Analysis

  • max time kernel
    10s
  • max time network
    130s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    17/05/2024, 16:34

General

  • Target

    506e85b313fb0d877dd04da828eb4cf8_JaffaCakes118.apk

  • Size

    26.3MB

  • MD5

    506e85b313fb0d877dd04da828eb4cf8

  • SHA1

    ce401ae498209022de141084c314ad03b215d51f

  • SHA256

    caa17050e6a5557edfebbf8305e905cfb4230f2dbb80dd861824f2e2d76f8b11

  • SHA512

    3988ecd5adb5d467d31d51b43f408c0a43e563eb821c8530fbc25d480513952b9144c26e256c05e4c1c5e24fac54912b76c2004a7a7b02bd109013f328cd8ca9

  • SSDEEP

    786432:9FFQCTJtlxS1BVqD6z+JAHl8wd8KxOGW0gdX8R:98CNtlU1e6RHeJ0QsR

Malware Config

Signatures

Processes

  • com.bdtl.weplus
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5191

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /apex/com.android.runtime/javalib/core-oj.jar

          Filesize

          4.7MB

          MD5

          7e343cbc45b618d05182d74bd61826b2

          SHA1

          02ee96263b3b967e570e8ddb1fa36cb21032b71b

          SHA256

          324b5af2ec2d78bb57b1552f429af51ac8d65f7fa277217ae8d4371ab14178d1

          SHA512

          48cbd8a5b246cf9d6ec16558ab12af131439837094c63a64046de384da933593459fb1aec126393bbe3b2b8ca19437f38b68364c9f158023a7b1a35e6901c705

        • /data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

          Filesize

          412B

          MD5

          194bca6278a1df7a517c4cc2fef0225f

          SHA1

          cccec300d0a011580f4d69518e0a55a103992a3d

          SHA256

          3838fb934c6a1fbe16c7e59ce6f9ac4e4650a6f1d62b09cc2b69391f02912256

          SHA512

          9663a0eddcff4c5c6abce5e2461f78de6588d6da7feb18246f9b9617fa717b57f6eff787294c5851e741311fceda1f6551cf727012c1006cb6e499652c83f2d1

        • /data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

          Filesize

          412B

          MD5

          7fa17faa4b38aa93673531f4d4e64fd9

          SHA1

          b8bed3bd6cdce47b214207771d4181db77eb2bbf

          SHA256

          5d6cff27f503fdcbc08041d321a0a8a3f94310d2d75954f9c330363c480b2c34

          SHA512

          6e2d9f63b39c30a435e5c41e71c8d435291bf0a54904aaf79d3f05e2d0ae5876d92836336b7c8e3c8536efcce3c3e2903675694ba077361605c5b82b97d45f5d

        • /data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

          Filesize

          412B

          MD5

          a67cfebfe021f6475d04007088bdc544

          SHA1

          1864397f8037187f0f81439e92e49bae46718d54

          SHA256

          4aec52e3b197a98fb5f8d0dd62d01dfe7a41eb5f7a2b27199f759ad19ff608bb

          SHA512

          75eecd048a50d959fefe9901aaf5e53433d7c7ef80afa86a283f8aa00aed4bb86b1a4961f28cb5a11c9559f27b00f89ffe2e53736ae75a46ec23106c281c3ff9

        • /data/data/com.bdtl.weplus/cache/CommandCache/1d6d1e03e94f68c105bf0d5feb6a107e

          Filesize

          1KB

          MD5

          2a873da5bc5898fe4ea2d8008f054555

          SHA1

          d26be1204376bdd7ad261ff06aa0e64afa67a7f2

          SHA256

          ecf74b12dd32548f98d4aea7f24daca7b491a6b4aeb6254be470beaa0ca0a034

          SHA512

          7d5306063dab8b91c0d2b65537c8e8e1f97f7363b8e84b53268802962908db0471f5e001a1324ff81e290c0584df86f7bfff539d5b12258a87c5fcfcf9a33bee

        • /data/data/com.bdtl.weplus/cache/CommandCache/e1978f5f3c01d60930138d24afdcef2c

          Filesize

          986B

          MD5

          fd624ae8dd84be9f6b818e756ce70d52

          SHA1

          ada996d4272bdc748759322524f3ea086c47ef7e

          SHA256

          247a93bb11239d6842d4d371976d846e52d2e64a015a9bd658d9bc42705f5b44

          SHA512

          260ba1a77d7883e60a2cb68484c974038ff47e60ca589a16722033f5d6b423487e67cc8b53f93fd9ed73c94ec7ce2a15bb12c0b30a17b18baba5d70eda77c94e

        • /data/data/com.bdtl.weplus/databases/growing.db

          Filesize

          20KB

          MD5

          df6b4905107307759ceb28f3995bdd7b

          SHA1

          c869910800160c806df7720afa099010bcce4342

          SHA256

          7c60d5bfed504f755f1733d0122d5412e43aba79cfd933d8bffa7e4bda43d1c1

          SHA512

          b7c5ccb8a74aad0e386b10b20304e690dbca7197a8ec71d0ca9db9a9e3b94e6889cc8cf26ca4799d74435fa1e4a573349076bf68253b28aa600ea92f243dce93

        • /data/data/com.bdtl.weplus/databases/growing.db-journal

          Filesize

          512B

          MD5

          b0a13eeb7d4f6f39b895cc0aaddaf50e

          SHA1

          a7556ab90ab78e113d89d4bc840f48f7a2f7edb8

          SHA256

          21a31bbf79ea6f097be6ba1ebad4450e7c4acc14583bd585275be4aa280e5a4d

          SHA512

          946bff13a090567d1a7b6e707a2ae7683acb0e7c3e93bc841beda5f8fc77567f4847f825023b42c3ed5954843418841a870b529984070147c509a057ab9a00a7

        • /data/data/com.bdtl.weplus/databases/growing.db-journal

          Filesize

          8KB

          MD5

          82a2c8d249a13f87789470c77e438e4c

          SHA1

          a8c114f4b597555474b080ea94437931634ea86b

          SHA256

          d599fa4eecea1e3995650a9407ac01203e828a6ab2763b5b9dbf662047acaff4

          SHA512

          bb6f4ed95a76a6d7008bc0ce0dab52512db48394b6db0b6d001e5897d52786d0b9663137df5ea595c5a14061ee037beffc548550b9470dd63b24f96b91dfcaeb

        • /data/data/com.bdtl.weplus/databases/growing.db-journal

          Filesize

          8KB

          MD5

          361f21530b2ed55905294aa4dd81ca7f

          SHA1

          5bdb999e046a0f040b9397fd1b6cbbda8cd0ba15

          SHA256

          4dccae2c3d12d15f9a95155a6f876c83b72147b4619065011af1c07a0a72be27

          SHA512

          bf03eee57c32787e0e3a715266ed7488e83d102fc78ea543f80617bc3e5e44f2de1e68356b399ebe09337d55607d59b250e9af45603aeccb1619207dbeb6fc95

        • /data/data/com.bdtl.weplus/databases/growing.db-journal

          Filesize

          12KB

          MD5

          1dc6a8cd22b26f6ba91eb66fdf0c0ba8

          SHA1

          706a2df9f77c74712c5916d930756e63105115a7

          SHA256

          5679721b3d74a7d8dbfc2cba6cd729a85ea7f1efb3601c5672c3603a45abafba

          SHA512

          5345edbb2daba6152aa69a6d8c645f38c428aba6c14b4bbaf8903f3f0fcb85476d385a13a9f7509e11d0c5ac7f2a76e6de60ff4d1b8852ab968d933e7bab96bc

        • /data/data/com.bdtl.weplus/databases/growing.db-journal

          Filesize

          12KB

          MD5

          46e9f2ec8e7f18dc9323f803a0a55c96

          SHA1

          6b29f763f3a75d7de7abc5906906ea036c2cdaf5

          SHA256

          ba3d53e333336e7ee0bf368599afeb8450a1b703738e7a518b6c8316ea67cec2

          SHA512

          3f1557650f5efa7ba2f222cca1599b5284a3bf37c2ac46dd75389e375d2d22f030c719582be478aff8bf3cd42fc9e432abfff8cfcb05d6aa565c3b4faeb9127f

        • /data/data/com.bdtl.weplus/databases/ua.db

          Filesize

          36KB

          MD5

          77f6f6be19611801bad8d1315a2ac585

          SHA1

          ba142ede5184a5492cb2286f8082761d0c37190b

          SHA256

          27c04a0dba9f2cc43aeb7bd6e375cc05009e0a0f569fe8b436a296c82a316be7

          SHA512

          a1b7e655d8d421c98acf5e5a74548b9142abf15b392fc6205b547f214fe0216ea3aa5203a8463310b25d0c6d4ba1732746da6ec7393496a54f262c0c5116c866

        • /data/data/com.bdtl.weplus/databases/ua.db-journal

          Filesize

          512B

          MD5

          7e9c6912d8292cdcc063849a27453643

          SHA1

          fa9ca6588b7069c87d5b76156566afc18b766fdc

          SHA256

          a40491cfedd3f11c02f34ab9e95ddfeb9e06c6627c76178342107e331c050edb

          SHA512

          9ef897de332141e84fde28e7595be1e1d4e4b1c36e6155f7118c6e4282c355ec288f91a11cd08d781aec2712fa2f14a9f0594ae33dba303f7d4ef79cc27a78a1

        • /data/data/com.bdtl.weplus/databases/ua.db-journal

          Filesize

          8KB

          MD5

          56796505fea45fc840f00c14d27a449f

          SHA1

          66246f7502ff6b91d0dd1376f690ea3a0f0330b6

          SHA256

          5bb9f9783abe2e25c89d4662a1d85ef85d862282868055bd17fb2354b0b70b61

          SHA512

          8689fce8ead0e21faeb4563a3a3da0d0313ce765ff9310487c3993ddd9355d2fbacb30b062739d0e9e9bca12658a01947686dda6d15057c32c5f2151d160e05e

        • /data/data/com.bdtl.weplus/databases/ua.db-journal

          Filesize

          8KB

          MD5

          0317a76b140ff967ae046d34f4b75c0a

          SHA1

          3afa300e179c04c5ffae2f5940f72955cf0d8337

          SHA256

          de2e61948136174320a9b370201213b9eaa5d8d531ff3594c4f8d6b9f764716c

          SHA512

          d28c3ed89b4b5db01fc052163ca468810283f94cabf5e61a51bb89a66eae4bcf6480566a025db1a94cda6a3167e931bebfd240d60c0a6e16a4a9c9172b9181c7

        • /data/data/com.bdtl.weplus/databases/ua.db-journal

          Filesize

          12KB

          MD5

          6b1751d759e937c12e92b620302d74b0

          SHA1

          70efd624c44a3786d3b29548879ab6e66fabfb0d

          SHA256

          029023dbc0b7dc4f5b572fa1cda47b1581cc7225f0bad1e7ed59c7d774d79862

          SHA512

          52e0292b10f7642aa4b6e9aedab71f1f71fb9fc3c77211c40f3f1b52bfd84d09e7342c8592fa7d2594e5e858f57c737c7638d7f2a52e52fff5f1a5b702759037

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142BeginSession.cls_temp

          Filesize

          79B

          MD5

          509944babaeb74570dbec09ef6f84a8b

          SHA1

          f4fbb9769adead94ff655a8c0687aa062d1e390c

          SHA256

          2efab637e91cb630e91fd4b58de923d8c7aee6a4fbe3c06282387202b69d79e0

          SHA512

          e92b1e787f8897649a0844e4a1899a8bb315e94f906094ce739d3f322b52d4d91063af9f677201a0b1ca1129c96fa6157d8fff88ff44d72d00db8dcaf3e5338e

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionApp.cls_temp

          Filesize

          117B

          MD5

          58781225e2979ad97935ab7d68bd7ffa

          SHA1

          e25057ff26eb12d6c3a37868e4dca7794a9a3256

          SHA256

          3ff5c9b21b4a0ddac58a87568af5edbeabcf65126f088dfdb29d6c87b504d528

          SHA512

          77528de986c76f7a45a9612fd3c060882f5ecef2ad9bf930f97fb3e4a19b7fd27ec1f9c07cc2926f20974a461193b7a772e524fa6ced53e919de652d846be7c1

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionCrash.cls_temp

          Filesize

          60KB

          MD5

          aaed027ebab47a9b89a720b509187b31

          SHA1

          cab055d54602c8afb5e5129e37e530fbc4445671

          SHA256

          24da5ddf7fa1681fa4c4e88298c560270a2e49a769eeca8774cc9f527ace45c8

          SHA512

          c0ab928f8d5a0956233461160a108a40f4bb1ad244890508a53a807f6c3bd6550e3a23a95e0c0975c76d784c84ce03e72fe8e16fa726009a66f8887fee333b64

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionDevice.cls_temp

          Filesize

          88B

          MD5

          7c68943e93443b3cfe947ba19e44a054

          SHA1

          470d054144c83dafe48f5521fc34dfd99b173723

          SHA256

          65c59f10b489b4254a5a1d5a96d376761683f8d351de282ae59f6aafb48067b2

          SHA512

          d76d812d8f9095dbb98f66de3389dab6bdc815060123ad6cb13c6132cccb251f39430dee14fbadf949c8b0c74215a73660d46fa658dbbeb2f912a3567dafe4dc

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionOS.cls_temp

          Filesize

          15B

          MD5

          2566d27ce8c28d8961f082c375d7535e

          SHA1

          92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

          SHA256

          5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

          SHA512

          1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647871C024F-0002-1447-AD218D90B142BeginSession.cls_temp

          Filesize

          79B

          MD5

          b8d249f2c7d2db0a1c07cd72d1a22e76

          SHA1

          5b4a4a522810dc7606c087fd83c585f620a00532

          SHA256

          4d1da459d7019971045a7f5b1960cdbc7c4ef9303fafb2d0fed1f5ede3441159

          SHA512

          d87be1e2399bb67790171069a9532d911aac58b76263849aa050822de37f520db4852c4b2904d15677da7a300e5aadfdc05228462d8a49eb88749c8589ec43c9

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

          Filesize

          424B

          MD5

          77b8f6add35c3aeaaf2b8683d99673a6

          SHA1

          b38590f29c97d6e7b0a6bc226a0445de9eb1317f

          SHA256

          24973d2eb4fedb5d6b00b210911d5a4fc7c2f6525372980db09bc48c14be5174

          SHA512

          a7b215ea773911422614d9aed0b70672427e212c7f8152e76ecbf3b40d9807f5d7b37e87822145090dc862af9694bf4f2a4363f5e56c0177f5505fa6e5f8881c

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

          Filesize

          2KB

          MD5

          71e9cbc44f7aba03743f62fdcaaa658b

          SHA1

          e8d2c8b1765b2605327e2e4af6508e93b139b511

          SHA256

          234856f8f8d2f6d646b9744b35dbaaf07ab80693134f9dd86a8bd87b4b039686

          SHA512

          0fab10a4b43f25efda4e5f7fe20cce0e17e34eead1d7146142ecc51abeed1ddbe5ecc5c3b2b15d166309e731e3a30e109b20390177fa3f82f759337c586ebceb

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

          Filesize

          16B

          MD5

          c33583fae4e0b61cde1c5b9227963237

          SHA1

          fe2ebe4d27469af1460f7e852031a04208ef629b

          SHA256

          35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

          SHA512

          fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

        • /data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_170d4b2c-4c2e-4a52-936c-8eb02a4b3e42_1715963670944.tap

          Filesize

          345B

          MD5

          b166d5882e6ab5f07c6c46c4509398e2

          SHA1

          d69b5819ef77da447d284f0fbb19f0ebafab4b32

          SHA256

          d4763d543d6ade6b7505f7512a66f4801dea92533db718173e2d1a5abff6a593

          SHA512

          c24330fccb0d7e228be2ba8eb0d69d1c72616c6ed2bf1fb06ecdb7cdfce484355c7796ad69ac87e450e48a1a2275b5f08aa3dbce4be6edd0a699b7b45c8b0f48

        • /data/data/com.bdtl.weplus/files/installation

          Filesize

          446B

          MD5

          56a673921e8dc9375303b5918cb16158

          SHA1

          0d1111c558e274d3429b72e9159bb6e8bfbf4d1e

          SHA256

          68b8537c342fa1dd1aa8773275f96477be0fe5ff82716f956c170e0ae2287ab1

          SHA512

          baf40b6c2c942345d18617f184410ca62c0b0244b675aa203088946c77b5315d10355952605fbc9dbf87563dab676484aa281362ca7471296325ebc59275f034

        • /data/data/com.bdtl.weplus/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTYzNjcyNjUz

          Filesize

          1KB

          MD5

          89e7997172b3ebf7420432a99d247d69

          SHA1

          23632816f514e94beb2f1ffcaf7b999ab1b79385

          SHA256

          eaaa035d64e4d89fa5187c052f91b5341d93af8e201d085eafdcf9775c886ae9

          SHA512

          616f7a79df50c2569cbb582ed06714c96d193e985d568cbaf6653bb82ac9d8a74317972894c496fa56034c4268d234eb2486f262cdc64e5c7153b2a75af86970

        • /data/data/com.bdtl.weplus/files/umeng_it.cache

          Filesize

          433B

          MD5

          7256d567c2fdbe444694861bb77ab98a

          SHA1

          5618c17237517ba76962881f908ffeb7de92dcf4

          SHA256

          77f145887d6797482f7fa27b38836888536e2b94ec67a4e3458840f6fcf6c889

          SHA512

          191d5b9ec46973913edf5395f8be4f1646d6d626a2812ae5b79647432ca486a9abb39023680ba857255f76f34edd5e4eb1ec0c234119a078822ffbd830a61a88

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          213B

          MD5

          28def7f6e7fcfc50a44a5c2c7e06d43f

          SHA1

          3029964076c2a15349202d1fcff32dd6fbd08df8

          SHA256

          51b10d7c905180c02f746017967108902e99112724e73c9f4d6ddd69676d831f

          SHA512

          06456d44593d32b512e27d9671a8b0e7c4cfe51d0427daccd0ec50055bb3f75d5a9ed26e10572fcc8ad5a6dd4c64cf4050d2954fee17ef524049595970e51759

        • /storage/emulated/0/.DataStorage/ContextData.xml

          Filesize

          111B

          MD5

          19a4bb5a75f97837c3b6ccb4a18fd62a

          SHA1

          36d60e7ac29837db9c0847cae3878c329a524e71

          SHA256

          fee213cdb080015a149078a3aaeb60b01a8999ad49a8695bf29a9b07592289b4

          SHA512

          e8da7e1c0cc79364ab039590936c654e8abf8bc76701de856201c79c75ca5eff360bacdb318572332c6ee6d452407aaa9c58e550fbf3a7f4060b70e424d1076c

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          111B

          MD5

          1b61e38686a784be7439e62d36ccde8e

          SHA1

          83fddfda04bc5db2ed9806dd4e3b720d28d4a4dc

          SHA256

          6fe13552f87518b8f92ce8a0dbb9bc02cc29b5997087ab578a585e138f47c954

          SHA512

          983e4842b815c13c4a17ef93028bcea44f570222cead5bd45bd1570eda8692c364a1e169081beb708039d78fe4b826966ea81a4f87e63d1dd47159f52a23fea2

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

          Filesize

          167B

          MD5

          5da4fa5e41e12f06f1a820b8f984e04d

          SHA1

          74ec13a53e66b32f041da6848bbd0d3ddb296a76

          SHA256

          410242757fb1451177ec7f2723cb7499f81ad4bdee873d7aaf8a14d7d5ace55c

          SHA512

          cf78dfda3a4f35a4e2d55d9b4704c157919909ceb680c3234fd0247193d82e36e2de90ef49b182212ced2a8933147e386d327e46ac6babd2022c6d7265713875

        • /storage/emulated/0/Android/data/leancloud/dontpanic.cp

          Filesize

          24B

          MD5

          a78c3fa5324fac4f1514d081e1740abe

          SHA1

          935d66367d2d03cd1eed90f2b793e3f3ac03f592

          SHA256

          9a862e3a91d9692e7f78bf957c9ed963ebe111a6c434c92082fad8ad676d50da

          SHA512

          cf58d0aef5873e26f0ce8b72a95e81f3d356e93779b96b1834837adff66316076df3d20bb0e77e9bd0f71fcb41dcd434cf19852c9722e654fe7841de0885ff7b