e335345cf302861b394be926c9632fa7ad0e662d4b6c53da4029cf7b4ba35780

Analysis

max time kernel
6s
max time network
162s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
30/04/2024, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

092629b9366feae42babacb1a0bee367_JaffaCakes118.apk
Size

11.2MB
MD5

092629b9366feae42babacb1a0bee367
SHA1

cf88206f9de109932ea613e1a2244228b184e957
SHA256

e335345cf302861b394be926c9632fa7ad0e662d4b6c53da4029cf7b4ba35780
SHA512

65d0420b66b2b5a5890abbd32bbbe5c9f595643dda794a6c40967020f1cf293df11ade8bf843b05a32698396b936e3e32a1b9be732426458a0865e51fd1c0016
SSDEEP

196608:PMGED9Rx6tjyd/8HupTmcY34EMiSafTdC9FwNdueb4p2kid7EJ3hE4invMKLVj:EGIUt+OHupZKrMiHUuK2rIE4iU+Vj

Score

8^/10

banker collection discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tieniu.lezhuan

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tieniu.lezhuan

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tieniu.lezhuan

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tieniu.lezhuan

com.tieniu.lezhuan
1⤵
- Requests cell location
- Queries information about running processes on the device
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4302

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
228B

MD5
b706079c0a2e699024b0a38d817a1c2b

SHA1
e11a81fe30d63351541eb08a5fa1941247c13180

SHA256
051a66c13d12d622ab320c8108128839e81596be81cc74e370518d5aeb69f018

SHA512
1dc4c7710e36bcb46acc2efb52f705485eaa3f9c62754e88ca8ad08978a286548b80392214e9f934e77cd0023fdc063a3a65d45e893dd76b55276190b7e8aad2

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_

Filesize
52KB

MD5
8f58f0c719ca20da6b4b6be57d36640a

SHA1
ec140745ddb411b04f6a988d0ec048ec507d2b83

SHA256
ea131aa2cd980e78279a7da5373a7a26d83ab12b6adcafb96db59de20bc025ca

SHA512
a5218d236b71d97cdde34c54ab04c85f482ec75450467c01b52f73d9caf7c552342f04897c008a983ff8c56e6e5a357a13aa3d61bb52c40b1a4325679c6ada3b

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
512B

MD5
a363cd3fbe9447d605b3168ea3720c45

SHA1
5a784dbb3ec8ce9bb100895a0bd1b1b43c958d69

SHA256
42154ef92738691a198286020011e1ff98f557c94f0a5a928b3d533beb847e6e

SHA512
3660e248243e25fd59a059daa273db1af2645074f87decfa4c2900821751d8167cf13220ebd330f8366fbb29eb2bf78281f7414c0d12352f87c343bc96a66ca1

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
8KB

MD5
6916fbe41e333dcfdfcfc2906ddf4ec4

SHA1
b341924b9537b3e366d7b2a0f123c21b94431110

SHA256
abc30fd22322a7d8086637ca24fa1ef216c96a14bef318fe170198704c8eeea9

SHA512
8c07783bc6e593089a9f4270838b0abeca763980cd16ea321e9115a3a88ce0a05e8aa3dfbe71c82eccaf949beb7e0048726a400221a64acb7b67c761dcce4f97

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
8KB

MD5
9780a9939c49a62fcbb953a3d1cd421b

SHA1
35a26c8c80f2a1bef810ea94ff58e7a824efe1bb

SHA256
96673c03d22ca2df255d38d001ad529c472a4af485937534e684ab64f0e72e6a

SHA512
860b708c69b951cb36dd529dd642afaec674e45446fd4903088d88a0463eb24919501a989c6ed3a2033f1d862428384a19c9dd3756d19b17793ef66631fb1b55

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
8KB

MD5
c6c1051630cad6cb5d300c7bb650c2ee

SHA1
ecf5c4a082646ac5755a7e4a0cd08e3e2200908e

SHA256
898e7d3034b94755b8e702ceddbc75c161d0f64fee219df97a87833e3740c288

SHA512
7279f7e7e1805686d22fcf494fe507892c44278bd716d20bbc8feaacffe1652a39b9ef121b2f2e6104c49ff8229a5dacd25c7fe09b6d1984ce376178a9704c7e

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/downloader.db

Filesize
20KB

MD5
164003cd2f2ca602e085b2c7758e692a

SHA1
35d839c7073e6f32e79679e45a820420f69d882b

SHA256
000ff263ff1343333e4303023f5df267ecd8c9dd4b87d188fc57765a9c54a7da

SHA512
5c439d2abb2363b052f66a7681cb9f9d8a097a60065c29681095bab7287554cbb191a8924853b65fb924734a9a31dfc13181faedc890a3d4bebe0e4a6c12e157

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal

Filesize
8KB

MD5
4bb2c225bf1a31899898435a552fbe36

SHA1
4893ac7a93fd74826c65ac075ad0932725358b3f

SHA256
c4dc0f034c5a8ad536e94cc9f504edd0399fbb930eaf9052d65325d8ec6dbfc1

SHA512
ef366f3f0c315f527b4da694bcdfc9493fd96616d6c98ed6712de7f22ec23e3521262e0b92fe27ef7b665e9d5ba15cf8366cd4d811ef4a8d7ef3d1f7974e9119

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal

Filesize
512B

MD5
5d8a6bb3f4b6dac29d86fd8b8bf81f78

SHA1
856ea952984e032947cbf2e10b6043e53e956238

SHA256
c3fc4826fd4b312bba57c28e8cbd6e5c77717288054e0c4d2d708119dbb2d599

SHA512
9ddd137fccc2c9c6e2581cafc4cf0a0a8f5b6cdeca48e3eef521e0e362a6dd0a17696eea3ee9ead37b08faedd8ba504f197a18924f71dfdcadd3863d3436778c

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal

Filesize
8KB

MD5
4a96fda1ecaec9dca669709855373d69

SHA1
70eeaa8a80c823bc3355690e5cd35f00d6d3afc3

SHA256
41545b6de5c2a326e2939aabe6c9d72710dc49bcc17dea03c3327fd590673410

SHA512
0fa49af7e6937651fc365eff20af2637b761acfeff123bdeea1375ba76a2be011f535fe3b8a5d315c8e28132758194544933e57a69d9e989cdfafe5f95efd226

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db

Filesize
48KB

MD5
0d382cc9713d63bf0992e5f68f85cfb8

SHA1
2decdcee572ed111d4e81bf60ada5f66285733a3

SHA256
51208ae052a85622e2af48a13dd304e6d96739398110b3b7ef58b87b93150cc4

SHA512
c7a4c42ea67302b7e3c2d9eed646bb8376d21b18f6b146dac3598df188b945e565bf230066cc3179fa58ab64bdf6cc5c6812df92ded7f3508312034e6a9ebb7f

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
512B

MD5
1d34a965ba74d0bef9a95fff6ef43a4f

SHA1
1850437ef229711ae24841ae8fb6febe51d1d455

SHA256
d16fa9bf4c8315fce8bdd05716c27187b98f030eb34d7f248ace67b162a06890

SHA512
ca2e3132ef53d8a1f925ec399c87ae42547dffc50da030bd1a4c12df590d21d8230b4e8e3617a1be49f1735b7ed6d2b5356d7aa4fff9183408e7f224baec14c9

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
8KB

MD5
71339d82ff7f7335f89d2992839e7965

SHA1
64047535c00cfdaf2962ce15103dfcd9bb91b686

SHA256
f93f5926aa38571bf0b9ed6fe79d3a57ca271c6b82d151c2f437497b28c956ad

SHA512
6a76eb92869a1636df21f42a8ca4f4a65c42755280561e432ac0d48731e45ab4f7651450881ff6df3edcd833a8f804d0a11a92483b69dfac3388c487c8d4879d

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
8KB

MD5
fc786ce977b73f18beeb355ad794f365

SHA1
502599533ec766274d03059e98dea0c3535c9a32

SHA256
4ebc1efd28120967239e87853ae5805063dd1c1cc417ce977cb5fc82479a54ee

SHA512
681fab4f1bf0cafe4cf83125769d366a8630b4f40bf874c3855c68e7068566494ff6224da465fbdc36feebf9d2babfaea267d31931b6bfdbb2446a212e8ca307

Download Submit
/storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
a376113c0d0b9abff1dab8a18ffcc64f

SHA1
8d2ae39484ed87ab9bc1da73a0b301d4ccbb312f

SHA256
097d02f9eb6d41e9de17c5afd81b20cb6ce1308243bff6e99bd3668bbfe30e86

SHA512
7cad3278f53dc7dfe23408544f655c5ad59bf2c93c0b023ac4348818115b984ba26a8e975792d90ac64da9385fc5af31c8495be3c4738c9018e0766abeb14465

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads