Analysis

  • max time kernel
    132s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    08-05-2024 23:59

General

  • Target

    27550ae403ca5d4e14b756a626661a11_JaffaCakes118.apk

  • Size

    6.4MB

  • MD5

    27550ae403ca5d4e14b756a626661a11

  • SHA1

    2bcf248f4478dce61f2b64fe53eb50759c7f4a10

  • SHA256

    8a50b4ae1ccbe4f77adc7da6f8099032e3e7047e349e1d11b3631b5347a9c1c2

  • SHA512

    a6d4e56b1022689b2492bb2c41b8a84ab2b782e75d7547c13a6cd8232802abd740f7e0ce33646735aa21ad387d60b86caa0425fba9faf4b4521e35557c3d747a

  • SSDEEP

    196608:oD0AqfqztYe4aKKhsLvcK5dOpERb3Wo7wmFkl:QwfktKrcdpERbhUDl

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote
    1⤵
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4271
  • com.tpad.change.unlock.content.a1li3mi4ma3suo3
    1⤵
    • Queries information about the current Wi-Fi connection
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4326

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db-journal
    Filesize

    512B

    MD5

    c997fac762974206a3df6a8e605d0a92

    SHA1

    f6f808c1f8981880bd8d9bab0862dbf91c043c54

    SHA256

    b4d3461304c2d73d9c43497c539521106fd53ab0df3399318c525419a29a27d0

    SHA512

    87c55b475c8d67f9f78665564daf2d4a9fb504a6e27e55488518bcbe9e2d2de2433f5866c483de92124d97ac40840f08b4d5a0576798c096f3cd2b0ebc6d2485

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db-wal
    Filesize

    32KB

    MD5

    37106587be4392c3b63057167820ff70

    SHA1

    6b6aa95d1e7613d7a0121d1f1ea8ca7bf785629d

    SHA256

    4a92509cfb0cbda7c9ae3cbb4cdebed34e08d9860298823d4a6807ba71ecb004

    SHA512

    d831816ef2652415fccd8937a2b01ae49be503d9ee9e232e2acc5f2d54827ab3fda4ab47b262a1b83e4d974e8c97d8054924c64ec854ac0a05b82451cf95fa20

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db
    Filesize

    24KB

    MD5

    acf5a0ca891533c7e0bf626dff0399b7

    SHA1

    0258e693738eaacfdf70d5e3b95f0b0d2c1f5f9c

    SHA256

    3e0e15b184ad4cbc8143e747874f25ae8e00cae2d6b03bdbbd4bfe31f8cea15a

    SHA512

    a122cfeb458c57f5c2432cebe41e10ee867d64f21a1f3c4631b70c8c88dfaf6b2aad28de0589c78bd98da126cb1a765ab6bf53f26e9906410a43f75ada4e5a3e

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db
    Filesize

    24KB

    MD5

    d3ebdfcd014b978d7fb1bd7c2ac9838a

    SHA1

    a259873da6bf35fb2adb885708966a9319d359fb

    SHA256

    218c6acb05283be8e83d8db17b1567f5e27a8b97d7839ca4f7dc610b125fc87d

    SHA512

    0efe81e0154f7e63daf9f2f72cdbb81d9f2f1628a0d4283382b9b04520e372a8dcf01ecf6bd613002485e6208a5f7b499edf197cae7ff569c40e59e4fc2e28b0

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db
    Filesize

    24KB

    MD5

    73107492e80ed2c05e9c187b6452f774

    SHA1

    94ec48d77d541302bc64054b4b1edde51db5c1a9

    SHA256

    5584cd6f4cdb5b563e7e4de9e91a8b16dce27aa0c92d6fb8ff2d8b9226b2b1d9

    SHA512

    02357a06ef8dd64e10f833d6f8e2d69404bfe26d6ca4e7dac59be336eb198d791c8b0c67336a6423590e05d9e211177b34560561d32a1fef3edfe1f8d536953b

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db
    Filesize

    24KB

    MD5

    baf32cab825f67bc72eda57b07fc9253

    SHA1

    63791133f570a4360b662543819d06075ad80190

    SHA256

    6cdb8ea84fed0f44847ea610c30b90d0a3582938abf22821aae0cb40bfff3872

    SHA512

    4b235353ab312d61890e3764cfeaecc0ecd740345ad9475a1e004f606e59f7ffe56915056bc37f332bd006e9e4481d411398e929af288d95dfcda6b0deb09262

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db
    Filesize

    24KB

    MD5

    056ff12e40a725bae201a9d336a3c6ec

    SHA1

    2629e6005b0113fc199d7a713131c59a1fda7aca

    SHA256

    a2b84ad61a43bee3516f626ce2ea7aaf46aec4878c01d2278db7818b74718c46

    SHA512

    8528ed85809869e1b73e1ab0cd03906a93610b589d0761817ff9c49cfd096164b1d63cb4cf2577129a591bc1009b014dd98929b5c4472b1eea2006539775a4a0

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db
    Filesize

    24KB

    MD5

    e1bb48e3a1f2a9d0bd6b1641f386f2b8

    SHA1

    469fe9ac4c23da7d20a5c30bce16caac04792496

    SHA256

    eb9c5e8ff016bf01635d1f4421947dcec2049aa97e42c12a13363a7b5eff78e9

    SHA512

    4aed7c437997f56ccdc35c5781eaecf040ce42d6c2f6ac99ec2bd3a8380b9c682ee7502d2001cbed1c45c5cbf5691d56afad7c35d94c453bd14db7c07c56f8c1

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-journal
    Filesize

    512B

    MD5

    7a7fa683f7c880e842f222ef4411c81e

    SHA1

    5571ba03cbfa457b09dd410c1d41588a321a6be9

    SHA256

    7baaef9fddcf95a5d17c4c413765e0a34b7deeb9fa1d5b45f22241b787eb7f82

    SHA512

    6c805a1d3d5c99ca0246b48a825881f40eb5b1ca3af28701626879ce75f66cde0cdbebd400948e9d0e9a51b8dbfb5da3db3ff8f8da6a9b2ebff37f290ca024a0

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal
    Filesize

    8KB

    MD5

    33c112a785bb8ca1419f588c4e7aa58c

    SHA1

    97a340970a77fc1e720e0a675be0d25b779bc8ea

    SHA256

    100d252840502d9354c901bc9c7440b45208b17c75986ac74382d039d4ad9bd0

    SHA512

    e8a65ac96d865fc3271b96a9364383325f027d9ffeb9d0c381a34cc1eed51fea8998110abd1f0d933ac0662888db27965f3e5c05d6b2544e30d8c1dedebc66f4

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal
    Filesize

    8KB

    MD5

    a3b1b05f23c53df7697e4b79e44162de

    SHA1

    ee5912f556fd1af0a709a22e2fd0d0cd7f3f0f3d

    SHA256

    e4f923f28359c29839ab36367b0ab6263e2f51f3027bcb93f95447463001d3a0

    SHA512

    08389c0ebfebfeb816a4e6ee71244ce41e913f65125d167b1778710cba32e4d3c79007430755cf868013c5d0cba15d7eb970254226924a727323c59c01729d65

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal
    Filesize

    8KB

    MD5

    023ab75d0f886d1a5c8fe4b0497af54a

    SHA1

    d3ac74399292af412a85ee81921c276f97ea5f9f

    SHA256

    6cf41e11059a73c968fc04d3af99af8aeab7bb9a0df34eb92fcbf8000e3892fc

    SHA512

    149f1d95f1a6c9ef9971238d9d6d4dede5e5a29c1c0dce2c9e85082d0ad33431e700a4eed6cfe505ce167a224ce4985168a24ae934f6da5b32e1a15567c6e3e4

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal
    Filesize

    8KB

    MD5

    af5e92ee53ea129d832de6f7d92d6ed7

    SHA1

    58a039be8d150ca8690aec884af23828a51aefd5

    SHA256

    416bedfd5057c1767227cc944d981cbcc0305245af6055af68a14ab4714d35d7

    SHA512

    be5d980220b5673a933b51311f3c8123c20f3e7f65199009c2707acbbaeaff86894782d190feac879a741ef0649ecc2add12b1ecf39a3f60453487b57165a431

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal
    Filesize

    8KB

    MD5

    f664bccc7b56e8b5030f3288aa44e10a

    SHA1

    5fa526ab37f8fefc94253e70344098f962729225

    SHA256

    dedb2ba3c80fd46e1012c37a99df185306fea1b71b68be204ded033adb77e224

    SHA512

    4aeb3ef77ad58d00be90a3b8f443ce0bafedcaf34eefb9c045c330fce779f7423851840703f799e87dfb9ef87437abc8474736015d9d8b8695716887d8fa0073

  • /data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal
    Filesize

    36KB

    MD5

    90ae28e7d92bcd2f4634f5d5d63c12dd

    SHA1

    102e3d8db7ec4e428d91c4812fd1f5d902cf7cc6

    SHA256

    716fcfd4710fa603887e43a165d981051d5f1e1108daed32a8cb5c9c06cc3e24

    SHA512

    6898b1acf19a92c79fb41fb4cf8905f47f4f93bc7a5ad15c84c67311c08131ef4fcdb6b6754f2bd5fb7954d3e2882693be0a26a6065eae36fcba655db2b11de2

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    dde02a4827e3cfcc5ae6519bb8494b89

    SHA1

    183bb67fb8183f86c4c23d3032593bd594978f34

    SHA256

    5f7b3ee4e7106573a874bab142a883e361fc53f9db5d15e0e9022f4935717fe6

    SHA512

    60c448cea683fcbc25c20052b8c6d0d7bd2fe6c4c01994ecb78e42bdc9a0072873d519c2e88a3bf26a2f997d0955bb60941fa31016e5f1b10056862ab3c2d220

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    ec380358d6d5a0698b043fb9c6a43bd8

    SHA1

    10c6132b7e0039f4c70d26ded4d87a92bdccebd9

    SHA256

    3b30b1a294e8fb777fbc4751ca7f63c9cab717a3b06969a9cb2b481b792b1a3f

    SHA512

    0a91f59b775cf1ff0bf443ee86617667950e8897cad29bd0b22a3fdee23d59065129e882bed28435a16760d2e01f852be7c45e078b4943d62cf8c45851038210

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    851ccadf1934856fb09eba9edda522e4

    SHA1

    48d27d59d205e868beb4c5decedab7d42a881cf8

    SHA256

    cbf593f5342ad86cd8da3bb453cfeb47631f1856eade4f920e9051f5b8da22c1

    SHA512

    7fb3edd699b0b659a060e4dffae0d61256125f9eb70ae1f2b1e32621185efc5472bdd46933a872e5a733b49704cc4d5ff7d5be188a539eacf96dfa087445404c

  • /storage/emulated/0/CHANGEUnlock/config/con_list.xml
    Filesize

    156B

    MD5

    aaf604c86fae03d0e04790cafca03885

    SHA1

    dbc145fff9886ed7eda5f18afe5090d2376c7a9c

    SHA256

    1c608198cb81639c5490e73eaba60183c3836e6272a343cf48a31b5ac4de8396

    SHA512

    4b2e7c4560889756ca8280bb19172da097cd0693e98a72a8a72817c30cecbce79b5a3b989bb838acb553f7fa5191a6013051bcdef539e2019fbd921bdb993d6f

  • /storage/emulated/0/CHANGEUnlock/config/current.xml
    Filesize

    198B

    MD5

    fda2fc315ddbb55c6eadacc1ecfaa92b

    SHA1

    47aa287f7aa6e3034bd54b4d7b260e760162b6e0

    SHA256

    4e76196403e3c0c615a340753202427fd071c866d65cfcd59b98e5e883b68033

    SHA512

    35adde208b2a8df6108e106e89a3f6c9fafd67b3edbdda7b7c27ad5ac10c825817312fbd20a47b293fc432192356dd247a87d57abc92945d409cf9da70bda2d4

  • /storage/emulated/0/CHANGEUnlock/config/fm.txt
    Filesize

    10B

    MD5

    0403b451ab88e1eb6a189cc72ceb7fd1

    SHA1

    be55c3482cdd07e21c32a8a29cc483326bf6e9bd

    SHA256

    36e7ab28bc4444a3ee2d582f452ce78061efb1a9c9f271f95e4e795a642109d7

    SHA512

    5c8399eab34707d4c6d7f5cb93911b3741948ab7901a12f4e48c43ea2ff6c1b3df9994a71dcb5ba61961e9d8b1ce9526835746f1630093b67f3c02f5e3e9b691

  • /storage/emulated/0/CHANGEUnlock/content/alimima.ux
    Filesize

    700KB

    MD5

    59dff977ee36d069f8cdee47066b63f6

    SHA1

    29f87f2a06e381e65687034c0907ee9c70ad6bff

    SHA256

    6e635f2259f61133b7cf33ef6042614505a2a82677802315a3b2696e90bf0256

    SHA512

    0ae8a7a2ae78386780279ecb55c6ca9e8859859deb6da816932b8ce5eba2d85f2cfccccc97c4c0d2f7da9a0873930605643b830f49ad1db443066caa0aa65689

  • /storage/emulated/0/CHANGEUnlock/content/alimima/image/alimima.png
    Filesize

    124KB

    MD5

    5aa2f8f3c6c31bf79f8fb94a25eeda56

    SHA1

    1ff79d59710663ca6aa194112940f0fd8d1c4e2b

    SHA256

    36b8026263c6881cf456ba9fd51f81382461db9d417296411f80aa23ab0b0308

    SHA512

    45a63f88d013c2eaa623eb394f678ba0b8db7519e78245a5c799c2bffefa96f53d11425a878703bcde191523b1d96c5d1400f7f68b4eea6c17c6c5365e0f78ba

  • /storage/emulated/0/CHANGEUnlock/content/alimima/wallpaper/wallpaper1.jpg
    Filesize

    169KB

    MD5

    df13442847ce635f816d1ed762734f69

    SHA1

    8dd37c540cb2439882ec426e1736b2af6ea11cfa

    SHA256

    d033dc64aca6ce81d49cf07bf21d01cbacf8d56067d05a8527fab940079e9185

    SHA512

    4f474c1aa418edc597039750c6d3825e9c24d92d6b0cef8782a0d6ee12b17dd276d6991b4864488fa2c42e95a57f06f62ba1ed739a19375a75558de32e198f03

  • /storage/emulated/0/ShareSDK/.dk
    Filesize

    107B

    MD5

    c9383021bd97affc44be4db7018c4d7b

    SHA1

    7e680409d1c86e35149bebc22f2cf8c484f0d23e

    SHA256

    b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

    SHA512

    7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81