Analysis Overview
SHA256
5428765b8f7eb40ce41d779563e9e7eaf50336c8cae5cae9e0883045e3f0420d
Threat Level: Shows suspicious behavior
The file 3e3f2c8c7cf9d4cc11e396bda0e01897_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks if the internet connection is available
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-13 06:56
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-13 06:56
Reported
2024-05-13 06:58
Platform
android-x86-arm-20240506-en
Max time kernel
136s
Max time network
158s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.yunti.lfs
com.yunti.lfs:push
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | fb.umeng.com | udp |
| US | 1.1.1.1:53 | lfsapp.koudaitiku.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 115.28.112.191:80 | lfsapp.koudaitiku.com | tcp |
| US | 1.1.1.1:53 | adash.m.taobao.com | udp |
| US | 1.1.1.1:53 | utop.umengcloud.com | udp |
| US | 47.246.137.207:80 | adash.m.taobao.com | tcp |
| CN | 140.205.160.70:80 | utop.umengcloud.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 47.246.137.207:80 | adash.m.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| US | 47.246.137.207:80 | adash.m.taobao.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
/data/data/com.yunti.lfs/databases/tqm.db-journal
| MD5 | 732ba972b6bf73d76c72b6a7102e49ae |
| SHA1 | 95314d1e07ee39c9856f0bd7e38f40dbaa3b3170 |
| SHA256 | 9676db698817be6e619452a421c50631d2071010a3e093ae4fd9a04a466fc7a7 |
| SHA512 | ba1e7471e769ee4eb8e99ebfb22bcbb9ff9f051fa8bd3b0257aa8da47d9dcdfdda4930e23db42c3d7085ffb9569e4e04a24f372439bd571da455732b7ccf345d |
/data/data/com.yunti.lfs/databases/tqm.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yunti.lfs/databases/tqm.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yunti.lfs/databases/tqm.db-wal
| MD5 | 082bc374e0bdea2eb082de8fbff82668 |
| SHA1 | f13426691bc456a534fe48924f768057a3359ba6 |
| SHA256 | 148e07f4745ffb78d9e69066d4ac2e8b1f1f94e29528d3704e53490881e9c2ff |
| SHA512 | 5a1bacc4ed2cbd388bc5b8c9ef036aad6e5135011e564883c7bc07a3aa6a87c91d6af041a71d324df38e1fae55a4305596257d63843bdaafb0d608423408808d |
/storage/emulated/0/Android/data/com.yunti.lfs/cache/uil-images/journal.tmp
| MD5 | f25ee2ec346fbf7df0eb4f684696a07c |
| SHA1 | 0fef4fc5fb245f4f393cb04d66e2a6a019c87a38 |
| SHA256 | c61c1e4e1709b2196354c3701cff9832345d11bd500b8df76911a91b0583cf4c |
| SHA512 | ceb923152478f41a70bc3b74ba5d86f12220da66d290b27af6d1d14cd23eccab2abe67e3334df4b321ea67f350daf678b274afbe37e5155312492f819623e172 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | ca2972a64909d4384bfacbb9a4e8e1a4 |
| SHA1 | c276eb2414bbde31ffa172ba16e66004b3d972ce |
| SHA256 | 2bb860092073cdc7085d54dbbc07939225f3e48a67fe464e0079a0b287b6d472 |
| SHA512 | ee2cb18b7231b099a56f030d8267b3e0a1e496b5609a445622bc26897336ca129656194e294c46fac43e520122a87dcf8d12f756f5399cb49a6c598477046a77 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 109c0318d4996fa584d972aa7e880755 |
| SHA1 | 351d86a52e3297fe22dba213243a7263579b3fde |
| SHA256 | 633cec488dc2106d966b8e56ec727070c14f2e42f4ce2bfc1e1e96ec06801f17 |
| SHA512 | b0564a2588e78375e63e66114176d0bc07991b35234f56f1ddeedd8aeb629acf9699d61cf260823867e9042234ce68af2fbb1391a0f41520a7f999ad85f0d229 |
/data/data/com.yunti.lfs/files/umeng_it.cache
| MD5 | ddfe3a6248531a3403137594e70aee25 |
| SHA1 | 62eb82d132d53af38dfa233314c67495de6518f2 |
| SHA256 | 2c5032abf33bf6537509ed8d8c6c4be0e8c1bac50cf8c1a8a800069d1c64bd76 |
| SHA512 | 01dcef70c092547266fd19f856cd55a140f6231da2bc342b6aded88388b0346fde27227902a648e3dc65395bfaf9b9c2c7d7aafc4a46c5ec7f31d99abfebe1b6 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 6181bc6508725c75f2138fd4b0478a6e |
| SHA1 | 95c5b6bb70c8a0311ef2953bb0e687cca9e514ed |
| SHA256 | 9b256d5c3d9d1598889d50503374aee48d11f94b9e2469bd7c67c730cede2192 |
| SHA512 | ac1238d8f511bffcc7c71517745c61e3e74304718ae87e7716fb64653424f61bfdb00b6558303d8c2fdff3f9f280aa57054b901a67a675638b7926ba91f1bb3f |
/data/data/com.yunti.lfs/files/mobclick_agent_sealed_com.yunti.lfs
| MD5 | 629094ee9c55360c6f2674946283d57c |
| SHA1 | 44a5c498882b2db2d514885b18453179e3733356 |
| SHA256 | 9a3ca543feb26afb1b67a7d90b6130ef93328517b5c039b1729741e04d76d5b9 |
| SHA512 | 4ded15c4cc00c9f0ac95f5071943419a91d9d73d8f7c20ffd0f70c41f7fef63f9fabeffd81c63056e7c088d4b1b743d53eaac5118f58fd99c3d3c56f074729af |