9438c23264974cf6492f855a20f02e0d09576680b3e1e519cac7993ac266e1bf

Analysis

max time kernel
72s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
22-05-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686d516ca7c83f7ac63ad34fb23ea3ce_JaffaCakes118.apk
Size

18.6MB
MD5

686d516ca7c83f7ac63ad34fb23ea3ce
SHA1

9a9bc044984cb5e073357b9e8dc2445b1b746e1f
SHA256

9438c23264974cf6492f855a20f02e0d09576680b3e1e519cac7993ac266e1bf
SHA512

6d4c7882d480962a41e75b1d2f3bcbbb10296ea05128d2475e9fb4d0004fc6df29c876bb74013428ca09e96b27ff8d738066affef2d6c2faa5d7f95481d64bbb
SSDEEP

393216:lvCPIgbOlz0ZbYAYek9G6kQjPwhmeZQYfSjVib6wghSC:1Bgy9Jr9Gs3JJY6wghV

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.subor.pcp.parent

description ioc process

File opened for read /proc/cpuinfo com.subor.pcp.parent
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.subor.pcp.parent

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.subor.pcp.parent
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.subor.pcp.parent

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.subor.pcp.parent
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.subor.pcp.parent

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.subor.pcp.parent

description	ioc	process
File opened for read	/proc/cpuinfo	com.subor.pcp.parent

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.subor.pcp.parent

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.subor.pcp.parent

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.subor.pcp.parent

com.subor.pcp.parent
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.subor.pcp.parent/databases/cc/cc.db
Filesize
36KB

MD5
b986a138e325f9ed31653e246087baa6

SHA1
1cda06c101efbf7c89305f44b552e38282225064

SHA256
6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058

SHA512
5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db
Filesize
36KB

MD5
1b77217d803a7c04af9466680b92d104

SHA1
0cb959f4773c6730e8aed5746706c0f3ecb35c1f

SHA256
66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3

SHA512
39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
512B

MD5
28454c869ae5343a88d03e85f75c3900

SHA1
b3cd5d7aca77c7aa63c710083239fcc090d0a7ad

SHA256
b8dcc5a127c7758ec3c2d19ce9d13afeed941d170611e41527bd00a958f8b660

SHA512
6d5a6d6f1b0c478f539b947884ed7323d8a696a2667bb54e38af7e151b159fecd60d52775ba89f49ef074151323a6a735589484e834f54b188fe6da8bf5fe878

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
8KB

MD5
df75b90c157e709f8ef217cdfae4b73d

SHA1
12c7af1c6d5a3519d657a13a0fcd7a90bfbc3d48

SHA256
8b64afdbe07167eb1a2c7035e2ee596dab6d7865ef4fafe8aaa8fb97a8c0298b

SHA512
f12e99c78885092c4108f25aa78d816767918cfb853f75460e1ed06d59136f024aefb86691afaf59d9d2d36a2ada05e7d734b8cc2df6fb3591da92605c0707da

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
8KB

MD5
ff74a5c0e6c5486eb062d03cf3bc776c

SHA1
4a264483e3237e6b8ad6d89ae8bc89a267f3af05

SHA256
10dcabcd7e470049be0d7be4a0762ffcbe941d9444d3e7d9b0c50a750f85908a

SHA512
8fef5afd4ed9f1d0f43d2e93de5250939946831b0655eaae1d759613a0c297ef53eac4275d31947972ebb750a955291114284326251bab00decdaa3c771e83f3

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
8KB

MD5
c2c07687c00470fd04c3becc6c16dfa5

SHA1
7e9d14c06e48149d89520d994215aeb5543d32bc

SHA256
035ecc22c3223c982718849c056a43dc9062f3bb93d8ef79573e46774d16b683

SHA512
3d35696f752fbbc3b1136f60083b6877f6d64caf02253f90df63ea7ceb68aa6a34bc92ba45b172f9da32347caab83a4d7e2eee920c545f53b8ef9dfe108617ed

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
8KB

MD5
e9e0c2f4b0c0ee55b2da050a8e1c6e00

SHA1
96374c8cbc73fb2e4ee2f5630a78633b5e734322

SHA256
5dd935185c90a45018ebff9b02a560495a890ecd96a6c9f9eb0c4e9b56f6bd4d

SHA512
b96ee22762c201a1d4b99d82ed3f5947b2f729fc5f67bf3955f0c5b12cfa16df29082487853f2b09fdeec9baf03de0094702cf2ec6ca1caee54ade7c39bfba43

Download Submit
/data/data/com.subor.pcp.parent/databases/cc/cc.db-journal
Filesize
12KB

MD5
b98541c9d6aa05cc09e145352cdf756a

SHA1
e16f7c944a21fe63a6d016facab017c0ce903031

SHA256
68808e920ee2e124fa3e12c43775c989f63042ac9d9f20f09b8fb9853e49b58f

SHA512
d8a660610327781aa647256f91f693ccd07166e678bd7fae00475a86a537ef12a23d5035a96c703ad583ec0d9f519b8aa04e422a5e1ed349dbf4f29b38cb76d0

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
32KB

MD5
3b519158a85de62d3de4890f94ff7060

SHA1
55ab22732b81021b9370eae0dd4f1ea009fecdf5

SHA256
e69be74baf7dd796f70d0980e6e1e344f1fd53123b75693d75cc0cb0b4d3f83f

SHA512
594554c2074589e040460be0d00d8cb0d1cafea1e62fab546039f00c636cfa7e7612117bd62035db58d1bd8816b50add59bb9c35b13516fe93216047183e01af

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
16KB

MD5
5092b4e7de6392965354835a015aea8d

SHA1
92ff83ed5e55a9b3bf2ad8c80c1ef145c7b5c41a

SHA256
a5fd600c56eadeb26e1301c5796c3384d3f885e5e2c7c8dbb18d3e84e8be37c2

SHA512
07099c945432991ea5b7384c9b6986a9b2867d1e577bcc8cadd0d4972786aed2b1963ecb739fd1356b571d1e3e4521c496d916f8eaf936057672d99903793031

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db
Filesize
32KB

MD5
c87556c72b2932e815e8d3ea5ad2c965

SHA1
18feae2906eaad45097b7a51a8e72f62b6f46bfa

SHA256
2b06b074b0fbc80bd99ca0d5d9f8f1cac8aeaad3a8f388d6634a398c3955bfde

SHA512
50d14867b2d3f1ab36a8ad2608b6631fba0d4c80b617efc21826da06292bc0702a998571e29c5397e62961c18724d3372d63c018d417b3bad4a2afdbaad1ede5

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
512B

MD5
2e076e627359c50aeea00f0c3be490f2

SHA1
19233727432194bc01f67f4d48a96361d98b4f28

SHA256
880fe0800e8754eaa44422d862304ca8747f763372004291293934858b470a0a

SHA512
ea6b54cea95d4f39623f8956374a48649dc9b506abb528bd0f230efc6c6cc41365e9c58bd95a22715ce46e60a8187c0af1866fc32bbf6def78b40e4527719027

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
8KB

MD5
7a442e5494a9ed8021da597d5e85adc5

SHA1
80861512d33afb72abce5df21ca92d0d9996ca7a

SHA256
7305c81054dc75ccd31276aed26a66b1574f615b64d06f2a529aa1890f69ea16

SHA512
743813c0de02ea35ee1be9c460cc6318acd4b8d36c9232c43b9461f83d1bd01d39595cb476151099cfeaebf9a64d9999bf0462a361035c46799eb32a71412941

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
8KB

MD5
b3924b6fca800594481b2d95682acb58

SHA1
bb8d8f398a9593c1f3a6c43ff1d1fedd064e5c01

SHA256
a814e109fe5b312ee4560223c6384521ddfb6622fb1efe6dd10f70eadde08e98

SHA512
945d535722279ea208e53b6709a36c32bdf78799bfba91b71d6c7d48c8d155812c0dcfc54c7e478cb282d03bfc7d5bad3981dedc77bcaf2d75fc56ab3da08fa9

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
16KB

MD5
d2ba5c3e1111c036d209efd6d82ee1bf

SHA1
bd1a975fa6f9948c8da878e62ab31855032e0f67

SHA256
d5e24d8c01381ed77909c0d2f59cf0d44c51a3e24c6cee00f99312b317296f38

SHA512
bc926983db7bfe94549de36d039b5e2572631970014601a2db54cd803ccda2c01ebc4388fbccb8c6445ea604b7931186449f6be6ca64ccaf52d2f019fc497214

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
8KB

MD5
ec7f352c9a0c286f00be46f5886983b6

SHA1
50fecf86a6b0aa8625028bbb811ca84e82221b57

SHA256
13c997ffa53052721360f7737cc0bfa173fbb9faf75b67b483dfbdb3a14317c0

SHA512
4822347e9611a83eb9fb9c897d2de118f849099f61b7378308992dbc16a658237c3dc090fa43502a3881c36c0c507a80071ca2b3e65261e1c866fa8e55b94d67

Download Submit
/data/data/com.subor.pcp.parent/databases/ua.db-journal
Filesize
12KB

MD5
120b70b3ea471132650f4d3eb42e51d4

SHA1
fce8966a2f9974993836e14b259f93c42c85d19b

SHA256
6a84569c1f568f6c2027619aa48574d9e0493f366f7ce7b94608b733618f638c

SHA512
cd015878a47a2b93af462d13ad8d9eb96a6af658e031e99c4bff94e4f35076cbd3ba60fd29bd74220131992cc0abd717ec68703226a69ebdf8cc1dddfbd487d3

Download Submit
/data/user/0/com.subor.pcp.parent/databases/Pekall_Parent
Filesize
24KB

MD5
2011fec08f0a1bdd45c4adba155728d9

SHA1
1940b56faf4a74c8a58e06e97297f28c25f04ed0

SHA256
12622a233985e51e4a642f9211e8e5c9720e96617101abe9f44a39eb4726f336

SHA512
8d4cc73a122b7876051fa9dc7055192e273cfe995b9f3c92f955c4b41b8b68d67a6765d9bea033cf7257e33e6e760f4677b4359fcce5e439e71174c5751582ed

Download Submit
/data/user/0/com.subor.pcp.parent/databases/Pekall_Parent-journal
Filesize
512B

MD5
3df5c020345dcc2ba080e0f36f62c049

SHA1
e74e431c6a44ce4efd4372afbfc00232a10150ee

SHA256
bf324bc872d46a9cc1b97b6b22418f59bac095719019ebb92955a6647580e361

SHA512
159d516ee7b8038ffb346d8bd5fe207aca98d47c401dcce4c8715dc7742b73ba5564a6286a2abef037370bee49cc3a3c984ed2ab46b176fee2ab07c0a468ff65

Download Submit
/data/user/0/com.subor.pcp.parent/databases/Pekall_Parent-journal
Filesize
8KB

MD5
de45c9ac46ee3635d23ceec5cad37f87

SHA1
e57e31f2afc224970cd866adcf2e2891b9793aa3

SHA256
fc8a80e3f8ea80bcb52f666aae80dfe77163a2c4fa4ffdcc87222f2daa28a89a

SHA512
267046b08bf19e7776b374aff7aef762a676a2dcaccb7e6063522367c988950f9a8431f7c1a6d55bead1592fe74a40300e22c5a50c1ea24bbd86f4fa4f5a30b5

Download Submit
/data/user/0/com.subor.pcp.parent/databases/Pekall_Parent-journal
Filesize
8KB

MD5
9f76e9144b1fe894d182f4e64149dc36

SHA1
80b3964a1747f931f8af6b8487dc85d8d775946d

SHA256
5b1feac96d4e1494d2a93992a6e0cbc10b91cd9fb67debb73e48412a48117626

SHA512
410eb338dd06b4c23510b74c209502c5dbd0f3dd753baf94cecb67ada83b4e828442b8db03567ac3d23035658765e84d67f49dfc6766216afe9b6c42a4f9b84d

Download Submit
/data/user/0/com.subor.pcp.parent/files/.imprint
Filesize
932B

MD5
e6bc4b081410e1f0bab13f55c72ad6e0

SHA1
41350b9b1c85ad22ebc7ccf508be5e880b2d1a10

SHA256
4273f3642ba0af206d589b1f3fb19d8322acc486b5a95522dd96fb1f3f1ae6cd

SHA512
dce8cf6318511ac87ce8019d18a42aa2fa03015a28e5175ce233d2c96fa84cd7395c1796e1fbf189d758ec1c76fef18c2113f8d50fd398a28c6461b9393196b8

Download Submit
/data/user/0/com.subor.pcp.parent/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
583338e33cd39f26403b21d66d25d16f

SHA1
d6ecd9ad5e54ef2808071f4e03ef13930cb5d8d6

SHA256
2d99cc67dcc4ca2383c2e68d7d4b5ad76eb9ffb169d79d6eecf77307391f59a0

SHA512
6b5879f2e20cc3d88b98effd5674eeddf0a5918442c353c7229ec50d57122a924428f1b7506b96b8f4675592ccc8d946f8626e7cf5e91af4728ce64fccb3a7d1

Download Submit
/data/user/0/com.subor.pcp.parent/files/exid.dat
Filesize
57B

MD5
15d64baca5769bc02c485ed84fa330f8

SHA1
f1ed165f57bcbc2f50452509cf40918349867379

SHA256
1ea5fc76b3e40a6f73540b5da77b1d07b8f7ba1f02d32cc43b8440a5515074b0

SHA512
3af78552b3b97b0692d51ce8a3ed8485f5f95a64f71b0d3e48923efdb1c2f7aa01641bd507708418390ca3d545c6d11179b75a1ef2a3fd65d712a9baa3b4be46

Download Submit
/data/user/0/com.subor.pcp.parent/files/libcuid.so
Filesize
109B

MD5
26606ee6ef6cdfb101808a725f6b1924

SHA1
1f9cb40a4f712aef946910cf5361cd0057487353

SHA256
fadb7eb34655ac0a487c2c3c94a21d1873697727ed25003b09bfac2e39c9a43c

SHA512
7142e4d314af4be7d0c9d3d99b53742e7a179166dddb4d24266d264559e72505ba8895c170cf50bfed709045345cd1c5103f4610227e12028844729753963c45

Download Submit
/data/user/0/com.subor.pcp.parent/files/umeng_it.cache
Filesize
433B

MD5
7a256a25b2a0dc498ece40326bf47d7f

SHA1
2f23ea1bac9d0bd387242e483cb8ac98b4ae91ea

SHA256
47060f5cdacdde3514ae9e95681cfb40b44804b2ffd7f54125e30d7b5f23c734

SHA512
60bf556dd0410afed864a0481c3138bdf3e0cc3586afa37cdc8e6432e1d015244c2fb02090e867a7d22bcbb04c8a5ac59e05a0368291808782126ee5c4fb358f

Download Submit
/data/user/0/com.subor.pcp.parent/files/umeng_it.cache
Filesize
220B

MD5
8d9df48a58dd8e772e9c32510ae8147a

SHA1
974dc99d81983eee314b7b1f153a575852327a60

SHA256
7006c00e56071ef51ae75d08259c9916b3db11843af2e3c6b965ece59593629a

SHA512
1e556879c370400348d9385a717ff23c9cb3020798b5de12c0137434f90b1887ccfd56637a90e6ab0817fa680436df57d0b55ae077c67724833867a82e535d76

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
98f3eca48a9e57fb39205ca690097990

SHA1
349aa770dcee82ef866037c3076126eabc232c90

SHA256
e4d2a7b1ff7b3f0bfdc2010ff9098929e87247540b99b409ca1bfa0c1ecbcfb2

SHA512
0f77dd712914a2599984ce2585bde237de6bc32267265ad2dfd4fe26fa5381cc0f9b2b08ff29e0f1acff30ba8846a4bcf3faa0a930e96fd4be1998e9f881752b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
235181c29ed3d555de35ca427c6a00b8

SHA1
6a7c9ec774536eb83a74133101921fa2650a5256

SHA256
4f0832eac2abaaae28e63e353a4a099fb1dbfe50337f9e34ebbe018a2c801acd

SHA512
18c9ae8b9b48470604393cc83bf50553e315ac5bc11c3112022330dddb9cd311f0b375670de9c57732b3bdc3f823074ed9ef28f87f4ab825a78ec6bb321fca7e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
60beb4554c69ac96dd50780167f220a9

SHA1
89363ddfccaf39f5eed82ca77a3d180d8d1711e6

SHA256
647cae26c34499d74c4e9e516e25aa918797d96857a041fc1418edc15981fca5

SHA512
fd2378bb17970e08d120842824172faa4a8c2f765c85dc63d824209ff0b00ca296a286ebd5ea6dadc9a835ee2395c7f005477f8e082e47595a4c53e939ef1327

Download Submit
/storage/emulated/0/PcpChild/push.log
Filesize
84B

MD5
9dcff5fd0e900ad5a19d604e211bae15

SHA1
c74f67b650d5c1eeab9a6ccbfb35187ac57a55b7

SHA256
89bb28d83751bb0ab6387f72a0f7a590bbcd1a39358dba0d623e68cc872ee40b

SHA512
a16b76c175c56a506859220cdb2c9e6d9f7d929fd3307fd9c1dcfc4ba7a9bc94d3029f8bb607cdf47279b3697aa4b144502c21596bcca61591ba9899e955cb40

Download Submit
/storage/emulated/0/pekall/INSTALLATION
Filesize
32B

MD5
b7187d94197076f09a43f80f224f05eb

SHA1
61ecdc8b84e603f793740bfe5cad6d5759fe3b1d

SHA256
9d0168a22bdae40ba1a611e8d37cb5f87217e2708b2109f13c8028e685f7cc8e

SHA512
15da7fabb100f7c8b3b5f4363f7cd613aba29d4b91e910ecab73eefb2e2d52d2fc4ecd8d9f7f269d986c4107d266210896fb0650c75da860e89e0fa477b99f00

Download Submit