62a8811b61f8b4789405ade99c431ebd3

Download Submit
/data/data/com.yueren.pyyx/databases/dynamicamapfile.db-journal
Filesize
8KB

MD5
dcff8ffb111da1b68f629f8bd4dcf2eb

SHA1
a46587ea0198e577c8d78e329a9f2cb499770463

SHA256
a9c650387df57459ad05906a0bba89a8bee7ff7a2d90a722189e4c5309ed7be4

SHA512
69a51a2f81ca2703feedb59f6e2c18b6a8a9d3a81e251130fb4ec3b4a53b4caeefee5b712b7a353ef8bc9b5b290a77dbe4cc16dfc7cc2ca96d264f83db5b1a5c

Download Submit
/data/data/com.yueren.pyyx/databases/dynamicamapfile.db-journal
Filesize
8KB

MD5
dfdd17f37f548e27e776bf0f70d216d7

SHA1
e872e0951f926ebffbda6aa6c776d1438e743015

SHA256
f4024f1192cff927726219e3bd914fd9bdfe989b4636f2020f293514b673ffc5

SHA512
e999c23c85782992795db7cdb4d53123b6b732e05531516afb0030ae128086932257109620ffdecb05aefeaf7d43c91e961f36501db6153b6790266e26bf8407

Download Submit
/data/data/com.yueren.pyyx/databases/hmdb
Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.yueren.pyyx/databases/hmdb-journal
Filesize
512B

MD5
778eca349b3eb47620e5f134030c28d9

SHA1
1f5e5839c25a45cd62a653172f66415e0ac8a958

SHA256
4aa7396e9d1feef16535c1c282c34d33ef82967e494c9cfdf58d5ea217fd39b7

SHA512
b0d6650280d8bb1452b9128c4fa83164d1dbd2eefcfa95d72e264ae5201b972972df9afba3ac7f9b597662eaf455d4376e3b5929f07c0933efd6e85e91ff2683

Download Submit
/data/data/com.yueren.pyyx/databases/hmdb-journal
Filesize
8KB

MD5
942f17b880fb1f671c9c13d63c7a48c1

SHA1
7e0963662ca45118ad83c2bbdae1db1dd3d0e2d1

SHA256
41aa5b7b6595a51d11da6a7d44bdcc23e15df59e2710445d46abbda9d08200a7

SHA512
f424d696ba27d9aa43087d2090126372ccff2e619cdb7b40ba42c77d877b650d99a07816e6dcf296d80385f5f95d128f0e516169daa6208a3f56dd6c1fd62db6

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db
Filesize
180KB

MD5
226062e968eb00b0efcf1a7282a58dd7

SHA1
f356ea390803fe2f323eb9af7d18a8748c7fdad1

SHA256
acfa7c3a3b0d6a97f52d8d184a2511aea2a5bca46b341520372f633d16592570

SHA512
4d0a269371b1cda18c5b1fd99072d366cbc3b05532e4a55c1b472d3013d984c031bb7b906152f5251800243a1813a6daf30c98898ac8772d82760b893d93109d

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-journal
Filesize
512B

MD5
8bfac1708c9caf40f5e1fff29b67ecfb

SHA1
97e3f199ee7546446139d59b767dcbbf84254f83

SHA256
9f425b99be1f295d8ad85d6cbdfcb2b229b71ec9da011441e45edc0a87dd5a3e

SHA512
0c93bd538575862c58284a34651c6beda2c328b6b96158d8a9a394af32b3fbace8515c64ea2b30463f41f5d8926ffc8f276eb5781585dd2cff9c728dd0adf814

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-journal
Filesize
8KB

MD5
afffdd07bf757c6c55ad0f95030b7439

SHA1
150f6bb5e4b15a8eaadc3f957a82a6e6cf7e896c

SHA256
9c3e0847f446ad6a8cf9e540d69aac5b059024303d98dc6fa9081644f1161ab4

SHA512
cdd983d73424b72a4e46a2bc04047b8ee4c39cecb410bee529282acce23273fd9cf15fa98e6c1ec0a7e997e2c9df9e0608a67b7a75e5cb285d331aab9610ba30

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-journal
Filesize
8KB

MD5
1f386053fc8bde180945ac2b0a9662ba

SHA1
8b9614cbd58b0a78c13f4fd9f49ac97dfc675cc4

SHA256
d66ff2f3ff73cc14da9d2ceebafe2e7edb14afcf4ca1b37b76c72b15bfefeb23

SHA512
f536583d64835176fc06a158d5b6d7024b1e19a4ca4db6dd0ed0a6f2dad4e5da81866be7ef4993ac24cfce4a73a24095a8e0c213fb903848dd6804b92dcc70fe

Download Submit
/data/data/com.yueren.pyyx/databases/pyyx-db-journal
Filesize
12KB

MD5
73b17beb4ee3f5d9813abefa7e0d1e02

SHA1
9b6cb1ceefc42f9e92f44b6cc66c0f10cc571f3e

SHA256
dcacd1879f551a30653a4ecf51801bc18181da2eb426368e178188edb9ca5ee4

SHA512
a9a7330946b8710c8779baf5caef044ccb55eefd879713f9cc4d93eeb38dbdf9fe37b97ad5852f187bfaca94ab3de5b91ebf90213230bd3fa681fc7a287d4cd7

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
e439ac3943911143e410e5cf87ee49e8

SHA1
a5f51a7504d47c02ea8f6881357aeccc9a6648ec

SHA256
475f015285f3539412f90e9a6202078b85f04755d48646358fb345a610013523

SHA512
5420708d3e5d8bd347f7d706a7136a4ad277fd318d90c64ae418110ac1c52ab6b2f0c9678e444bc7197ff88ea91c849b574238f3fe4ef776be56b6a0ffcdf774

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
90c6ca2a29f01d2ef377f529d9ed1305

SHA1
2e6e807a19bc4d6a9ace205406eb93fba39d32ff

SHA256
809cb870a63931ba0fbf407aff773b476e9ff632c755ac77a82efbb78b39a3dd

SHA512
ec1f2a67b209bb24f5fa950464217c872e045cd200471ce6aa260747a93f81d7c5f003668ac772b739a0532eb29f85e0ee10fe158a95c7e7ae9c0f96757710d7

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
2845be4fa9e705ee1cbb5908f6ecf4d5

SHA1
15d10f86af095234c4f17cb6bb93f10384a30566

SHA256
e9514e00b98175c5fe437f2aa88c7789de6901b1821ff7e72e2826b2869b03a6

SHA512
51d417d8f7488eacfb9509c135741ff423c11d325c27fa06e35e87816c4f3ef11d6e4630ff382c26b8cfa53fff6d44f6ca777d46b8627a1a6dca82cda0ba66a5

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge
Filesize
24KB

MD5
80d7c2b9a4456dfc85b3fcb0eb144a49

SHA1
eb176de45f052dba98a52f7a5d7467ee92dfd594

SHA256
e0d5c97ef4670db0981e4c76f22f2dad6fc71972a634976a81ce9620d943e916

SHA512
1f074b3791c0715c254b3fdbbf6e52f9cc3aca2ebe3a3d2ec8cb3b8fa5e5b98d469d57b500e0f96ec5f38b6e044b123827b274386c03da4807c8aff79b67d20b

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
512B

MD5
d88518be11c3817477e94bc5161b9d58

SHA1
561d64cf48ad396bb4ebfe0df22edb58c3a9a876

SHA256
c97c86019ace4c95ba8ee90cba174a713764c7c104c32276e8c7f4fe6294331a

SHA512
bd647835c8c6281f1da9ed50512dd5b5d2ea316052ae53601679640d6d383c7ecb617e1c868005ff886dbca3c5937f8408e4735bffc1fe6b587a2e842500e95b

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
8KB

MD5
19f32878a10f3830a47e6e25c2b080c3

SHA1
1bce3ef9e63325fb58e3ab2230f4dd8e627cbfaf

SHA256
9c1ac6df873d0aef499ab821ede3b1891bd302f43c7011c6ddb19f28009508ed

SHA512
9480cfce0bf4266bdff8c7d33be711a55d8c50f7e62370d1c12bff5852743d77f5e2b72f22900a52e36ea7fea7a238a90281013c4a281cd7c25638d5061acfee

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
8KB

MD5
7769b25940671012bc676c369b47d018

SHA1
307c91900392fd2b2b12b0dce2d122a983d7ac87

SHA256
5600c2ac6cf80d9cba38281075e910aaf3212cb307662744b023d3f94e097777

SHA512
bcbea8808f18f0b32f4b682261002ba1ef78049b42fa632ff9004fa6ae56241160885ef4e627affcfb9c65f9eb24645e7c0af4e1dfab6a81eae9085f003cc2de

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
16KB

MD5
8818c98e19b4a53eccff1a237d06d81d

SHA1
5da883b5787fed7b9a0fd9506ebbeae63ddf2c30

SHA256
78142e95c849fec3740316b0f30fac5a32d8aa65e7fad874d7bfd9dd7962e482

SHA512
695974b41b6074495b4b6f0637bac26a46a7134c2e4cff2ee744313528804ed1e9b4e6048467332523bd1de40b0ea72e7cfa79655e96e7523a10051fd903a606

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
16KB

MD5
cdbd6d642cf189f94a31a6b24c1d8eb3

SHA1
43c4ec2724a969a72d22586c3a3f933686e81fa5

SHA256
71b903ab61f43bb352e4ccc7c91b9e2b6a79db76abcec6122127babe83dbdd19

SHA512
e77e7f0702655b7a0044906ba18183306ca0a1a08a0debbd3f300fda7a5a4faf3524297eab0b7bbba3706731bcc36cc324a9a57269f7945f93c8fdefc14b79a5

Download Submit
/data/data/com.yueren.pyyx/databases/zhuge-journal
Filesize
16KB

MD5
ed738218607ee55c4846bc1597b03c02

SHA1
70f7914d233834a25c8f84d69299b999f62d6b14

SHA256
1b138cfc1908f8a6ca4953c6fa3901cd3cc9cad3f412e97d377335aa8b62293c

SHA512
dd41633f456595ebed69a12aa80204bc0c2c2f3f9527570cc4924206e3fe19f66d7e874aa339ffdf9a8ff5b02362df5559ec2dc82c75ffe25dd71372c4432041

Download Submit
/storage/emulated/0/Android/data/com.yueren.pyyx/cache/uil-images/journal.tmp
Filesize
65B

MD5
04d6891d248a8237e667fb971d22b3ee

SHA1
92d46196713a0e76061d24bbaab70fb09af4287c

SHA256
5e66c7e026dad4e42819ff24e0a88e2366c2c783a2486cec98e0c8f109df29bc

SHA512
847a5d992afa9c35f0f91b5d6d911b214984dc351fc9caf5d8ef22fb80828faa8f0ec650ad812d5b189a1321bc6f970ac24c1678c99142aca434a6e396536964

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
135B

MD5
2121dd0149b3c5a1086c43268936b56f

SHA1
7d0691589298aa5634134910a907680a5dd0b69b

SHA256
36c45b192cef5f81a427d9192f702987ebe039c717d33671a9a8cad7bc68840c

SHA512
1e72b5af5ce30f3ca1ac4dda52bc72265941af73d5c0ce3ad78c5ab81ac5a4168ede0550cba33d5ac71d528f3ab2bcae4623630229ec20bea9c5a0773e6cd598

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
130B

MD5
bc03b49b64fd337cf51e042c231340ee

SHA1
6aafe1472b1b0a28523d5acbe28c792f91b9a4b9

SHA256
4810a20451e69ffaaeb07aa8159ea8c15db064125c5170d4512f296adc1bcd34

SHA512
7651463c84c5c8b3eb850289f8bd9e2550720042b049444b91f7396c28a0e9cf486adc894753c864feadaa4ddeb1ef1c78bde7fc18296e0e96f70f8da3445206

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
79B

MD5
6897c803c77d58ae8c68858c2c2c158c

SHA1
9042eecb2d31c735f3ee267b2a932bdd5a18bf81

SHA256
a27510f921771c9f92ff0f6d866822bb4281ae28969947de9cc41f345334ed0b

SHA512
5f4b6ffe595bed999d2a8878ad3b17345aa54f0796c5e711deb6f5e4ae614ebfa35b21f5f6ae299f85b0d88f33f18b36763ce56f5bb10efab64628fdbcc56ffe

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
93B

MD5
bd457448880a6f0567c5bc49ff0536d9

SHA1
7be0d93dcc4233d9182c8e2ab0274e7fb002e05d

SHA256
382489e29118b2aea80895635cb6216033e0f914f6c581af6e6b7b727bf72da9

SHA512
e55547c56ae6fd0662771067f9b3711c6a9b3d9765707534be4847e79f9e0d61fe4df5e49edf3e13e12bfb66c9f7ee08fd0d756e5834f066ac5a95d29e77fd89

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
133B

MD5
d8277c0379bc6521c1a82a55baa95865

SHA1
b6edc3a51c3c49918575e24fa2ec253acf6648de

SHA256
54afa16e863068f1a251db2e6caaeebf6c8c941e078c94a258709078d73fbf34

SHA512
6ead4260ed8d1765a25713c405080365b70df98819988a6b9f59f314f83c728cceaf41444e29b99e157bf2b3e0e7fc86073810ac7f629c3128ace77067b7ff55

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
136B

MD5
010ec287984d1b26db0a7eaa0bdbac59

SHA1
515cbee319ae4a1f5556e91f6b3e375cb4dfdb66

SHA256
13d5c4c34d29f7765239a83f3a368020f6715a00172be503a8401520a371cb6f

SHA512
3eef78577c29c22d235b63214cea9c8a0633c4df7bfffce828af41273be1e5fd6b62767cf408c3c71404e17a273707e8dd898c0fcbb5fd6eed23b5bd7f13713d

Download Submit
/storage/emulated/0/com.yueren.pyyx/nim/log/nim_sdk.log
Filesize
118B

MD5
23eb27dc0b5261fbf9275bcf8f9e934b

SHA1
577b6419156cbe2e05d4b953e4e02a9bc593b945

SHA256
e5fe018cd28ac6a86cac7cc40fdd2e9dfbcd084f2c556559bce57fd871957fc3

SHA512
27854d316d8e72bcc6fff72881a1e399c2836869d5db016ee3ce217b516ea78b5c66f599f8874352f8f8dd946b97ede6bba36b337f73acbb35f8d936498cc738

Download Submit