aa63cfaca1aa520c99c0a478a2f834d8c60cc1951f2d7cb1d900390eabbdb925

Analysis

max time kernel
153s
max time network
186s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

665398420999c500ecbef8e74507da63_JaffaCakes118.apk
Size

18.5MB
MD5

665398420999c500ecbef8e74507da63
SHA1

d72d0b3ff24f5c424852b9f821a56d38bb2c23ec
SHA256

aa63cfaca1aa520c99c0a478a2f834d8c60cc1951f2d7cb1d900390eabbdb925
SHA512

3116b53292f1c93cbd4f194b3917e96a3e1de6eb5fbd94956a4bdc156056b3d41c6cbcccabc7d1005ef41acce548294f941e99546c762ca02fee14f43cb4db10
SSDEEP

393216:V0eCVK3XP59zaurT0/ONJG2hEtnhYmGeW3s0LNqq181vsx6Bx1zAv2jfEJ:V0XQHPmW4/ONJfEtnFk3dcBe6vRQ2jfC

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ilikelabsapp.MeiFu

ioc process

/system/xbin/su com.ilikelabsapp.MeiFu
/system/app/Superuser.apk com.ilikelabsapp.MeiFu
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ilikelabsapp.MeiFu

description ioc process

File opened for read /proc/cpuinfo com.ilikelabsapp.MeiFu
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ilikelabsapp.MeiFu

description ioc process

File opened for read /proc/meminfo com.ilikelabsapp.MeiFu

ioc	process
/system/xbin/su	com.ilikelabsapp.MeiFu
/system/app/Superuser.apk	com.ilikelabsapp.MeiFu

description	ioc	process
File opened for read	/proc/cpuinfo	com.ilikelabsapp.MeiFu

description	ioc	process
File opened for read	/proc/meminfo	com.ilikelabsapp.MeiFu

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.ilikelabsapp.MeiFucom.ilikelabsapp.MeiFu:core

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ilikelabsapp.MeiFu
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ilikelabsapp.MeiFu:core

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.ilikelabsapp.MeiFu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ilikelabsapp.MeiFu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ilikelabsapp.MeiFu

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.ilikelabsapp.MeiFucom.ilikelabsapp.MeiFu:core

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ilikelabsapp.MeiFu
Framework service call	android.app.IActivityManager.registerReceiver	com.ilikelabsapp.MeiFu:core

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ilikelabsapp.MeiFu

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ilikelabsapp.MeiFu
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ilikelabsapp.MeiFu

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.ilikelabsapp.MeiFucom.ilikelabsapp.MeiFu:core

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ilikelabsapp.MeiFu
Framework API call	javax.crypto.Cipher.doFinal	com.ilikelabsapp.MeiFu:core

com.ilikelabsapp.MeiFu
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5175

com.ilikelabsapp.MeiFu:core
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5213

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C00205-0001-1437-9E7324C4EC52BeginSession.cls_temp
Filesize
77B

MD5
ea07bdebefb8cf159382ac766d83ea4e

SHA1
3073f2416040e27668222615f854e08f910b3aa6

SHA256
b0356ac9700dd9ed848806dc367c055e4bbd2469ce8457423e6083841fbb3393

SHA512
c3b0f9c44e4bee269a841ecc15fd77630234eadbd6ed40243d7d0184081561ed0856d832d24954cbb951b02183d8bd0263c7c3042ac35442bf3822c74ad3be98

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C00205-0001-1437-9E7324C4EC52SessionApp.cls_temp
Filesize
117B

MD5
959b74f454d03535918018db42562feb

SHA1
1e62d6c6d3e690b28c77401126686906f0792d6b

SHA256
f5f7dbfdb59092c9fbbcd6ca1f6a71ad9f6266029afb73a7bee798d38dc7d681

SHA512
5902205f351e3b0150ea51a68de8d23ce3ab6da1600a456d12ff9bfde5e110720403f3cda58ffa7badb2027cd95e1fd5cf579aaf2af293a27544ddfdd0066626

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C00205-0001-1437-9E7324C4EC52SessionDevice.cls_temp (deleted)
Filesize
144B

MD5
1a5f7d2ec0de4e56a43614f759d4530b

SHA1
6660eb545a640493189f7942284f24363c8f5a50

SHA256
6bedd5a640f7fbac42264a404dd2d5f5829a79be156bb7a448eb440fac687f20

SHA512
c564beecf139273e0986147bd3d31b1179928b8182556600292d50cf6a96c9bc62393b8a6d75ca9be0e8b85fc2d7910538174b7e02b62be6eee615c0ac3a3660

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D91C00205-0001-1437-9E7324C4EC52SessionOS.cls_temp
Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
483B

MD5
e6bcde872a105d677de0258673cf956f

SHA1
110eeca302a9d94fdbbcea6a4cf0e6ba393645d8

SHA256
afe7cfd830de05aed411f4b33d618e90bd89403f777021ec6733cfde9cf1af48

SHA512
613b578204731b07ac3f4aefd967c5e3438bc429fc7fcd64aea180d200709da0121cb06094e50d6053233fa11237e342b0695143baa85b14d4d2a787d9503d88

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap (deleted)
Filesize
3KB

MD5
431dbad476d170e2d8648348bf8cd7d3

SHA1
01a27f151b2d66c3ac442bbd1212606063833922

SHA256
b8b7ad8d6578423e1c1e1c939e864dec71747c1065c9405f87e0c98f919103e5

SHA512
cdb2a5f33ab5f0262f67e53684a8862f2e62b4344e2037daba7087aac8810714d806e389754673d2625b190f91266e994d9a9b6d37081404da858eb55bffb92f

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_26abb305-04a8-49df-85e2-919439ea5837_1716359618367.tap
Filesize
379B

MD5
8d5759f9bbafe086d0db3baf666e8e2b

SHA1
3808b6795e078d989149cbc15ec45de8a0a66fc4

SHA256
cca0a24f86ef6cfb76dd0f8fcdba7254c5fcdb2e2ded8c0c2d6aa8be1301ca1f

SHA512
99a781444dcaff2fd12e644c5d2af13d6200ee1854605832bf67bcfab923a880b1c8b14f5b4ef62ffb5a41390b80f88e190ce62ce263388fda03ae7bd13be701

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d3fa31b8-5687-4eca-a9c2-659e324abd75_1716359618094.tap
Filesize
378B

MD5
e0b1c4521f4faa6fcf3e9c6eb91e3cf1

SHA1
825831371286f1136a295d0f08fbe197c2144fb7

SHA256
8f8587682203fac79ed6a5c0144a78b0816588100d039fcc9da8930fdb72d062

SHA512
7e95522c44b0054997368ad6d82e86ea79ca60fbd4a4c7136d43f78af138e2fec6283a73e5eafd39c22b2e7cbc569276e3ced65e0a2eda47b9ce1e62de8d7bb4

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/androidBrand.json
Filesize
46KB

MD5
24632aaedb544afdf33d0e43dcc9dec4

SHA1
d601e6534912fa134fefdc844a2f3e1add6164e2

SHA256
410f9e52f28680757f758e3c091c979d5ae589fe492f72d75699fd9d9ecee4dc

SHA512
41003a79d57868c2ff03a22ff7183d8058c57e43c929028c58772e747f2c994c595007b71d176b83073853024bdca76c3c37ee586f1a717b7925b09d1227ce22

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/funclist.json
Filesize
1KB

MD5
da891e7896ccc851a39f5b2f9b7115d0

SHA1
c115029d30bfcc71cd6958e02ba80f3430d06033

SHA256
aa53b1c91ecd448525e1fac7581156a6994f2cf668e514508ccb37af80a67b92

SHA512
93245a4f0caa5026bf2309ef454bcafee898c708c7766687d7acda6af4666de64b8be19f760a92379cfc5875de5479906785fcbcdee89a174c5522666a828dd2

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/mobclick_agent_sealed_com.ilikelabsapp.MeiFu
Filesize
627B

MD5
ba43cfa9f24623b6a180bdd850c722cb

SHA1
da2048417635bd8247a753f794623aa538256105

SHA256
a5a0805d20c03ba31eb7eb009d231251ff95b59bde967512631e47eed8aa2e63

SHA512
84f17bbd693c0344b8337ed028f8d8c23d143c8e6cd9c0a88e0a321c66a3ff5a3cb4a904a89ffda4ae637be45f7f65702c5536d2ffff23aacc8a30a18295c48d

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/pricelist.json
Filesize
418B

MD5
f58397b3f6cf5a5cecb36cea80f75e92

SHA1
8a289bcebefae101505d754fd9e50796c06b60a4

SHA256
e55be60f438d7e67421e133d32fc26842d9d7b61852ce89ebbfc54133b9a1940

SHA512
1d097c03d3c3c0c6f584203e19c9d3e3b038ddef1db0bc5a8761f85c422887f2d3bc4ea00e2cfb6407d917ccb7ee209264d3cb0f256b18e32d57492ce579e625

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/product_type_list
Filesize
922B

MD5
f78fe9e0ccb75286fbf59a43349a2b85

SHA1
73740fbfa24dcff288c33f635607fdb08fda38ee

SHA256
ca60d981309fa76ddbf63219e6bc7f54786bb37feeb14fa8d34a247eba33c075

SHA512
e3fcf04ef701b755de1bd22caa50d9fb3f1ee300815ec52ccd6219c784ec87720e9dc2cbab3c7cbb4ba28c6f68a054c7655cb5e82e8bdf22d83b9ec35c71f860

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/protectskin.json
Filesize
716KB

MD5
47f2bab185d7d1b8a3d65d0a0736f6ed

SHA1
2807b3d646eeee79e4a28beb9b2af50e71bc0fdd

SHA256
f72655991d9d6dcb7ec0c8dc197308a93e1fa82e6d52f8b0551e6496fdfb4904

SHA512
e08403660916aac91a17ae0f3501176b98c3ea45bef408f34ea47156e18e920dc41f87374c54a867566254253033dbf576e901bbb15b39d3b15d2d7adc09e1bc

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/questions.json
Filesize
42KB

MD5
c0c399ac3891c9eae9c917c80dbc75fd

SHA1
70ee6082645c5fceb26092def5b82018f91103f9

SHA256
d3c70146961489b5a0eebc50aa0271476c184e07d28e8e18683817e2826fecf8

SHA512
86ecb0edccae25b69f78414168463cae9c65a5d03444bff0eaffa2e923c4248a5d91051195aa31ed207c34ba0f71785fbcc19915b86806354d8fd2a6262411e4

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/skin_data.json
Filesize
456KB

MD5
c59033803b73c9175cc1326391d836dc

SHA1
02915421cd263ab8e10635b91affc482b834c135

SHA256
26244ce543144cea460bf9faa00ccc76279ed54b9b80c88c76f880bfb4119f87

SHA512
e937144572850b01a7c33c64023898784d64851b41a07f0b1c123e95a896fec4e3dce0981d1eeaff037f722b779b8f7310c1ccea351892b7852e76ac27160ceb

Download Submit
/data/data/com.ilikelabsapp.MeiFu/files/umeng_it.cache
Filesize
148B

MD5
e8f49d18389d527109f262e17c369b4c

SHA1
ee9a19b655d1b63e69a26d8c104a5b2303115abc

SHA256
53bfe3dfd57486670952feab7ac1f702bb9ef896385ac86d957a7efbc0a72b14

SHA512
e0d51a5cfa732223fe4404387c27d2241a1b1a3981ccf507e24e6779235dd00d42532622fd32886dfd0ff033e21c0467c0d20e3251bff7d6e295f6c87057bfdb

Download Submit
/data/data/com.ilikelabsapp.MeiFu/unicorn#cheese#
Filesize
722B

MD5
88586027cad36a17504561ba5a9f073c

SHA1
0dc36ea12610bd315f25fac253eb04ca59388007

SHA256
4aa66860d5c165060dcc8e726be47f92a345539763771efc7511b315505be169

SHA512
12a918bddb5a59c2ade3a4266371cccedacbf6bc1c44e2357d35069187b1f753ed3094de103d3c10e3acd090cdc5057641d0d0b0d21e37e05f978a00687b90e4

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
35B

MD5
1d48a42469f520e33185437afaa197ab

SHA1
658769c438b66137d4ecf86d2b8809fdca55d4b3

SHA256
9697c7e6b145b4d63f1fa49e33ebcaee3f93673ee5e524d97be67f1715b1d69b

SHA512
02ed9bb3e9a352eb7c473b5f6e935c897e4461e279c704dd5ae330ff64f4178750ad5b26ebfc152da5bbb7af8563ab02d260cdccb8dd22627bd2155d26d9d953

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
70B

MD5
afc10a82c7c79e89f285e88409edfdc5

SHA1
8e0059c8bbb9accb5be257ed1c884bf17289a65a

SHA256
5ef8d58768c47b0070a8f8c865bffb7b9a07f49fca65fc6fa87db7c87a19b6a8

SHA512
ef490d00d07ef6f5896a1afac103b99bb2e7fe79d104b1e8625b6c51eb70c0ecafaf1d771f71ff40e776c7559950213d4c9de1abc0e14b27263dfe4cb49301fb

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
77B

MD5
2820c930088c17ef1ede9bf870008f19

SHA1
63683b6f772b3e47439d5eed49d5bf9969cea45b

SHA256
d7c5c2d52ce1a6155cf1e95e037a7c91714a31e832a5cb7e6e4b013b6ea35524

SHA512
9b0af586d06e94b45e826300e50d456d27ca7f25deceb06e01aec0513ee22ccccd5a29b6a26f303671ff7ee8cb015395ab0779caf93792b76da926e5474082ed

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
139B

MD5
037eca3387535a114c40e65d915a953d

SHA1
08fa75f78bbfe974afc889e377365d976eea9e8f

SHA256
ab6f6ffcab28f3bd2aa543ae909d50faefa1880cd6e3bcade919e1ef7a59e835

SHA512
4f39c1e9f85896f261b864bb784aad1aba86777a2c547ed6a532946478157e5b9407501bc37e0df2456cd1bbcb6e4b30e033adf400c5591201f6804a30e647ec

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
142B

MD5
989d77d118e747f1544072cc5863001e

SHA1
c83ed9a5fdaffd0451fd41887f74e91f7da79240

SHA256
b45d92c5e02a64971d714378e1d321aff70391290a889be6de3fb5ef662525fe

SHA512
9b4e9f4aaf8148b098fbd64fc465b9d7c8cf23d4fc0a640e459cb3fe1440d15583b4441bb01b1c59d378f84a4b3acfe19886c80e351b95cdfbecf5bf3ae5db5e

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
108B

MD5
87e4043113b6dfaca21cfebaf80a4460

SHA1
3d16ee5306bf946d32aad73ef481adfef4eeb621

SHA256
ecea5c72e9341ee294b5da2bdc68c887349486fc89e34db642c5eff3a5358fbb

SHA512
d78e1148d30751bfaef295d4a01cce02281312827a8c362567c70ceb5c459b19e053de08494a84e8cc3800c076f1667be1c301834aa513c07e90c39458edfa49

Download Submit
/storage/emulated/0/com.ilikelabsapp.MeiFu/unicorn/log/nim_sdk.log
Filesize
483B

MD5
3d3549cf33a26d80814876dcd1ec2dab

SHA1
c5b0cdc82db689b1b47656ac617cd5dc049c4f9a

SHA256
a88b04af2966abacf5c50788aca8596164a80bde01d8719eec9e59af6f8610bb

SHA512
526b92188636f2498f6114539d93c1b27e256f8efa84a2ac5334fa2749d6ba86eeb7fb7edb08e4cee89f48a560b4663346fb5680e022e9ff64b70f74a9955cdc

Download Submit