9438c23264974cf6492f855a20f02e0d09576680b3e1e519cac7993ac266e1bf

Analysis

max time kernel
89s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686d516ca7c83f7ac63ad34fb23ea3ce_JaffaCakes118.apk
Size

18.6MB
MD5

686d516ca7c83f7ac63ad34fb23ea3ce
SHA1

9a9bc044984cb5e073357b9e8dc2445b1b746e1f
SHA256

9438c23264974cf6492f855a20f02e0d09576680b3e1e519cac7993ac266e1bf
SHA512

6d4c7882d480962a41e75b1d2f3bcbbb10296ea05128d2475e9fb4d0004fc6df29c876bb74013428ca09e96b27ff8d738066affef2d6c2faa5d7f95481d64bbb
SSDEEP

393216:lvCPIgbOlz0ZbYAYek9G6kQjPwhmeZQYfSjVib6wghSC:1Bgy9Jr9Gs3JJY6wghV

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.subor.pcp.parent

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.subor.pcp.parent

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.subor.pcp.parent

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.subor.pcp.parent

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.subor.pcp.parent

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.subor.pcp.parent

com.subor.pcp.parent
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.subor.pcp.parent/databases/Pekall_Parent

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.subor.pcp.parent/databases/Pekall_Parent-journal

Filesize
512B

MD5
165ccaecdd75515951f7142b4f57f921

SHA1
c1a7adb949c750f46d1bf28137f50fec204304b5

SHA256
f3e425fc29f49ddd0b1c9acec8b7f6750f7373580c81d1347c6b70fe40e1cd08

SHA512
01bc125efdaea5f05c862432684b8bd0b6cf7e53601852dfa02ece099cd9f2b390424ea61a2d89d96efca69247f95198e35155fe8990834e62883a72c17e94b6

Download Submit
/data/data/com.subor.pcp.parent/databases/Pekall_Parent-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.subor.pcp.parent/databases/Pekall_Parent-wal

Filesize
36KB

MD5
3351423fec9eec37886077efabb9651e

SHA1
25f1e08fad397f23747750b9c6c6ddbcdbed35ff

SHA256
838a46db72905e14a9bf875f839cf2d85bdaff6af0a136fdb103178b0bc0e340

SHA512
4dba59aad9ee14509e3c516454814c16684e330652cd3b263a6a7639a3a18fc6ea985123477511bb95024ef038d352e8e61dd80f498073914615f490205977cf

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal

Filesize
512B

MD5
f6bca1cb6959beb6a9acf9c0112156b0

SHA1
121b5fd60dec2ed5b06b49267e19cd4468a27a7d

SHA256
67e5ce5bf4790058a3b93e3c76f20b6472f76d467e326e1ea03de21776df8c56

SHA512
5f6162fc03082c5fa19381004bbb4f1f80c82d63a3dccb5e3477d45d75b818fa8b24d3d6afdea1c5fd07eb8e9f04c1387bc890666b36f79012b9ada9cadb4471

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-wal

Filesize
48KB

MD5
79ccac421fc2067712835291f21c3660

SHA1
b06415b5b247a616170ef7f7d8d2aa55f2d39979

SHA256
6ee4c871fc63d130bc74bb83f8dff19a67eb9c1a2b36a2482e56a67600754bfe

SHA512
2e0e4a27f5c57033b7a0d3c496530a58a20989d6a145fd3150a50986908151b8704ff8c77c5de03ca13b596bf519e7e872792d3b506054dbc659fcd30f428125

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-wal

Filesize
16KB

MD5
9233a4aa291251d248e6b9230ac1daa1

SHA1
2205a19e6e410304384759b415a7c4ee773a8fb6

SHA256
bd6fa7cb8bbd5dbba99fdadea908952ce2b834caf5fb66e9953be8ef48576413

SHA512
ec795835b874d25dbd39be90dd5e8f3e28fd54fd6d7b729228ca5882fa6f06f0ce4005ae6abefe1a066cf69741e041cda90e7a85fbeedd05a88b164b84d9f4be

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db

Filesize
32KB

MD5
16939a1771b2a41aeab460207630feab

SHA1
04f10070d0dac0254ace4b3b3a41775cb263a338

SHA256
69f95fa7552266a58ab148e59d606acb9fdccc270caef386a09214830142ef34

SHA512
4151a68926ead92cd1ec7e8d93fdf2910757b9312e13cf4afbeb3eb21b2271913eb092877661e39d1948d5df34d2ef72f558f04141008a0ccfe87d9c0fe79662

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db

Filesize
16KB

MD5
3ea89c8cbd781011cd16957857758f51

SHA1
dcc914422dc61cc9647b5d682a73e7707b84990c

SHA256
352bfc3ecd6b3f7440f702fe797406d343713d9a22ec632b3c232ef81309f2bb

SHA512
5092c9785746eb2a49bda757119d8db082d2b863b7f12d10bf9e4a3e48cadf79c94847ab1ec08aa74c46b8b752d62dbb2833f9da5310d2ac18e5f5840cb5777a

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db

Filesize
16KB

MD5
e94420f1e6e63444dcce2695329e74f1

SHA1
675def550a3123a12301dd62f171035c99b5768d

SHA256
5202af8908424aaf37734f25fb1882dd950d70fa68d19c43ac5fa4d7faf7666f

SHA512
adeeeb0fca47d9c601e56ebbb361c5513b0c60a067baf5f78a6a4d8424249f186988de50fda9e546f4ddc0c5465858a76def2bb0f9aec60bc30d3d65db0419e5

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal

Filesize
512B

MD5
aa150e329d39838f78337f15c010c506

SHA1
1458ae1e49533edd332f91c1eb4e6158d3c232f5

SHA256
b6837dafb2561e5b3cc0873c35cd747d83bec50069c1aed58960041b9e3e0ab1

SHA512
ec5583890e42b5c4a1df660f7c5257d03ea3ddab75135309b75ba509168567a49ee9c8253286e51750e10b00ee8d007d399aed94666798950c3d1d92387afeee

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal

Filesize
56KB

MD5
d68e9f1edd06cdab84e899003674fd40

SHA1
058b65eba27dda1fefe4ae8a4a4869f91004aaa2

SHA256
3f5cd99fcb6e1bc725cec6a2d15e8c59bf841c818707864a3dad219716012a4c

SHA512
cf557592bd971cfb3223d5bd7d3ba9994a637e9c7e7b64dcf3dbe9723e8a3ac930b03b11eb246724b58b2255e35521d7e508c79d11eafd932e7b473b7d207964

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal

Filesize
8KB

MD5
47846fb16675c2882a425d6bba4b6b76

SHA1
fcf9ccdbcf367cf06a3030c8658bbd3212ae9d73

SHA256
28a484a5619c4fd0e14f5685a781302937399a8246cdd16f175d23f0362b6552

SHA512
0a57b1207a4cbf648e4923fbd7d4d78eea69be7504d00fe1d2f3542c80c5434d4d6dfa6959aa8843c34de07eb0e9835139fbf112e860137ed9588a7b13112b04

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal

Filesize
4KB

MD5
1196d2fda70cb71206acfa28ab73f18f

SHA1
09689035cc92bdd77a8ef1f2f961ad8d925bff44

SHA256
4b473ce695465407845a431a120f54be3fe33baee1c5f87183d0771b8a6f2a13

SHA512
50d902f814fa7357392018b6acb8d639180ebc97db0a7d434b0adaad2fe78643fa1dc746e86428669eae0e07091c54711da01d6c0867c1ede407aa56d8d2c112

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal

Filesize
4KB

MD5
8fb2143bc6655ca2f7d35d6ff23165c6

SHA1
ca01c47c790e8aefd4a6598a8312d230c6ad06f5

SHA256
838f5438e3df786b8b433b9536ec137868c5ea7efdc90e0846319e7012c3e98f

SHA512
df2de8fbac05fa646ecea8fec1524ea41bd7bc6f14dd26c941622b915b678d0163a307238ac320f533a6d62e0b809b6b453b8beb7fa82d584cefcb88f058c196

Download Submit
/data/data/com.subor.pcp.parent/files/.imprint

Filesize
1004B

MD5
6fab0d71fe3f074ce3622917a3c96e9c

SHA1
7b702b1ad08a2c8904309b5c2386cd22c7a442e7

SHA256
9257d6e9d0d3053701e856aab774e72789506085936d7f80b680ac6cef42d491

SHA512
399031d6340441ae09e86548a1602707281c396ff7758d897d752c98922aa57b250b0597165f9704744c58e950504f39eef9634673548d25bd16d075e299282a

Download Submit
/data/data/com.subor.pcp.parent/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
8bccc832286dad369d8bddc60f572596

SHA1
c09e675424297d913958dfdff2d359cd75bb6398

SHA256
3246cc2b36af07186d2995d0d7cf3bc34fa73484db1876e682c6bd26e6386b48

SHA512
da0b530533b7865fa73ccb24058b2474d0c5629ee1692b40cbf9f63f0e48ac7621df113eb531016cde038398404fcb6b05b76b26671a66a7ac28801f530aceda

Download Submit
/data/data/com.subor.pcp.parent/files/exid.dat

Filesize
57B

MD5
15d64baca5769bc02c485ed84fa330f8

SHA1
f1ed165f57bcbc2f50452509cf40918349867379

SHA256
1ea5fc76b3e40a6f73540b5da77b1d07b8f7ba1f02d32cc43b8440a5515074b0

SHA512
3af78552b3b97b0692d51ce8a3ed8485f5f95a64f71b0d3e48923efdb1c2f7aa01641bd507708418390ca3d545c6d11179b75a1ef2a3fd65d712a9baa3b4be46

Download Submit
/data/data/com.subor.pcp.parent/files/libcuid.so

Filesize
129B

MD5
8d771247f6e95adf52e3546551b1d598

SHA1
eacba8b81f7872235388bcdd950c85937f4fef35

SHA256
a10df2d08d6e509c5da7cafbc18834771cfc460354d55e8fdf6a6f788bc8f493

SHA512
1d19086fd1e0e6a9903d7e885223b18496d9f3706386c356dcfd0e9a7656d98ed40801a63565d0b18db56c1d9204e3da9078bcd4de8f99d168e766bd800b94b4

Download Submit
/data/data/com.subor.pcp.parent/files/umeng_it.cache

Filesize
496B

MD5
c4c2fdf554fe9edc48270e16cd4b9561

SHA1
eb9875449a8984f4f38883057cfe798c6042b76c

SHA256
de44ed47e902c9d9766557fbb94235e0a0ef8d7fdede9cc0c981c5139fd44601

SHA512
9b32364cc74b3cc66d613bac4304358eeccc848a3c634617929b7975db456f0a6a2ae55f28fb35d26a54eaa7ec5b60450b5cc828a4500b31a6937d4505262c8e

Download Submit
/data/data/com.subor.pcp.parent/files/umeng_it.cache

Filesize
252B

MD5
9f21afd6bc3a2dd263e69f1c27272a94

SHA1
270d0feb7df6469b7791853bd60377ffc5a999c4

SHA256
2793b4c3a3946d92b789cf97ec4e8bd07e8960a662be8a63d7a4f801fa9d5393

SHA512
737ef86404fceaee6d17393caf0698bf37f94d92bc545078e02f1fb6b67dbfc2fee78b574185db5d835e2d3fc8b6e6283839eacad037a095bbbc4ad0b3ccc45e

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
a4f836a510f0f18a067641e945bedc50

SHA1
7d0a7128a5268450febf32718f97ba01fd7dfd66

SHA256
3fab91d3db691d96533b5516563d6094af86337da950310ac723aa05043b3f5c

SHA512
da0c845076f6174c72b6d7a912ffa211223104ca8ed769c2f35a7d2dd6986583f2609f3f5cdddfdff10841633c1b0f4f1d09edfafdeb026cbe46281df980a38c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
0a724012f20a25029148b6be8c2506bc

SHA1
40a35b040fdc6ebc98b9fad38b56375e9cdf000c

SHA256
d6afb84e837b25ac6a2e3bdb133aac430d5db82cba7b5ffffae68c325987e2cc

SHA512
1191b3be19885afcad68492723882fa5424631797707d08afc45898c3f73bf271f2e395d10e2080a6109c8f95be09315dc4289cb7ed0d07c71a69aa1386d4c45

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
26384f4b9ffa9d487abc61d7ce30c16d

SHA1
f544c6132623b607bb04fc71539d7697eaa49123

SHA256
7402db948d0e5b5a69cd4d7d8b04297690729e9277a406f0de7678980263fb57

SHA512
e402aafdadb3302fdc104f1b6828394269ed2212c912f93881934efe67950f8fb3ba9f40feb47a1f5b5dacd7d7b18297d853b01ec8bf7300b34673d2a3aa4340

Download Submit
/storage/emulated/0/PcpChild/push.log

Filesize
84B

MD5
0396c29a9e6b8003a51adc4acbcd2dfa

SHA1
d83cbb72c005558135cfeb0ec396f690a4a24aad

SHA256
74bab4c654cd39e243e0bd6abd79b37494fc3487443332bdae1416fba1e4dfab

SHA512
c8a1a6d9c7b89072420e25923bc43f6a0c20b4eb8cce7519299fcd47e1d0275a8075aa94332ddc6e50543e3d8f3fddc8274a57278d5d6da43f2639a788a50a3d

Download Submit
/storage/emulated/0/pekall/INSTALLATION

Filesize
32B

MD5
464860dc842c83a275de1e39af368f6a

SHA1
7cee1e1fd8411c084f5a0434ecf45dcb514c172b

SHA256
7c753f401f71c199c9496a12752b43db77b023dbb1faaa1914d44f0c1113d452

SHA512
c0e8e4228708bd6ce60bc2d2c67af1ee94b89b04b6227c36ba261724c097aa66ca85a34bbb4001f1cfba08c98bd438a54c35a16059015295ac237828542e138b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads