9438c23264974cf6492f855a20f02e0d09576680b3e1e519cac7993ac266e1bf

Analysis

max time kernel
89s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686d516ca7c83f7ac63ad34fb23ea3ce_JaffaCakes118.apk
Size

18.6MB
MD5

686d516ca7c83f7ac63ad34fb23ea3ce
SHA1

9a9bc044984cb5e073357b9e8dc2445b1b746e1f
SHA256

9438c23264974cf6492f855a20f02e0d09576680b3e1e519cac7993ac266e1bf
SHA512

6d4c7882d480962a41e75b1d2f3bcbbb10296ea05128d2475e9fb4d0004fc6df29c876bb74013428ca09e96b27ff8d738066affef2d6c2faa5d7f95481d64bbb
SSDEEP

393216:lvCPIgbOlz0ZbYAYek9G6kQjPwhmeZQYfSjVib6wghSC:1Bgy9Jr9Gs3JJY6wghV

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.subor.pcp.parent

description ioc process

File opened for read /proc/cpuinfo com.subor.pcp.parent
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.subor.pcp.parent

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.subor.pcp.parent
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.subor.pcp.parent

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.subor.pcp.parent
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.subor.pcp.parent

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.subor.pcp.parent
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.subor.pcp.parent

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.subor.pcp.parent
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.subor.pcp.parent

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.subor.pcp.parent

description	ioc	process
File opened for read	/proc/cpuinfo	com.subor.pcp.parent

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.subor.pcp.parent

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.subor.pcp.parent

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.subor.pcp.parent

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.subor.pcp.parent

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.subor.pcp.parent

com.subor.pcp.parent
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.subor.pcp.parent/databases/Pekall_Parent
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.subor.pcp.parent/databases/Pekall_Parent-journal
Filesize
512B

MD5
165ccaecdd75515951f7142b4f57f921

SHA1
c1a7adb949c750f46d1bf28137f50fec204304b5

SHA256
f3e425fc29f49ddd0b1c9acec8b7f6750f7373580c81d1347c6b70fe40e1cd08

SHA512
01bc125efdaea5f05c862432684b8bd0b6cf7e53601852dfa02ece099cd9f2b390424ea61a2d89d96efca69247f95198e35155fe8990834e62883a72c17e94b6

Download Submit
/data/data/com.subor.pcp.parent/databases/Pekall_Parent-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.subor.pcp.parent/databases/Pekall_Parent-wal
Filesize
36KB

MD5
3351423fec9eec37886077efabb9651e

SHA1
25f1e08fad397f23747750b9c6c6ddbcdbed35ff

SHA256
838a46db72905e14a9bf875f839cf2d85bdaff6af0a136fdb103178b0bc0e340

SHA512
4dba59aad9ee14509e3c516454814c16684e330652cd3b263a6a7639a3a18fc6ea985123477511bb95024ef038d352e8e61dd80f498073914615f490205977cf

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
512B

MD5
f6bca1cb6959beb6a9acf9c0112156b0

SHA1
121b5fd60dec2ed5b06b49267e19cd4468a27a7d

SHA256
67e5ce5bf4790058a3b93e3c76f20b6472f76d467e326e1ea03de21776df8c56

SHA512
5f6162fc03082c5fa19381004bbb4f1f80c82d63a3dccb5e3477d45d75b818fa8b24d3d6afdea1c5fd07eb8e9f04c1387bc890666b36f79012b9ada9cadb4471

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-wal
Filesize
48KB

MD5
79ccac421fc2067712835291f21c3660

SHA1
b06415b5b247a616170ef7f7d8d2aa55f2d39979

SHA256
6ee4c871fc63d130bc74bb83f8dff19a67eb9c1a2b36a2482e56a67600754bfe

SHA512
2e0e4a27f5c57033b7a0d3c496530a58a20989d6a145fd3150a50986908151b8704ff8c77c5de03ca13b596bf519e7e872792d3b506054dbc659fcd30f428125

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-wal
Filesize
16KB

MD5
9233a4aa291251d248e6b9230ac1daa1

SHA1
2205a19e6e410304384759b415a7c4ee773a8fb6

SHA256
bd6fa7cb8bbd5dbba99fdadea908952ce2b834caf5fb66e9953be8ef48576413

SHA512
ec795835b874d25dbd39be90dd5e8f3e28fd54fd6d7b729228ca5882fa6f06f0ce4005ae6abefe1a066cf69741e041cda90e7a85fbeedd05a88b164b84d9f4be

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
32KB

MD5
16939a1771b2a41aeab460207630feab

SHA1
04f10070d0dac0254ace4b3b3a41775cb263a338

SHA256
69f95fa7552266a58ab148e59d606acb9fdccc270caef386a09214830142ef34

SHA512
4151a68926ead92cd1ec7e8d93fdf2910757b9312e13cf4afbeb3eb21b2271913eb092877661e39d1948d5df34d2ef72f558f04141008a0ccfe87d9c0fe79662

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
16KB

MD5
3ea89c8cbd781011cd16957857758f51

SHA1
dcc914422dc61cc9647b5d682a73e7707b84990c

SHA256
352bfc3ecd6b3f7440f702fe797406d343713d9a22ec632b3c232ef81309f2bb

SHA512
5092c9785746eb2a49bda757119d8db082d2b863b7f12d10bf9e4a3e48cadf79c94847ab1ec08aa74c46b8b752d62dbb2833f9da5310d2ac18e5f5840cb5777a

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
16KB

MD5
e94420f1e6e63444dcce2695329e74f1

SHA1
675def550a3123a12301dd62f171035c99b5768d

SHA256
5202af8908424aaf37734f25fb1882dd950d70fa68d19c43ac5fa4d7faf7666f

SHA512
adeeeb0fca47d9c601e56ebbb361c5513b0c60a067baf5f78a6a4d8424249f186988de50fda9e546f4ddc0c5465858a76def2bb0f9aec60bc30d3d65db0419e5

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
512B

MD5
aa150e329d39838f78337f15c010c506

SHA1
1458ae1e49533edd332f91c1eb4e6158d3c232f5

SHA256
b6837dafb2561e5b3cc0873c35cd747d83bec50069c1aed58960041b9e3e0ab1

SHA512
ec5583890e42b5c4a1df660f7c5257d03ea3ddab75135309b75ba509168567a49ee9c8253286e51750e10b00ee8d007d399aed94666798950c3d1d92387afeee

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal
Filesize
56KB

MD5
d68e9f1edd06cdab84e899003674fd40

SHA1
058b65eba27dda1fefe4ae8a4a4869f91004aaa2

SHA256
3f5cd99fcb6e1bc725cec6a2d15e8c59bf841c818707864a3dad219716012a4c

SHA512
cf557592bd971cfb3223d5bd7d3ba9994a637e9c7e7b64dcf3dbe9723e8a3ac930b03b11eb246724b58b2255e35521d7e508c79d11eafd932e7b473b7d207964

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal
Filesize
8KB

MD5
47846fb16675c2882a425d6bba4b6b76

SHA1
fcf9ccdbcf367cf06a3030c8658bbd3212ae9d73

SHA256
28a484a5619c4fd0e14f5685a781302937399a8246cdd16f175d23f0362b6552

SHA512
0a57b1207a4cbf648e4923fbd7d4d78eea69be7504d00fe1d2f3542c80c5434d4d6dfa6959aa8843c34de07eb0e9835139fbf112e860137ed9588a7b13112b04

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal
Filesize
4KB

MD5
1196d2fda70cb71206acfa28ab73f18f

SHA1
09689035cc92bdd77a8ef1f2f961ad8d925bff44

SHA256
4b473ce695465407845a431a120f54be3fe33baee1c5f87183d0771b8a6f2a13

SHA512
50d902f814fa7357392018b6acb8d639180ebc97db0a7d434b0adaad2fe78643fa1dc746e86428669eae0e07091c54711da01d6c0867c1ede407aa56d8d2c112

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-wal
Filesize
4KB

MD5
8fb2143bc6655ca2f7d35d6ff23165c6

SHA1
ca01c47c790e8aefd4a6598a8312d230c6ad06f5

SHA256
838f5438e3df786b8b433b9536ec137868c5ea7efdc90e0846319e7012c3e98f

SHA512
df2de8fbac05fa646ecea8fec1524ea41bd7bc6f14dd26c941622b915b678d0163a307238ac320f533a6d62e0b809b6b453b8beb7fa82d584cefcb88f058c196

Download Submit
/data/data/com.subor.pcp.parent/files/.imprint
Filesize
1004B

MD5
6fab0d71fe3f074ce3622917a3c96e9c

SHA1
7b702b1ad08a2c8904309b5c2386cd22c7a442e7

SHA256
9257d6e9d0d3053701e856aab774e72789506085936d7f80b680ac6cef42d491

SHA512
399031d6340441ae09e86548a1602707281c396ff7758d897d752c98922aa57b250b0597165f9704744c58e950504f39eef9634673548d25bd16d075e299282a

Download Submit
/data/data/com.subor.pcp.parent/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
8bccc832286dad369d8bddc60f572596

SHA1
c09e675424297d913958dfdff2d359cd75bb6398

SHA256
3246cc2b36af07186d2995d0d7cf3bc34fa73484db1876e682c6bd26e6386b48

SHA512
da0b530533b7865fa73ccb24058b2474d0c5629ee1692b40cbf9f63f0e48ac7621df113eb531016cde038398404fcb6b05b76b26671a66a7ac28801f530aceda

Download Submit
/data/data/com.subor.pcp.parent/files/exid.dat
Filesize
57B

MD5
15d64baca5769bc02c485ed84fa330f8

SHA1
f1ed165f57bcbc2f50452509cf40918349867379

SHA256
1ea5fc76b3e40a6f73540b5da77b1d07b8f7ba1f02d32cc43b8440a5515074b0

SHA512
3af78552b3b97b0692d51ce8a3ed8485f5f95a64f71b0d3e48923efdb1c2f7aa01641bd507708418390ca3d545c6d11179b75a1ef2a3fd65d712a9baa3b4be46

Download Submit
/data/data/com.subor.pcp.parent/files/libcuid.so
Filesize
129B

MD5
8d771247f6e95adf52e3546551b1d598

SHA1
eacba8b81f7872235388bcdd950c85937f4fef35

SHA256
a10df2d08d6e509c5da7cafbc18834771cfc460354d55e8fdf6a6f788bc8f493

SHA512
1d19086fd1e0e6a9903d7e885223b18496d9f3706386c356dcfd0e9a7656d98ed40801a63565d0b18db56c1d9204e3da9078bcd4de8f99d168e766bd800b94b4

Download Submit
/data/data/com.subor.pcp.parent/files/umeng_it.cache
Filesize
496B

MD5
c4c2fdf554fe9edc48270e16cd4b9561

SHA1
eb9875449a8984f4f38883057cfe798c6042b76c

SHA256
de44ed47e902c9d9766557fbb94235e0a0ef8d7fdede9cc0c981c5139fd44601

SHA512
9b32364cc74b3cc66d613bac4304358eeccc848a3c634617929b7975db456f0a6a2ae55f28fb35d26a54eaa7ec5b60450b5cc828a4500b31a6937d4505262c8e

Download Submit
/data/data/com.subor.pcp.parent/files/umeng_it.cache
Filesize
252B

MD5
9f21afd6bc3a2dd263e69f1c27272a94

SHA1
270d0feb7df6469b7791853bd60377ffc5a999c4

SHA256
2793b4c3a3946d92b789cf97ec4e8bd07e8960a662be8a63d7a4f801fa9d5393

SHA512
737ef86404fceaee6d17393caf0698bf37f94d92bc545078e02f1fb6b67dbfc2fee78b574185db5d835e2d3fc8b6e6283839eacad037a095bbbc4ad0b3ccc45e

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
a4f836a510f0f18a067641e945bedc50

SHA1
7d0a7128a5268450febf32718f97ba01fd7dfd66

SHA256
3fab91d3db691d96533b5516563d6094af86337da950310ac723aa05043b3f5c

SHA512
da0c845076f6174c72b6d7a912ffa211223104ca8ed769c2f35a7d2dd6986583f2609f3f5cdddfdff10841633c1b0f4f1d09edfafdeb026cbe46281df980a38c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
0a724012f20a25029148b6be8c2506bc

SHA1
40a35b040fdc6ebc98b9fad38b56375e9cdf000c

SHA256
d6afb84e837b25ac6a2e3bdb133aac430d5db82cba7b5ffffae68c325987e2cc

SHA512
1191b3be19885afcad68492723882fa5424631797707d08afc45898c3f73bf271f2e395d10e2080a6109c8f95be09315dc4289cb7ed0d07c71a69aa1386d4c45

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
26384f4b9ffa9d487abc61d7ce30c16d

SHA1
f544c6132623b607bb04fc71539d7697eaa49123

SHA256
7402db948d0e5b5a69cd4d7d8b04297690729e9277a406f0de7678980263fb57

SHA512
e402aafdadb3302fdc104f1b6828394269ed2212c912f93881934efe67950f8fb3ba9f40feb47a1f5b5dacd7d7b18297d853b01ec8bf7300b34673d2a3aa4340

Download Submit
/storage/emulated/0/PcpChild/push.log
Filesize
84B

MD5
0396c29a9e6b8003a51adc4acbcd2dfa

SHA1
d83cbb72c005558135cfeb0ec396f690a4a24aad

SHA256
74bab4c654cd39e243e0bd6abd79b37494fc3487443332bdae1416fba1e4dfab

SHA512
c8a1a6d9c7b89072420e25923bc43f6a0c20b4eb8cce7519299fcd47e1d0275a8075aa94332ddc6e50543e3d8f3fddc8274a57278d5d6da43f2639a788a50a3d

Download Submit
/storage/emulated/0/pekall/INSTALLATION
Filesize
32B

MD5
464860dc842c83a275de1e39af368f6a

SHA1
7cee1e1fd8411c084f5a0434ecf45dcb514c172b

SHA256
7c753f401f71c199c9496a12752b43db77b023dbb1faaa1914d44f0c1113d452

SHA512
c0e8e4228708bd6ce60bc2d2c67af1ee94b89b04b6227c36ba261724c097aa66ca85a34bbb4001f1cfba08c98bd438a54c35a16059015295ac237828542e138b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads