Malware Analysis Report

2025-01-19 07:01

Sample ID 240522-wbw2bsah29
Target 68153348e95a2fc5fa214ba287ba4678_JaffaCakes118
SHA256 3a1feb3a45aa2775c57d682586522c0e778d3b0a468dcc8f212ffa69b9541ca1
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3a1feb3a45aa2775c57d682586522c0e778d3b0a468dcc8f212ffa69b9541ca1

Threat Level: Likely malicious

The file 68153348e95a2fc5fa214ba287ba4678_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks if the Android device is rooted.

Checks known Qemu pipes.

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Checks memory information

Checks CPU information

Checks known Qemu files.

Obtains sensitive information copied to the device clipboard

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Acquires the wake lock

Checks if the internet connection is available

Reads device software version

Queries the unique device ID (IMEI, MEID, IMSI)

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 17:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 17:45

Reported

2024-05-22 17:48

Platform

android-x86-arm-20240514-en

Max time kernel

178s

Max time network

187s

Command Line

com.cutt.zhiyue.android.app1138007

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cutt.zhiyue.android.app1138007

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&

io.rong.push

com.cutt.zhiyue.android.app1138007:ipc

com.cutt.zhiyue.android.app1138007:pushservice

com.cutt.zhiyue.android.app1138007:bdservice

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 s.p.qq.com udp
HK 43.159.233.222:80 s.p.qq.com tcp
US 1.1.1.1:53 fp.fraudmetrix.cn udp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
US 1.1.1.1:53 stats.cn.ronghub.com udp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
GB 8.208.8.123:80 stats.cn.ronghub.com tcp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
US 1.1.1.1:53 qn.cutt.com udp
KR 152.32.139.184:80 qn.cutt.com tcp
US 1.1.1.1:53 zhiyue.cutt.com udp
US 1.1.1.1:53 qn.zhiyueapp.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 182.140.225.41:443 qn.zhiyueapp.cn tcp
HK 43.159.233.222:80 s.p.qq.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
GB 8.208.8.123:80 nav.cn.ronghub.com tcp
KR 152.32.139.184:80 zhiyue.cutt.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 125.74.110.41:443 qn.zhiyueapp.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 150.138.188.41:443 qn.zhiyueapp.cn tcp
KR 152.32.139.184:80 zhiyue.cutt.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.98:443 tcp
CN 171.214.23.41:443 qn.zhiyueapp.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 171.214.24.41:443 qn.zhiyueapp.cn tcp
KR 152.32.139.184:80 zhiyue.cutt.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 175.4.51.41:443 qn.zhiyueapp.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar

MD5 e70723b8f6c4c7c09a6019733022cf53
SHA1 e3ca32166c65e4dc73c21347ab22d54a7b5a9a83
SHA256 32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5
SHA512 461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

/data/data/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.key

MD5 3e446f4678ab2ad4711dc00f58e0816e
SHA1 709208cb3e9fa1c69fc5142a198f74b1c8f31526
SHA256 f1d21e10b3d74b8f14dbea3a57546ef5f1540a1a81f50ede233c1655c506af6c
SHA512 1afab85ae215aa386e6050a81a5ccdfd2fb6c0bdb12a2b5cd88d07824d6a6ac3c3aab505fa7529725b73dbaa0d4d3e587896612ebc8d56d8349f13e738353409

/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar

MD5 bdfa71feb08b80b649fddcd7488b03b4
SHA1 bcacf11199fd2c353034a7271b5dbfe2dd4cbddb
SHA256 f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d
SHA512 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar

MD5 5597a541eabd3fb792c581587550dc4a
SHA1 6500b0ff20c75717e1cb67dcee76b4641a4e8a35
SHA256 473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2
SHA512 39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

/storage/emulated/0/Android/data/com.cutt.zhiyue.android.app1138007/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal

MD5 abb7e57ec81e9ec747bbd13a4673c519
SHA1 e5017750c2f773e6cab3f8e816f1510466b61649
SHA256 11ea58f2b816964c5c808b899921b22897d1efede048a804c1036f54c6b3d630
SHA512 a704f45c23495697482aa4adfe636975540774dce5d7a55dede73209ec4502db7d87c88aad84c1da7d271c522b76b76b0369e04b3f58fbfa15c2438ebe72e0e1

/data/data/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-wal

MD5 884093028a9cc66f2aa3d1c9d940881c
SHA1 eff09e6cde7991f26a845ae7f2efc6dd4fc2a115
SHA256 3dc463087f2c086f4265f1dee803c82723af3a4c143f9fa6c39c75bfef11fdda
SHA512 376c1c677c153728a6c32d2c9de8cd891ebb6b240241d0d64baa5ec81471f98955fdd0d8ae88ecc43e80ebf83cc0c679b443088db46e508572f8accfc1f75aad

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/temp/js.zip

MD5 55aab6e3ebed1c89cf76e400353dfab2
SHA1 425598bf796d3226d2a1a7f5ad262ff88b829137
SHA256 8f490873dca4e47233bb7309ffe3d429cd352de4a118afa5cfd197f49e4978bd
SHA512 517d707d5df228d378a06fa93fc79dcdaaa5eea7800f7ce4c36350cb64196c621d13828ad6d95c0061adec832bfc2bf9f17e376e1581dfceb0f6784836927be0

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/config.json

MD5 df9afc7879f00c8a3c5b0ec6d09fc8e4
SHA1 d4c4ea174d3cdd56cebcb959a6d4f0fd933ac6fd
SHA256 bcdc1dc3c64ea91ba575597eb7e9da682d7cef57a22a67f7ff33543839b20442
SHA512 0c1948cc79028a5db4e5f483866eb48b7b4d5782c370548808c148fbb0fc65792b4f402c332f98a558c6e79f2b26bcd709763167cc8f451a114ae4ea386c24f6

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/constant.js

MD5 b692fc6edd0ec1d62a221ce68f9dbbc7
SHA1 bcaeb888705d788c73b12b78152b6c20ae9c2e7a
SHA256 4b19ebb45e9f843caf02e3ab4c16df37e5556f963e1afbff60faaee777a288a8
SHA512 430c439e519b2817b74f3d44af1cd3a0e8ea0a9647522bf2db5346de7322d0e47a769a2766d641fef833582998c75c3a21c889782ca8003e09e38089c21f9e9e

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/platform.js

MD5 fc8026593aca6fba4bfb07f20c76fcca
SHA1 3fcb2335819ebe6441d08e4cdbb96225fe2ca79d
SHA256 b63f03fdbc0728313716aaf6064ea98d7aa174f1e9d583269a43806cacd92f75
SHA512 a35f63dfcdd097b97123b1e05240c4de3542caec438c30a349cfd57f77662e8ca862bf1986d3f0b9bed601de86df9cf260d2a274a0543d8cc81b1685dd99ba89

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/tencent.html

MD5 5a117771f6fea5346cfdc85529ab6dfa
SHA1 a391daf7bd0fd2b0f440e409dd040fe002bc25b3
SHA256 162e5ec1c53a0ab52fd2258b87ab5990eb31075c56cf181da2fc1c50ff34ab53
SHA512 7335b0c4f512570c7b9814593f9bc1d6ac9f94f9354d450bcff9e0e11b98e20b7485a37e4b003f725215b3981ab9572c58cbcb6d3eb888a19408e02ad7804547

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/tencent.js

MD5 02f13a2cbbef94e80f50bce62efffdae
SHA1 212cdbe575dbd9fe40b7830f60ae14eab85e3d22
SHA256 5eef28625d10f5b962d175334cbdaf1a3430820c34c1ee14fd07f0f2527601da
SHA512 0698975154ce5d728aa5e9e1018c4391ab88467ae8a141c6bd9d5e8bc4e9d66c62c2f0b0d8966c423e2c13d82064e7893d5baaa2e943e3df48a094bacdb98828

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/utils.js

MD5 58a26503d705cb5ccde97f2791439e07
SHA1 f3d564fd7512b78d5b1d981863139a5254632d84
SHA256 1d3418e3709678997252c5db7d7806af8a6b9c8122d17f12cc977e2f8dc31f11
SHA512 5434286101aad9ff1c54cbf97270e6c2a78863d025c2bb5086f5d3e31476fbc6cb14ee16d36229ef58dd993e46a74ac45232556f94a445b98e6e227f4e5f9ea2

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/verify.json

MD5 f173ddabd541bf23579f2ab677b69f99
SHA1 a1c6096a12d9e121f7e49ec16f9c0aff9c6ce4ea
SHA256 e085c105984c6c0f8c706e8d6fe4deb0ece151865992ec4dbdf2b8314c67aa43
SHA512 2b453d86ab597e2c59fbf3dd7311e7b6fbaa18531c2aad800e3bd769b4b2bf4036ecc11468343ba762be7a554dfe422b83ca5a08113ce3db9e9f64c0f6b4637a

/data/data/com.cutt.zhiyue.android.app1138007/files/tencent/js/verify.signature

MD5 08ec5e7b54359b4efc65113940c67189
SHA1 7ccd5ba836f59480bcd3dc3e42d5dc369714f0da
SHA256 e7e3d26c0714e5fca4389cc4ced543f84440a5d39433d5a4ce67be9d52d48c88
SHA512 9edafe00f971315445adc2895525e7eb65ede649861182eed3e252169b5c3ddb20f121a8aad45c2c0ab4ea96d20a22ce827745153fefbc1b83e27948b2faf2a6

/storage/emulated/0/Android/data/com.cutt.zhiyue.android.app1138007/cache/kit/journal.tmp

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/data/com.cutt.zhiyue.android.app1138007/databases/rong_version.db-journal

MD5 bc94523b0d4d44c695fa024dbe420b84
SHA1 28ca764ba332295936f7eed1a9580ea05c162b2b
SHA256 061fa0477599ae546e83c4a91d9614c69e20067439fffd308e94d0523bf78708
SHA512 0ca1e8ea6cfd7db39eefc4560351141ad5f8be15dbb26d9650e88ff3f6ffbe92d0a47885f8ded5df4ca48e8c13283582efc4943799ae15f224b778fa749a9bbc

/data/data/com.cutt.zhiyue.android.app1138007/databases/rong_version.db-wal

MD5 8ac400a18fe29051bc2fc52f460fa297
SHA1 26f72fb4b76e7e27545d71369436cf81edbc46b9
SHA256 933e31605b213eac37f297a8b178eea04228a81d36df98a564b7452d6f58baf3
SHA512 ed08ccbf405fb70ac15229be110bdc517414740b0b66727393f2162f886a9403fb174c564207982047ec6a0e31418a63cba2ba6f278650ad8be36aba5388df26

/storage/emulated/0/Tencent/OpenSDK/Logs/com.cutt.zhiyue.android.app1138007/2024-05-22/1.app.log

MD5 4a55c4276fd18d4451ebb0edf205b5dc
SHA1 9e19fdd30025b926405d5e114329a525022286ef
SHA256 6400e2f2f8a8ce7c45a9b959e1ea3a2214bf17b51b08a5910e6781bd9c2f6a3e
SHA512 1b7be267f33b35494131d0e4e9f115e7e2a773544d63f08b7a80e6e2e28767681167aa5b1b08e2105b7ec3b0b23aae1c7f478e6f794d7781e0bbf8df5e1ab2cf

/storage/emulated/0/Tencent/OpenSDK/Logs/com.cutt.zhiyue.android.app1138007/2024-05-22/1.app.log

MD5 bc0970c2546b0ecacdf81ba6026ebe6b
SHA1 29868032939e8ba4ba34aa7595f83ddc179f246f
SHA256 181a6331a7bb4a9bcaa42ca9b453d7d1678ab37e2a6d1a1740c075fb28bfc1f3
SHA512 de0d2406fff1ea33d1c0e3aa767d2303a8583f4ab91eb03508fa7a74f30b194a226133fb5b60c8f5db3051f6673d2339334d64e2907d5031a6e3f39d59cf2a15

/data/data/com.cutt.zhiyue.android.app1138007/files/mobclick_agent_cached_com.cutt.zhiyue.android.app1138007

MD5 26ed3e346d2e8c9d626c9469ceaaa4f1
SHA1 537a0cc1f7ceaba42c09e2c78edcd045d068ec2d
SHA256 28ea5042fecab1512b1cf4297885dc916c99c57887f931b12643bdc73150fe0f
SHA512 89255d8f21b70d3c61cd4f84aba64cf6fced099fadca6ebaa7f3e5df5c57d4f7d9ded5926e658351f3f12d252878e3daa06b11639f604ba64fd50a70a2cd9100

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 17:45

Reported

2024-05-22 17:48

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

190s

Command Line

com.cutt.zhiyue.android.app1138007

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads device software version

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot N/A N/A

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cutt.zhiyue.android.app1138007

com.cutt.zhiyue.android.app1138007:ipc

io.rong.push

com.cutt.zhiyue.android.app1138007:pushservice

com.cutt.zhiyue.android.app1138007:bdservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.p.qq.com udp
HK 43.129.2.192:80 s.p.qq.com tcp
US 1.1.1.1:53 fp.fraudmetrix.cn udp
US 1.1.1.1:53 stats.cn.ronghub.com udp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
GB 8.208.8.123:80 stats.cn.ronghub.com tcp
US 1.1.1.1:53 qn.cutt.com udp
KR 152.32.139.184:80 qn.cutt.com tcp
US 1.1.1.1:53 qn.zhiyueapp.cn udp
US 1.1.1.1:53 zhiyue.cutt.com udp
KR 152.32.139.184:80 zhiyue.cutt.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 47.101.54.163:443 fp.fraudmetrix.cn tcp
CN 42.101.4.41:443 qn.zhiyueapp.cn tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
HK 43.129.2.192:80 s.p.qq.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 8.208.102.120:80 nav.cn.ronghub.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
CN 222.216.122.41:443 qn.zhiyueapp.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
KR 152.32.139.184:80 zhiyue.cutt.com tcp
CN 180.97.198.41:443 qn.zhiyueapp.cn tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.179.226:443 tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.131.185.41:443 qn.zhiyueapp.cn tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
KR 152.32.139.184:80 zhiyue.cutt.com tcp
CN 27.221.77.41:443 qn.zhiyueapp.cn tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 42.81.98.41:443 qn.zhiyueapp.cn tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar

MD5 d2ab42b895bd3b08d7c6be22cbbf242a
SHA1 b6aeebccb1f8bceea3535b9ea5c60d33ce4a0a3f
SHA256 0b6877aef9c1f5a425fdd7ddb02bc124e1c43b04b8ed73c493ab543422b63cfa
SHA512 cc5c4f453c525f4aaff401216c1e93e46417472549f2b037e0c1653e9ba7d95fafde3bfe2988e11bcc2e00bfb2cc63bc496f643822cf613a64827f3ec23da6fd

/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.key

MD5 ee09ed8d053332d8d375ecfff2a2ad36
SHA1 cc8afab869154ce5edee6c3d9251fcdbf46af791
SHA256 72a01141b01038ee5532ca4a3a715b29cef1b2d037bbf0df7c8bea13ffc995f0
SHA512 5d9429e30ebeec549dde9fc6c2f1db0b995bbf3668543ca6943beedbce99e964dede79cca4557b0f41a14952f989c66d41ebd40923e4f6f31c4aa3b5b766db33

/data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar

MD5 bdfa71feb08b80b649fddcd7488b03b4
SHA1 bcacf11199fd2c353034a7271b5dbfe2dd4cbddb
SHA256 f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d
SHA512 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

/data/user/0/com.cutt.zhiyue.android.app1138007/cache/uil-images/journal.tmp

MD5 2d5244b3aa27cbc1342cb1bccb059136
SHA1 47cf4db48432a6c4f0d88c8fdc5908094d503119
SHA256 62fcbadac7e70cb9d656221530f3424ac45ea5ed4feda16b8d0485ce30020c4d
SHA512 28e5d0e436588bf81b08e99dbc1dfd4e7efaa78aabb94c4598a5e013090a879ac2d4dda76f4a82ed13d81a85df8798701a01120a9eeb02483853615012831089

/data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal

MD5 a5f5908ead51d85c382b33c09174f65b
SHA1 2c8e051f3630b8ee504fc30a6097796bee967bc5
SHA256 f8396f46183d2178c92af8d1e00e26fa40af9344f1fe552089c72041cc95215c
SHA512 b51163e8fa7edb00cbc035d2bad28d36254d7e4e2c77070ad16b45fa2948b88b576466e881bb807c73e72a7409da44c19a52699a63f62ae8703f141e188fd862

/data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db

MD5 d00bed7cff1ec028875264a61c680b10
SHA1 aa8b50578b1cc78eb77b4a32323c426e923f936e
SHA256 6b22dc0cf6ba59c164442face72013124f63ca7110ead3d53790e2057bd066ae
SHA512 b58bcd1ee5fbd09d6a726dfef5ea49006e8e20a345ba01c5bd410d10341b925a5d19efbf2cf7545f09c3d9bc95f380938fc9c3f7d7ca664242dd3cd7b521c443

/data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal

MD5 27e3e5cfdefda305eb11d80d5319bdf2
SHA1 e036e10b975dbbd95a80c054aca1a26da947a894
SHA256 36055e618d0c0b32c714fa96c2b06a9ab955616c12a7d4f43bfebe00b1297ae0
SHA512 08183af158f03cc3cf35cf2f5f37c556e0d7c7fb7b43e6915494a292b893918b97624f6eb9ba8ea4952d91d723e48ee409e1e6d01e9345520868aa9dcbda794d

/data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal

MD5 f16af00b6de74138f235c9d0a2fbe6f7
SHA1 8eb71435a04ba7e2f6c85c278b84354d474f3b19
SHA256 585a2e7bb8efaed0bd13f322ec06da8d68b754b2311d5590aca9d234d4fde842
SHA512 52102b84d435c1d7eaf22090702afb716abeea9576a4deb6a32dccb3797e5dc65943b5ae79f0db04e290a582a9ecfd23aaa9f72144e8ccf409e70a96fada9b3b

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/temp/js.zip

MD5 55aab6e3ebed1c89cf76e400353dfab2
SHA1 425598bf796d3226d2a1a7f5ad262ff88b829137
SHA256 8f490873dca4e47233bb7309ffe3d429cd352de4a118afa5cfd197f49e4978bd
SHA512 517d707d5df228d378a06fa93fc79dcdaaa5eea7800f7ce4c36350cb64196c621d13828ad6d95c0061adec832bfc2bf9f17e376e1581dfceb0f6784836927be0

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/config.json

MD5 df9afc7879f00c8a3c5b0ec6d09fc8e4
SHA1 d4c4ea174d3cdd56cebcb959a6d4f0fd933ac6fd
SHA256 bcdc1dc3c64ea91ba575597eb7e9da682d7cef57a22a67f7ff33543839b20442
SHA512 0c1948cc79028a5db4e5f483866eb48b7b4d5782c370548808c148fbb0fc65792b4f402c332f98a558c6e79f2b26bcd709763167cc8f451a114ae4ea386c24f6

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/constant.js

MD5 b692fc6edd0ec1d62a221ce68f9dbbc7
SHA1 bcaeb888705d788c73b12b78152b6c20ae9c2e7a
SHA256 4b19ebb45e9f843caf02e3ab4c16df37e5556f963e1afbff60faaee777a288a8
SHA512 430c439e519b2817b74f3d44af1cd3a0e8ea0a9647522bf2db5346de7322d0e47a769a2766d641fef833582998c75c3a21c889782ca8003e09e38089c21f9e9e

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/platform.js

MD5 fc8026593aca6fba4bfb07f20c76fcca
SHA1 3fcb2335819ebe6441d08e4cdbb96225fe2ca79d
SHA256 b63f03fdbc0728313716aaf6064ea98d7aa174f1e9d583269a43806cacd92f75
SHA512 a35f63dfcdd097b97123b1e05240c4de3542caec438c30a349cfd57f77662e8ca862bf1986d3f0b9bed601de86df9cf260d2a274a0543d8cc81b1685dd99ba89

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/tencent.html

MD5 5a117771f6fea5346cfdc85529ab6dfa
SHA1 a391daf7bd0fd2b0f440e409dd040fe002bc25b3
SHA256 162e5ec1c53a0ab52fd2258b87ab5990eb31075c56cf181da2fc1c50ff34ab53
SHA512 7335b0c4f512570c7b9814593f9bc1d6ac9f94f9354d450bcff9e0e11b98e20b7485a37e4b003f725215b3981ab9572c58cbcb6d3eb888a19408e02ad7804547

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/tencent.js

MD5 02f13a2cbbef94e80f50bce62efffdae
SHA1 212cdbe575dbd9fe40b7830f60ae14eab85e3d22
SHA256 5eef28625d10f5b962d175334cbdaf1a3430820c34c1ee14fd07f0f2527601da
SHA512 0698975154ce5d728aa5e9e1018c4391ab88467ae8a141c6bd9d5e8bc4e9d66c62c2f0b0d8966c423e2c13d82064e7893d5baaa2e943e3df48a094bacdb98828

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/utils.js

MD5 58a26503d705cb5ccde97f2791439e07
SHA1 f3d564fd7512b78d5b1d981863139a5254632d84
SHA256 1d3418e3709678997252c5db7d7806af8a6b9c8122d17f12cc977e2f8dc31f11
SHA512 5434286101aad9ff1c54cbf97270e6c2a78863d025c2bb5086f5d3e31476fbc6cb14ee16d36229ef58dd993e46a74ac45232556f94a445b98e6e227f4e5f9ea2

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/verify.json

MD5 f173ddabd541bf23579f2ab677b69f99
SHA1 a1c6096a12d9e121f7e49ec16f9c0aff9c6ce4ea
SHA256 e085c105984c6c0f8c706e8d6fe4deb0ece151865992ec4dbdf2b8314c67aa43
SHA512 2b453d86ab597e2c59fbf3dd7311e7b6fbaa18531c2aad800e3bd769b4b2bf4036ecc11468343ba762be7a554dfe422b83ca5a08113ce3db9e9f64c0f6b4637a

/data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/verify.signature

MD5 08ec5e7b54359b4efc65113940c67189
SHA1 7ccd5ba836f59480bcd3dc3e42d5dc369714f0da
SHA256 e7e3d26c0714e5fca4389cc4ced543f84440a5d39433d5a4ce67be9d52d48c88
SHA512 9edafe00f971315445adc2895525e7eb65ede649861182eed3e252169b5c3ddb20f121a8aad45c2c0ab4ea96d20a22ce827745153fefbc1b83e27948b2faf2a6

/storage/emulated/0/Android/data/com.cutt.zhiyue.android.app1138007/cache/kit/journal.tmp (deleted)

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/user/0/com.cutt.zhiyue.android.app1138007/databases/rong_version.db-journal

MD5 40548bee328d0b1a724ca77004142828
SHA1 e7af706fca2282083423c134735e241fba21b4bf
SHA256 f28ca9db4e9594f27d27d1c31e8a9f86e3f3324b42404dee5b7f4756bd58e791
SHA512 4e9e0d715dc0d9d50f8bb6b717eb88b413bf0bd511158aa7610557be9f5727414f999ca6167c6e9a60057a38bf1b21267282247d252cb6f8ada8a977f09bad9e

/data/user/0/com.cutt.zhiyue.android.app1138007/databases/rong_version.db-journal

MD5 059bdca57d200fd341827dca01e21354
SHA1 11b7c14b9e37aa53acf863372b8c35adf7bf9b2d
SHA256 5443a35d0c34de925d3dd16c848746392a525d38bff3fdec2a8ca9a0dcf42be6
SHA512 ccf66402adf0add095001c4e62267d3419c5186180cc11ac5e192891cbfbd238d275e15712384ee910dc207133428181883d6e2043197904eff5826149a2ccc1

/storage/emulated/0/Tencent/OpenSDK/Logs/com.cutt.zhiyue.android.app1138007/2024-05-22/1.app.log

MD5 87ab627a8bb8c63e6945cdf1bddb3469
SHA1 6550b4dec7738da8efb3856dc66d52b3e7b453c9
SHA256 2903f64091fe9a644802ae9bc059b4b7548408e4cff7fd6fdf29aace20b34c68
SHA512 8f7b557b1ac6a220da3b5535da8bc9659207c9f364a577ce7d4c4f43837dd0eed7eede8dece038cd756dae841748f97a732f772e89d71414ddc6f22e146ee5fc

/data/user/0/com.cutt.zhiyue.android.app1138007/files/mobclick_agent_cached_com.cutt.zhiyue.android.app1138007

MD5 5bb71f068d3594146800e4720287f555
SHA1 781591665dc6fc65bf09a6e1098594e576c3a8d1
SHA256 04d8a61bf0236d414bc720e21208c527a834f28fa3957d593715457e6a0815e4
SHA512 1e577e1c33d10bbf11b35cd912eb3865cedf53760b13e3153f89026ef823014b6917dd5b17a6e4ec762bf91db41e84df3af2f09bcb9f4750bb480b64fcfeda3c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 17:45

Reported

2024-05-22 17:45

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-22 17:45

Reported

2024-05-22 17:45

Platform

android-x64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-22 17:45

Reported

2024-05-22 17:45

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A