Analysis
-
max time kernel
145s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 08:08
Static task
static1
Behavioral task
behavioral1
Sample
53c27edef2d5a91f4358915d14466a7c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
53c27edef2d5a91f4358915d14466a7c_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240514-en
General
-
Target
53c27edef2d5a91f4358915d14466a7c_JaffaCakes118.apk
-
Size
12.5MB
-
MD5
53c27edef2d5a91f4358915d14466a7c
-
SHA1
52f64bc1e315780c8d740349efe2c78a3db376b3
-
SHA256
f5175f479eb2b9eb87b8475fc0d818a13798aa08b4fb215b7e9f265d4e750bff
-
SHA512
6464fe991e25fd37aabf2a0b04195537c86b9a9d94731537944e128855e0c9f09f4fe376670c276b83984410f8723dbde9711eccf5f05d7a6a3c8e27a9b2f7e5
-
SSDEEP
196608:5ofoeRTKdxltqsIWj/bwzR7w8W1QDhaYAuyUWP5z1nOsrX9inNODtoI10:Aodrzw28WJzxxz1nnX+80
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/xbin/su com.tuniu.app.ui /system/app/Superuser.apk com.tuniu.app.ui -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.tuniu.app.ui -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.tuniu.app.ui -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tuniu.app.ui Framework service call android.app.IActivityManager.getRunningAppProcesses com.tuniu.app.ui:bdservice_v1 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tuniu.app.ui -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tuniu.app.ui Framework service call android.app.IActivityManager.registerReceiver com.tuniu.app.ui:bdservice_v1 -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tuniu.app.ui Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tuniu.app.ui:bdservice_v1 -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tuniu.app.ui Framework API call javax.crypto.Cipher.doFinal com.tuniu.app.ui:bdservice_v1
Processes
-
com.tuniu.app.ui1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271
-
com.tuniu.app.ui:bdservice_v11⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4365
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54122d1369df6168cd252280c5bb44eb5
SHA1a3a9ebbfc92029758a57f643350aab66d4fb8acd
SHA256f66b5cc621d2bb89538fdba7e1f517c82a5f1ad96278ea7261ad370a0bed3c0e
SHA5127fbb6e8f733d153c4badc36922632248e356fb5a50492afad5a4da4413b0af0d0fcceacb4c8ab80a8be2da7f3a7d386b78f48435797c211b37094f328480f66b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
28KB
MD50cf76064f833a1e944cef2d550dca787
SHA1ef2d79044a4a4e55cd80cd169e877de00af071c6
SHA2561f5288f04b5f8af861f3fb535a873ea3f82fb709e29c4374ff5d79e8fe809bef
SHA5121e5917ad105dbeb3673f6946145106f0640b59fdcc19a4fe9090ef5bd2ce840023e7cbc3de35fcb5241e2d15b7185ed469959a4d701d7cb87a7b978434685af5
-
Filesize
72KB
MD54d56559138ee97f532d4ee1174277c45
SHA16907f856647f272c3f5712751e5e6c4e502280bf
SHA256cedf3380bcdcff739afc930e84c4af2da56f206c504d9ce5376240fe154ca392
SHA5128bc73e7bfd35799e74f5a8a61cdd7cbcf24378df5144b107a174b643c37ac491b7726de3ab494f99ce6c67449027b576d33efba355d085acab8b58402fb68597
-
Filesize
512B
MD5547c8ef3fde3106fb4cb97abd3d20afa
SHA10dbe2c7a2534145b696e9604e18d225ad0e880a1
SHA2566f7b78f367be889cccb42aba800048c62073a00b4b3e141edb187483d5cabd10
SHA51289520e23883f503d13f924751b2c7ba21a416a69235fe09a621e850476002503c12d862663a6b722b40388e64bc62a1dcae9cbfe48ebc7d0d34b755123a9bf64
-
Filesize
84KB
MD5c8505ff84f988124a044df134ee718d0
SHA1cfd9e5d311b72c47e08d618ef74dd7233e947b23
SHA2563d71212193b79b6c9df6cba0a5f500a42fc67f5d8822cee0a502bdd8dbf3cd1e
SHA512634169729f03390fa873e0d31ec0909f36a621e80c47992a8a5284bfaa4ee522a17bfb3e2aa48812f2fa51c3a59e48a49993573ec987ebed45e0e7630ded4be7
-
Filesize
512B
MD56baa1cab05e50a0855d33acd70464d47
SHA15b835780278c772ef414b16f301e9224e09edf5d
SHA2566c14c309c00309fa71a34d53d3d3316f50450fe2e58424ebece1e14b31638137
SHA5129343b34a734f95fc7c64006c17879d4e536da5763f1c9bd0fef587671c07f73060e3da8a3ae0bbb26af38b5d695ad45734a79003fac37f17496306984a611b04
-
Filesize
28KB
MD5cfcf406080867166dac8a47346f16b42
SHA122fb2a7e120ea8bec7aa59a6ab823ad2c767c2cc
SHA256dd2125d7d21b7b1b5c80881b33c6f5c77ae858838ffd21b6b35914519589d8b7
SHA512522ae70ec2ac477a6fac79041761caf97cc8c5f06f41044c8dd223204fdd345d1def7df9f749c11ca18337a20a75928f8f0196809584008b0b1a019401019d3d
-
Filesize
512B
MD5ef9d40cbf012a31dd4711763100a8275
SHA195219e4c8b74b604f5dde67557a573938442391c
SHA2561a96324fe0193519a41f09781702bef17f75b32d724ec7bd9c41d5116eb0dcd4
SHA512dba5b961a692b597a53a1309f1c260eabad36af3930fc0961bf6e094213e47887b6c4b29bb7f8a13e9adc54622c2281fc6d52bf377fa3ffb1a3f582497b743ab
-
Filesize
36KB
MD5987df0f082c07dcdef26edebe1dd96d6
SHA1b331388c335a70b350cdc93440631624efff73dd
SHA256e90d59fc4c48a3d602a26cb1a6793d1c6eeb828bdc7daf4ccd8fdb776be3738e
SHA512ea8e3086c23ead6e53a15d18b2c571f0520385cd230b19335ec30f734fc152221f9875b8a0c510839c806be745d1534b23311065fed0495d7abb06e133d97819
-
/data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534BeginSession.cls_temp
Filesize78B
MD52e3c6222eb4e7e4957c2c76f53b614b4
SHA11424cca2c764ab2858efa900ce4e2372b69ebffa
SHA2565be311f7eb4e21a0ee1aea1032ae2e1514c403151febcff956cee831fdaecb97
SHA51264ab78fbe1db927d883e3c5f5be38729c533183b17d02804369dcf265e47a71b63c1ce060e0e1aaf4c380800dcab6d0a4b71ecec45cca24b8dfa368570f7543b
-
/data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534SessionApp.cls_temp
Filesize111B
MD5ee5d5f6d8dc8f0cad40b8398eeb15f01
SHA1e2ba950a42760b6a5b6281e7bf8d22d8f7891557
SHA256192b56972111015029ac4546c7c7d96fa9cdd97e80d70aa1e8343b2c5221eb1a
SHA5123fd9c22e1fe07f35c05293cd76067869b32194d1ef0809dea2992bc9f0a2ebbf2f715ebbc758c17d3b19b2eae3fe195c73fd78fa5cac8e56d47284e36e712ffb
-
/data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534SessionDevice.cls_temp
Filesize101B
MD533557267b42f4a6608ba6d1184755b88
SHA17c2a91222758474ea4c0b655e937ed9c05cd3c42
SHA2563aedf479a21561171949e7ebc185841d9c2a5afa43ea210acdf7effc9971d2cb
SHA512bf142cca12802089c479ef4ad11aac0daab093d726d9f2df00888ccaf89a5637ba69f706f876d4814c6a2345f52ac84091ee3736a04ebcf45f41adcf422cc34c
-
/data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/664862260382-0001-10AF-652610921534SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
Filesize
1KB
MD5f23fe3efaa7e0ecefeb3aa0a91046c17
SHA185888420107bf5a7e745018432e43889cf5ec412
SHA256fa7cb30f9fcc0e6b824987e27900c058db2351d621dcdcf6393f31cd911da12b
SHA5125c214c13485e27c554235dd7ed74ae7fc81109874141b0518b3da9eece402fd1d838b3bed63e3f482c5e0c782bbcf30308733bc926249c1680b59f10565abbd7
-
Filesize
350B
MD51d0e77a2c4282c7a76ad6d2f964dda7c
SHA112aa8260b8f87bfdc8b0c59a0f2958b94fded1c0
SHA256c18922d3b339b9fd82d747ac05dd7cc23c0b60a66a01536b148474c5ce0f3908
SHA512bd8dc5f456a1dd413043e0634d25b0d1dfa551a1613239ae0cb774d6255f1a05c3e0f053b84dc3e2d9779eead4ddd314074180002728c860b318f252c8b07c24
-
/data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.tuniu.app.ui/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_a48a0e0e-362e-49a3-a0b0-1d6987033b57_1716019750954.tap
Filesize294B
MD5ce306c8d8aca03b52a63774b120ef7ab
SHA1087775e9e2c0fefe5f3a7897da0c59b40f21f87c
SHA256cee73a48cc802486994ea922cf74867f25b8cb77c65e5eae735b21ca7fa39393
SHA512ed896e5eb1f1dd6d43f9b556c1dfd78166e3ebf169a42f987a0f10d0ffd2f001dbeeda5a9626d94179fa6274f253a7036600a950d77f3b5b7761a0663d6654bf
-
Filesize
36B
MD5ae1a9a9ad4d4bbc6980cf49c6dfaf163
SHA154331b1ea431ebe349aeb03966dd88a37e078693
SHA256a95e658980693c20789d6df7290cb36bc80d2f73c1e7479b35b79ea06b2efae2
SHA51211fbedf132cb831633647def34a96f2e044c7afefaf76a36f7581dff6b21ed73aa55e3f5a4c77b795f928780354bb1e72cfb3ab79f908b1e8742693312dafa38
-
Filesize
158B
MD5aa07770693831b083bc935dfa44649e9
SHA18b03d1007e5e0839957d6eeef5c4aa874fb5f912
SHA256b26f0b9fe8f512dd0f8d0c1097f48711b4a5b580a0c45e30e9cc323760032162
SHA5125a3911a8fe2c514b5952849de7881f173184a5f18c50c781cb2caa6e3568dee00b745ffab3e9dd029bddda89e870d653ee9efa757e93bad8bae30d972b2a110a
-
Filesize
558B
MD5f479f2cbbaddc53564f534a842443382
SHA128f4d9b5267833c5e8a538e5972666db1c9cd816
SHA25611c7e884d342f1c93535f6129f13b04f67c92444248c801dfae16966a0b2531c
SHA512ab671f1ef2c233ad500876b4dc83e80f5dd391728d75ac69f4f3db64b0250e6f6552ee367ad5ad764c3e8190519c1805df1bc6e6f60403295e844425e6cfec85
-
Filesize
211B
MD529f90e081d8c2fe63c5bc91f941d52b0
SHA1d5d1a6a35e7eb1d17c8a0d57a3c8444a00af9e4d
SHA256afd36f95f7ca253d72fbcc37c7dd62494e581fa08599344c9653cf9d3c5308ac
SHA5127fd7d48598745d795a594a6c90645a9b32e7d26d8b1d50fffe3a648b3873e62521fb6ec14e56f6c4373df2909db12602c7d616b892a1c0bb654a544f45aaa516
-
Filesize
89B
MD5608b28b2372179b982504c8eaf4af834
SHA1c79819ef474bdfe38972f4bcf6b751a884b6b9c2
SHA2560d7d5c9253e2a6906d1bb0ff466f5d5f6ee0977b9d658690e7fb71eb257fd8cb
SHA512821c429d6a19f955d4444d1620c0daf1036b15937f56f6ab7c3b90c985c6d501e28747fc3d380f930813e89f5f590bee9b72f33a239c3f79bfca583f2bb1bfdd