Overview

overview

10

Static

static

10

49ebd14ff2...18.apk

android-9-x86

8

facepp_res....0.apk

android-9-x86

facepp_res....0.apk

android-10-x64

facepp_res....0.apk

android-11-x64

paanydoor_...12.apk

android-9-x86

paanydoor_...12.apk

android-10-x64

paanydoor_...12.apk

android-11-x64

pawifi_res.apk

android-9-x86

pawifi_res.apk

android-10-x64

pawifi_res.apk

android-11-x64

xiaoan_res....0.apk

android-9-x86

xiaoan_res....0.apk

android-10-x64

xiaoan_res....0.apk

android-11-x64

Analysis

  • max time kernel
    177s
  • max time network
    188s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    16-05-2024 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49ebd14ff200105a6476a6c3375fbc70_JaffaCakes118.apk

  • Size

    25.7MB

  • MD5

    49ebd14ff200105a6476a6c3375fbc70

  • SHA1

    61899b47f474266dfd85d66497eba2a56b72c530

  • SHA256

    58520971b8cbb0091fb4f4c1523c844359f5ca53eae3188c64bcf6c44d6a5128

  • SHA512

    802bbcde62369121ddeea29ce5839fb534e8e240aeb0d2da9a6140df7ba0a74c97b54771b864c21f038b229289851669ad5e959b5dd1a10d86f1f16cbb5d6ab6

  • SSDEEP

    393216:SrS/d44UPDcodOJ+l1Q56hx/5EdtEEroSaj5KYCzMgqTjCEhQDnGcLmWeVW:Se+TPDcoccU5+5EdXov5K9zMXCE6njBX

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 2 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.paic.zhifu.wallet.activity
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4323
  • com.paic.zhifu.wallet.activity:remote
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4457

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.paic.zhifu.wallet.activity/databases/wallet_community-wal
    Filesize

    40KB

    MD5

    d1c0c8f3cc0a435bc1514b3c7671eb2e

    SHA1

    a5b1c3cdadf99497fa169d57c5c59c640a9aa572

    SHA256

    b13d95189d0c0d2e40a4f4bcaba8113d9367453445a55bfa3135be6eb05430f7

    SHA512

    48b19b6e7f7dde243f6dd961101113aedaf8ffc623edbbc70f4ba9f72f67f3b2e5d40a53ba587d7d3feeab8b9641a427e4dd68ceafb74a69d3c4d67ee9f6b662

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/.deviceId
    Filesize

    32KB

    MD5

    15f2d4654ce3986532e926f80d17aff1

    SHA1

    aee800a566eaa04cd788b0f001bdfb700c08f558

    SHA256

    0cc4bec87de80df180f9265bb61ee0739e91479edb58ca714d0167ea4f04a790

    SHA512

    4ca935636c3683dd71784b152f510b1de60a8081da16366bbe402f0fcf54ca11a22ccce364f43d6fb3dad496a400a8c8a08fa6360383753c54b85012ef1850ec

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/.yqbMID
    Filesize

    512B

    MD5

    ed54dd0f2fe21603dcf67b80571b9963

    SHA1

    42328508fbfa02ced638260cf1d6bc90e23c0875

    SHA256

    2503243db745ee2f4e6ad8e18bc612adf6ed450d6cca0beb2fe57164818bbce5

    SHA512

    cbe5a20ea6c233518691d956d7fec6857af9493b55a2a4a761d7c2ae14a48eb8c1cffa0ec4ae284eed06d17080658c08cb30b84c602580317b10486506d8a528

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/libcuid.so
    Filesize

    129B

    MD5

    3e9621860cc3fda362f25bbce1ab772d

    SHA1

    468900f3f5841ba5896b825d5816cee74abf03eb

    SHA256

    045d9be5cc9726d319c412b608b719314b7b48f7a769460caac8dcad69d90789

    SHA512

    0856aeb5c958a80672b28f72d9d2ee4b0af329a4f0e1f3a1fc221001edeb01ac06bfda1e293eee11e3656928aca9ec6005ce390f551d20b8b14ce4f82dae5968

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/lldt/firll.dat
    Filesize

    76B

    MD5

    a24e5c406343a8fd55c63e336ce62f6e

    SHA1

    f9cf68eb849ad893656b11e404454ad4c3b29645

    SHA256

    52a6fabfb4f47a88e3ba810c33f031e7c334ed6bf99b389868f7e82a5f56e3b0

    SHA512

    f3c87b4f5c65537f89d44717fae3de7e4ed33a7322a7316d1f4f69e8605a7bfd600e09ff382eb942d6e8c1679a44655b2f2fc0822ac2482cfb42ea17d675b57c

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/log/1715843036853
    Filesize

    32KB

    MD5

    24a8d5e10998fa38e69502792bd89d0f

    SHA1

    0ec59a97409a40fc6e278dc0589e17b2a6ddd7dd

    SHA256

    95f10b61a5008e764914cbef133e8c172c8b2856283fd277c373bafd472629a4

    SHA512

    456deeb74b8e1e2bb53e0071ee53335077710eae120571fe43e1088638924f681c431232fd606b13aacd8bf37897b55dc68674d687d0575fdaeafdf3315a5871

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/log/1715843036853
    Filesize

    52KB

    MD5

    89360e0779c0570d04ef258a4ce47123

    SHA1

    391eb6246ff3ef9c11724c97190a4ef51e063879

    SHA256

    32c33acfddca80a97080990f975bf5b8aa3e3cb8ed2ad1c5df0e63af1a059de7

    SHA512

    0c898a53b1a6200d11a93b496e08f3f0683bb187fe54eafda80ae69c46284253688cdf1dfcd7e1c8fba8e9ecd6bad10ba264f9d15aac5d0edfdd0f4eb537dd53

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/log/1715843069621
    Filesize

    812B

    MD5

    0e97143a9ae63e6d52a9fa01d4a2e093

    SHA1

    4d0bd0c9e9cc405d154f1aa633d3f38198ce19e5

    SHA256

    6e269a679f18f94d6ead5345e8e3ea6af988bc94180f2131838eacdd833c4d2e

    SHA512

    ece201dd6da15195d402dfc43273477a7106a0685170cddb62249a654c35742cacb07e29cc913a7f4a59b39aba6f5d3df31036cf731e4376e1d1680a45e6e34d

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/ofld/ofl.config
    Filesize

    235B

    MD5

    62fc80013ebd510289ea2a73750e09ff

    SHA1

    9dc51d3fa21afb7c095809e2a75777f6428019ee

    SHA256

    e0597b3a1f95eeefbcbc6c4019675545eed9494f95a37dcbd4877ac8b7b1e405

    SHA512

    7a9b8282994c90d54884b790d83878e2ba314491a2271b9532b4d45a8edd20248388e9ac8c30b20c6920f72e0fa10feaedfcbe13ee3e1197dad3f3a3229b241a

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/ofld/ofl_location.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/ofld/ofl_location.db-wal
    Filesize

    48KB

    MD5

    821bcbb259d4955ae2e1f76c8f99ce3e

    SHA1

    722c71f39e285b10cd457add3fea1b6cf76b4c3a

    SHA256

    e1780a154edf99f7de7d9c6439d934be2827f0d1e4312faf3a63a51c78692c3b

    SHA512

    2456eb9b36b1d1f251bd846cb316233f126b3e56e50f7d5b5deefbdf8f51ee203947b413dfb43699f7c3028b4afb223a6f59995fe107d5f0c742824328cd271b

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    56a8941c8455f3093c2e7996e0d1524c

    SHA1

    46e6f77279176c81bf3f95d152a6e7b885db51ed

    SHA256

    d4e9b3d07d1e923f5a0be1fceb62852b05b14b0a8bb11b7a73bed6a5881eb31d

    SHA512

    213c142dd73d830dbb4abba7bde1040820ae8112a8c49fff8c88c523ab589d712d5862073b8a1e6df20432ece759ce26911ca476eef9f65d0d06e9932fc6ef77

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/ofld/ofl_statistics.db-shm
    Filesize

    32KB

    MD5

    0c4ddb53a13d56ea4d3ee61b1af6f393

    SHA1

    33fe84bb495a9625a99421ea64b677acb08a77a9

    SHA256

    e76f2cba63edaec1431395cb3195b4564b3ad0d7aeba1547859122b6057adf7a

    SHA512

    1c412a92df77db0f865c4cb5b67cc356191f9d25f23b905c565a1a24110092a5554d9217e5f78bb2d828ac146cf2426d06e7f37147b64bb2de41125df74c9fb5

    Download Submit

  • /data/data/com.paic.zhifu.wallet.activity/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    fc3b66b93107344ccbff830e4239eaf2

    SHA1

    b5b0fbbe3815955c7fadf1a38e8a146305a2d055

    SHA256

    2dcaf6b94fa605c3b531591d948894678f1d8da76d8b0c8bbeabea423d6c76a7

    SHA512

    0455e099fa12e92c372d919dbef72ec14c97576faecde7e07dde6304bbe03a556646f774d45121fad2398c83b3af924ce514502820c8bdad413b6910aab9850d

    Download Submit

  • /storage/emulated/0/.deviceId
    Filesize

    512B

    MD5

    2233ac7348ec6ae6d2430b1cd421eccb

    SHA1

    fea53670303c935660b4bb41d87e74338d9178fc

    SHA256

    95065bfa69a88fc10d9fa0da68707e10f244859d718e2c0e6006270d914ce0d2

    SHA512

    861e54c99292769b390d5b07ce4a1a21d682b95bde4adc904a04c2c0f83f66e8c08b58d561c21114cff78d6aa8b7cdc30f0ea1229bd5f9fa3eaa388d5f806d54

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/conlts.dat
    Filesize

    167B

    MD5

    e52e8d1e0b349105950518d0d4f40015

    SHA1

    807c529c279c7e408aef6a3db0f1eed155b849e5

    SHA256

    dfd3705029b0daaf80c87b3e30b1307926aa4bb026e13c27bd6736f943df68a2

    SHA512

    35871d12302c715bbca046041a75df0e9be01efe5aeb065fdb05a23a1e599809111d2bb8b766f8821fe7bf17b4374b99d1f82204bcba7a490253d65405329172

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/llg.dat
    Filesize

    482B

    MD5

    82ea7a44db6a7a7a8e4f9a06d04a5d09

    SHA1

    c4e7660637e351d5585d48cda56aab5420d5bc91

    SHA256

    4bad7be8177ea841882b68cbf7824d6fd7ff2795c3a57c329709b28defc0df1d

    SHA512

    484f24dcc95509f45744f8851e3b3c3ddfa18d1e05aa82272f6f20e0bf397941f70f0bdb8366142874bf7b11cac2a7adc95f27a16040804d854a902d3a7d3046

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/llg.dat
    Filesize

    1KB

    MD5

    dd97dffdd2be4b647f1458f7f31bdeed

    SHA1

    b9604f6cd666067a14c6fac80342e64fb8b76e41

    SHA256

    3d76d973675ba1629000327ddf9a660d1273910437e903c8dd61ed8267205e01

    SHA512

    3a292da0c0684bf834c7e225086113556495a1e30b48ebcbf357cf5702f1987ec3b73e882ef2fd0fd0a8d27e47ce9517c245a3c9ce5d7932c36b9281b510d521

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/llg.dat
    Filesize

    2KB

    MD5

    f66b3fa6c4fedf186f2d47498eeeb11b

    SHA1

    5ed9c93318873ffa6d56fcaa17b6cb98101f338c

    SHA256

    e8f99daea15eded00f00b06a4e7928d04bc93a15088065f4b4b99433b9149376

    SHA512

    b90662548d4b99494d1fb9b05466d11e60350cfea23392c7734b3e23a7906ed79798245c286ac674991105cc812d43d7248171f6039f7bca5b1132129b36672d

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/Android/data/com.paic.zhifu.wallet.activity/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit

  • /storage/emulated/0/backups/.SystemConfig/.cuid
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /storage/emulated/0/backups/.SystemConfig/.cuid2
    Filesize

    512B

    MD5

    49693cf701053c185cacc6d303c6d273

    SHA1

    578c13626d40056bb21cf903e1c0af5497ec7bd3

    SHA256

    e97068776fa1cb987305761c6eb7538a6117e3a365bcd07696412ab4ea9a51b8

    SHA512

    83587ab6ff0d0981cd5264ca06d23011138f575e59cc24d1dd1b83c15299600c5ac3241f0b686e49a3a041cef55249bd1abf936db39206df1b821abaddf840c0

    Download Submit

  • /storage/emulated/0/baidu/.cuid
    Filesize

    89B

    MD5

    8f4031084dd0163cdeb6721bb5826658

    SHA1

    0eac2a85951922f2a2c788e482eb29f63b803975

    SHA256

    19e174e42f76a54059df3c1a4ef131293ab230a9e6ee85f2595d6296d65fe36a

    SHA512

    88d3be2bdae7485e23e79b013ead095bd5149fa780dc800488843abf1cf5f8128e464870c8b240cc986b2d2fd2044e65c51cac8d89c2c14e6cd578eb78b334f8

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    e053826ae68c8c5da88a66411abadad2

    SHA1

    db7deebde33949e6ecc647987e918b458994f2cc

    SHA256

    b83d9e70747c78a8f2994643c2b4da76a4afbdb01fda3bdf80abccc1cd6df53d

    SHA512

    485b2ec6b2fec4b8b8a282d8ba0879a16882775846d13c248bb7d909b2c94d60d88c0fee00f5d2addb9d8826df56d8a7bf78b444a4166843a60efc978db0ae33

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    7eadaa2d9ae077014a4f478046a21d98

    SHA1

    3d16f14ad588969a4c9f6f2a91a0e15d166520b6

    SHA256

    e59f152aab88945b1f247d1b0690b0fa38b73c2f30ea18b947a43cd552314449

    SHA512

    e66fda80ea9ade2c7fbd007b7c8faa077077378185184f8aa5d1ed1ea99284fe1957161d326fea943c743893b5e270062aeb72ce559be3909662e79d6f20872e

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db
    Filesize

    28KB

    MD5

    0d3e99204c6401ea499fe9e6d9855497

    SHA1

    09829f00ca458eab7374d5079393a2cd69a2348a

    SHA256

    63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

    SHA512

    8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

    Download Submit