Overview

overview

10

Static

static

10

47c3afe0e6...18.apk

android-9-x86

8

UPPayPluginExPro.apk

android-9-x86

1

UPPayPluginExPro.apk

android-10-x64

1

Analysis

  • max time kernel
    61s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    15-05-2024 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118.apk

  • Size

    7.2MB

  • MD5

    47c3afe0e694eb4d16fa8a16f8e98a1b

  • SHA1

    a321504d96043583c15ab12f6d185aa4658b334a

  • SHA256

    e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1

  • SHA512

    f3adf8c38f691f7f36522f38282d5df098d646691cd47c1f30c700595599dcfc2a0c0aaabb6ca86a8525d86da594636e6696ada6a5a457226a14da4a5a4916d0

  • SSDEEP

    196608:vZ0CCV27+Ps5LxIKQ7wCgWOwrvKCiI8M6sow2:vOCC65nCbOwrvKzA6sow2

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.yixin.itoumi
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4281
  • com.yixin.itoumi:pushservice
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4333

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase
    Filesize

    32KB

    MD5

    a778e9ab360274d37ddbb41d47a8a6d7

    SHA1

    9f8ab96ed56b106d915900af413f483fe726f263

    SHA256

    2383804b3a6e39e92e4e29f7d1c4229e2ab5b05b0453bb3af4cd8f30bc757730

    SHA512

    3690c6e8a8515a213cdc692424a3dcf1c314f2398cf2800c79a847f43814d411fdb53c4b45b811d9bb50a4e97e7b8ad141d560ac90c780e3888fb832f499a396

    Download Submit

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase-journal
    Filesize

    512B

    MD5

    986949b16e79c03b01811542903a05b1

    SHA1

    38db64670ee5066995421fe13017facc1e4d43f7

    SHA256

    71beb41cc3654195b362706bec3780b1856823de7fae1940c7f4232e199ef4fa

    SHA512

    09b49ed5b60a7ff6366331a1ca51d88137c99ad64714e913a2023521d63bb1fd69ab85e69b07c247ae6cc3657901409db0b7ab842b00dc2962659a94df95211e

    Download Submit

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase-shm
    Filesize

    28KB

    MD5

    c8d8dc8ae32ff714bfbf4f2a96d8a03f

    SHA1

    1cf1317d5bd2d62beb91d1cf3e92bd88a213d295

    SHA256

    57ee45cb8a7972bde17b631a9d08d3d595cdfad773167f6e210563e7b79acc15

    SHA512

    4b964e656939bb049117b358d613a35108f1c2de482fadec2136f814ba4918d02fa3c3aeae419ef0bcc1067b115957ab4d5c0849a553e2cac8f8b3d9af161bac

    Download Submit

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase-wal
    Filesize

    32KB

    MD5

    e3ca11d20b3643eb9b9b52d37c6e072c

    SHA1

    4ae841659888fd6bf2d9e7fe11b23d0bd1c1f36d

    SHA256

    a7b3229293fff02dcdd1495fe78ffa1afdd369aa0decc11821049a5238a591fb

    SHA512

    ec8f92ca40342209afaa28270865f848cd67e5af51594478d8b7557606fe9f148e10f1f00534536278d9c330bedce60efc10cfbb7aaa02725df4553034c844ab

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db
    Filesize

    32KB

    MD5

    bb3bb0c240d5c013df50a2a0834da4bf

    SHA1

    ea18e7ec3e0dbfb5357ff72a1980576bdeb7b412

    SHA256

    562bfd98ac33f74d4c58e09bd413e9d86363bfa11e46b402fd4e2ef9d910ef78

    SHA512

    28d5984816e4dfc146ce6cf33e14579dd8f97bc8f827a843c2890d0b9abc9b92a2e3c5e8516346f85ab3593b6318b3a03a4a9e76216b2a45cc4b118efee0ffba

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db
    Filesize

    32KB

    MD5

    0fcb31920c258bcb52a89d3acddf2d4a

    SHA1

    dd764d611e087ef4e43f0a5cd3f3be85e062eb17

    SHA256

    b455bb6d9ca4b802054f6f1e72d66184b37897ba60a1e5b5de456454ddd07828

    SHA512

    009f5d30aedf58e5c88835cee9a6b87a073660627beda8a09070eeb9139be05f78d11677ce31152f57a988ff132a469d9231140fea3f4c7cb078d39fa55509a3

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-journal
    Filesize

    512B

    MD5

    615b0fc21371efbafe8d3d2a8a125a2d

    SHA1

    51e212d78e3b9dcba0b4b045564842e9098bffe7

    SHA256

    e36a3653b67ed9c27729ebc162b7cdfd13cd86a992dae3b116582e0709a58c24

    SHA512

    50249faa203688b810e64c98eb2faccec5f9c11384c54797edebbb030069195d5e6cdd777d17d7493d1569640d67fe2ac7c4411199363ca8449dbbeb3a7a43d5

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-shm
    Filesize

    28KB

    MD5

    871ba67d8934945e4772d3050283a2f9

    SHA1

    e09107bd0ee073121db99fbb1a5e99e1981c2381

    SHA256

    6f1488d5668791a6908de7eb67089802e428a039e5ac4a281bb413496c8e9b15

    SHA512

    d5ecd1cf0aa42a4617c85ee12004d31eb3fa3f8af83cf3c41f96f85215f951008f3c8252642e72b36631ffe4473317e2f2df9298c6b807b8ffb7942f95e54721

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-wal
    Filesize

    16KB

    MD5

    0bf95f58bf1831a9a894688caa7305c7

    SHA1

    efa75c4c0480c251667c508cce87c4e24e2ec257

    SHA256

    7125662a4169fd5e999661f1dea0f1d494c3729cc4393f6a0dff988a2b2fae1c

    SHA512

    8814b5cce75ae66e1d9bbf8a2f69e18fc8ed7f8fa92e6067e770c007a3d369fcabd247e7451e51db1567ab725a4f75fe401ecec334ebc94c0894202c8f143c51

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-wal
    Filesize

    72KB

    MD5

    b933e83cd5c9c8560f4494586842b12a

    SHA1

    0a837a2f0353e649b85518aad0f0eaafe43a484b

    SHA256

    507d44c0116e63bea67778bc9bf81833fa3d6367ffb7edc3ededa9ee3dbc333e

    SHA512

    8435d764814022280b2bca23ffe9f521db77a66283abc9a5c294a04bd375efc883cbdbd6c5519957b6c112d931c0c529bf50832e61e03bb78579f8d6f4871666

    Download Submit

  • /storage/emulated/0/baidu/.cuid
    Filesize

    89B

    MD5

    13cf394284aed71dd78263cdfc33b743

    SHA1

    ff2e365a1ccf8667af735ff6d180b24550382a25

    SHA256

    39194a049495dcf777cdbb8d3d41644f8bfa6da4f837d96acde1bfcba076dd4d

    SHA512

    81a5bf74f06604cd70990638846085f0a9d218b209cb6069fff5788874c65cdf788aaaceb351c3a25a42880f8e187fc822a1be55c3f75901d153aab4b5d3794e

    Download Submit