d64f5895b913858f6e2313c663ae37cc237d0328b8f15269a5d17bb1a848429a

Analysis

max time kernel
179s
max time network
176s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
22-05-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b5edc2925b32deec519f3f10e0836d_JaffaCakes118.apk
Size

19.5MB
MD5

66b5edc2925b32deec519f3f10e0836d
SHA1

c358e525e949a6a4cc6fe730068ccbed38933b35
SHA256

d64f5895b913858f6e2313c663ae37cc237d0328b8f15269a5d17bb1a848429a
SHA512

ce91fc26ad28d3806594acbc69a24d6581719b5ee7b1fa0405a517a243c5273a280de789a00c014aa4ef1d9514b07d819604115c24c3f9c4d8c12f687052d8b0
SSDEEP

393216:G5YspE9Bl+E3FuHRWZAKUiuEgePu/QtbBwGEkoB+G4fcvm4LujHy7:2pE9B8E3FiRdK7sz/8SGjo44uTQ

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.mljr.pdloan

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mljr.pdloan
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mljr.pdloan

description ioc process

File opened for read /proc/cpuinfo com.mljr.pdloan
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mljr.pdloan

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mljr.pdloan
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.mljr.pdloan

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mljr.pdloan

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mljr.pdloan

description	ioc	process
File opened for read	/proc/cpuinfo	com.mljr.pdloan

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mljr.pdloan

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mljr.pdloan

com.mljr.pdloan
1⤵
- Requests cell location
- Checks CPU information
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4338

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
16KB

MD5
a639ba003262efe8a9e9cbf734b1564a

SHA1
c2993621d65ca0f55c26a2f961626d4a460bb683

SHA256
fac5d0591fe8aed9a85003a50cd5e19a0d1090d88308397c8f8bebd3cf189dbf

SHA512
0cf8bbd79e812ee286947a9b7a95bd71e45aa86e4481368fa1ea8cd45d701462b2742502e664ab01be22c512b758b888ed4259ddd8752c73c0ee42339a01869e

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
16KB

MD5
2a8da35a2806c01a0b21ad969d25b88e

SHA1
b2819acf8ad099d016581c973174e0d1d8bbd6b9

SHA256
1768371187c31bd8ea6c4e6d0d561be3402d7b2d11ddb6305660127e8d2d38be

SHA512
783ebc6b8cd308fbf02c864b901b0d5f4383378f7b5c1291a8b9be563d96286d438da855cd3f5fe0ae0fb15c66b5cd1ad8e36d71a2091150104e6887653ee631

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
32KB

MD5
f9eca9244aaa2cafc630d98bc1b6af0e

SHA1
a9d528d549df4250640d7d51213ff99eef2d5ed1

SHA256
21e4cdbb0530e4e8f8ee25af192e86cce6e917605050c3fcd8811768f6e87f56

SHA512
b64c02b27133da411cafde16bdd6fc2cd13b039ac9b095bab0dd6bd3fc7982fc604ebb99997251b80b1e196b6db54f6bd22e2d89a8541772107463f7fdd96987

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db
Filesize
32KB

MD5
5724a542dc55152653097457c60a6385

SHA1
1f8b22d2fb114fa88fda9e42f3ce390f95a539fa

SHA256
de52feb743a96b8662f421b7537169386ee0fe522d5b0ec027dbd4076c6ae753

SHA512
7ff7f667a6bbe463b18448ef4e3693774ac6148ed008e4507904193c7926c49ce622ad9a6a4bf96fac3b491abac2687123a8d29c7471caa20de98f3f3306840a

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
8KB

MD5
848e7f112cbaacdef7df65fd43da44ad

SHA1
4cc76ded3c941f5494d60016fa2c1c1207ab8da9

SHA256
c566651538c6b15ee11fe18a3d7659bf8275644cf7463d2c7333b87396522e40

SHA512
b9a513ba9a87f281241bf8de4df2076f3cd7468b2e9766ed09cfd027458bdc036b88bdacb794ae9066495cfc1dd41653640620db85053ee770c73c035df5e674

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
12KB

MD5
6b9d818de58cb57a9d79ee90b9047765

SHA1
524991dc8c8d966e18bdc99d87478a2dbf76922c

SHA256
1e313772a949da9bfa4b1d6fb9e3a3cf92f5634ffe0582467f7ef8b20544f9e6

SHA512
3ad1af3bac0eaf6fd612a8bd17069ca65ace82719aa57c7c0c2327ba5fdd2db6be1f7f5f387aed0115d3785dab45cd9b7fb66523df06aa16d167affd19a847ce

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
512B

MD5
5f82eb43613327633d857f0cd5b32ba1

SHA1
69cbaa8527ef5faa9978a98a5001e8899669c939

SHA256
e3cc50c4027e069a6150ec0f3d51727d850dc1ee33da34f5cb2274bb5babd71b

SHA512
a60b1bf906e31234f9dd7db1102585561bb3fb9386e67bf0fda04d7a7afee2e71be20fb10f27d6ec16f62970c213842b9b3f03d0d6be846015fc0312a6d591ac

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
8KB

MD5
f5877ea262d8f0ecf513878f3c09b1c9

SHA1
a718955a8c3b3125899793781127c3b4f1b9f53d

SHA256
ed8cd087f419ea4ea6f1d5e562d8c9bd494054f20345ad3eddd0c7d9c7d32447

SHA512
f9dc91b02954dbb10e9493bde4117f5a6e116bdf9f0c30c1251eabf975b54763c2a3cb8ed02ce4cfaf6c8ccdbea9b7ece2cc1e5261827baf9d3a4bdf76c655fe

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
8KB

MD5
65e4c35957bcc00d292c0e005b347e27

SHA1
7e2a5c3e48206ad24968c0a36f0f87a3a5dff4d5

SHA256
5ab2dd83404f0fb5084749bdbace7dce26ab15842a32fe92953d96f5ee2ff2d9

SHA512
cf45c9bbd16580058e13d437ae7683e9d5a8d52895fbdd66fb044a58ffd3b78e9946bce4cd0d6bd6e1ebfee4eb87a64b19833c48ca59325c7bb232496a98df57

Download Submit
/data/data/com.mljr.pdloan/databases/.ua/ua.db-journal
Filesize
16KB

MD5
c9f7d4825166b89fce804d71a0a39616

SHA1
a0ea525790106d0e2b673818cf6b5944e6f7e707

SHA256
5cfd7a15a003d4008ecf27ab2c3381236a561977a206d3d3926d3a0f7151b361

SHA512
972a9a0b80d4d1a9b6460d6cdedcad7be0984d20f916bb6b2cceb724516b7cab06b83e62705494bf5e7b7c071ed87bd5a04538ad99a21461f2b4d8f5f2a990c2

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db
Filesize
36KB

MD5
b986a138e325f9ed31653e246087baa6

SHA1
1cda06c101efbf7c89305f44b552e38282225064

SHA256
6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058

SHA512
5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db
Filesize
36KB

MD5
1b77217d803a7c04af9466680b92d104

SHA1
0cb959f4773c6730e8aed5746706c0f3ecb35c1f

SHA256
66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3

SHA512
39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
512B

MD5
1c0d5c4e85d728ac07166d610e4a92e6

SHA1
8b2e89a6f6d78138e484e69e924e52a169234586

SHA256
57efe887b7726ce066e911877e744de4e395f81dcb10356e1273ed9d074f84cb

SHA512
4caef80afb190b27c139b513227d6154655160483b40034df139815793c0636806c30b275f45692fad4148f3eb2227fb4e4bc15bd2d6d06b63d1565cef365e49

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
8KB

MD5
d1a6b3742359121f6ec0b5505e1c820b

SHA1
6081498aa6a1e5672fdeeaee3c0d77370b7a18c2

SHA256
9bf023630f338618b318f595d0d7905387c0b3e6cf7d8260393d36afd146434b

SHA512
2cf89b5b6fb78bd1692c0e39a2cc1c7ba6699a4c6cc17f998a8a5a425c598b843465740f10f5e071b4ab991da7071c02814929a0c011b563d0a5cc9cae0d065a

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
8KB

MD5
6b7b3256d9af64998136a4ca0fbefa58

SHA1
07fefd4cc13fa8290b8338ef4826f4442b99d69d

SHA256
11fcdcbc1c50955f168be087626cc7b38b576b6b213327ae65bcf8a40fbfbebc

SHA512
2c48bdef93af711db713b495d15943682ef53df6daf46db40aa82937bdd1d07eb127b6009f5ed21face63390e028162678935962f02a4e20c0804373d8860e4b

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
12KB

MD5
de80a56b670c7e75f20e661a150df0db

SHA1
4e96d17bb56b68b131031aac1c37c79b308a8c9e

SHA256
7744b32ad64cb0f6f0d3879576dd2a692c761ff0c4fb88a9b48bf464f769c38a

SHA512
a5eb33b0a115234fa5c4fa4ca43750aff645e88d45045d9e4be6268d60388b87dd6aa63303842bac86a7605a5281bfd7b04514dd88876ca4ecaebacc0c4e2d21

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
8KB

MD5
8ef23d05b446e2270c5f36e0e5fd713b

SHA1
a3ddb73d43dd782dae0701ef76a9a6707886bed6

SHA256
02a0c7ec7eec2d89937dd2fbde96b5dc4a0548eac39749cd309765f4ba271ff5

SHA512
75acafe1d13f90967cc0f5b69c6506e723899eedcfa69ebcbe663615083d954048baa26cd63dde443c42ed775b78d67e5f3881487903fea22ba3b8aff1aa4a7f

Download Submit
/data/data/com.mljr.pdloan/databases/cc/cc.db-journal
Filesize
8KB

MD5
2570656c222a316011c3bc6cd4b58ce0

SHA1
eaefb238a88e2c03d26c62d98f9f58cefacd7966

SHA256
723bb0acd29ac1d6f5f212ab3d310f12ad77bb97df2a3efe1da9c70c7a876bae

SHA512
d5324d32da1f53df8775433134b661f13ddcd64984cd854fbe57a2885af005f0fc2dc7353443161e10c46f5c30d7dcc196d31a013153ae53d631cd136e48d967

Download Submit
/data/user/0/com.mljr.pdloan/databases/hmdb
Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/user/0/com.mljr.pdloan/databases/hmdb-journal
Filesize
512B

MD5
4ba28b45ab005d147735d9f68cef34b7

SHA1
026275aab5927205f8d580e790a752e5c1708c13

SHA256
ca78853a1da33a379ff9d98357dc20fd560b365a416eb0790099cbe262f80b15

SHA512
7db5a69b2000bf37392e010d27035e2549bc13fa167e5f682a429e5fed52587eb361d1215fe1b406a1e44769682cc2efd48fe25f0b5fa11945f2ba64b8f3fb43

Download Submit
/data/user/0/com.mljr.pdloan/databases/hmdb-journal
Filesize
8KB

MD5
063879ccdbd9431c289221ee8ffa558d

SHA1
4547465367733de726d6b13eafd6b6c9246f4a6c

SHA256
365091cbfe1c99905036163938faecbe8ddeb80f5f902bc9705ee4d29957dd11

SHA512
3aa534070b4f781ec4d758324263e5d29263d0677c0e3a678ceecd29eee4152145dee2bd5814d7babfaab1d4831e3b8a2d593745e3ce2514582fe0324e30b38d

Download Submit
/data/user/0/com.mljr.pdloan/databases/tray.db
Filesize
28KB

MD5
4117957c1a83316857001d4dfdeee3fa

SHA1
8f812a68dc47b6edc0a50938bda30a07bdad4952

SHA256
db45bc161eb561a5811eaaf98709a0925c67cb93bc8f2eb8223b63ad1ba13169

SHA512
d1334a3d98f597ec3033cd679ac348374c99b0b3c3238df09487ba9401c941c5d9d920d54e20d1d74a55ff952031e71ede5593f0814cbdf4bf5c8ae7f64f161d

Download Submit
/data/user/0/com.mljr.pdloan/databases/tray.db-journal
Filesize
512B

MD5
75c7c5bfd563c8b5c6bf6cd2662cf04d

SHA1
4a50256d33fb9d722bdc013ffd272dd977d06c60

SHA256
6f856ee26b396acf465664bc8b462dbac73ca80fea3b597c4d6fcbf73b15a5d6

SHA512
afffe623271c899577348c4583c57fd085386db45be54610f11355aeb8356735afdb5f3bc6595e9d0d716a2cfad3da7f82fa0a9325c1925a2ab9a009552478ee

Download Submit
/data/user/0/com.mljr.pdloan/databases/tray.db-journal
Filesize
8KB

MD5
ffcf6625686b4eb562405399bc8bc5b0

SHA1
fde8b4aed76c71e453ace324e2bfe8f3b9cbe2ba

SHA256
4bf39dcc034178a91d1b3a3cc0611d57e7eb9a996943d0dea85b91b773b4bfbf

SHA512
0d883999a9c7bb1b592f0e7300a524436f0a25ca7a4fcd0100e27afa030b848e57219843895ab9b8a15d847cf788f249dcccfed7d5d4795a58e2afde11e87a44

Download Submit
/data/user/0/com.mljr.pdloan/databases/tray.db-journal
Filesize
8KB

MD5
c75238b3f7779153c01b0620fe688696

SHA1
e5b750f0f9fc8c00fae161df2cd088ce30368592

SHA256
5d69b8457c455661dda3ce7888510cd6f4c39a76adc1720c75138e1efda8dcd0

SHA512
80066eb4deffa466f777e8adf41f29bccf04388877b4ba79eafdeaebfb01da680d4fe48cf9600269016127bae4fa5547951183f9ab62f89173103c91502ff6ae

Download Submit
/data/user/0/com.mljr.pdloan/databases/tray.db-journal
Filesize
12KB

MD5
51c22351c90dda269c28381eb6b2f055

SHA1
c9ba8da10abdc954dc0ed16616f2463c074f135f

SHA256
8d113169ff68f84072d8a3f3462d9fc1c424c37ab992687fc76b2d83b061316c

SHA512
b254328c51c3c9b43d89e1ed62eca3e3487dfc6b24d6bef04964e2267aedd3bbdc05ca85ee8e22c926f09669baf38c27fe44d12f8f0b2900d0fdb44b8346491d

Download Submit
/data/user/0/com.mljr.pdloan/databases/tray.db-journal
Filesize
12KB

MD5
080f514be5b1bfb22827b38a618fda41

SHA1
1d85321771e31fc3c1d86c2b3e62e80bc0e90395

SHA256
62e42c77d057b95a9f0002a76ba120b382071cbe478a552eceb3df757b8a3469

SHA512
9176e1eb97268d302e438d158b99eaa3d489e8dfbb5e6df18f214c1df325776760a39eb2da3f8c95a2f9e16d81a3e39d76b8914daf222cccc50522328b474a0d

Download Submit
/data/user/0/com.mljr.pdloan/files/.um/um_cache_1716368319347.env
Filesize
1KB

MD5
46c98b15160159c04842ebaf1409941c

SHA1
02c2e5410b0567c81da9027810af2903ef36c8e5

SHA256
b29894e48de2a9542a72b5bdbc7cf51f1e32c35879c917e14b3281c925b5cb02

SHA512
4132b657b3a4f062d6b5288f607d55c88dab8b0de8723d963c04d112604a68deeaf0076e4aaef2b2e89e60cb5ba2db0ca2a1c743fe0f3ea36e31450290934aae

Download Submit
/data/user/0/com.mljr.pdloan/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
20ae7e680d28f89f45d044af495432fb

SHA1
cf6875689e4d4a40230da3b03cc7538c90476eba

SHA256
9b2129a067c3648e98c14629408afbd11ac25cb9d527972e4c773ab20b60a0e7

SHA512
a55fa47224b817d8fd50f6157dd95b6fca0c43dcd6dace2b9d613a55b40335c77a3c86842d0d489efaa758c3825b7a400e779a4ce8c010fb8fbc27fca4220345

Download Submit
/data/user/0/com.mljr.pdloan/files/exid.dat
Filesize
54B

MD5
3b9f14d95a9e966349b3dc190184f7c3

SHA1
413d880944cf9fc352c6216638d003009433cf86

SHA256
f444ed6f9805b615784554292c7074b6ed204ec725544f99bdf591bf72651b7d

SHA512
a62279f6813e137effbb912ff23377d4b064e2973786b86134edf89e1b66f5b9442ef1948a4e59622ff9a5f87c3d14a3ac9aa6e20a3b5f3fb362969d93e354e7

Download Submit
/data/user/0/com.mljr.pdloan/files/umeng_it.cache
Filesize
350B

MD5
8149dcfac62bd2bf7be53053f1d753c7

SHA1
fa606f598564ac0a2ae99b110274121dfd4cca9c

SHA256
608d982a0dc622d191b84805ae146e344d36990d54467fa1f17284247f86c6d7

SHA512
a7e984985fdaf57cfeb0feac3cbc1d64003fda29408f65ce8555b8867dc7b887153c775129ca93288e41cd7f6b2601f0016a9baacbc387d1f807e0aeb34155fa

Download Submit