aa63cfaca1aa520c99c0a478a2f834d8c60cc1951f2d7cb1d900390eabbdb925

Analysis

max time kernel
153s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

665398420999c500ecbef8e74507da63_JaffaCakes118.apk
Size

18.5MB
MD5

665398420999c500ecbef8e74507da63
SHA1

d72d0b3ff24f5c424852b9f821a56d38bb2c23ec
SHA256

aa63cfaca1aa520c99c0a478a2f834d8c60cc1951f2d7cb1d900390eabbdb925
SHA512

3116b53292f1c93cbd4f194b3917e96a3e1de6eb5fbd94956a4bdc156056b3d41c6cbcccabc7d1005ef41acce548294f941e99546c762ca02fee14f43cb4db10
SSDEEP

393216:V0eCVK3XP59zaurT0/ONJG2hEtnhYmGeW3s0LNqq181vsx6Bx1zAv2jfEJ:V0XQHPmW4/ONJfEtnFk3dcBe6vRQ2jfC

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ilikelabsapp.MeiFu

ioc process

/system/app/Superuser.apk com.ilikelabsapp.MeiFu
/system/xbin/su com.ilikelabsapp.MeiFu
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ilikelabsapp.MeiFu

description ioc process

File opened for read /proc/cpuinfo com.ilikelabsapp.MeiFu
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ilikelabsapp.MeiFu

description ioc process

File opened for read /proc/meminfo com.ilikelabsapp.MeiFu

ioc	process
/system/app/Superuser.apk	com.ilikelabsapp.MeiFu
/system/xbin/su	com.ilikelabsapp.MeiFu

description	ioc	process
File opened for read	/proc/cpuinfo	com.ilikelabsapp.MeiFu

description	ioc	process
File opened for read	/proc/meminfo	com.ilikelabsapp.MeiFu

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.ilikelabsapp.MeiFucom.ilikelabsapp.MeiFu:core

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ilikelabsapp.MeiFu
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ilikelabsapp.MeiFu:core

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.ilikelabsapp.MeiFu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ilikelabsapp.MeiFu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ilikelabsapp.MeiFu

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.ilikelabsapp.MeiFucom.ilikelabsapp.MeiFu:core

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ilikelabsapp.MeiFu
Framework service call	android.app.IActivityManager.registerReceiver	com.ilikelabsapp.MeiFu:core

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ilikelabsapp.MeiFu

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ilikelabsapp.MeiFu
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ilikelabsapp.MeiFu

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.ilikelabsapp.MeiFucom.ilikelabsapp.MeiFu:core

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ilikelabsapp.MeiFu
Framework API call	javax.crypto.Cipher.doFinal	com.ilikelabsapp.MeiFu:core

com.ilikelabsapp.MeiFu
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4251

com.ilikelabsapp.MeiFu:core
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4282

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C1034C-0001-109B-D6637CEDFD5EBeginSession.cls_temp
Filesize
77B

MD5
ebe73c5a27907b00911202c2dffc208d

SHA1
6f7a5b7a253546f5ff96cafe184472e6c8a0faa7

SHA256
aa3c1f5b6eed659e89385489cdb5d86afaaef3eaaeaa0fc311cfa079f6c298ff

SHA512
2b05af4b3d399fc42b15215e3263f852c6d39f32884f43c5aab1cfcb9f97490f7b4bda008a328b7d85347e57a9211b8dfe054880313f738b9a3496d55f9b42a5

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C1034C-0001-109B-D6637CEDFD5ESessionApp.cls_temp
Filesize
117B

MD5
f269e76bca5b0e13f1a46342364efba5

SHA1
68b399a162fa7775be836bfe98361e3fd3a3e6d0

SHA256
0b66c6dda857c95bd687e0fe921407cec2a70d67305ade1b03c9983e82a63e23

SHA512
2504a04a6b0530552f85d696924bd727b782a88c8191c214c86b4a00b5e85952026e1accf054496754d9d30efad6771073e4f82a66d18b4b840b5ffccff82bfe

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C1034C-0001-109B-D6637CEDFD5ESessionDevice.cls_temp
Filesize
101B

MD5
442a2f6ac1bd734a678f0f0c2087d633

SHA1
b659981e12ca6f318132531f6bbe3c2c4d5f62fb

SHA256
8cf069273ea2037864fa717faa7205c6786f0abe7b52da74005310affd0a90b8

SHA512
f4f88cd51b23e69c908f7f1893af13b65948ea8c62908af848fc4cba7f5653d67c04c85aab9ec6ea2ceb3b8b91c12643a74acc88914380a50fb9d712ef04563c

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C1034C-0001-109B-D6637CEDFD5ESessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
ccbc0ff618f08599d7a6605aad0798b1

SHA1
69b53cafd2b240dac53dff437537c0521c42e639

SHA256
972eb9bad79410dd81691137b1a827d7440e23d885bd9dbe9d30779df52c0c1b

SHA512
0b995046b2fc4712b1574f6b8ae81410a27ef2530cf63b44aadc760db5cd63226fc45c04ee0434f6e356613d8748aeb876f1b125c9c87fd788c1937f4b4bb690

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
482B

MD5
4bda816892093c914343125f503ad9d5

SHA1
522036a38434156a14873fcd535fc17d732b1b8f

SHA256
3baf5ec337ed8afb6011d1d1b7e18848b47bd1076503600f35b9ad5be0bd2147

SHA512
129bff86967b23bfd401c373e40ca45033248340c09fe2b59182f7c13878985f0a84c8444a4940a09fdf39fbb2b3f73e15f9ab16fe97103075d3bc8b05675233

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap (deleted)
Filesize
427B

MD5
9696927badfddcdb0e0dc93a4ff15452

SHA1
8b5f109a99bdda7d63508b7a48025f86a37bfdcf

SHA256
28ddc4bde8a0931120c44e6c3431cfdfc364185977c68308b69f4a4df177fce0

SHA512
aa41252c919243276b191986bc84bdecc926a7468fe32f91d71d2020da84b4a6687545fd10b2f21b81e184d139fc267e0ac5586ef7c11fbdcdfd7aad1ab5ab02

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_cf4ec1e5-d860-4716-919f-b6d6dc96c786_1716359619573.tap
Filesize
41B

MD5
4774b79eea24ad1b9f3d373a4491ef18

SHA1
dc31ac7352949d69f6fd139f0a02ecdaf42c7c6c

SHA256
d1a5bef73402f316fcc27cb0c99d54fbfae3784db21705edb5911f87a931a436

SHA512
458ab3038f004c61c13cbb5bbbf8aaf70874ac36e6cae5602e61b3afca80744d27f5944b47fb6201c65ab9c032e531cdeb98a95bd803ff8f30905fa046563ec2

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/androidBrand.json
Filesize
46KB

MD5
24632aaedb544afdf33d0e43dcc9dec4

SHA1
d601e6534912fa134fefdc844a2f3e1add6164e2

SHA256
410f9e52f28680757f758e3c091c979d5ae589fe492f72d75699fd9d9ecee4dc

SHA512
41003a79d57868c2ff03a22ff7183d8058c57e43c929028c58772e747f2c994c595007b71d176b83073853024bdca76c3c37ee586f1a717b7925b09d1227ce22

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/funclist.json
Filesize
1KB

MD5
da891e7896ccc851a39f5b2f9b7115d0

SHA1
c115029d30bfcc71cd6958e02ba80f3430d06033

SHA256
aa53b1c91ecd448525e1fac7581156a6994f2cf668e514508ccb37af80a67b92

SHA512
93245a4f0caa5026bf2309ef454bcafee898c708c7766687d7acda6af4666de64b8be19f760a92379cfc5875de5479906785fcbcdee89a174c5522666a828dd2

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/mobclick_agent_sealed_com.ilikelabsapp.MeiFu
Filesize
649B

MD5
cd15148a2932d0dcaba80754f79b3bda

SHA1
65b699c51fac937a4417127bd14ea80779a7c037

SHA256
50f1c686d649ce6075fcd59d853c82f2c244d0ee6122af32998c5c765b6de3d2

SHA512
aa67eb3b0284edcef7cac24178a453ba3932e1a6119e078f28f6373f8b8a90cf4fe316fef4c131ad838d83cb2866b8d8d427b352005a4ff9f66aced611822ad0

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/pricelist.json
Filesize
418B

MD5
f58397b3f6cf5a5cecb36cea80f75e92

SHA1
8a289bcebefae101505d754fd9e50796c06b60a4

SHA256
e55be60f438d7e67421e133d32fc26842d9d7b61852ce89ebbfc54133b9a1940

SHA512
1d097c03d3c3c0c6f584203e19c9d3e3b038ddef1db0bc5a8761f85c422887f2d3bc4ea00e2cfb6407d917ccb7ee209264d3cb0f256b18e32d57492ce579e625

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/product_type_list
Filesize
922B

MD5
f78fe9e0ccb75286fbf59a43349a2b85

SHA1
73740fbfa24dcff288c33f635607fdb08fda38ee

SHA256
ca60d981309fa76ddbf63219e6bc7f54786bb37feeb14fa8d34a247eba33c075

SHA512
e3fcf04ef701b755de1bd22caa50d9fb3f1ee300815ec52ccd6219c784ec87720e9dc2cbab3c7cbb4ba28c6f68a054c7655cb5e82e8bdf22d83b9ec35c71f860

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/protectskin.json
Filesize
716KB

MD5
47f2bab185d7d1b8a3d65d0a0736f6ed

SHA1
2807b3d646eeee79e4a28beb9b2af50e71bc0fdd

SHA256
f72655991d9d6dcb7ec0c8dc197308a93e1fa82e6d52f8b0551e6496fdfb4904

SHA512
e08403660916aac91a17ae0f3501176b98c3ea45bef408f34ea47156e18e920dc41f87374c54a867566254253033dbf576e901bbb15b39d3b15d2d7adc09e1bc

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/questions.json
Filesize
42KB

MD5
c0c399ac3891c9eae9c917c80dbc75fd

SHA1
70ee6082645c5fceb26092def5b82018f91103f9

SHA256
d3c70146961489b5a0eebc50aa0271476c184e07d28e8e18683817e2826fecf8

SHA512
86ecb0edccae25b69f78414168463cae9c65a5d03444bff0eaffa2e923c4248a5d91051195aa31ed207c34ba0f71785fbcc19915b86806354d8fd2a6262411e4

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/skin_data.json
Filesize
456KB

MD5
c59033803b73c9175cc1326391d836dc

SHA1
02915421cd263ab8e10635b91affc482b834c135

SHA256
26244ce543144cea460bf9faa00ccc76279ed54b9b80c88c76f880bfb4119f87

SHA512
e937144572850b01a7c33c64023898784d64851b41a07f0b1c123e95a896fec4e3dce0981d1eeaff037f722b779b8f7310c1ccea351892b7852e76ac27160ceb

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/umeng_it.cache
Filesize
211B

MD5
8a126d430845b1352d8abeb21db2f1f1

SHA1
26c378cd25718a5a7021bd57f2fc13716e5a9bbb

SHA256
f446e1bcdc4d77ca8c12aa0a0dbb781d259caffafb5a6ff345807bef72c68284

SHA512
c9447af830b8904031943d9a562a6099b5cc564f5ce50c33fd518a996915716562cdefb34c7c370f8f35b84c9cc91d90e33e6eea7bb871056372785db48e8946

Download Submit
/data/data/com.ilikelabsapp.MeiFu/unicorn#cheese#
Filesize
722B

MD5
130d216d28c1731699fc2be42e6e4718

SHA1
967e1cde12fbde3c2b9d97fb77f4194b75087218

SHA256
6efe39971af6b002151a2d1ff7d69db534a18e8dd28c7e162824da0f80b9e129

SHA512
f2b1a707ddf825f9a884b094d2595602db904892a6d49e2916546a235b07f2b5bff5b4bfa18d13ddc1bf00fae7be7b15d610e9ef3713b9536606031e9fb8f5c1

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
35B

MD5
2e60499bdf126f9caaed6a3f95461ef3

SHA1
71c7fd2d3c11fce24c37833432b7b92a4caef4e3

SHA256
3b19b0b33cfae11b0d24806040d1857458c3248735c0c519232633d2d87719e8

SHA512
7cf7f0e1291458b85712e48758467a4c80f8e9f41a39c11bccdf036b45d3f22da336ac5abe75fc817b9bc541a1270915c688d76cbc45846fd28a2aaa46b4414c

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
70B

MD5
75bb3b3f76e8671c9bd90695e4724028

SHA1
4b68b137a3d8c437c5c883668217059124d8ca44

SHA256
5a203ea437746ae7674388c347fdc46106db68523e29e8a57e8f81c756534306

SHA512
02046215f66f4f1ec4ce3553f8677f7468d5c276172643323b1e8cd79b1ecb2b60134adea2073e983b5d70d3f22e3de50e4a7eb08faa5e9556c2212a568fce4a

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
77B

MD5
7cea0180f85b0df12e00612ea3824124

SHA1
1c49492de4a08d26d18beafa654ef56685f46aae

SHA256
c33a4ca13e90b8fe3d9a167bb35fe284ce999ac2adbad1fcb8742733beb79a2c

SHA512
8f5f48cfe2698a93e4713fd07d0f0e9c3a6dc024db1adc1761c507461d41115a23f5315336663ac3bfcdedec5461962a61fcabd5dd4918817498abce7299e490

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
139B

MD5
d16dd60d8c7eb514caf3321bb86def17

SHA1
211cf95a94c62f72e45031b88b553dcc3ce5d2d7

SHA256
a42362ab4c0021baf7d518c8ad5d1203188781cbd21ec3180e95129f55db8fec

SHA512
88dd5cad86aaa231a0f2ed089fd393ee3b74901b6420a77a8c3bbf6fb741a91950498faf2c4586aea93335d6691fcd41a7dc689f3fda84d912680b3d83c148e9

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
142B

MD5
61ff2e6781aa7d565e18a79e8a5a08d0

SHA1
ab5a54fc82795f8cd7205fc7c604f8c9cfa88ee3

SHA256
462ec93dd20f9fa86a484ff00eea45605595cf2d8dd30b83f00c7f3fc3fa2c44

SHA512
003219b3adc9144096ee090f412ccc29e47a53bd87e401d348f16426c4c217e9fb0826286c47b310bc1a47539fd96ca4e7b5b3561e5c35ef3c0db132566e1322

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
108B

MD5
8de2dd7a7ef17869d870e98478c3304d

SHA1
47b634203fec78ea6302ec966d1d2160f26bde94

SHA256
8233c68926e6fa267e44ef1b62f3180e3bd55b752d68c183e80a470d53237d06

SHA512
a3f3a12efb3211ee8a100f607be26ade50ac63700a7f3c59c702858f71d7017482dac6003c36e1032d25545bf8f32084fc17c20fdeaeb8c53ee9b0353a72ee20

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
380B

MD5
ad1a664114d54ed9831bae203c4b26e4

SHA1
fc1ddb2086ea5e63d1d1238ada4777c38b6d25fa

SHA256
d7cff5572ac513f88ebbdf1383b21b418b2013e0969858b9fc40392a23ef109c

SHA512
225ad818feba278e447960b8d1754ed30e86182b046c4e16da63d89473c7ad72aa33c0685135ef969070870a9c70b517ad9a58393033db6079042c66846afe7b

Download Submit