db8fcd239c68071e3107b7e6bef0bad9dda396642de34b3b5c861cefd5854c9b

Analysis

max time kernel
150s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10-05-2024 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d39867ac2c65ba6453321f1a173d310_JaffaCakes118.apk
Size

12.4MB
MD5

2d39867ac2c65ba6453321f1a173d310
SHA1

e1d1ced4a50eb8bbff31f0ca4a44c55fa83ddb61
SHA256

db8fcd239c68071e3107b7e6bef0bad9dda396642de34b3b5c861cefd5854c9b
SHA512

f56abe44599fa25f5c3353229ca35d99629470a9cfe66d552c9d99a922ec31818c4b35b0e475e9681a2c5bfb0e979024782033a2c7990cafffcd6274ca9a850e
SSDEEP

196608:KqO+21WlBPlMbl9wWWjE6w8EwgfF+B/v75J7b284uLBCQLD42K7j6:m+ZlVlMR9bWXSlQB/vthbTXR/9y6

Score

8^/10

banker discovery evasion impact persistence ransomware

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.uprui.phone.launcher

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.uprui.phone.launcher

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.uprui.phone.launcher

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.uprui.phone.launcher
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.uprui.phone.launcher:com.uprui.phone.launcher.theme

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.uprui.phone.launcher

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.uprui.phone.launcher

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.uprui.phone.launcher

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.uprui.phone.launcher

Changes the wallpaper (common with ransomware activity) 1 IoCs

ransomware

description	ioc	Process
Framework service call	android.app.IWallpaperManager.setWallpaper	com.uprui.phone.launcher

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.uprui.phone.launcher
Framework API call	javax.crypto.Cipher.doFinal	com.uprui.phone.launcher:com.uprui.phone.launcher.theme

com.uprui.phone.launcher
1⤵
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Changes the wallpaper (common with ransomware activity)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4503

com.uprui.phone.launcher:com.uprui.phone.launcher.theme
1⤵
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4654

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.uprui.phone.launcher/app_push_lib/plugin-deploy.jar

Filesize
180KB

MD5
73221f224e5d32e4f130dbe57ad395c0

SHA1
1a8f63b73dede50dd56f469d0ee9bffa84eb9d63

SHA256
8911616ac34f9c9508d25ad55183ab06dd05f1f80793d70fdf225cd56bf4ad55

SHA512
58a1203866c0c376cfedfb493c21b8733f4796f6743414b810a63aa144b1af0acd9797d132684b8f255b9ebd76ba5405d0b5518c0c353c4a9b8839939a9c5c8a

Download Submit
/data/data/com.uprui.phone.launcher/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
86d2cda6a246766fc79564aa36d4b4c0

SHA1
5f8909bfaf0a2e9d5055a1be40f84c6b474fe493

SHA256
08a98deb7e4ad6932cf1a6632ce339477187785a516966e2cba54a6d8d56f444

SHA512
fc0e13e78b63c56063bf224806b61b2a08a61c098e3ed6d6ec314bf3847d3f8297b0fcaebe0d93a50e63b0592915e283f3368ed7fce667504b8d181bbd2bce88

Download Submit
/data/data/com.uprui.phone.launcher/databases/forecasts.db-journal

Filesize
512B

MD5
12db051bbae9a6f614894d3662e6ff98

SHA1
967b6112365b29415de90b730df5f2e146e99fe7

SHA256
f2b7534c03c8a82fe4bcb9372915c22ee574f03636654a87fa81171934944db6

SHA512
263589d9d02bd70298134726969366a7d3c34c436b8d9270e620c94075e1f726d99614f9be96bfa62db4a54c4f34ce9407096920c1c944a42d813e8d72645bc1

Download Submit
/data/data/com.uprui.phone.launcher/databases/forecasts.db-wal

Filesize
32KB

MD5
174d02523b66c37ed5fe6c432a51bf1a

SHA1
069aa2ef4f42ce522de0369127545fceee95e598

SHA256
b10eaa0a7da8a100ef363b3cac158b5cd0574984685bae36f99222e56c93c3b5

SHA512
ae9bf9e2c5be49f9b77d3eaa9e931fd7d1001182a13fcbff15962149ab83dbda5c184a22f4bcf2717e10e1f1befd726d63648a9ce1949b3dc1ec55295ff754ee

Download Submit
/data/data/com.uprui.phone.launcher/databases/launcher.db-journal

Filesize
512B

MD5
75b85f2ec56c18afa9587dd4b1fef762

SHA1
fd6755eb9e0aab4d2c59e55e756cad1da4a82622

SHA256
875b2e9ffe608d184dfb930c5c7edd60e35f6d38822494abf0eb031f2f35e92a

SHA512
c70b5762e513fd94668909846688ea163abe7ee504ebade286f4611545ad0510950c6dec666d8b17cb8f52fa46cae57adab96cffdd6638619d15cddf6abc190e

Download Submit
/data/data/com.uprui.phone.launcher/databases/launcher.db-wal

Filesize
281KB

MD5
3fe585be3421805a3c9d4431535b56a7

SHA1
75dab270398d92d479b6f591c701673818ee39b0

SHA256
f688cb050fd75501887564e66c7f364215f17cc240376e3ed923431c66f456cb

SHA512
4db2c8fbdd5a3137240af9bc1ca2a75ca3bc886ec2cbc2e7e23917d46a67672db0417bd807056e4316ce9ecf64d2b66e2694adaf259e86162278e88a34a3a6cc

Download Submit
/data/data/com.uprui.phone.launcher/databases/local_category.db

Filesize
2.2MB

MD5
93ddbe793f1b4362ae4c159c22fece0f

SHA1
625b5c7f9049ebe1b0af103f1203585f78543e2f

SHA256
8c4b111cad34ebca88c12e39cc6aae262fe3bb7d4517f199785f18dd407d3d2f

SHA512
111d3542d06b8ad388ca29ebf908332d61f54ff0d55ac36967732631546412b91c0fee50ba4da20d3d10904fec35d1177bbc6d9e5b56c738fb682463bfe10e79

Download Submit
/data/data/com.uprui.phone.launcher/databases/local_category.db

Filesize
2.2MB

MD5
b83f9684eedcbf5514a936f5738c6600

SHA1
ccd71387f3b8c73308d82739278d754cb082ab53

SHA256
1c9b5e8644ed8dcfb7ce0dd0be79b721d352a7762805f7ba00aed91f48fb76f1

SHA512
2d70faf6361a3eb336973cc0a02dbc1d1bcfb4758b08e582296831cc9ff8a78a646bbffa453c73a0c28991be5afe5eccf04e6f33d88d2588c66e3452bfc46b13

Download Submit
/data/data/com.uprui.phone.launcher/databases/local_category.db-journal

Filesize
1KB

MD5
56193eb9ac4ae3a1390ad1531c22e9c5

SHA1
40e47423792eaa43390d347b90861d21d7e0205a

SHA256
9372dec7e709bec1317afed29823ba335028b9299e4534db03ac933d1c0e023d

SHA512
4cea91d90267fd2aea04567aab241fd1752175cff4bf275841b76033552fad0f8d9999e32976d75bcb1e4315786b8d5aa4ebdc67bc7bdde3a67f1ed3aa326ecb

Download Submit
/data/data/com.uprui.phone.launcher/databases/local_category.db-wal

Filesize
3KB

MD5
1bebd655cfce717814ae77169f0f6abe

SHA1
5795a5c14b98b5b4560db1aebc15fd1ec48100b6

SHA256
28ac502e552aee840b5dd6fa6db96e11168f13c0dd92ac7e9e20ba6f00b66921

SHA512
39f2c97609c06febb165f19353a1d6ce519e8a4e6665e0415a7fcce5c83fc4e90893986d8f3b709325a95effbf790a46f4c71a4be4908e1bd16357e591c5623e

Download Submit
/data/data/com.uprui.phone.launcher/databases/rui.launcher.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.uprui.phone.launcher/databases/rui.launcher.db-journal

Filesize
512B

MD5
1682fcadf57f6571fadceb3b40cdb18b

SHA1
8da4481ec81120cf0d13d8321da05e620942760a

SHA256
57ea62913a86bc61702b378c0be45b5aa01cce13e0a99c2d874897aa070aaab9

SHA512
a124f8ca932a5ec25b201f3f3c02a9fcb163c0eafd3f3888de18bb3ab6821617cb1d0f76319ec18600b4d4c09c1288967aab3ca98fa4eb5130e91c70918fd013

Download Submit
/data/data/com.uprui.phone.launcher/databases/rui.launcher.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.uprui.phone.launcher/databases/rui.launcher.db-wal

Filesize
36KB

MD5
48f160ad131e804ffc1474a37d596130

SHA1
3d79771bb5bb81c3f96bc537b8b866a3988bedc2

SHA256
534cf62650dd5636e6f0c7418595ed37003eb057c0c12865e61e4e11de91b05c

SHA512
a3f4ba8583b0e03727be379383a5f106d61229b1a794f2a3bdaa7c6e4626d5dc280f5893ff56ca38f4daf3cb00db8810e4fb43d3915512009d58650290b17452

Download Submit
/data/data/com.uprui.phone.launcher/databases/tencent_analysis.db-journal

Filesize
512B

MD5
ac3386cef0799e878be8ff9fec3a0ca3

SHA1
7fbb7730638edcb85e034ae18b24ff15e9dc533e

SHA256
9912705cb1a88ae50506168defa6a0cb77122ea0eaaef424726b03035943beb1

SHA512
c9bee4ffa87e81324b9d7604d6d41bf3d25398fdccbdde455084937f29472caa15b3a1382db1617581c5572dbb3aecb099402d2a95b0a987044cf9afec98fa6d

Download Submit
/data/data/com.uprui.phone.launcher/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
3ef8f9f3299e6322514db2779f065353

SHA1
62e85976a7bf66929d7260471caab91c38275f13

SHA256
ebd916907a3f5eb659d10a551a52db027dfe557f637abcabf5656944388faa87

SHA512
5bd1e9c9d8b5f23a14fac727b4c8e3e25fbcd03c90f7ad4acb82ade4b17717e1499a7b6684860e664616ef4b82849ded4c63f700a664648d11fa669765df2c05

Download Submit
/data/data/com.uprui.phone.launcher/databases/widget.db

Filesize
16KB

MD5
f0b68d4073534377c8bff04b79ae0d4d

SHA1
80e22561ab003f5af5422b932508dbf907c6a0c2

SHA256
f9941e5ff7cabf9b9fb1b5a47fded368d15bef2ae9c502fcc0f8b7a9f767e1a3

SHA512
0e3438c429840b2068c7c48a4ce5b73f68fe8e61eb99fbca0606834e16d58342d1b64b689fa423c6dceae2ef68f8837ed8fa4b84ef034c39e4072ab31d5746d8

Download Submit
/data/data/com.uprui.phone.launcher/databases/widget.db-journal

Filesize
512B

MD5
8e4b98a341451c17248c3b0d244feba3

SHA1
2d3e004f75ed5852315c096973091b153d7a75f9

SHA256
4d62a57a7ddcab23830c92e28e7519c57ed0f51cbf5f5a2fc11c418726b485f2

SHA512
53d388138bce0522bf7b74ea38f7eb0e82a2e399a0c9d7b28e74629277bb9e3e50159d30c422d66d6c95ef5b8116d10b82843cca972691c89ee1d02d85a4b2f7

Download Submit
/data/data/com.uprui.phone.launcher/databases/widget.db-wal

Filesize
28KB

MD5
c9706774cb0044287147ca76bab20026

SHA1
b436351fa8cae18272d2f42022795fae46ea26b5

SHA256
0603ec7fb6ccbfc791119c4d1189f7947208e24e323267c8f0e1f34539abfae4

SHA512
5b73a963572fbd80a277e295d7e51011500f3cc566606ac985d13d25137c62f43563eca206c417623c0950f9b06d259e6e4b15ccb41ed9836952da6284ff6715

Download Submit
/data/data/com.uprui.phone.launcher/files/launcher.preferences

Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/data/com.uprui.phone.launcher/files/mobclick_agent_sealed_com.uprui.phone.launcher

Filesize
681B

MD5
3edf8f18fc4fd3e77080a2598e7aea70

SHA1
0cb16f519febedba3290eeb509e7c0ab04d39a77

SHA256
bd391306c4fcd34ddc5515f6c8f928d39015d31f9efdeb6783e272686e87b6d5

SHA512
b4d25296e80b05e0e14c57339d9ae0e1f2156a6fc51de5ee7305ba8e38c74162968dbe3c3260f4f88ccd5f524a97f9e70e566eca4e2d6580e44cc280f318c98c

Download Submit
/data/data/com.uprui.phone.launcher/files/umeng_it.cache

Filesize
294B

MD5
6cca338d74630aaaa6630cf2ddf032ad

SHA1
8ee7f6359bcf42738c0a17d1aa763102e0f4e795

SHA256
973118f824a6a9fb7d8b5219d270ea7c9c5772c8bdbb597c55610b10f59f1c72

SHA512
c52d04c63f133f060d1ca333963ea4c68711917a89abfccbe39370c607142575a108fe8e5b347a277499d9138669f7867ab24c01cc896f0b54621bf0d2220e84

Download Submit
/data/system/users/0/wallpaper_orig

Filesize
129KB

MD5
225f53973aeb49eb1720bdf59cd17659

SHA1
65024ca3efb2d582118673773c8bdb0b6347dded

SHA256
ec4044081209b11f8939115acd3ebfd4845c1f472232e81cca78ec2f7a120088

SHA512
4a2b2f59bcfd85aedb264c893865fe137a501b7483e9560a6e5a90219bce15411ad30a68b5b4acdc86114a1e02c23deb4aaab671b99955ceff83e2dc49b67797

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
cd61fa0a6a890934fef02220036de6b9

SHA1
f26c63ece7acf85918c9dd65d70b1b71f4ff35c7

SHA256
d047078124212712d719f9bef576f60fcdd5f1c553a25d6f3bd1d4540daa18ff

SHA512
ec4eeaea2ae7061d3ace49f3bbe0c7345983874074d258ed4a77c80f432156c9c8ef8d3d15b371cb85b981ec23e2c35154863ccbd09d86f831da3710b06bc997

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
788107a1756a0acd1a7dadf549bccea6

SHA1
9753c8042352275f4162b98fb07b4d92b19c56d8

SHA256
a6f726a75a91676bd17b13331fd0b354907bb07992078373f1627ec87b84dba8

SHA512
208a5b3a4b733572143c008426f84156bd8537b0affa7a8395ac314d723b84d64fa3eebddafc3d7632c723b8dcfdc465d589a0e9b2a300e396b70345e297dc68

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
20460724adb52726720ed1d7e1abb495

SHA1
61dc4dea6d7f20abe0b641d80233dbc0b3db2b24

SHA256
23aa9f718c7f625ab1cde1149f1736edea5e0c43fa8163fc323a3aa85f3f1423

SHA512
05f26649c2511fd560e06e3646acfdc9801cda59effc90d162ff6ef6890bcd67e481c3d4888cfabdec4a939b510039526d7a9b74e868b2a2489d961f9d5d8e59

Download Submit
/storage/emulated/0/Android/data/com.uprui.phone.launcher/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads