Malware Analysis Report

2024-10-19 12:07

Sample ID 240521-1gpxesbc5z
Target 64d9597adb9df9f9639d679625ce44f0_JaffaCakes118
SHA256 23017cf18a4b707769ced016570ab097c5561f742ad9511a3d2f4871ebced3d6
Tags
banker collection discovery evasion persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

23017cf18a4b707769ced016570ab097c5561f742ad9511a3d2f4871ebced3d6

Threat Level: Likely malicious

The file 64d9597adb9df9f9639d679625ce44f0_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion persistence stealth trojan

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks CPU information

Queries account information for other applications stored on the device

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 21:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 21:37

Reported

2024-05-21 21:40

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

151s

Command Line

com.vpkv.iupn.kond

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar N/A N/A
N/A /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vpkv.iupn.kond

com.vpkv.iupn.kond:daemon

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.165:80 ip.taobao.com tcp
US 1.1.1.1:53 c.ioate.com udp
CN 59.82.122.165:80 ip.taobao.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
CN 59.82.122.165:80 ip.taobao.com tcp
US 1.1.1.1:53 o.pmuro.com udp
US 54.80.154.23:80 o.pmuro.com tcp
US 54.80.154.23:80 o.pmuro.com tcp
US 54.80.154.23:80 o.pmuro.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.61:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 59.82.122.61:80 ip.taobao.com tcp
CN 59.82.122.61:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp

Files

/data/data/com.vpkv.iupn.kond/app_mjf/tdz.jar

MD5 293ea5f01e27975bed5179ba79d80eac
SHA1 c5b0806a537fd1cb753e11f1a9684933317716b8
SHA256 8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512 c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

/data/data/com.vpkv.iupn.kond/app_mjf/ddz.jar

MD5 23ba0b249042b7ba33e92c0199b0ea4a
SHA1 99b13ee9f7307316c2337953fceed87e9942b794
SHA256 1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA512 0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

/data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar

MD5 a54a18b58c6720991c021f433dfb2a46
SHA1 d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA256 3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512 e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 5084ac15c60b112c13fe4dae902ce958
SHA1 42871da7920982cfef99643a8338a70ec5dbd96f
SHA256 7451412d34dc22d54b17ab5ba8aa1d7f07ff31e4792ad30ee6b76c5e86df0488
SHA512 fc9182714a7f0f26887ad3a2675583c9b318e9f7619c0663e87a03aa0815f92bc255f4be3afd3af03362e0b06a8c3ce97bd88b173f399a26523a8899251d49d0

/data/data/com.vpkv.iupn.kond/databases/lezzd

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vpkv.iupn.kond/databases/lezzd-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vpkv.iupn.kond/databases/lezzd-wal

MD5 433f8fe6be5928ac646f14b905f911d0
SHA1 37dc950760b742c7752b5b59204ef684b55e392f
SHA256 7d4df58fcb6fcdea759bfb549b4097ae363b09d8ddc8410724d58005cc445fb6
SHA512 c5d3c44680531d4dcfb27ec7622235713928ea579609c1bcdad1f8670b0c3c3e5a113b0d7cfbd94e35e3941bd2c2a8b12ad74b0dcef76effd9edceec1949d042

/data/data/com.vpkv.iupn.kond/app_mjf/oat/dz.jar.cur.prof

MD5 b41f04d78ab35715609507edd55d547c
SHA1 4ceb019441177ee24efc8b614c2554735d19f915
SHA256 7e6b18cb8b7e669616413497a2aaf71202f22b63e00a8999a2ec24b9d8d2e8f9
SHA512 f810c8efeddd61e2425ed3b3dece24179ac5e3f0acda5deab5d8cd5b799e97f06347f20f9f8c107c91d62a31cb3be90914c8aefd0b7d7c00d4d68f553fe7c065

/data/data/com.vpkv.iupn.kond/files/umeng_it.cache

MD5 d9d1b972067dd1de6863f57b910f94b3
SHA1 e0994e0c612b947f656585b79fe970b573140f69
SHA256 ba6aab44b17917fd99c021aa3bc7b12c1d6f2c238795501caaef7d7d422c2136
SHA512 7f9ef7fe566357cba1bda8d8905789104fc5d1d53717573934026ac611db711e71c3c6d795e3640898dc7eb17ff36a117b93d8c2b250bee79f15185d050df7c0

/data/data/com.vpkv.iupn.kond/files/.umeng/exchangeIdentity.json

MD5 316397a0c8935a4049cf29767966fdef
SHA1 30cf6adf26bdead7a4a74287889efd65f4e15f4a
SHA256 0d75734d07c59bad6e3531f09c1deb2a2ed7ae70fa445cb20f955923c8676927
SHA512 0275db5e6a36d77908d4f3ac76346fe3e7c6889da7bc7f8ba1bcdb90aa8fcabb2d62b9f9161d7e40f1105a375646a3b1354b46bb340552a19f2caddb6efba70b

/data/data/com.vpkv.iupn.kond/files/.imprint

MD5 786f4d65e6e92ec896ba5c04fd05b612
SHA1 ece2f32cd6f9322d1032df6633bc53a1d904064b
SHA256 54120a42eee7eee24157925deb9ed7c6b04ec3863b3984370fa2129849271ab9
SHA512 ff7cf3e888b1dee0e6084a9da521e797950932783a3fd0782e8f34ff0f652668f5a02c7be404c7e33d656a5b57faf6385b0cc583e0ad129dd1d1d5284dc1ec84

/data/data/com.vpkv.iupn.kond/files/umeng_it.cache

MD5 5fba7daf0a545cb24b10fb87f906536e
SHA1 2a15411ddb4702c514afae6f4171a5865cd03aaa
SHA256 49258e50e84bc5d8d759df9c02f0d69c22e329133f05e32603380c927941faa3
SHA512 7f181ef8859f0762611125f32a7a01bf3f3a1569b965e360b4e4b9ce9a8989abbd58912cc546f2ff33dbb5079db10a82b56e869f85c4b1b59f06ae0ad8b52717

/data/data/com.vpkv.iupn.kond/files/.umeng/exchangeIdentity.json

MD5 6aa195f8b6fd064a197c48a443115dca
SHA1 e54e742feb403564259726878e5cd2d205dfb3cf
SHA256 00774e31822fac0abc0eff61fda0e6eff46519c00658bb47a299e0f10b80e8fe
SHA512 3121a042c89d49c37c29b77addd0934461724ed707c0497472403e9dd829e97689dceeaf6702675179991b3e6e839549baa2184e289dbb54b7927ed8805cbc83

/data/data/com.vpkv.iupn.kond/files/.imprint

MD5 beca6b463607430626681be9297ea031
SHA1 d97dffeefda8bb6da4680f5b6459de7e7228ee40
SHA256 6eb68463165395eb9214787c651cd1018ebb111fd7e9c1e2b165a79a97b52694
SHA512 093fa5557495cf8965609e9add218223deb4cfc749cd7dcc52f512db79fc1be5d4b9ca751b79db9895682d92660ef88a9a70f3037c98d102527b18fefc1dffcf

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-21 21:37

Reported

2024-05-21 21:40

Platform

android-x64-20240514-en

Max time kernel

177s

Max time network

173s

Command Line

com.vpkv.iupn.kond

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar N/A N/A
N/A /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Processes

com.vpkv.iupn.kond

com.vpkv.iupn.kond:daemon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.172:80 ip.taobao.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 c.ioate.com udp
CN 59.82.122.172:80 ip.taobao.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
CN 59.82.122.172:80 ip.taobao.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 o.pmuro.com udp
US 54.80.154.23:80 o.pmuro.com tcp
US 54.80.154.23:80 o.pmuro.com tcp
US 54.80.154.23:80 o.pmuro.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp

Files

/data/data/com.vpkv.iupn.kond/app_mjf/tdz.jar

MD5 293ea5f01e27975bed5179ba79d80eac
SHA1 c5b0806a537fd1cb753e11f1a9684933317716b8
SHA256 8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512 c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

/data/data/com.vpkv.iupn.kond/app_mjf/ddz.jar

MD5 23ba0b249042b7ba33e92c0199b0ea4a
SHA1 99b13ee9f7307316c2337953fceed87e9942b794
SHA256 1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA512 0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

/data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar

MD5 a54a18b58c6720991c021f433dfb2a46
SHA1 d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA256 3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512 e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 987f5aede13fb8f9524aa92f7e2f70e8
SHA1 13890e8327b32f4e00b8f22c77f634543ca9cac7
SHA256 88ce2432904b3ae9e6cd3d26d470986a7bf58d248516781c61d11fc109555568
SHA512 a6b7b844cb9b4920238197a31d5131da6eae48812859b50eda3e25c92dd237bc6f811c1a6f6aee627c62dcd341384f5120b5d50ec1b07e235629b50661a44a44

/data/data/com.vpkv.iupn.kond/databases/lezzd

MD5 dae68dcffc3d522a79f98ebbc3b6d457
SHA1 6df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA256 56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA512 23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 bb6db9c34f7ebab7dde7044c329db1dc
SHA1 1d3136f25a053931664d539e43bd9f7cb6e9c548
SHA256 a6366e7c2bda66869d41ba39b40586266fb7be751c824d0281f07ce99367b100
SHA512 fd411bc727b15d961cb08669e1ba4ef490d957ebcc5f04735fe2baa8c701982d585dfa4cb4ad5d83d52ceb8f4713afa985d366910470440b09701046572cf73c

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 62017c8705ef9d9f48ab130d199abdff
SHA1 6315c52c7dd39a50fa710c00255d4ba4c786a162
SHA256 4607ff51b6cb31621b4c04c90ef8c14dea06d0ea7d49380d2fb7410c01c1f38e
SHA512 1e368d0d2a9e456c4fe4034ff4b31a6a3e56ee5605eb3fd5f891c106e90fbedae7fbb775a10f311d9210564ca08e81df568c9775c96685a4790bd379d97038c9

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 969304359c53b51ba51e13ec89301742
SHA1 050770d0cf07573d313adf9109829f325c0785cf
SHA256 3c8a771f224ffd408ea7a170c38508b73dc42b5d622be5837033f25fab4d62c0
SHA512 e3d3b21ee81559fc682d18fa02ba3abfb3db08f839d5a276c28cc2eb77052349587074a4c94725623079a2be66abdf731c0fdb0569857b8e613e3a73099920c6

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 3d004427430c4da08440f6a73a2446fe
SHA1 de1cc041482f6b5ade9f266fddb03fc2e39e9a35
SHA256 ccbf86a127945c4e6c43f1867c887f877b4b084b1a053c73cc7a2f293ea134c7
SHA512 d6893f42c7a3b006b86d367d08e4fd5225df4f3d0ed179793f67058467baacd7836ee2c4ca7e66dd93ac20ef9cfe4c5f474c5657c0bd6d4fe1eb82fac0baf386

/data/data/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 797b3a93e02c5817457ba4c86ecd6191
SHA1 d3df86c753865cdfc90e01f291cff4a470407272
SHA256 6600a7d3d9e7dca00565afbaf09890e177182f124e99e267ee12146b440cb377
SHA512 99b9342305061e2bb66ea3b89e2bf480cfd1ed4d7cda39a49a4cff3012f091e238b10656c65f68afba8e468afbe91fc62118a921e030ef3316e1e8657befa0ec

/data/data/com.vpkv.iupn.kond/files/umeng_it.cache

MD5 275ea9c83a2c5eab95508b527fa0c346
SHA1 e66345d5f2095d7cea5b784c55d83ce29cc433a9
SHA256 da06894ae414227c9a6bc6d3cfe7e3e7ac804c6163a92ac2d0f2dfccd6675765
SHA512 dd3e93d7515fbf137d98280898c7eeb83e71799017e64aef7292f73f26b8b879f164d42db1ec37835b9e8cfab5fbf31d6e780f372d42acfce2dbe6538ceca480

/data/data/com.vpkv.iupn.kond/files/.umeng/exchangeIdentity.json

MD5 921e4563988a79b01ff8aa959250b861
SHA1 aeee82133339babbaefe83c8dbcdad81a54fd3ef
SHA256 64792a4d94b39ea41c8ac2649efaa2c6baf3619671a451edad2011c5321b165b
SHA512 021744bbe0ce9f91e050aee243dfd164c9ca7e01c296e1db82bac09c6f8923e988e27dadad3fbeef650778cfe403dbf4887fa0e14b502d65a671ee1a49929274

/data/data/com.vpkv.iupn.kond/app_mjf/oat/dz.jar.cur.prof

MD5 df1ff980a354417d0c471130c49de84a
SHA1 ec6f5a0c8501b74abb9b35ee5e72cc245be59a6f
SHA256 8628b7439382f5cf1d2ffc743a19cfb34ab6444186c21755c919b23586967cad
SHA512 4b1761a91eb352dcafad7e33405e9416028ad859e975a16d8a72cda68e9f6a10ba09de0e77e9a6d7518dc747d33546d31f9aa63803b319676bf0fa092e19e889

/data/data/com.vpkv.iupn.kond/files/.um/um_cache_1716327570757.env

MD5 4e66bfad1833186fbf47f749e6128261
SHA1 9718eb61e4bed9c64cd178bbd7a388421958dd38
SHA256 e8fa76785788bcaa894c86a7e425b3eb096999628a23c99cb32aa9b3d9b35d28
SHA512 e1565fdb542de1a1acedca5c062460df7af0728ae8b40ec13cf703e4eedd593793b69aab6240a58e4477e78555f5867b886dec5e32645417c8016deb5eef14e6

/data/data/com.vpkv.iupn.kond/files/.imprint

MD5 89666607d40ac468fda9f8a29a7d0c26
SHA1 0b2720962c3e77276623a04f22bf39c2eb9d04ad
SHA256 cf165b81d8a8d3163c3669e4d42d2b1166dfca9f34d062054f07c5386be26869
SHA512 102a1bfc39095d00aedb3c52ea0f8c83534d33a9f7d093fc25d7c37513d939d88beac84e4d620056c72638022061df9ae1f17ab9b473a7896ff99dccd7e76e2d

/data/data/com.vpkv.iupn.kond/files/mobclick_agent_cached_com.vpkv.iupn.kond1

MD5 a97056c0d327cfcb5a7a543cd94933d4
SHA1 a88e2da82e8bece4b4b46f01c2c7230a3bdbbbeb
SHA256 985c8b191e53668d87dead394138c9b7fb93bab925c830fbf1ffcd617e98fe8a
SHA512 9aceb6c0d57beb44e54574dbba18bd3b26bc3c531d8ac00a1eca02e0678527ebada3bd285679bda44b8d55fb37b05358850214d34f57e965a2cab3e3f3201c7c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-21 21:37

Reported

2024-05-21 21:40

Platform

android-x64-arm64-20240514-en

Max time kernel

178s

Max time network

184s

Command Line

com.vpkv.iupn.kond

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar N/A N/A
N/A /data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.vpkv.iupn.kond

com.vpkv.iupn.kond:daemon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.172:80 ip.taobao.com tcp
US 1.1.1.1:53 c.ioate.com udp
CN 59.82.122.172:80 ip.taobao.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
CN 59.82.122.172:80 ip.taobao.com tcp
US 1.1.1.1:53 o.pmuro.com udp
US 54.80.154.23:80 o.pmuro.com tcp
US 54.80.154.23:80 o.pmuro.com tcp
US 54.80.154.23:80 o.pmuro.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 59.82.122.172:80 ip.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp

Files

/data/user/0/com.vpkv.iupn.kond/app_mjf/tdz.jar

MD5 293ea5f01e27975bed5179ba79d80eac
SHA1 c5b0806a537fd1cb753e11f1a9684933317716b8
SHA256 8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512 c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

/data/user/0/com.vpkv.iupn.kond/app_mjf/ddz.jar

MD5 23ba0b249042b7ba33e92c0199b0ea4a
SHA1 99b13ee9f7307316c2337953fceed87e9942b794
SHA256 1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA512 0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

/data/user/0/com.vpkv.iupn.kond/app_mjf/dz.jar

MD5 a54a18b58c6720991c021f433dfb2a46
SHA1 d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA256 3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512 e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

/data/user/0/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 4dd86803111083543c71573dbcfe776c
SHA1 db5e6b32f967815eb2e6f97be5772d34f6a79afb
SHA256 8278e7a463c521a6f28b113c7b9f60a0128d4dc87a9de3cbd318596b3e852ea9
SHA512 9f784c4035a45afb1185e70638a2ac836fe7403613834dc1d236d8644b0dde16321d8427e3dd9fe38d363fc4df15707a92fc9bb7148df8e5513ef86090ef628d

/data/user/0/com.vpkv.iupn.kond/databases/lezzd

MD5 fdb8a92e5060ce104e8f0faca55a47ce
SHA1 270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256 194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512 ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

/data/user/0/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 087ccf0b03c350e7f53d4f41be5d45bf
SHA1 4989159e975413d3c26059d70fbbedcecec717ed
SHA256 5cf632793a48aa89edc263d586609c1613af14eaac100fe0aed28b1c8b320267
SHA512 2f14d8de88f9c03dc14839ebaace6fab671933bccf854453756160b9e8c725f3847fb0d7091b2fc714da0e0b5637abf97f49fb0e275f3ff687079645311a2cd5

/data/user/0/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 8ebbe686d37d51b1f98c1084020666a4
SHA1 5a83cb120fd96bc2629e51fc4e65101d840a0b5d
SHA256 48fcd0b0c19a0a79667539430b1e82ec2696b90dbf67a0683cb1ea0d5d8edc57
SHA512 ca5b5ee41161b63ee99a34631849e5b32b7276967d988df874ddb7836ba2c199b069ee414f6619b3f7edd78d8f340bd5799e5c71ab358ef790bcb270f5411f39

/data/user/0/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 970674b7e685a55204b9f86755b52d8e
SHA1 b0fe00feec63e17bcee58bb3dd30e4bcd227290c
SHA256 675fa0d8ddb97081477ff9d3aafb5448f8dabde4473eaceaf6f828d2d504ab2c
SHA512 c45978ce3084b8e8e984c821ee6418dcfe4547e5961fbcb1498227478045de54b1ef9b93cb8da71a7f14f065bab06216197fae14b4fe039e8beaffb108699647

/data/user/0/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 35cd8115952fc29df66baa66f4c745f1
SHA1 c41d3e21ba33716141f9bbcdd3002f7ada98e041
SHA256 6a5e1d30b3cb0f6e96b94d76e6c9fcdde51c46c1cd0e03ee1537cc5dc76ad21b
SHA512 8779c2b78736f26c4ea25863a99a229a94ddf4ed4eb12e979fb4e855c063f0f414a3fc39ce302804319ab0190626b3e7f44e7b8570f6c1ce30ac5c29b7b90a1e

/data/user/0/com.vpkv.iupn.kond/databases/lezzd-journal

MD5 e91757982ebd95d690a978654e91be32
SHA1 23ec2d0790c65b2178fed2da288667fe68eaa446
SHA256 52edbac3530caffc76c726f4abeeb742eddbd11bddd52289add989a1c426a9ea
SHA512 fa9f42039b4ffcf4b21387c5bb14e7664a9c9287622b7a548c61d029980280af1656a8f57f16bffc9234ef8bbb16c79861ebd160fff511e1fd60bb46ce481f02

/data/user/0/com.vpkv.iupn.kond/files/umeng_it.cache

MD5 f2febbac739562603c23303681f0f495
SHA1 61358df43063c2db50563111b2e234baf54ce946
SHA256 5cf232e8927a3e7c59a45ca30bce02db6ef252cca86bd6846c772ba604660a12
SHA512 fd011113d703e89fab6aa3694ec76153e3ba34175bdab332b180a308f86f4d3df855a0f47a884aedea7d431b11eb4a47fc2f132554d5bf31d034feff920df9d0

/data/user/0/com.vpkv.iupn.kond/files/.umeng/exchangeIdentity.json

MD5 a03e082fe00942976470d9ea80287aba
SHA1 c4d9995dc86198f4d66518bf54141ae7850bef17
SHA256 1d6e32785d9592d4f63901b172b74af5f22d03566cb70e6c8a2be11b87279d82
SHA512 dfbc3bfe839bbc2ceee7c001ba36de39105f9aa7361018cb9d2335c87761f820c0026c9c2d92f02a655caf731810e539041822a54da31d18824515c7430858bd

/data/user/0/com.vpkv.iupn.kond/files/.um/um_cache_1716327575140.env

MD5 82b31918dd3c8e254d0178688511097d
SHA1 ae7e043c14196931fcd5553ff4d2354b7c81a1b2
SHA256 ccd3aa7ca1d6016ea949d78ea6bea699faf8fcc7eeecbaec3df20db1141540b4
SHA512 fbdf3faf02d5a196d90c642cf680ac83979597d8114c39775642b6dc25d62a90de7ec32f51c12074c4c5e0551680251a0d1b6963b9c79da1e8ed5b36208a7134