Analysis

  • max time kernel
    145s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 08:08

General

  • Target

    53c27edef2d5a91f4358915d14466a7c_JaffaCakes118.apk

  • Size

    12.5MB

  • MD5

    53c27edef2d5a91f4358915d14466a7c

  • SHA1

    52f64bc1e315780c8d740349efe2c78a3db376b3

  • SHA256

    f5175f479eb2b9eb87b8475fc0d818a13798aa08b4fb215b7e9f265d4e750bff

  • SHA512

    6464fe991e25fd37aabf2a0b04195537c86b9a9d94731537944e128855e0c9f09f4fe376670c276b83984410f8723dbde9711eccf5f05d7a6a3c8e27a9b2f7e5

  • SSDEEP

    196608:5ofoeRTKdxltqsIWj/bwzR7w8W1QDhaYAuyUWP5z1nOsrX9inNODtoI10:Aodrzw28WJzxxz1nnX+80

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks the presence of a debugger
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.tuniu.app.ui
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4271
  • com.tuniu.app.ui:bdservice_v1
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4365

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.tuniu.app.ui/databases/alarms.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.tuniu.app.ui/databases/alarms.db-journal

          Filesize

          512B

          MD5

          4122d1369df6168cd252280c5bb44eb5

          SHA1

          a3a9ebbfc92029758a57f643350aab66d4fb8acd

          SHA256

          f66b5cc621d2bb89538fdba7e1f517c82a5f1ad96278ea7261ad370a0bed3c0e

          SHA512

          7fbb6e8f733d153c4badc36922632248e356fb5a50492afad5a4da4413b0af0d0fcceacb4c8ab80a8be2da7f3a7d386b78f48435797c211b37094f328480f66b

        • /data/data/com.tuniu.app.ui/databases/alarms.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.tuniu.app.ui/databases/alarms.db-wal

          Filesize

          28KB

          MD5

          0cf76064f833a1e944cef2d550dca787

          SHA1

          ef2d79044a4a4e55cd80cd169e877de00af071c6

          SHA256

          1f5288f04b5f8af861f3fb535a873ea3f82fb709e29c4374ff5d79e8fe809bef

          SHA512

          1e5917ad105dbeb3673f6946145106f0640b59fdcc19a4fe9090ef5bd2ce840023e7cbc3de35fcb5241e2d15b7185ed469959a4d701d7cb87a7b978434685af5

        • /data/data/com.tuniu.app.ui/databases/groupchat.db

          Filesize

          72KB

          MD5

          4d56559138ee97f532d4ee1174277c45

          SHA1

          6907f856647f272c3f5712751e5e6c4e502280bf

          SHA256

          cedf3380bcdcff739afc930e84c4af2da56f206c504d9ce5376240fe154ca392

          SHA512

          8bc73e7bfd35799e74f5a8a61cdd7cbcf24378df5144b107a174b643c37ac491b7726de3ab494f99ce6c67449027b576d33efba355d085acab8b58402fb68597

        • /data/data/com.tuniu.app.ui/databases/groupchat.db-journal

          Filesize

          512B

          MD5

          547c8ef3fde3106fb4cb97abd3d20afa

          SHA1

          0dbe2c7a2534145b696e9604e18d225ad0e880a1

          SHA256

          6f7b78f367be889cccb42aba800048c62073a00b4b3e141edb187483d5cabd10

          SHA512

          89520e23883f503d13f924751b2c7ba21a416a69235fe09a621e850476002503c12d862663a6b722b40388e64bc62a1dcae9cbfe48ebc7d0d34b755123a9bf64

        • /data/data/com.tuniu.app.ui/databases/groupchat.db-wal

          Filesize

          84KB

          MD5

          c8505ff84f988124a044df134ee718d0

          SHA1

          cfd9e5d311b72c47e08d618ef74dd7233e947b23

          SHA256

          3d71212193b79b6c9df6cba0a5f500a42fc67f5d8822cee0a502bdd8dbf3cd1e

          SHA512

          634169729f03390fa873e0d31ec0909f36a621e80c47992a8a5284bfaa4ee522a17bfb3e2aa48812f2fa51c3a59e48a49993573ec987ebed45e0e7630ded4be7

        • /data/data/com.tuniu.app.ui/databases/moplus_server_config.db-journal

          Filesize

          512B

          MD5

          6baa1cab05e50a0855d33acd70464d47

          SHA1

          5b835780278c772ef414b16f301e9224e09edf5d

          SHA256

          6c14c309c00309fa71a34d53d3d3316f50450fe2e58424ebece1e14b31638137

          SHA512

          9343b34a734f95fc7c64006c17879d4e536da5763f1c9bd0fef587671c07f73060e3da8a3ae0bbb26af38b5d695ad45734a79003fac37f17496306984a611b04

        • /data/data/com.tuniu.app.ui/databases/moplus_server_config.db-wal

          Filesize

          28KB

          MD5

          cfcf406080867166dac8a47346f16b42

          SHA1

          22fb2a7e120ea8bec7aa59a6ab823ad2c767c2cc

          SHA256

          dd2125d7d21b7b1b5c80881b33c6f5c77ae858838ffd21b6b35914519589d8b7

          SHA512

          522ae70ec2ac477a6fac79041761caf97cc8c5f06f41044c8dd223204fdd345d1def7df9f749c11ca18337a20a75928f8f0196809584008b0b1a019401019d3d

        • /data/data/com.tuniu.app.ui/databases/rep.db-journal

          Filesize

          512B

          MD5

          ef9d40cbf012a31dd4711763100a8275

          SHA1

          95219e4c8b74b604f5dde67557a573938442391c

          SHA256

          1a96324fe0193519a41f09781702bef17f75b32d724ec7bd9c41d5116eb0dcd4

          SHA512

          dba5b961a692b597a53a1309f1c260eabad36af3930fc0961bf6e094213e47887b6c4b29bb7f8a13e9adc54622c2281fc6d52bf377fa3ffb1a3f582497b743ab

        • /data/data/com.tuniu.app.ui/databases/rep.db-wal

          Filesize

          36KB

          MD5

          987df0f082c07dcdef26edebe1dd96d6

          SHA1

          b331388c335a70b350cdc93440631624efff73dd

          SHA256

          e90d59fc4c48a3d602a26cb1a6793d1c6eeb828bdc7daf4ccd8fdb776be3738e

          SHA512

          ea8e3086c23ead6e53a15d18b2c571f0520385cd230b19335ec30f734fc152221f9875b8a0c510839c806be745d1534b23311065fed0495d7abb06e133d97819

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534BeginSession.cls_temp

          Filesize

          78B

          MD5

          2e3c6222eb4e7e4957c2c76f53b614b4

          SHA1

          1424cca2c764ab2858efa900ce4e2372b69ebffa

          SHA256

          5be311f7eb4e21a0ee1aea1032ae2e1514c403151febcff956cee831fdaecb97

          SHA512

          64ab78fbe1db927d883e3c5f5be38729c533183b17d02804369dcf265e47a71b63c1ce060e0e1aaf4c380800dcab6d0a4b71ecec45cca24b8dfa368570f7543b

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534SessionApp.cls_temp

          Filesize

          111B

          MD5

          ee5d5f6d8dc8f0cad40b8398eeb15f01

          SHA1

          e2ba950a42760b6a5b6281e7bf8d22d8f7891557

          SHA256

          192b56972111015029ac4546c7c7d96fa9cdd97e80d70aa1e8343b2c5221eb1a

          SHA512

          3fd9c22e1fe07f35c05293cd76067869b32194d1ef0809dea2992bc9f0a2ebbf2f715ebbc758c17d3b19b2eae3fe195c73fd78fa5cac8e56d47284e36e712ffb

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534SessionDevice.cls_temp

          Filesize

          101B

          MD5

          33557267b42f4a6608ba6d1184755b88

          SHA1

          7c2a91222758474ea4c0b655e937ed9c05cd3c42

          SHA256

          3aedf479a21561171949e7ebc185841d9c2a5afa43ea210acdf7effc9971d2cb

          SHA512

          bf142cca12802089c479ef4ad11aac0daab093d726d9f2df00888ccaf89a5637ba69f706f876d4814c6a2345f52ac84091ee3736a04ebcf45f41adcf422cc34c

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534SessionOS.cls_temp

          Filesize

          14B

          MD5

          9b3d4522944ce6396563812bfdb92fa9

          SHA1

          6d2a6133c8f01938a48ccc77ef86ad8ca335c020

          SHA256

          d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

          SHA512

          091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

          Filesize

          1KB

          MD5

          f23fe3efaa7e0ecefeb3aa0a91046c17

          SHA1

          85888420107bf5a7e745018432e43889cf5ec412

          SHA256

          fa7cb30f9fcc0e6b824987e27900c058db2351d621dcdcf6393f31cd911da12b

          SHA512

          5c214c13485e27c554235dd7ed74ae7fc81109874141b0518b3da9eece402fd1d838b3bed63e3f482c5e0c782bbcf30308733bc926249c1680b59f10565abbd7

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

          Filesize

          350B

          MD5

          1d0e77a2c4282c7a76ad6d2f964dda7c

          SHA1

          12aa8260b8f87bfdc8b0c59a0f2958b94fded1c0

          SHA256

          c18922d3b339b9fd82d747ac05dd7cc23c0b60a66a01536b148474c5ce0f3908

          SHA512

          bd8dc5f456a1dd413043e0634d25b0d1dfa551a1613239ae0cb774d6255f1a05c3e0f053b84dc3e2d9779eead4ddd314074180002728c860b318f252c8b07c24

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

          Filesize

          16B

          MD5

          c33583fae4e0b61cde1c5b9227963237

          SHA1

          fe2ebe4d27469af1460f7e852031a04208ef629b

          SHA256

          35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

          SHA512

          fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

        • /data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_a48a0e0e-362e-49a3-a0b0-1d6987033b57_1716019750954.tap

          Filesize

          294B

          MD5

          ce306c8d8aca03b52a63774b120ef7ab

          SHA1

          087775e9e2c0fefe5f3a7897da0c59b40f21f87c

          SHA256

          cee73a48cc802486994ea922cf74867f25b8cb77c65e5eae735b21ca7fa39393

          SHA512

          ed896e5eb1f1dd6d43f9b556c1dfd78166e3ebf169a42f987a0f10d0ffd2f001dbeeda5a9626d94179fa6274f253a7036600a950d77f3b5b7761a0663d6654bf

        • /data/data/com.tuniu.app.ui/files/gaClientId

          Filesize

          36B

          MD5

          ae1a9a9ad4d4bbc6980cf49c6dfaf163

          SHA1

          54331b1ea431ebe349aeb03966dd88a37e078693

          SHA256

          a95e658980693c20789d6df7290cb36bc80d2f73c1e7479b35b79ea06b2efae2

          SHA512

          11fbedf132cb831633647def34a96f2e044c7afefaf76a36f7581dff6b21ed73aa55e3f5a4c77b795f928780354bb1e72cfb3ab79f908b1e8742693312dafa38

        • /data/data/com.tuniu.app.ui/files/jpush_stat_cache_history.json

          Filesize

          158B

          MD5

          aa07770693831b083bc935dfa44649e9

          SHA1

          8b03d1007e5e0839957d6eeef5c4aa874fb5f912

          SHA256

          b26f0b9fe8f512dd0f8d0c1097f48711b4a5b580a0c45e30e9cc323760032162

          SHA512

          5a3911a8fe2c514b5952849de7881f173184a5f18c50c781cb2caa6e3568dee00b745ffab3e9dd029bddda89e870d653ee9efa757e93bad8bae30d972b2a110a

        • /data/data/com.tuniu.app.ui/files/mobclick_agent_sealed_com.tuniu.app.ui

          Filesize

          558B

          MD5

          f479f2cbbaddc53564f534a842443382

          SHA1

          28f4d9b5267833c5e8a538e5972666db1c9cd816

          SHA256

          11c7e884d342f1c93535f6129f13b04f67c92444248c801dfae16966a0b2531c

          SHA512

          ab671f1ef2c233ad500876b4dc83e80f5dd391728d75ac69f4f3db64b0250e6f6552ee367ad5ad764c3e8190519c1805df1bc6e6f60403295e844425e6cfec85

        • /data/data/com.tuniu.app.ui/files/umeng_it.cache

          Filesize

          211B

          MD5

          29f90e081d8c2fe63c5bc91f941d52b0

          SHA1

          d5d1a6a35e7eb1d17c8a0d57a3c8444a00af9e4d

          SHA256

          afd36f95f7ca253d72fbcc37c7dd62494e581fa08599344c9653cf9d3c5308ac

          SHA512

          7fd7d48598745d795a594a6c90645a9b32e7d26d8b1d50fffe3a648b3873e62521fb6ec14e56f6c4373df2909db12602c7d616b892a1c0bb654a544f45aaa516

        • /storage/emulated/0/baidu/.cuid

          Filesize

          89B

          MD5

          608b28b2372179b982504c8eaf4af834

          SHA1

          c79819ef474bdfe38972f4bcf6b751a884b6b9c2

          SHA256

          0d7d5c9253e2a6906d1bb0ff466f5d5f6ee0977b9d658690e7fb71eb257fd8cb

          SHA512

          821c429d6a19f955d4444d1620c0daf1036b15937f56f6ab7c3b90c985c6d501e28747fc3d380f930813e89f5f590bee9b72f33a239c3f79bfca583f2bb1bfdd