Analysis
-
max time kernel
132s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
08-05-2024 23:59
Static task
static1
Behavioral task
behavioral1
Sample
27550ae403ca5d4e14b756a626661a11_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
27550ae403ca5d4e14b756a626661a11_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240508.1-en
Behavioral task
behavioral3
Sample
ONEKEY.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral4
Sample
ONEKEY.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral5
Sample
ONEKEY.apk
Resource
android-x64-arm64-20240506-en
General
-
Target
27550ae403ca5d4e14b756a626661a11_JaffaCakes118.apk
-
Size
6.4MB
-
MD5
27550ae403ca5d4e14b756a626661a11
-
SHA1
2bcf248f4478dce61f2b64fe53eb50759c7f4a10
-
SHA256
8a50b4ae1ccbe4f77adc7da6f8099032e3e7047e349e1d11b3631b5347a9c1c2
-
SHA512
a6d4e56b1022689b2492bb2c41b8a84ab2b782e75d7547c13a6cd8232802abd740f7e0ce33646735aa21ad387d60b86caa0425fba9faf4b4521e35557c3d747a
-
SSDEEP
196608:oD0AqfqztYe4aKKhsLvcK5dOpERb3Wo7wmFkl:QwfktKrcdpERbhUDl
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.tpad.change.unlock.content.a1li3mi4ma3suo3com.tpad.change.unlock.content.a1li3mi4ma3suo3:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tpad.change.unlock.content.a1li3mi4ma3suo3 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.tpad.change.unlock.content.a1li3mi4ma3suo3:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote -
Acquires the wake lock 1 IoCs
Processes:
com.tpad.change.unlock.content.a1li3mi4ma3suo3description ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.tpad.change.unlock.content.a1li3mi4ma3suo3 -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.tpad.change.unlock.content.a1li3mi4ma3suo3:remotecom.tpad.change.unlock.content.a1li3mi4ma3suo3description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tpad.change.unlock.content.a1li3mi4ma3suo3 -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.tpad.change.unlock.content.a1li3mi4ma3suo3:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote
Processes
-
com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.tpad.change.unlock.content.a1li3mi4ma3suo31⤵
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db-journalFilesize
512B
MD5c997fac762974206a3df6a8e605d0a92
SHA1f6f808c1f8981880bd8d9bab0862dbf91c043c54
SHA256b4d3461304c2d73d9c43497c539521106fd53ab0df3399318c525419a29a27d0
SHA51287c55b475c8d67f9f78665564daf2d4a9fb504a6e27e55488518bcbe9e2d2de2433f5866c483de92124d97ac40840f08b4d5a0576798c096f3cd2b0ebc6d2485
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db-walFilesize
32KB
MD537106587be4392c3b63057167820ff70
SHA16b6aa95d1e7613d7a0121d1f1ea8ca7bf785629d
SHA2564a92509cfb0cbda7c9ae3cbb4cdebed34e08d9860298823d4a6807ba71ecb004
SHA512d831816ef2652415fccd8937a2b01ae49be503d9ee9e232e2acc5f2d54827ab3fda4ab47b262a1b83e4d974e8c97d8054924c64ec854ac0a05b82451cf95fa20
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.dbFilesize
24KB
MD5acf5a0ca891533c7e0bf626dff0399b7
SHA10258e693738eaacfdf70d5e3b95f0b0d2c1f5f9c
SHA2563e0e15b184ad4cbc8143e747874f25ae8e00cae2d6b03bdbbd4bfe31f8cea15a
SHA512a122cfeb458c57f5c2432cebe41e10ee867d64f21a1f3c4631b70c8c88dfaf6b2aad28de0589c78bd98da126cb1a765ab6bf53f26e9906410a43f75ada4e5a3e
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.dbFilesize
24KB
MD5d3ebdfcd014b978d7fb1bd7c2ac9838a
SHA1a259873da6bf35fb2adb885708966a9319d359fb
SHA256218c6acb05283be8e83d8db17b1567f5e27a8b97d7839ca4f7dc610b125fc87d
SHA5120efe81e0154f7e63daf9f2f72cdbb81d9f2f1628a0d4283382b9b04520e372a8dcf01ecf6bd613002485e6208a5f7b499edf197cae7ff569c40e59e4fc2e28b0
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.dbFilesize
24KB
MD573107492e80ed2c05e9c187b6452f774
SHA194ec48d77d541302bc64054b4b1edde51db5c1a9
SHA2565584cd6f4cdb5b563e7e4de9e91a8b16dce27aa0c92d6fb8ff2d8b9226b2b1d9
SHA51202357a06ef8dd64e10f833d6f8e2d69404bfe26d6ca4e7dac59be336eb198d791c8b0c67336a6423590e05d9e211177b34560561d32a1fef3edfe1f8d536953b
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.dbFilesize
24KB
MD5baf32cab825f67bc72eda57b07fc9253
SHA163791133f570a4360b662543819d06075ad80190
SHA2566cdb8ea84fed0f44847ea610c30b90d0a3582938abf22821aae0cb40bfff3872
SHA5124b235353ab312d61890e3764cfeaecc0ecd740345ad9475a1e004f606e59f7ffe56915056bc37f332bd006e9e4481d411398e929af288d95dfcda6b0deb09262
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.dbFilesize
24KB
MD5056ff12e40a725bae201a9d336a3c6ec
SHA12629e6005b0113fc199d7a713131c59a1fda7aca
SHA256a2b84ad61a43bee3516f626ce2ea7aaf46aec4878c01d2278db7818b74718c46
SHA5128528ed85809869e1b73e1ab0cd03906a93610b589d0761817ff9c49cfd096164b1d63cb4cf2577129a591bc1009b014dd98929b5c4472b1eea2006539775a4a0
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.dbFilesize
24KB
MD5e1bb48e3a1f2a9d0bd6b1641f386f2b8
SHA1469fe9ac4c23da7d20a5c30bce16caac04792496
SHA256eb9c5e8ff016bf01635d1f4421947dcec2049aa97e42c12a13363a7b5eff78e9
SHA5124aed7c437997f56ccdc35c5781eaecf040ce42d6c2f6ac99ec2bd3a8380b9c682ee7502d2001cbed1c45c5cbf5691d56afad7c35d94c453bd14db7c07c56f8c1
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-journalFilesize
512B
MD57a7fa683f7c880e842f222ef4411c81e
SHA15571ba03cbfa457b09dd410c1d41588a321a6be9
SHA2567baaef9fddcf95a5d17c4c413765e0a34b7deeb9fa1d5b45f22241b787eb7f82
SHA5126c805a1d3d5c99ca0246b48a825881f40eb5b1ca3af28701626879ce75f66cde0cdbebd400948e9d0e9a51b8dbfb5da3db3ff8f8da6a9b2ebff37f290ca024a0
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-walFilesize
8KB
MD533c112a785bb8ca1419f588c4e7aa58c
SHA197a340970a77fc1e720e0a675be0d25b779bc8ea
SHA256100d252840502d9354c901bc9c7440b45208b17c75986ac74382d039d4ad9bd0
SHA512e8a65ac96d865fc3271b96a9364383325f027d9ffeb9d0c381a34cc1eed51fea8998110abd1f0d933ac0662888db27965f3e5c05d6b2544e30d8c1dedebc66f4
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-walFilesize
8KB
MD5a3b1b05f23c53df7697e4b79e44162de
SHA1ee5912f556fd1af0a709a22e2fd0d0cd7f3f0f3d
SHA256e4f923f28359c29839ab36367b0ab6263e2f51f3027bcb93f95447463001d3a0
SHA51208389c0ebfebfeb816a4e6ee71244ce41e913f65125d167b1778710cba32e4d3c79007430755cf868013c5d0cba15d7eb970254226924a727323c59c01729d65
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-walFilesize
8KB
MD5023ab75d0f886d1a5c8fe4b0497af54a
SHA1d3ac74399292af412a85ee81921c276f97ea5f9f
SHA2566cf41e11059a73c968fc04d3af99af8aeab7bb9a0df34eb92fcbf8000e3892fc
SHA512149f1d95f1a6c9ef9971238d9d6d4dede5e5a29c1c0dce2c9e85082d0ad33431e700a4eed6cfe505ce167a224ce4985168a24ae934f6da5b32e1a15567c6e3e4
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-walFilesize
8KB
MD5af5e92ee53ea129d832de6f7d92d6ed7
SHA158a039be8d150ca8690aec884af23828a51aefd5
SHA256416bedfd5057c1767227cc944d981cbcc0305245af6055af68a14ab4714d35d7
SHA512be5d980220b5673a933b51311f3c8123c20f3e7f65199009c2707acbbaeaff86894782d190feac879a741ef0649ecc2add12b1ecf39a3f60453487b57165a431
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-walFilesize
8KB
MD5f664bccc7b56e8b5030f3288aa44e10a
SHA15fa526ab37f8fefc94253e70344098f962729225
SHA256dedb2ba3c80fd46e1012c37a99df185306fea1b71b68be204ded033adb77e224
SHA5124aeb3ef77ad58d00be90a3b8f443ce0bafedcaf34eefb9c045c330fce779f7423851840703f799e87dfb9ef87437abc8474736015d9d8b8695716887d8fa0073
-
/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-walFilesize
36KB
MD590ae28e7d92bcd2f4634f5d5d63c12dd
SHA1102e3d8db7ec4e428d91c4812fd1f5d902cf7cc6
SHA256716fcfd4710fa603887e43a165d981051d5f1e1108daed32a8cb5c9c06cc3e24
SHA5126898b1acf19a92c79fb41fb4cf8905f47f4f93bc7a5ad15c84c67311c08131ef4fcdb6b6754f2bd5fb7954d3e2882693be0a26a6065eae36fcba655db2b11de2
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5dde02a4827e3cfcc5ae6519bb8494b89
SHA1183bb67fb8183f86c4c23d3032593bd594978f34
SHA2565f7b3ee4e7106573a874bab142a883e361fc53f9db5d15e0e9022f4935717fe6
SHA51260c448cea683fcbc25c20052b8c6d0d7bd2fe6c4c01994ecb78e42bdc9a0072873d519c2e88a3bf26a2f997d0955bb60941fa31016e5f1b10056862ab3c2d220
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5ec380358d6d5a0698b043fb9c6a43bd8
SHA110c6132b7e0039f4c70d26ded4d87a92bdccebd9
SHA2563b30b1a294e8fb777fbc4751ca7f63c9cab717a3b06969a9cb2b481b792b1a3f
SHA5120a91f59b775cf1ff0bf443ee86617667950e8897cad29bd0b22a3fdee23d59065129e882bed28435a16760d2e01f852be7c45e078b4943d62cf8c45851038210
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5851ccadf1934856fb09eba9edda522e4
SHA148d27d59d205e868beb4c5decedab7d42a881cf8
SHA256cbf593f5342ad86cd8da3bb453cfeb47631f1856eade4f920e9051f5b8da22c1
SHA5127fb3edd699b0b659a060e4dffae0d61256125f9eb70ae1f2b1e32621185efc5472bdd46933a872e5a733b49704cc4d5ff7d5be188a539eacf96dfa087445404c
-
/storage/emulated/0/CHANGEUnlock/config/con_list.xmlFilesize
156B
MD5aaf604c86fae03d0e04790cafca03885
SHA1dbc145fff9886ed7eda5f18afe5090d2376c7a9c
SHA2561c608198cb81639c5490e73eaba60183c3836e6272a343cf48a31b5ac4de8396
SHA5124b2e7c4560889756ca8280bb19172da097cd0693e98a72a8a72817c30cecbce79b5a3b989bb838acb553f7fa5191a6013051bcdef539e2019fbd921bdb993d6f
-
/storage/emulated/0/CHANGEUnlock/config/current.xmlFilesize
198B
MD5fda2fc315ddbb55c6eadacc1ecfaa92b
SHA147aa287f7aa6e3034bd54b4d7b260e760162b6e0
SHA2564e76196403e3c0c615a340753202427fd071c866d65cfcd59b98e5e883b68033
SHA51235adde208b2a8df6108e106e89a3f6c9fafd67b3edbdda7b7c27ad5ac10c825817312fbd20a47b293fc432192356dd247a87d57abc92945d409cf9da70bda2d4
-
/storage/emulated/0/CHANGEUnlock/config/fm.txtFilesize
10B
MD50403b451ab88e1eb6a189cc72ceb7fd1
SHA1be55c3482cdd07e21c32a8a29cc483326bf6e9bd
SHA25636e7ab28bc4444a3ee2d582f452ce78061efb1a9c9f271f95e4e795a642109d7
SHA5125c8399eab34707d4c6d7f5cb93911b3741948ab7901a12f4e48c43ea2ff6c1b3df9994a71dcb5ba61961e9d8b1ce9526835746f1630093b67f3c02f5e3e9b691
-
/storage/emulated/0/CHANGEUnlock/content/alimima.uxFilesize
700KB
MD559dff977ee36d069f8cdee47066b63f6
SHA129f87f2a06e381e65687034c0907ee9c70ad6bff
SHA2566e635f2259f61133b7cf33ef6042614505a2a82677802315a3b2696e90bf0256
SHA5120ae8a7a2ae78386780279ecb55c6ca9e8859859deb6da816932b8ce5eba2d85f2cfccccc97c4c0d2f7da9a0873930605643b830f49ad1db443066caa0aa65689
-
/storage/emulated/0/CHANGEUnlock/content/alimima/image/alimima.pngFilesize
124KB
MD55aa2f8f3c6c31bf79f8fb94a25eeda56
SHA11ff79d59710663ca6aa194112940f0fd8d1c4e2b
SHA25636b8026263c6881cf456ba9fd51f81382461db9d417296411f80aa23ab0b0308
SHA51245a63f88d013c2eaa623eb394f678ba0b8db7519e78245a5c799c2bffefa96f53d11425a878703bcde191523b1d96c5d1400f7f68b4eea6c17c6c5365e0f78ba
-
/storage/emulated/0/CHANGEUnlock/content/alimima/wallpaper/wallpaper1.jpgFilesize
169KB
MD5df13442847ce635f816d1ed762734f69
SHA18dd37c540cb2439882ec426e1736b2af6ea11cfa
SHA256d033dc64aca6ce81d49cf07bf21d01cbacf8d56067d05a8527fab940079e9185
SHA5124f474c1aa418edc597039750c6d3825e9c24d92d6b0cef8782a0d6ee12b17dd276d6991b4864488fa2c42e95a57f06f62ba1ed739a19375a75558de32e198f03
-
/storage/emulated/0/ShareSDK/.dkFilesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81