4d8edff6817706ad52d08c4ec74d150235f630ffe247ec76fc4b78fd970f29f8

Analysis

max time kernel
179s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67fa6212fdf71566f2c04a78d6dd354a_JaffaCakes118.apk
Size

18.6MB
MD5

67fa6212fdf71566f2c04a78d6dd354a
SHA1

3bd35235557044c414f99649cc256cae293718df
SHA256

4d8edff6817706ad52d08c4ec74d150235f630ffe247ec76fc4b78fd970f29f8
SHA512

a8baaf4476dcae830e1921d739d8d9dc3f3073e6f66832b5ba70f7985a86a37c9f091cdf1bfa65f4123be4a78fab1e5f6b1a62b629bc76b1a53e93a84d1d4564
SSDEEP

393216:4LevpdjImvV79s57UYhrDWlvtPFvw/OVEYIgToCXAN19Uj5:DjICVJOUarilX7aCTrQ39Ut

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001

Requests cell location 2 TTPs 4 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.youge.jobfinder
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.youge.jobfinder:pushservice
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.youge.jobfinder:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.youge.jobfinder:remote

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.youge.jobfinder

description ioc process

File opened for read /proc/cpuinfo com.youge.jobfinder

description	ioc	process
File opened for read	/proc/cpuinfo	com.youge.jobfinder

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.youge.jobfinder
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.youge.jobfinder:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.youge.jobfinder:remote

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.youge.jobfinder
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.youge.jobfinder:pushservice
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.youge.jobfinder:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.youge.jobfinder
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.youge.jobfinder:pushservice
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.youge.jobfinder:remote

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422

Reads the contacts stored on the device. 1 TTPs 3 IoCs

collection

T1636.003

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
URI accessed for read	content://com.android.contacts/contacts	com.youge.jobfinder
URI accessed for read	content://com.android.contacts/contacts	com.youge.jobfinder:pushservice
URI accessed for read	content://com.android.contacts/contacts	com.youge.jobfinder:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

T1624.001

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.youge.jobfinder
Framework service call	android.app.IActivityManager.registerReceiver	com.youge.jobfinder:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.youge.jobfinder:remote

Acquires the wake lock 1 IoCs

Processes:

com.youge.jobfinder:pushservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.youge.jobfinder:pushservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.youge.jobfinder:pushservice

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

T1421

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservicecom.youge.jobfinder:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.youge.jobfinder
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.youge.jobfinder:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.youge.jobfinder:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.youge.jobfindercom.youge.jobfinder:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.youge.jobfinder
Framework API call	javax.crypto.Cipher.doFinal	com.youge.jobfinder:pushservice

com.youge.jobfinder
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Reads the contacts stored on the device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4286

com.youge.jobfinder:pushservice
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Reads the contacts stored on the device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4338

com.youge.jobfinder:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Reads the contacts stored on the device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.youge.jobfinder/databases/ThrowalbeLog.db
Filesize
48KB

MD5
55f895a57c30ebd952998bb88de78976

SHA1
e0e8869c1830ce6b2c444e8afec04a338fadeac1

SHA256
ce96b6dc72f4c12ece2b4fc6bb39a2f2cb44c7f8073038f6438a6c41635a6d17

SHA512
22906a8ffe98d07788ca1afdef84b636c49f095cf0fa3e536688886cffd04c6e29e00623e0ec032a790d6137b5fd04be05153a5b62c27b3dc0e23298580b4951

Download Submit
/data/data/com.youge.jobfinder/databases/ThrowalbeLog.db-journal
Filesize
325KB

MD5
2565a5a4ac5e14f53945d7cbf2d84d9f

SHA1
96ca60aac2645fc5f0e8342dff5bbfbf6152239c

SHA256
aea7f7656e49c4ed3c9b473a872fed081e02c9b4678fb2edad959030443480f1

SHA512
a03ce10f8167afd06721da444cac9d1b6cd35901ceca31e3da1aeccae8209cc0efb923f72c82e4286690ccfbcdf3dee06adb7768351bd8a0858362d8bf665b9e

Download Submit
/data/data/com.youge.jobfinder/databases/ThrowalbeLog.db-shm
Filesize
32KB

MD5
dc4f98d8fbcc7ecde4a4d2d6f70f3678

SHA1
ef16c7bddc5868a51be22a29ef919c7b495ddd05

SHA256
592313669132c5e22b3a420716349d5edda929c69eacb1882b495f628f8c7e48

SHA512
70faf602039e67a6561d333fd96bb9bec8e947c2b7d47c8993f7f98bf8ddfb048e0f1e5512c5d7b812d881f2095a0f18645f2d3fc0180fa52526a6b65d01206f

Download Submit
/data/data/com.youge.jobfinder/databases/ThrowalbeLog.db-wal
Filesize
354KB

MD5
3b81c1526ec290aad0abbc6b75045ab1

SHA1
ec371cb15a883c81303c8c00a5d75aa590523c9c

SHA256
39a238ecdc6c27ccd87425fa6487581230036a3f56b6d7b39af7d848fdb2d00a

SHA512
6ebec45c4fa74233625d344bc653eb74a2275f63a0c8ae3803411fcd601f0321fe759e10b311dcdbfe559c6fa415554b52a9e26ade81dc6d910399563ac0ccf3

Download Submit
/data/data/com.youge.jobfinder/databases/pushsdk.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.youge.jobfinder/databases/sharesdk.db
Filesize
156KB

MD5
5bab4a7f11a4c4784419c255dc363e21

SHA1
4f013c2a9a6124c9a9502abb10775538b5169c03

SHA256
5a52b12dcf5e0bdcb9608075fd89feb69b587630ab91c1b1ea5d81b2690a1dce

SHA512
d5b7d89be6582e2dad73a2b78578e7942bba8c460026b4190d4604fb289905b012c582b502dbb20fb94ab25947f131250cc49017dba12cab110fc4494b5e0ef8

Download Submit
/data/data/com.youge.jobfinder/databases/sharesdk.db-journal
Filesize
28KB

MD5
6e3022885a321ea6ac9cf74f5476ed49

SHA1
9b31b656a9fc598e93829cc6beba65c6ab6d2f36

SHA256
3f783ecaae92e882b22f1e6e5305ddfaf563e68c0f81c865c721f3b61778924a

SHA512
89de35625c61d9ca962d7cd6c42eb8c187ec33baaca11d3487153fa0ece4758648e37012073560e736b679c1a674c3b4476d0d14eb22ab2e5e02e8a3a687f853

Download Submit
/data/data/com.youge.jobfinder/databases/sharesdk.db-shm
Filesize
32KB

MD5
f9cd921c741e9b6bde197729f984615b

SHA1
27f1b064d7489468e2d7a668b7ba188eb94e3b9e

SHA256
c6e3221b39570bd1b27cd8595d9dfbe12b2f7395f5210af0dcb2b3846b306a91

SHA512
d38409704d82623949698db1e94059b440d180df18fc4293c5d38387d0ead02966170cb11338a4a4f018d4f68ec8d0335300fe48fd505e9e96a5867defcf83fe

Download Submit
/data/data/com.youge.jobfinder/databases/sharesdk.db-wal
Filesize
32KB

MD5
e13e641b579747413120582fc0803966

SHA1
4290de6904c5fe1a4429453c61622cddc3b5024d

SHA256
2ae0f5967b99b67ee5e3172cc61bd255c190fb85838a075bfda567395776108c

SHA512
0f375a7c6a4978b3d37e9de795bb84b04c2b5bed12b32369fec86ea23ceb02900ee93873749b5e0600f452bf433320e1b38bb56a4299c19524a19a30bcde8e96

Download Submit
/data/data/com.youge.jobfinder/databases/smssdk.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.youge.jobfinder/databases/smssdk.db-journal
Filesize
512B

MD5
341a91bdd46b81c26ab96bf48cdcb701

SHA1
c153aaada465c5c17b7043ed7803ff1cae0dba73

SHA256
20fe3ee989aa500ab2be4d5e9303c785d2f55e78476a6a225344800ff92d8f11

SHA512
2a6cce4740079136bb19d8e8316ffa966ee205cd807327829aa7515f6fba1bedac30637cb605b38670b7c83ce53181b2268ff21e2b0d8c0fca2498d38d156a76

Download Submit
/data/data/com.youge.jobfinder/databases/smssdk.db-shm
Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.youge.jobfinder/databases/smssdk.db-wal
Filesize
48KB

MD5
32e68d5341e45ee6baac4d227940df2f

SHA1
0db6852111f55931b465351f11a2bf311d5052d7

SHA256
f77881096e784c321648cd2d15dfe9b0fbc1957839f08b4d9bd7aeeab81544b7

SHA512
166e6845f95d762b5afd8f458803b0a24ca4bc4bf2701d73ab38c691cff1942ead7feb82a4df5db2917fce53af1f1472a2b453b8044bdc5c12acbeb8ca106b5b

Download Submit
/data/data/com.youge.jobfinder/databases/smssdk.db-wal
Filesize
40KB

MD5
f6f03f45d9a206a49bff79c0a94e958c

SHA1
303020dbfeecebf781d74ccb60b616560a7d6b94

SHA256
94b549183974d10fc1f3d25a8d5c480f16ce982af68fd6eddefe31768841382e

SHA512
ad2fc29260486f20a3b0e4a4304f5456abc2caf49f496539b1ba28de4ebbfa865001e5527bc25afeea9738767d03298ba1088927450c5b1f4f69bd42e3eccc00

Download Submit
/data/data/com.youge.jobfinder/files/ofld/ofl.config
Filesize
235B

MD5
e753a9680bd7b28affccd0acdec50048

SHA1
114218fcd8893949a9925f5a0f05eb77fb94f8d9

SHA256
e382af90e51c4c92482f8536041f6c2595581e7453b84b4e26ab9569f0ef88f5

SHA512
7eb9353494f7a8e72597a511620a7fdcc75279c3a8ccf0d9ec0e917fc4d7b8df619de109e42eeac108948402cc031cd9d25aa08a77804d99453dbd7635c9d71c

Download Submit
/data/data/com.youge.jobfinder/files/umeng_it.cache
Filesize
310B

MD5
47de8369c6efc2033e9fe5c4ffdc6007

SHA1
983360ee25a986f555fdd541e1588ae47522edaf

SHA256
becd7ca636878123f9504d8d774202ce9a0868afe59f32de5c2afa5e5fdbd4bb

SHA512
64ae343c31411a782003520a68cb3672b63a5d3c68d7ccd6b25554c477c5e6a6e6e5b3aa8c63d0ef2e3f146566e6f7bb888e081f8316f6e72cb1e70b67dff0c6

Download Submit
/storage/emulated/0/Android/data/com.youge.jobfinder/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.youge.jobfinder/files/baidu/tempdata/llg.dat
Filesize
442B

MD5
2b35b6bdff34b07671873c546e0df056

SHA1
1a4f37363c95be9593a4d76ce0607f47da52e856

SHA256
85db238ecfcc44836e957b9ddf4c8d1aaf74208fb8a977b55906955262e2e4c4

SHA512
00285c4f7243855b4dac480979ca824be3a7ae395100739b00b3740aec1630cb379bf20db8cf7404050d978adca496cce2be3eedf15ca558e8dbf9c798a2927d

Download Submit
/storage/emulated/0/Android/data/com.youge.jobfinder/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.youge.jobfinder/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/Mob/com.youge.jobfinder/cache/.ba
Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/Mob/com.youge.jobfinder/cache/.ba
Filesize
80KB

MD5
dfacfde57db3aca620b70ef94be1f33b

SHA1
f6a1d208e4d635dedd182d92de545d3a7438a77f

SHA256
c216f7b4858688d5bb14a2d0c7274c88d8420b3e31895f1d10c77c01d738ae96

SHA512
d7183812aec6c02a605ae37d30537ee6de53a6dfe6197cc5569246b050134db5b4b82114f916548ff48bc619bd28059d2f98ad0907ea96b360be248fb1343108

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
468B

MD5
d067579d2b115dbb13a17d21d638f958

SHA1
e07ec71f813eef72f094e72422718d40f4f99741

SHA256
23bc26022607d2edd16f3529b901970c891d9ec8deaa7040407c8abbfd821bda

SHA512
7858c45bcd62b3649738a92f9491058a59ca085bbc265eb0363fea789f09656c800c46220a437f59a49232c1862cc09e6af88b8f2403670d7684f22558acc807

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
512B

MD5
8487f3e9ba30f0cf35d03115dbdda557

SHA1
1e311b60af0a62f25e64b5a4d3c4b34a9c35b2db

SHA256
d86dea810818dfcabf70070971dabc6aa52e48031ab0b3a90cbc26945f1bddc1

SHA512
aacbbec13c232a0dbe43a3625c79349b36c61d9868b38956ef30af6d98e52fcc6a75dfcffe93e3405300fde4dabb806c34449085924d0f7537f7b6a5986e7ec3

Download Submit
/storage/emulated/0/ShareSDK/.dk
Filesize
512B

MD5
9bff288519da555c7000b97991881a65

SHA1
214c30c3e883e109f4ffbdb7702105c341b23e0e

SHA256
e55eb7c2411dfa574b7f88bd3a72cbb6edacbdc1ff10eedb334c69b6f7e394db

SHA512
eb99a8275cc70483d3f9855c1866d7d36e4f73ea81d0dc9fc2fe418e09a91baada0a4840b5182ff98b1a36d13ff89b066d114d14c5792a8ed961ab4e6da83d83

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
3a21e63d62b4ce0e17b101bd0d0b5e26

SHA1
2f484a9b52e5dcbb1236161baed7403b25d7d467

SHA256
8f5e7485b876331095e62d072735b3c784be28399f682aad19153fc3365b64a3

SHA512
e09028be5c8576a7d03f99ff1ee39b7787d015627765c83b1330144106719d0af0435bca4dd8f879b39b4e49caad50e2ddf6d669f432366bb73e125e6c735aa6

Download Submit