6bfe6a88534d23dc6ca6a6a00f8c2b72092365445f7909df0709a7f05fff0754

Analysis

max time kernel
150s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
12/05/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38937388df8fcc3bd3457e01d685ecde_JaffaCakes118.apk
Size

15.8MB
MD5

38937388df8fcc3bd3457e01d685ecde
SHA1

14524ed5ee54915c5c84c7c72126b35bc4adc561
SHA256

6bfe6a88534d23dc6ca6a6a00f8c2b72092365445f7909df0709a7f05fff0754
SHA512

219e7675a01911a972ea9607a195d2c865363801ed8d73b65156770976777f0588cd871cbfcfaac791acc8261505373d698356507fa408a273abdef3951ec157
SSDEEP

393216:X/NWvjNokmP/6c4cc0CqWeqqkSnpHRMnddP6Cof3P:X/ookmPil7npSnTMnddyh/P

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yunds.tp

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yunds.tp:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yunds.tp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yunds.tp

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yunds.tp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunds.tp
Framework service call	android.app.IActivityManager.registerReceiver	com.yunds.tp:mult

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunds.tp
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunds.tp:mult

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yunds.tp

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yunds.tp
Framework API call	javax.crypto.Cipher.doFinal	com.yunds.tp:mult

com.yunds.tp
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4197
- ls /sys/class/thermal
  2⤵
  PID:4240
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4382
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4408

com.yunds.tp:mult
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunds.tp/cache/code.jpg

Filesize
30KB

MD5
958f0d5be4714f3f995351dd98904a84

SHA1
a40340fba6a5f028d0e49987f2bb54c3929c70c0

SHA256
b48aa29619d903e660a08571dfb58584c433fd90faca240148f36ea5e9dce4bf

SHA512
af5a65384545f44a134327cdebecb33c8f08c19e6c48ea7936876a977826d1804ae78757ee496bb7a77cbcdac71a8cb66810255dabbecc9a4980f6e7c8b7a36c

Download Submit
/data/data/com.yunds.tp/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.yunds.tp/databases/ua.db

Filesize
16KB

MD5
baf0ec3d02caa3c213926decd8aeb837

SHA1
40ad6c0f889fad01abe31796a7898015583e046f

SHA256
88ebc397d16f11651388cd385998be12d39ca70e33352e38d6abe630930cb3dd

SHA512
90f892c2b312002a02c2d26938297e94f4ed3d26c8210a622fae5ad0f44673f94537c38ffabeafd43967c61bdb99a727b97be7a84c731ead636f91ba813672c3

Download Submit
/data/data/com.yunds.tp/databases/ua.db

Filesize
16KB

MD5
698b47d29ae4a0b30e74cc4ba369d38f

SHA1
4952d6b5323b479073240f759a2a8efc9aa9af10

SHA256
6466f8d43c45ea5bc6147488b3b0445be1e3cfa8c373888c0cdc3102b33587c1

SHA512
cc3c78d7e79bb03644b892d6e43663a7f22bb8d768854644ea89dc4d268722e31a14bf96e0781495144632dc6bcee9f9f9cfab84123aaf449c4077380cc11c3c

Download Submit
/data/data/com.yunds.tp/databases/ua.db

Filesize
24KB

MD5
fdb341bf7febb17caffde910b9645e0e

SHA1
893170ff660fcf4a1a52b710a36f30c40dc05e0f

SHA256
243dcf369da654458e2d200589d5442726584a7af7fd758b27468aef17fd86d1

SHA512
4500598a102b62eff601c14e34fa86dcc0dd160ca85eda02c5abe21430b8402558724c0b1c2e5e3b5da400d0f28eafc324dd78b462a653b997be56d9e5019032

Download Submit
/data/data/com.yunds.tp/databases/ua.db-journal

Filesize
512B

MD5
c7060c777f5fa37ea8e29d69d3542f06

SHA1
f6c2b2c04381d39243e633fa50721190120ed051

SHA256
4bef2f7055c0729484893b0a04a1cedecce6f83c32a19e827afb0cbb2e4a54e8

SHA512
44bbdfc420c86ee1f89feb519fc049cf10f26afe0307cd13c31b3ee66c92443cec815ffcde0dbd0fe2c5e301d4369129121c75069535daea167b4a6f027cfa84

Download Submit
/data/data/com.yunds.tp/databases/ua.db-shm

Filesize
32KB

MD5
0eaba6cd8971e332c6a94cdac0e69008

SHA1
ecc5629ccd6baa7d7f8c60992f027df69dbf74d4

SHA256
27ada782bd376de22410a805eb31e7999a85386685aef30cdd8a20f1aaf7923c

SHA512
3d534882a38eddce0e67291c20a9002df75966020751cbe0c36ba930ee20cd8ef34d7ff52efb853dcad8a364bed1d109177127699af98a22fe4a1b67acf4edbf

Download Submit
/data/data/com.yunds.tp/databases/ua.db-wal

Filesize
4KB

MD5
a01ecf2fbf9328b61be31d5a22879d31

SHA1
1d8543aca12f2a1dfd44717b2b049beb4813d8ff

SHA256
520055ba3f06de89e3869fd676e91861e75516367e094b70f54a3d20ad12a0ae

SHA512
c3d310d2c29e7e11c110c85a7a4b0c1833071a687cb41310470e57c789a4e4ed9a7ba5bfc37a28f3555c2b63088188290d4ee8c6b8aab17477d666d363109077

Download Submit
/data/data/com.yunds.tp/databases/ua.db-wal

Filesize
4KB

MD5
793a33a34f66208bbd24620c5d02f424

SHA1
82525b3e3df1c85b30939259f9fe9827650458fd

SHA256
1ce205b457a4af729e8b28e64f96d7d5e2a13618f508c4719c87c0954e9139d0

SHA512
e05a1c54b6b3a00f64c3531a0d95ae514b6cca6915b4abcca55e9e8add55b6791f46a352c0e6bf9d69a8d2fb49b0a22761f83fb7f16e349b5e9e754e3f14c18a

Download Submit
/data/data/com.yunds.tp/databases/ua.db-wal

Filesize
48KB

MD5
b30768e43348eada41b2219f52c4bade

SHA1
5043cffd96baac1e106ce1d095e0be88989f0a56

SHA256
f51438667e911a920824c15bd543c8dec9ac5ba592066b575c70bd476d5b2a1a

SHA512
3e742056a59540110efe4400957d74d55433d6b296ab2b4e961ae41ee4cb3e9637196122f43b50ea1433d5d52d10c850daf5eb2bab1fc4b00fcc863adb50428a

Download Submit
/data/data/com.yunds.tp/databases/ua.db-wal

Filesize
12KB

MD5
7d459f6c6ffc8e956321085e05104008

SHA1
087ffce9bc050db9ab6d61dbe8946e085dc881a4

SHA256
30128e1953b0bc75fab7eb7125501eebd09b075f67d00d6718ef0740bb0a39bc

SHA512
1df08f7abe9f17f25a4c9320ab3d88991d11a6ec52c401407923c5484b6d5cec0e0324bcac05e7a13f86d57fa97569d37f3b4e75088dd3038dd213293108c440

Download Submit
/data/data/com.yunds.tp/files/.envelope/a==7.4.4&&2.0.6_1715493070035_envelope.log

Filesize
1KB

MD5
8d9cc30d7194199fa87841ca339d8768

SHA1
e470b85a55afa37df6b486eba1570b0d5c503f6e

SHA256
0e86fdd5915573203d964a667e38adf586ba4a92438384f53c5230263d934c7b

SHA512
ea3c0e765bb050b3aec7914cabe5aafd127bacb2f6c9ed0a596ed56c29c89721a81a652713b478f90f61d4a5ba15931493474a2c668f9a25c985deaa20456b03

Download Submit
/data/data/com.yunds.tp/files/.envelope/i==1.2.0&&2.0.6_1715493072127_envelope.log

Filesize
2KB

MD5
4ceb2119a4755ed2dcf08fc76d14ba20

SHA1
4a21ac7e89f905dee8e1a90afda90511437b6bdd

SHA256
cbce00abe968c4d524da189daae17996d1e7963395b75816764a81314f9969ae

SHA512
e3b39b91dc83d86d431626504650f12c771cb0cdbf964a44fb853b6a6270ab4ecff3096410836857e0d3d339f3dc358a499c08e35c45c62b31ec730c773b98e2

Download Submit
/data/data/com.yunds.tp/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
aa92c178d4f3928dd78d6544bb953f87

SHA1
f54a96bf1f78deffd888015badf52a3cd4ac5187

SHA256
65909d5817f9e4c668ba3bc3af64497c93133b432cf7f2b9af8a12a900f48d30

SHA512
6b801a0cf05ff2946b3da488a9cf4e76e22305f88c52304cdf392bbd6eea9a6425ecaa12fa51b90a8510b6415d880d170329080389836b1cd84f2e02b4ac410b

Download Submit
/data/data/com.yunds.tp/files/exid.dat

Filesize
55B

MD5
2f37b8ed81b97659d167ae95e6a7d54d

SHA1
346816639fb2d31e45e9568d46262dc6aee0b7dd

SHA256
6219fc5f5fd2631d955bf0009cfb685546aa72f4691690c13ca06cb2417d8766

SHA512
ef37d3965cd16b83fb55eaec8b29bc277db6866137d9887e2f865eeb568ed7442951025d237ea86e637ba871f1444d92dbf4a44f831328c9155409b4eb6edc8e

Download Submit
/data/data/com.yunds.tp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NDkzMDY5ODc0

Filesize
1KB

MD5
6bdcb705505df188f5ec4d161ef0a964

SHA1
32705ba44d8d695e178b68d6f39642462ff424c0

SHA256
fe1064dda96bc7ab65a879c74fc30b3257b6d469cf2bc9f676b983fba0aaab5b

SHA512
92521fe32253948712abb9ba4a194fac7337364afed25f299f2d9d31fe257df8c59b5edd50f9b7b7ec1901094bcca0b3083a71ec4a15a6487392d6cf6e38042d

Download Submit
/data/data/com.yunds.tp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NDkzMTAxMzI4

Filesize
1KB

MD5
d7c257193bde1a512d94f3e93f61be93

SHA1
f4599e05730d6179d5a405a4e8f275b70b816ea7

SHA256
e561f4036bb7af034f83322515ff9fc8ae28aafd1a10a5567e6c225a091781b6

SHA512
e9598260eb65e536d6b8caddd62a014f148bb9f808a0b8be2c3cef42c90e177f73550423af255fb582dddd2aced9648bc79ebdafbb31dc1e074d72ab4ce60de1

Download Submit
/data/data/com.yunds.tp/files/umeng_it.cache

Filesize
415B

MD5
0e0fcc961b83af9c10d41cc3bc42957c

SHA1
9acc599d2aa2d275acb9a47ac0fbb215477263fb

SHA256
06b305a8da32870ac6ef6d75465be67954e3bc07df8f92230beb93b4214a08dc

SHA512
36d41a774bc4e7333a7c1d8e545220cadc2a2d406869b30d6025f7f4830caa75d4e5f8b8ae5e4ee68a311cd469f9264c80dfe4be837f551c7e9b29a87cda2e46

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads