96a5573cd25206e779b32fb148f30e575f6ce24dc31dfc23a1e6228a342b70c2

Analysis

max time kernel
18s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a1d4b5bd132db1df7b2a71987a14f8_JaffaCakes118.apk
Size

10.7MB
MD5

65a1d4b5bd132db1df7b2a71987a14f8
SHA1

3cf5ff3736444259c7af005c820be6e04988a274
SHA256

96a5573cd25206e779b32fb148f30e575f6ce24dc31dfc23a1e6228a342b70c2
SHA512

077ccb0d24b6e20239f4fff05a8fd03881764679fe79d17d2094d2f14fa9e93a5c9e3178a54c0e88613bd4dbf7b785f13d24ad3e175d61930e68f3f88d3d0063
SSDEEP

196608:9wjjDJE4SSVHChsmcuv7wRLm/9Oft6Ki6pSXpBSnDzfGFye:9w3DmkV4smdERYgft6ipS2nD6d

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.vlife:main

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vlife:main

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vlife:main

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.vlife:lockcom.vlife:main

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.vlife:lock
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.vlife:main

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.vlife:main

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.vlife:main

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.vlife:main

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.vlife:maincom.vlife:lock

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.vlife:main
Framework service call	android.app.IActivityManager.registerReceiver	com.vlife:lock

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.vlife:maincom.vlife:lock

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.vlife:main
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.vlife:lock

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.vlife:main

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.vlife:main

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.vlife:main

com.vlife:main
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4295

com.vlife:lock
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4372

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vlife/databases/Handpet_Release.db-journal

Filesize
512B

MD5
32e14133a597800b0bcc3197b5b36024

SHA1
018207f7ed732001a8e70de1fbff88fec96b23a9

SHA256
562ee2a8622d8aa1a22c49575ac9f051f6b9d4d5ce49f5d46fd8eb874528697b

SHA512
e65ea1a5aed41a423a66299f7b467f2adc59f775a1857a073036d6227d8393325f3f2b40ff2bb90b79ca2201f2c25aa8d2dfda648dcde4e6066a070ff06b47c8

Download Submit
/data/data/com.vlife/databases/Handpet_Release.db-wal

Filesize
173KB

MD5
6e1a6947469e8ae4b1428d5e13fbd9ef

SHA1
d415914f88c085ec0ab1faab6e7f1eaceb51803b

SHA256
2cc495c346f587f6d6b8182a9057a91fdac563b71509902baa56b243f76bd296

SHA512
1c156cc0518004ece32989ea61f07966de878228a8e6642184a0883ad5096e4d15ec7f07b6318d87c38741e60b60874540acfdb12839d1b24ffe23ca1cdf657c

Download Submit
/data/data/com.vlife/databases/Handpet_customer_Release.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.vlife/databases/Handpet_customer_Release.db-journal

Filesize
512B

MD5
4eb99cdd83cc68b79123d62e21e47899

SHA1
fed9491971c1d5c2af400671325869dfe044b53d

SHA256
f698fc9560f654dbe2781434dbfa4e3c7132307729d7066844b483e4e58a9b81

SHA512
49b0c560c0d992e08f0dc89df265d37e465febf2286d2c6cf1edc632e456702064eb8d7738e2c314fe62e592ae7fc9020bc9d22b9bced6cd39f79316af334d3f

Download Submit
/data/data/com.vlife/databases/Handpet_customer_Release.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.vlife/databases/Handpet_customer_Release.db-wal

Filesize
40KB

MD5
f4e5c948d2476746f9d52bca0de230b5

SHA1
4d084993985a655e29b098d876b76cf692f4f0df

SHA256
4e8c5bbc006b5a02506ec0d0483b8229221a3641db50b1017062adf9d0daff5e

SHA512
4ff0e5bba2facab0293288760adc44228db4abbdfecbe25beeae0eb3f41318e3006be35f79c802378f5d9d363aa648f29c35ebae1b9620cefbb31981151db574

Download Submit
/data/data/com.vlife/plugin/vlife-card-engine.apk.tmp.1716343571764

Filesize
4.8MB

MD5
8ca81f240c1bb3030d8741c123833bc8

SHA1
b7846e74e2ff6190cf8d4b41b38881a394c6b81d

SHA256
cb941c0060be24de2566504250d103d6928ee57320fc2c2e27defe826f2ead5f

SHA512
bf0e0e0928c8bd20a8396c189f592a5b2d81fd36a115476733dc02f3b6bdc559c15e2e849d5c147ba5131ba5d027e0315e6cadcfef31f64b82d40c3b1812797a

Download Submit
/data/data/com.vlife/ua/lockscreen.index

Filesize
4B

MD5
f1d3ff8443297732862df21dc4e57262

SHA1
9069ca78e7450a285173431b3e52c5c25299e473

SHA256
df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

SHA512
ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3

Download Submit
/data/data/com.vlife/ua/lockscreen.index

Filesize
4B

MD5
f11177d2ec63d995fb4ac628e0d782df

SHA1
ff56b9948d201ee37605e101e01f63aab97b5e4a

SHA256
433ebf5bc03dffa38536673207a21281612cef5faa9bc7a4d5b9be2fdb12cf1a

SHA512
4adf50fe0c1da022b376c514fb716ef045911599eceec2b5a6ceaf39adbc394b1370d0d68c5c460905c4fa3deb088cec6427a34c81db34957c16f4559701ad3a

Download Submit
/data/data/com.vlife/ua/main_page.index

Filesize
1KB

MD5
95a6141bcd98487c8f7693df120caf32

SHA1
66a15eef37b7ebfbc8c1c9a7fc2a0c6374267963

SHA256
295c277884135c608ef71f548a7918f91db21b3fb517d826f24c676f0eec6c04

SHA512
a9ee3670d7a4a1f448ebce033cff28631fa8c7fe702b57344dd84eab2d459f543f124aab9ec2b26ffebcf8b7a1f5748842db305b22d59c29a6eb3c801e43eabb

Download Submit
/data/data/com.vlife/ua/main_page.index

Filesize
4B

MD5
f1450306517624a57eafbbf8ed995985

SHA1
479e04f3d12d112b5c04c9ee67e4b1e6e201ea4e

SHA256
b40711a88c7039756fb8a73827eabe2c0fe5a0346ca7e0a104adc0fc764f528d

SHA512
57c365278e08f99674dd24f08425b17c71b0511dea3b5ffa474deeb26d64cb993ebda4650583b29cba6307d7f4dbb42ca11b093de2b8ecab16ff52445401facf

Download Submit
/data/data/com.vlife/ua/main_page.index

Filesize
119B

MD5
6d36f4de8604c15c7803a01f3a5dda07

SHA1
d30431e37586aa28e7e2a72253e6dc13d40b6fcd

SHA256
2155205c52e72651d7a3c80ff32e776d2086713fa74194b595e8d314903a78f0

SHA512
c8319dbca4673589fcebd06a9264d8aa69b04c3570ede805bd059e35a050366d2fdc66ebce8a0c88c1ba4c47fd4cbb01bc12ae5cdcbf3f53bf80e141e09a639b

Download Submit
/data/data/com.vlife/ua/main_page.index

Filesize
4B

MD5
584a15a90f2f959d0703594ad447ae93

SHA1
a40dc8ca42102b7db12aeeae5f5d91a964a588a0

SHA256
88185d128d9922e0e6bcd32b07b6c7f20f27968eab447a1d8d1cdf250f79f7d3

SHA512
c9097680d1b36d980d54a25045aa170eeb52e855754eab1c3d1d3307a6bfda6e1af738f1cbcc3e022c6023cf13692a61b84cf2170bb7eabdc717ff5be0410ecf

Download Submit
/data/data/com.vlife/ua/main_page.index

Filesize
4B

MD5
b25030c176614061fb2bbfd8194af2e0

SHA1
bd76c36c93aeee40821e85825cd7ad64e88a069f

SHA256
b253668f6b59f1ff28522831931e4d3c5a3de533965af22e961735437c0172cb

SHA512
978d138057a683f3065083e315debd914beda244474e8bdc4ef562298cf01c1af7de867ff741469e1bf1c978ed0ed4dc39615d6c99dd2ed8e0a33d3ffeb4862d

Download Submit
/data/data/com.vlife/ua/ua_591.dat

Filesize
288B

MD5
e18291d9c0fe2142e5093323db07bbf8

SHA1
683ca9fc9fa3600a5aa50b4c67816cfdde849796

SHA256
c2ca90eec2606d193b1794268881a4c6185abed1ad44261bcb8ebe8380f2f151

SHA512
e0e421391f0ce0e088107a1a4ac4a70572888931cb5eac927a7752616c8fabed8e45a96c887757af822dc2c9664dd4bb840e1fbee961eaa5792fd7a4b6b5c3d6

Download Submit
/data/data/com.vlife/ua/ua_591.dat

Filesize
286B

MD5
0b721321377856e71d3466cf53b1cf3a

SHA1
eedd690c5a96696631b1fc89b57dc73607e11a82

SHA256
a6ba1f2c4ec9a3308a3dc7e56df988ca88748b93280e2bdca6b89773e7d54ec0

SHA512
a9d8f37daff5d3cbfec154584fbb0390dc2a1f5483e3c869cfd655e48d6e69cb7cd900e2a34ec38c8132b2c149facb90ec799f6d36b6f619dc8fd5d098ce4c02

Download Submit
/data/data/com.vlife/ua/ua_591.dat

Filesize
1KB

MD5
3ab938c1fe35466c43bbb66f07581af3

SHA1
6bcb7e668fc4916d348a2673ffb64e94cea08f9c

SHA256
da5f2437beeeab3950612b0096c4402248ba041dbfe6f4683f7823546d82669d

SHA512
902c45fc36350795f4c61ef7e4e0bdd78a75badf8e8a17d12d241c3ac60f07be51315c885b70e841ed0f997d18939d91c65589c7e0394f2574cc49bf6ffb6ab7

Download Submit
/data/data/com.vlife/ua/ua_591.dat

Filesize
298B

MD5
4499b226459210968cc4e0599edaea86

SHA1
c64c6f6abf6cb43c1e8bef710e2e2f9344e89958

SHA256
0573bed26e55a822ab165ea34749d0bc1cb9997c6089b282a5f31e46447af77a

SHA512
ceaaa05f1ad25ba55f1de4bd3a2e18873a5e34f9f274e6c8c1d221a43a77c88c7e7f2bd3a771d76272315d3c6fd5359e8328f97714d9173fd0e8f83b12620d83

Download Submit
/data/data/com.vlife/ua/ua_591.dat

Filesize
315B

MD5
ea67d732fb6b31cf4c5c2e6fd9560040

SHA1
eb45561a50beec0f9261756aa037d56ad113e216

SHA256
595b2bb64297536289327a80bc431e09036d78f1457c1cfe1c6d6321cb7209e4

SHA512
ebbf098283f698968424f55b204d3ed23d4da5adde7040da8f3bac0dbb1b3f35ce2f0209b5a4fb58496a50d531b1ebea8f79954455b25e779c5dd0e5fd9e3f9c

Download Submit
/data/data/com.vlife/user/paperconfig/save-292616.xml

Filesize
3KB

MD5
79ef976114ce8a90062d57aabf921627

SHA1
2cd62aa33a94a49f033f10e4ae266f9bdf79abc2

SHA256
391b3419d695587e9780fc3764f4255f6d6ba8849da7d05c30799ac449ef34d0

SHA512
294d6bcda234301bd01c0cce941f8245fac77aa8643190c73d21df078abe89aebd4c7d2a7fc18cbd578ea7deeefcce23fffd7038e609317ece86e907c8c458d6

Download Submit
/storage/emulated/0/.vlife/run/com.vlife

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit