Analysis

  • max time kernel
    136s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 06:56

General

  • Target

    3e3f2c8c7cf9d4cc11e396bda0e01897_JaffaCakes118.apk

  • Size

    14.9MB

  • MD5

    3e3f2c8c7cf9d4cc11e396bda0e01897

  • SHA1

    00e43e3e500a8ab1d654b456a9b0139b02a13b4d

  • SHA256

    5428765b8f7eb40ce41d779563e9e7eaf50336c8cae5cae9e0883045e3f0420d

  • SHA512

    7c3d90c4bf271e159f3c602d99a4e85423423a9241ddd4f1d6420462b6ef2502a7bcbe22d9ed0e7ece5a17b2c5bf4cdde9493b9670463d53a2a6ec336502ad4d

  • SSDEEP

    393216:l4vWsc/Yf3dmEU+oZ8IGbJOX5Y5l/zxBcvPZsj3der/GKbR6VBd/:63c/Y1fvM8v85Y53GvR63dU+KbWr

Malware Config

Signatures

  • Checks CPU information 2 TTPs 2 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.yunti.lfs
    1⤵
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4295
  • com.yunti.lfs:push
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4369

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.yunti.lfs/databases/tqm.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.yunti.lfs/databases/tqm.db-journal

          Filesize

          512B

          MD5

          732ba972b6bf73d76c72b6a7102e49ae

          SHA1

          95314d1e07ee39c9856f0bd7e38f40dbaa3b3170

          SHA256

          9676db698817be6e619452a421c50631d2071010a3e093ae4fd9a04a466fc7a7

          SHA512

          ba1e7471e769ee4eb8e99ebfb22bcbb9ff9f051fa8bd3b0257aa8da47d9dcdfdda4930e23db42c3d7085ffb9569e4e04a24f372439bd571da455732b7ccf345d

        • /data/data/com.yunti.lfs/databases/tqm.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.yunti.lfs/databases/tqm.db-wal

          Filesize

          104KB

          MD5

          082bc374e0bdea2eb082de8fbff82668

          SHA1

          f13426691bc456a534fe48924f768057a3359ba6

          SHA256

          148e07f4745ffb78d9e69066d4ac2e8b1f1f94e29528d3704e53490881e9c2ff

          SHA512

          5a1bacc4ed2cbd388bc5b8c9ef036aad6e5135011e564883c7bc07a3aa6a87c91d6af041a71d324df38e1fae55a4305596257d63843bdaafb0d608423408808d

        • /data/data/com.yunti.lfs/files/mobclick_agent_sealed_com.yunti.lfs

          Filesize

          613B

          MD5

          629094ee9c55360c6f2674946283d57c

          SHA1

          44a5c498882b2db2d514885b18453179e3733356

          SHA256

          9a3ca543feb26afb1b67a7d90b6130ef93328517b5c039b1729741e04d76d5b9

          SHA512

          4ded15c4cc00c9f0ac95f5071943419a91d9d73d8f7c20ffd0f70c41f7fef63f9fabeffd81c63056e7c088d4b1b743d53eaac5118f58fd99c3d3c56f074729af

        • /data/data/com.yunti.lfs/files/umeng_it.cache

          Filesize

          294B

          MD5

          ddfe3a6248531a3403137594e70aee25

          SHA1

          62eb82d132d53af38dfa233314c67495de6518f2

          SHA256

          2c5032abf33bf6537509ed8d8c6c4be0e8c1bac50cf8c1a8a800069d1c64bd76

          SHA512

          01dcef70c092547266fd19f856cd55a140f6231da2bc342b6aded88388b0346fde27227902a648e3dc65395bfaf9b9c2c7d7aafc4a46c5ec7f31d99abfebe1b6

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          381B

          MD5

          109c0318d4996fa584d972aa7e880755

          SHA1

          351d86a52e3297fe22dba213243a7263579b3fde

          SHA256

          633cec488dc2106d966b8e56ec727070c14f2e42f4ce2bfc1e1e96ec06801f17

          SHA512

          b0564a2588e78375e63e66114176d0bc07991b35234f56f1ddeedd8aeb629acf9699d61cf260823867e9042234ce68af2fbb1391a0f41520a7f999ad85f0d229

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          380B

          MD5

          6181bc6508725c75f2138fd4b0478a6e

          SHA1

          95c5b6bb70c8a0311ef2953bb0e687cca9e514ed

          SHA256

          9b256d5c3d9d1598889d50503374aee48d11f94b9e2469bd7c67c730cede2192

          SHA512

          ac1238d8f511bffcc7c71517745c61e3e74304718ae87e7716fb64653424f61bfdb00b6558303d8c2fdff3f9f280aa57054b901a67a675638b7926ba91f1bb3f

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          ca2972a64909d4384bfacbb9a4e8e1a4

          SHA1

          c276eb2414bbde31ffa172ba16e66004b3d972ce

          SHA256

          2bb860092073cdc7085d54dbbc07939225f3e48a67fe464e0079a0b287b6d472

          SHA512

          ee2cb18b7231b099a56f030d8267b3e0a1e496b5609a445622bc26897336ca129656194e294c46fac43e520122a87dcf8d12f756f5399cb49a6c598477046a77

        • /storage/emulated/0/Android/data/com.yunti.lfs/cache/uil-images/journal.tmp

          Filesize

          111B

          MD5

          f25ee2ec346fbf7df0eb4f684696a07c

          SHA1

          0fef4fc5fb245f4f393cb04d66e2a6a019c87a38

          SHA256

          c61c1e4e1709b2196354c3701cff9832345d11bd500b8df76911a91b0583cf4c

          SHA512

          ceb923152478f41a70bc3b74ba5d86f12220da66d290b27af6d1d14cd23eccab2abe67e3334df4b321ea67f350daf678b274afbe37e5155312492f819623e172