027b366910c1ed5311518152a5b96051fc09de041e6a32bb97c4992f6a37e835

Analysis

max time kernel
65s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
19/04/2024, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa5a40dc16bd752cfbcd0eedcee5992e_JaffaCakes118.apk
Size

8.4MB
MD5

fa5a40dc16bd752cfbcd0eedcee5992e
SHA1

67f629516ef4fcbe2c80c35c53e5ae6baef16e37
SHA256

027b366910c1ed5311518152a5b96051fc09de041e6a32bb97c4992f6a37e835
SHA512

5f8682cade2eb96bfd9f9e8e59060406782b19f4fcc60ef9f64f7d1fd0a310288475734901596178dd932c4653c6c2c542ed425a97c87f8420ba0e481363af2d
SSDEEP

196608:639G1khA+odtcRgS/nLnTfU8PCzaddV68xkHn65:6Y1/+otUgwn7TfRCzaddY8xkHn65

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zhupei.zhupei

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zhupei.zhupei

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhupei.zhupei

Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhupei.zhupei

Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.zhupei.zhupei

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zhupei.zhupei

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zhupei.zhupei

com.zhupei.zhupei
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5048

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhupei.zhupei/databases/ua.db

Filesize
36KB

MD5
b7036131b84bdf2b66c67fde18d62308

SHA1
18b1e5a358d68c846495cab5cfef7c6679659093

SHA256
c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

SHA512
256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db

Filesize
24KB

MD5
dd621f646edc178e1731672f2f235244

SHA1
5e34105d5fc67872be33926dcc8eef19837f84af

SHA256
0b4ffe67bbcb3b5bf9990397099086db668c74e914bcce7daf26d53ffa4140a3

SHA512
1b06692d7d63de05720cb125b868e577fe20c968ec8b0202b7106b972400806d86acbaf6fb0b1a734cd0ab163fe7695bb3cae1ae705bc0aa535641caae635fa3

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db

Filesize
16KB

MD5
a32460071f21c170628e6f0a666b9585

SHA1
403bfe966301a5d9bf8f5aa2666f60aea7450d76

SHA256
c9e0ae47f9810a744d9bfae7ff394ff64da05db2af3b236e9611b76b6d2d9d4f

SHA512
2bfd67637b4accacfe905a7033985b50be9db8769ad4196199d121e2d87fada07d71e602a7b5185c69672e30cbd8e36c0a7f21cee3b3868ac85efaa8a693cfa8

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db

Filesize
16KB

MD5
a95fe2f4660bddcc64c669b12e0ecf18

SHA1
742a8f4d5905591f2cacc001a171b172779a98bb

SHA256
ea05f674d3ffdef88eef390b58ea4a3b83858168612950e110aa37d5851405f5

SHA512
83c65f23b1c2765183257ec3045ffeafbcf37cf1d01457411f8b90c63ec5d877b4731122f288952cd00c35d9e1b5f79a4ea16fc608cbe4734967cf6befc1ce36

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db-journal

Filesize
512B

MD5
2ae367f8d11575755b030b90fbcfad47

SHA1
0f5237b22f6d4623d6f50adfab177a7da685abe1

SHA256
7c514ea0ce1ee3b109be6541d43ab6164aaa4630bae3a81a8e5e7de5eeb30e9f

SHA512
74b79b315b206e5eb65ea7752ac3157388163dd627f8139be2006c309db5af44588e3d4ed49d59a30a67533b3fbb0adc98002b69b53e3f2fb229a8ab8e66ff0d

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db-journal

Filesize
8KB

MD5
e3aea0a1df19eaa4ce5d355fb1080573

SHA1
47a78be025c0e68bdcd74292954b04a955dea706

SHA256
6b4c9b92515ebe57173ee7fa6a2be20851fd040abecf16fb0e2780908325fd94

SHA512
79d538c67ff82ab03b0aa45418bef6ee92d8b910a7fb4d75d918afe8f1a8375e504f82834b58ed369a1d23d2e8069ca9b51fce509137124d1c7e3af827d8c63b

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db-journal

Filesize
8KB

MD5
88da0bd19c7c473b10a3ac3a9f70679f

SHA1
c56a88ff57a126063473565a36f21e8dcbd92e6d

SHA256
40c00f1687057b7746a92052cac7460d084ff6b66a7480316731b5aee3ee1cad

SHA512
ba94701fc86e9232f2da0009115bb32d8128dc85a4861fa690f6f397000e52bff826c3e565078840a3a07c4aa87600fdf514528777dd2f437b403a06876bed7d

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db-journal

Filesize
16KB

MD5
8bc09edd399aa85d4982e36baf4a6f9e

SHA1
f08ebe1e68f6f4674cbfd73dd845f503d4c3570b

SHA256
68929acc93c836e237e97ac36267d5661d0ce37bb16df29bcb7344faa618e1ca

SHA512
f1a63dfc76f1fc6ea8711aa902dc6445ba1bcdcddfae0b7ccdaf091b9c5278265563a2ba8eef6aa355ad8125e7228a274761e7a65f56bd4a518adea24a738d26

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db-journal

Filesize
8KB

MD5
55e8eaf74d418bfad8b177e51a2c5d27

SHA1
9b639a6a8abb0877396451dad96e306396c44399

SHA256
6e2dc102a24a9cc4a1ec62ff00aa9073899e2a9cdc63da17c48b4d862fed1a9c

SHA512
c57613eae7f8f787fdfb9fff936538b33a4fb48f2d22fceb8e59fe5d192a8867d71cd754eac4fba44999777990a956a074e4bd4109fedad943662f7cdf7c959d

Download Submit
/data/data/com.zhupei.zhupei/databases/ua.db-journal

Filesize
8KB

MD5
8a6cc5073c48b16a269f27eee743170e

SHA1
919fd0d96c6398bb93bbce664669a716187ee1c5

SHA256
971daf17b03c11bb191fbf6c815f4063954f8c2b6b134909163e2c04f1eb68c2

SHA512
23c547e6d5eead695fcb080e0a6f57c22d9e26621affce25e40a58971b3c0c776773a753dbd927b7a7ba31db867bf7a76e4c773e58d0db87c62a2286b01b4752

Download Submit
/data/data/com.zhupei.zhupei/files/.envelope/a==7.4.4&&2.2.9_1713531842467_envelope.log

Filesize
1KB

MD5
2082c4c1ca7b77b316dffbc4e73588fc

SHA1
3398ada712d2cfa144b3c275200a213e0275e13c

SHA256
867756dfd5d2cd5b48732e002984ada92cd9be6b2bb53ea0b0389df6091d0e99

SHA512
03d85f0b91591186f9557835120c763ad3b880bd11ebbdd25b8b66641a5d89c2ee4985168bb975ffa9d296d1c73b3eaabb670116ad6c6d736240472de69b64c9

Download Submit
/data/data/com.zhupei.zhupei/files/.envelope/i==1.2.0&&2.2.9_1713531841211_envelope.log

Filesize
2KB

MD5
d6ba1f1c5af0591628c632208ec9213f

SHA1
78403cf1272b8efa1d9ced9d21ba7365fa73055a

SHA256
915425db834ac0dda2e8d07b96bd3b3b517d323309230ea367aefbc47574e54d

SHA512
24406e965452fa96555dbbe2d44039de693d14e97461193c25873e651bc7956cb5f1b7809c1aea17087a8702a0e7d66060617b2ccca0811d7bc042192726a907

Download Submit
/data/data/com.zhupei.zhupei/files/.imprint

Filesize
416B

MD5
556cd5de3283f27ed82a873c4bbcf0dd

SHA1
d7a19ae6faff708cba959eb15571ba6a9f1c18c4

SHA256
17d70764b417b65492d271176033047506c5692750236b6de2988863f7b9ec4f

SHA512
87e805faab7bf094cb441a178315557e6a617e1f404dbb7bf4ba1e507f0692fac74ea8f68e05eb9509e74e452d7663a283549919738f934c01cd5039c390f30a

Download Submit
/data/data/com.zhupei.zhupei/files/.imprint

Filesize
940B

MD5
c237daf73e67d0b846c87835ddb093b7

SHA1
27b145ad805c2b5af20f10d85912849b7e9c21dd

SHA256
7b2987a6cde8ad32ab95b6114b9a7c5c7006963d7c24afc83c8ada98860df1b9

SHA512
d722c61f1c2c083476289c3c20d52e80b2366510e954f495c976186b45f17b3a551d4a1e729319e471d6c6e25b9ce9aa0ba8f47e4a815a16136b76f3562a3788

Download Submit
/data/data/com.zhupei.zhupei/files/.umeng/exchangeIdentity.json

Filesize
206B

MD5
5079bf8f157a54cc0ae08909d590bf50

SHA1
ad1f71b1cb4ffa3f2856f4aa8d6dbdfd34ed1ea1

SHA256
c0e2a1a8475aa81b243cb83fd687d3d669204fa514c5fb472f5803be9bd91e3a

SHA512
81bb59d6ac58af837807668c8a74eb69cd7aafb5b2eb9df3fbbad3c53f6a9e7a5a1d7a494e4cb6a6c400c471b687036ea35237c19b9b4de044c4e0f769fdac7b

Download Submit
/data/data/com.zhupei.zhupei/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
b19bcdc20e331691740fa71db9b17f91

SHA1
8bc82a1d5bdc6ef459688837eae89f64ce824063

SHA256
c0284c8eec8f05da2b60a265855f52ec069b8673578913f407d3511e3110b414

SHA512
31af69ebb31f8774434c273382ecdfc78879fa5bd119519448e2e7e0c0d32b3d4963a721a34eb3cc91308279da19527a81776ce44413044a577d2ea4c1682025

Download Submit
/data/data/com.zhupei.zhupei/files/exid.dat

Filesize
62B

MD5
cfc7280c25cd1dffbb15287a74643576

SHA1
99b25850c007710e816dca455703cee5daeba8a9

SHA256
42ed60cf4427cb294c24bda59d0e6066beb3553ade3cefd7c7031f533a3847c5

SHA512
50d76b9ad7b0a01ff24cf492e8702105610e72cc530fb7d0ae02ea09b589daea8b8759253d36990e7ed84df0dcdfdb34d0707941a0a058465a2376bd3b6beb9d

Download Submit
/data/data/com.zhupei.zhupei/files/exid.dat

Filesize
102B

MD5
053041b147f5e0f472dc0fa58b8566bc

SHA1
6e6ad71a8302361823d58eb79d383e986e309393

SHA256
7d14ba7659f389f658c18a55c5953dcc318452921dec394dee4fdfffd82770c4

SHA512
43b273923dc353daf23fe4dcaaa207ff0e06ac80cadb4d5e1176a30ef62ce6c778e5a7360f3c23b671c3103babf52d1295ef3e02f888106eb220e1886c78e9c2

Download Submit
/data/data/com.zhupei.zhupei/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNTMxODQxMDMw

Filesize
1KB

MD5
dc9c73400259254b6e843bdbf2c81cac

SHA1
a4cf71bbf862bb4a466ac710fd1a60d9818db222

SHA256
462bee904385876837098a3d003565268898e24556a26ba0a1d920190ccf3ccf

SHA512
710ad2b48d2ec3cf1659791de3ba8682beeff882c15f4f286ec9ab2c4fe2287aefdd71d8ad76a0f23d6e4c9bcd8268aff0c1b894c47e011165fae800e0b698ab

Download Submit
/data/data/com.zhupei.zhupei/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNTMxODcxOTU5

Filesize
1KB

MD5
c2e1a9ae5032466bf73beda0f070b3df

SHA1
87b3cc3f2a60855513450b5f202e48d8828e5cee

SHA256
53cba18c7dacc9d65415155421b9e4b7356068504bd98d1a353a4cc772c23a39

SHA512
3365ae29a4ccdd07f3cd0a4b302fe26913f5be2f330a29cee69cb4d7290bfb643411787a5015dbe5fb85818f610cf4a99847401f3313ad879c936b9ff175cd0f

Download Submit
/data/data/com.zhupei.zhupei/files/umeng_it.cache

Filesize
220B

MD5
7d694055de44ca0ffc1111a4e8c64332

SHA1
6a7e0cb3803a251a216f1d52f27b7b7f7078f10f

SHA256
337d0b344d517430cae3446fec89306169083637e5b7e9bdd4208bb9b6289a3c

SHA512
e74c8f19f4a4db1019f7640edc26683d63e1b7aed924c14ba62219c7badfadb60e5d5323219214dcdfd2c19abfebb5a7eb35270a9c444ce9acbd2e2f346bb2a5

Download Submit
/data/data/com.zhupei.zhupei/files/umeng_it.cache

Filesize
433B

MD5
b3ce0dd0e3bad3eac233a570b4f2fc2c

SHA1
7ba6baef6850b1e821269a8c39653f1323979862

SHA256
7ec235bf349cc9242e5b607c1374a8b6a1ddc370d319c5d2eff51096e40e0a2c

SHA512
e235dd5c1f3d9817aa3155d9475f9d3aa9514e1a9076aafd663b645d11a6453cde839b0f73bb416f854e37421d564c104a9e8dad35a2f8d18e4292b88ce76a58

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
523c5f74721e65e036a341a54f577644

SHA1
ca48cc7f34bf6a7a3a1dc3f2a6f72642ee3304cf

SHA256
c54cc18adb7dbe8d4e9b350bc50e02ccc4142a32a8d5cb72c8fb58923decbee9

SHA512
d7336ba507ae413d5ed262f4d2ecbdb8672177d45180e02366b68a80a72e58497f01f0aacfb2cf1b6f730ac055f71bfdad272ea9295fc9e10eadf27ee07a78cd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
a1c4cccc4ee54d8c5a0984331c210e2e

SHA1
97172915293c2a61f8a0e9fb0156c95bd33ce9ba

SHA256
4681c849ff2182c55ba38dc3ca30a7a1810eb3ad8b54f34729da211e95b98d8f

SHA512
e3f60fbf72d6dd48ff6ab076043e802476fee7835f921ae02318e8e0d6672ca58eb732796e9674f25df78314e7f3ed5dde993dddb37aba7b672f12d99d6a3f7d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
fd13da73236875e68a75c9eb50cfe05b

SHA1
e6abf0aea3ffdde0bbebe9bbb0aec5622300fa56

SHA256
453aa21f4dd86c0dfac2135852550fdac8e947b077066044b7dec467800cec37

SHA512
79bc6dafc41d4ae7d59bebad2340af3651ee47e52eb092bbe6c87d8ad5ea32a60a22e470768061a0e2b051b7b5b95201ccb66c1cc16b855a9f9a46d26dcb9309

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads