d64f5895b913858f6e2313c663ae37cc237d0328b8f15269a5d17bb1a848429a

Analysis

max time kernel
179s
max time network
170s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b5edc2925b32deec519f3f10e0836d_JaffaCakes118.apk
Size

19.5MB
MD5

66b5edc2925b32deec519f3f10e0836d
SHA1

c358e525e949a6a4cc6fe730068ccbed38933b35
SHA256

d64f5895b913858f6e2313c663ae37cc237d0328b8f15269a5d17bb1a848429a
SHA512

ce91fc26ad28d3806594acbc69a24d6581719b5ee7b1fa0405a517a243c5273a280de789a00c014aa4ef1d9514b07d819604115c24c3f9c4d8c12f687052d8b0
SSDEEP

393216:G5YspE9Bl+E3FuHRWZAKUiuEgePu/QtbBwGEkoB+G4fcvm4LujHy7:2pE9B8E3FiRdK7sz/8SGjo44uTQ

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.mljr.pdloan

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mljr.pdloan
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mljr.pdloan

description ioc process

File opened for read /proc/cpuinfo com.mljr.pdloan
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.mljr.pdloan

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mljr.pdloan
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.mljr.pdloan

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.mljr.pdloan
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.mljr.pdloan

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.mljr.pdloan
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mljr.pdloan

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mljr.pdloan
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.mljr.pdloan

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mljr.pdloan

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mljr.pdloan

description	ioc	process
File opened for read	/proc/cpuinfo	com.mljr.pdloan

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mljr.pdloan

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.mljr.pdloan

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mljr.pdloan

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mljr.pdloan

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mljr.pdloan

com.mljr.pdloan
1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4289

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
16KB

MD5
39de8ed49f7f4a6e9bf7c9d73ffb3ff3

SHA1
0c65bf3b4d12fbc4ec8efe97edbf51cd656fe0cf

SHA256
452baed2ed515799100972a09c8bacf50eec55ffad3d70ef47d2dcfa45cc7780

SHA512
266e85c71d6593f09c3f3b2b57c36046651b162ed7899541224d2104853372274797cb1051bad9d420ef4ce4fa5c7ca1f1db1d03c3471195e5e81dcfb73a71c6

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
16KB

MD5
e92f55f67dde060da4dc286f9ddd5750

SHA1
5fbe3ab35f22af2aa0135be71a73c55690c4d6aa

SHA256
a7484d27299639a1d1f90298f2e9b1aff02c5d81df0fe07ac88b9c97a95c9cb3

SHA512
e068c07b249cea76fe1f95714d4263373f005e35b21f398384b844681df88ac90e6498b27b68ba6e6c82a42d9cdb3b747a5a9d4f23d1ad13eeb9ac467880f290

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
32KB

MD5
761fd4cbdcb57b46e24a71a163dfc522

SHA1
69fde141888b98c68277187366a7341a9502f03e

SHA256
80a9946adbff561d9dde9e79c09185cda3c806b803728a778ca7deec4a50d706

SHA512
efa429963bfad36a536bf328d88852808141a34ab189e94af64180dc5ba12c60f9ef1b0a9e43dbde44f9fe3d08bc81c7b6593a2c3c3494fa24cc0b2422ada85f

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
512B

MD5
46cb3d4bdf4764efcba6c35fcac95fe6

SHA1
1780559214906d60eab41ece17bb3fa5d74543ec

SHA256
7d819bcc0b3f56732b10714ec9ce296ec53f642a1082c5c926f0da02ec534611

SHA512
8ce921967bdd3be064847c0efdfa147460c5ff2b931b83df5a9af2e68ffb9fc66d080813192919b302a2b6a004687412c14f628eaff4c1a10de8501cc35b0579

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-wal
Filesize
8KB

MD5
e22af52f649764399f44feb796a42110

SHA1
2ccab70059c3e7f955a1e7089f69b30220d8004e

SHA256
f50c2f05f09b48110457217dcc6a75848b3da44bc1c5442e3239cf86909ae346

SHA512
cb5c22dda5d7348258e935f933d112dd192ff9237c81b07b90e914eadc88b67e64086a5fdac243c5a1c0daf4c31d56e16a376afa07341d76bd9769d2ff609f07

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-wal
Filesize
4KB

MD5
53c9f1984bbbeaec77a3495b45b1acf4

SHA1
120c196f1906d805ca5894410dff9c0cf280713d

SHA256
aa603e80142e071ce49b6f99af9151d4fcdf231538d3b9b60bc9a9e69a7a4a38

SHA512
caf003595d68bbfaebefc8fd3ac69f49decad436cb013a4293cfb730381b8307188971f8e444c23c21711d53bfb4274a012525a2a3919deccd6d73f36542b62d

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-wal
Filesize
4KB

MD5
e799fe3e4a22c71a626d1b352c8c8b09

SHA1
29b14522afb7f90e2ad6008a300aa921ee397e3e

SHA256
c3b20759360e6784dd8b9929d760d2775b31bd73ea4bf35eb57e04f32263f6aa

SHA512
790754b1735d7ef4db309ef9762a37f295aa9bcc37e74e78cc1c8bc2a58230e09e569f9706eceddb960cfa4bc69189896d7f94673fbee2949d73c84bb84542a1

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-wal
Filesize
56KB

MD5
74f978ee7bbf8114999c98e03a88830d

SHA1
1dca9f3425bbd6b3cfdbe6b196622d775d6249d7

SHA256
dd5fa10c4b326ddb83fbc0e1ef2191627ce487cdc1469c7f417d7053c4490a31

SHA512
c3b119bb5f92aa5c010c92fc63170c304ac35d30b30294fef3bc251b3307570759842092fd07b1c74a013176dee20969c7e841dbcda775e2115458068ca29d1d

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
512B

MD5
a040aad6c090c12a2e89a9ff5adae8ae

SHA1
495fa1fad2536890573ec98b463dec6451cb2474

SHA256
91e7146255e35d4520797646299536a9a66ecf54ce9270fbb929bd9eabe3912e

SHA512
d6ebe4da0b5144020f61f614a31a01e42c705bb4f65f3a96182a8a414f16f738224feba5dd06e23c665cda32a8ae1890a584c39b279016f51aef9d472f38d140

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-wal
Filesize
16KB

MD5
e86b547aaf1c8898c89737ad15232be7

SHA1
3777557ef09fb3b07b38ad95cda814104617f527

SHA256
5940b2ba1e61b4337172df5978836f36443fc2f6bbb7107068386532b56f21aa

SHA512
a9e8d282bf963c014ee224a252cbd330d05a21da2201876ca5525d777663f2b7204f34437c27c07a687e4e886ca4695bb5551c1db43347e60c9884dcb240dc89

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-wal
Filesize
48KB

MD5
37c6ca61306d9a5a2307b0eba0ea4e12

SHA1
4f1969690199da94ec1b11fcb5b9e0f668b1a022

SHA256
0436ab7cf27038063fe0264f32300b06c7d0e211c3ee9ac892c628d8047f8362

SHA512
a2ec9fd992d61db4c9d9169ba3fd5d91150dec06a6bf16b5433debfdf802b42acd2ccd8bb1ef550848f8168a9c4bb225f38c0cafd9746d1caced394bc077bab5

Download Submit
/data/data/com.mljr.pdloan/databases/hmdb
Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.mljr.pdloan/databases/hmdb-journal
Filesize
512B

MD5
8bdfdb931fc855a44e043924d4a385f8

SHA1
7aa45cc6340cf4c19267741d2b2a2efc8fb5c13f

SHA256
529fd8e1f517a1f505d49d317cd70d810e9a16ec18ab6d7007369941063333bb

SHA512
0d9ca06902bb4f542a1974356f467cfbbb72e01f9b3e19b0683c1debd1e909443eb5814805b47de6927b6be6b4c980628099406417a78b0068653d2d55690904

Download Submit
/data/data/com.mljr.pdloan/databases/hmdb-wal
Filesize
16KB

MD5
f5c9b1070920401e5dc38ec3dff7ec64

SHA1
9471fa948e548cbce38b1413f1119a69b9c77855

SHA256
b89d1be00125df7e4377942ae0f2be9ebcf70a8d1de96ae8bb0932e860f8f4dc

SHA512
db216039198ed6f6c407707d5acf016f8a34e2805f710b200a3709a73c526bb5e9a20410f8e48504fda6b8af83db0efd1e8537f91c4778fb3ea7dd8426def5a0

Download Submit
/data/data/com.mljr.pdloan/databases/tray.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mljr.pdloan/databases/tray.db-journal
Filesize
512B

MD5
0c7dd4f82c2dc4b955e392b3462a182d

SHA1
433894adf78106ac5ff5024020e7ccb987e1c24e

SHA256
6089fb38bf1de5b8cab0adf788753837b0e4200cd2e24b6d4ccc0852515f7250

SHA512
036b4c47ec0efb8511186ebae14303d9ff4fd82588ac43444aa19b8674e1f4d3e9e00f5fd9a24ce243eaaf078795ba3cfaea4c4a2c92cc668169622311f650e4

Download Submit
/data/data/com.mljr.pdloan/databases/tray.db-wal
Filesize
56KB

MD5
aebc2373a4454c13ff9043d0f0c02f4f

SHA1
d245e89d399e02c826648ee020709de4bd011a76

SHA256
f67c39ff46dbfe1f3ce9b7cde726c8a38cc9786bb8b4f1ba7762acb2ddfc54a1

SHA512
948a5f3cb3b66f867867a9daea0b4485dbc3a88332cc4144432d66425b6c363af0772c8da600a3f7ee35a81bc57a59fae8548423cdc0c8646dc2c3918dd412fa

Download Submit
/data/data/com.mljr.pdloan/files/.imprint
Filesize
994B

MD5
67be6b15349b7c540b3f612fb2d8c96b

SHA1
0785f3fb438a9d2622e02bd47c2700073d7fb756

SHA256
71ca0c9e0066312dbdd5e208b118c72b6d07e84b31c3b198963bf6f2e4babbaa

SHA512
a3edaf762007f4d9b61ac115584712ff67507bbb820cb18a1cb55851ffe4539b1f7973a56305ad86e19e8f1ff27c2276f3c9f50045503a5e7874e4764934d79c

Download Submit
/data/data/com.mljr.pdloan/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
b3f9bae958f9bf237dd71cab9aebd609

SHA1
721747062826d943a9db3c18be61d26db4b10f13

SHA256
359e4b330f52ff5168bb7a4613cf7d4bfe9b543755081bbb937cb3565ea860a4

SHA512
a504dc461b2ff8f8883ce3fdb907f8f86c1a3f63cfb141d6fdb0a002ef133a8581098292d805ddd0d3024f8a7f54726f4df3fb7a8a564ff922f568e5ea4f3b97

Download Submit
/data/data/com.mljr.pdloan/files/exid.dat
Filesize
54B

MD5
3b9f14d95a9e966349b3dc190184f7c3

SHA1
413d880944cf9fc352c6216638d003009433cf86

SHA256
f444ed6f9805b615784554292c7074b6ed204ec725544f99bdf591bf72651b7d

SHA512
a62279f6813e137effbb912ff23377d4b064e2973786b86134edf89e1b66f5b9442ef1948a4e59622ff9a5f87c3d14a3ac9aa6e20a3b5f3fb362969d93e354e7

Download Submit
/data/data/com.mljr.pdloan/files/umeng_it.cache
Filesize
211B

MD5
fb212b6626e05129de4b893df535877a

SHA1
8d5ec12da90129bb31f919f859fe5e5e812a6d1f

SHA256
9edbf26aaae296004289e643031204c4ae4cae3e6fc4f7b00396722cb6dc42e3

SHA512
2444130ad579d2e117e554e48549d479660870619cfc93af5228ac4a25de6be971a384144989aae3c8ffb8683776217176b71227bd32df49707433a6c8743b6b

Download Submit
/data/data/com.mljr.pdloan/files/umeng_it.cache
Filesize
415B

MD5
a969dcb291b797c20cab78b129f7c2be

SHA1
806a0783f115c0da306679db92d9854e1ffb143d

SHA256
fa56175f6d1d379a02c4244d2c29f208998198da340342c821ac924a060f7334

SHA512
2c7bb3f34e228453dff16a7b3cb419ace68f042f51fa94617bb12d0dfb91424fedc35d20b366be430eb783ca6cf089668633a4aebba715dbb2ee23669cce1b58

Download Submit
/storage/emulated/0/Android/data/com.mljr.pdloan/files/carrierdata/1716368266
Filesize
913B

MD5
67db67da0a284a3953d94822be2482e6

SHA1
4dbbc07eff8446defcafa2db249be611f37e295d

SHA256
9d463f7bdc38b54f10ed0736a4eb8b8c17467047017dd685d6f35ab63057dc21

SHA512
185a3e01c36b53e0fe2ff2078275edfab00e8d93b774bb447991281fb1614dda4aa6fd094f9bb419322cf04aedcb0069ef95bd2ca54b797e247b8ab6312fcf07

Download Submit
/storage/emulated/0/Android/data/com.mljr.pdloan/files/carrierdata/1716368266
Filesize
2KB

MD5
492deb735a32cab1b4114af9dc7db200

SHA1
b839be1803b16d084ff554736e20588357a2fb59

SHA256
693fbea25c9b7dd6266a85a8bbe5b9480ac99bdaa02f7692418e8c2eb0a30741

SHA512
58c083c163c455ad245c18d9acaa78795ab8b5e71710778c205d959e0a22d7b20873fc5ea64498d6785d71bf8b577f8da70de0b533f632df00033acd9e959594

Download Submit