4454cccb94108923291ffcf26131191b3ea8bfa13c6a40c72ddf9d285be55def

Analysis

max time kernel
132s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cca3a795fde7b0c11490ceb8b5f3a57_JaffaCakes118.apk
Size

11.6MB
MD5

6cca3a795fde7b0c11490ceb8b5f3a57
SHA1

2f0bef50337e0874d57d07e4381e5d3fda93b549
SHA256

4454cccb94108923291ffcf26131191b3ea8bfa13c6a40c72ddf9d285be55def
SHA512

e4442a2ebeb78cd0f43dee8526ae937d688529bc898039810bc25066d8aff8cdf2f42c22097b1aff0a3305d654461ce1f1d9a1aac3493338e886d576f2887962
SSDEEP

196608:8+DnIKmnn7WxjCndgF1jAoWYq/BSBdiMkdM71ZJae4lf0va1guSYBMwoqecZae9q:VKnnHg+ABdiMBtw0vIgeUqq

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.yundu.YaLiMaino2594oAppcom.yundu.YaLiMaino2594oApp:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yundu.YaLiMaino2594oApp
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yundu.YaLiMaino2594oApp:remote

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.yundu.YaLiMaino2594oApp/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&com.yundu.YaLiMaino2594oApp:bdservice_v1

ioc	pid	process
/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar	4310	com.yundu.YaLiMaino2594oApp
/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar	4490	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar	4422	com.yundu.YaLiMaino2594oApp:bdservice_v1

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.yundu.YaLiMaino2594oAppcom.yundu.YaLiMaino2594oApp:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yundu.YaLiMaino2594oApp
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yundu.YaLiMaino2594oApp:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.yundu.YaLiMaino2594oApp:remotecom.yundu.YaLiMaino2594oApp

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yundu.YaLiMaino2594oApp:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yundu.YaLiMaino2594oApp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yundu.YaLiMaino2594oAppcom.yundu.YaLiMaino2594oApp:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yundu.YaLiMaino2594oApp
Framework service call	android.app.IActivityManager.registerReceiver	com.yundu.YaLiMaino2594oApp:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yundu.YaLiMaino2594oAppcom.yundu.YaLiMaino2594oApp:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yundu.YaLiMaino2594oApp
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yundu.YaLiMaino2594oApp:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yundu.YaLiMaino2594oApp:bdservice_v1

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yundu.YaLiMaino2594oApp:bdservice_v1

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino2594oApp:bdservice_v1

com.yundu.YaLiMaino2594oApp
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4310

com.yundu.YaLiMaino2594oApp:bdservice_v1
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4422

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4490

com.yundu.YaLiMaino2594oApp:remote
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4453

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar
Filesize
213KB

MD5
a355cc5e0a4f2ed0f76b25edc689830b

SHA1
34292e9a06097744da8f80658310ee8525c6e8c6

SHA256
b8ba589c433fecdc6c6b6f65d6695c1a7f175b4e5ea7f18c2298b2482ab45fce

SHA512
eb2fab44e768a93f6054362a4c2609195bb5cc48cf8c3d48483d1d5755b8b278f0353e3b9973dc25451c413e1184c0cb224b08e174561d270da3782eeacb87bf

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.key
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/files/lldt/firll.dat
Filesize
76B

MD5
b0045772e8e7ea71361985bae2baa743

SHA1
a2f881102b555adf3185d6d94008856a7633f6da

SHA256
100fa05f3e6808f030b6637caefe8b5e3e3ac8d7ff355839e8099550cb523b13

SHA512
4698a1083463bd0c19bff53f6547496fbea70939df14bfd21338b737782e9b5664912cd3cd788585a4b42edf246dc192c0e1dec69a8e2c599415acaf5f47b41d

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/files/ofld/ofl_location.db-wal
Filesize
48KB

MD5
8cb1c794b99dbc08ce277c504d7b1f0a

SHA1
d026fbad6c861db7bb898ededa97d679dd09e88f

SHA256
3bbb30b624c24128a0304d39933d6bdde3704d83f1cb4e3ae31827ec00d08d9a

SHA512
002adaf3ba6a5c98e54bde20452acdaed6763dcb992e794c9f4c80095d9923e79b97f579a858446493e893036f2c418c88610459280f066e7edbc0fb9e633b39

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/files/ofld/ofl_statistics.db-journal
Filesize
512B

MD5
3199c2eb41d0b14c3d727c072dec5791

SHA1
162081f9d79183f595c9e9bf52a3c4d0b5c36e79

SHA256
09ae847fa12f3843a251682e125fba560f3d8ff8d50235152d02d4104417f175

SHA512
3c055a2b5854042b62ac79959bff5ea49c358a95d5530330c4de370c008c1fc628bd0b4ad9277136445eb3a1d9fc22f74f18f68db9f48ea8484da0c5c9e576d6

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/lib-main/dso_deps
Filesize
160B

MD5
a415752dad4d836af329c3df25b97228

SHA1
4994f287fdbe251ccb7868ae10524c7371a3050e

SHA256
71e4d05735acc1c6df73244da7ca4306a3b54511e6423422b9b05ada45af6006

SHA512
67f034bbdfe7ef108755452b4213ec16d21c7a956719533ae86b5f24fa1abf37ec46497e88bb82e3d9aace3a57040695d412cb0d59dd94b9694c96cac38e40f0

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/lib-main/dso_manifest
Filesize
96B

MD5
78311654f314e982e34f2667f6a66333

SHA1
4ea63df7aaa8859750165214b8507105cb028cbd

SHA256
e99815be5a0dd55a11597342f734f7f0ab47f958afda840ff6b061641a9f920e

SHA512
ca81a826770fe825263cce2ad6343417278efc792a2c63c9d6f9871d7ddfb0448eda8096d135d8bd0e7e08854e2ddb443ea8232726857f0e0f73a29adb09079d

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/lib-main/dso_state
Filesize
52KB

MD5
c57be81a895fbbeb368ccd7fc19ca5b9

SHA1
5384a0021ba489800c2350462f9ced1ef07d51b2

SHA256
b69e7642b4d0a6d0a68e40fc14d663413cdca7f6177b5d78c7571f9770c8ea93

SHA512
75a3c802be0721b6052443d8a8906061f1ff0188e30e52b2d273571154814a0f4d814b9168e20410cf7e55535f2feb0e446f91e052a6d080ffecf3436686b1dd

Download Submit
/data/data/com.yundu.YaLiMaino2594oApp/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar
Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/data/user/0/com.yundu.YaLiMaino2594oApp/app_push_lib/plugin-deploy.jar
Filesize
530KB

MD5
5597a541eabd3fb792c581587550dc4a

SHA1
6500b0ff20c75717e1cb67dcee76b4641a4e8a35

SHA256
473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

SHA512
39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

Download Submit
/storage/emulated/0/.YaLiMaino2594oApp/._cache/.dat/yalioaData.db
Filesize
20KB

MD5
95112e6d86654e01805f4ec4a0f928ea

SHA1
fc34fbcc73a2c5f157d459d496cc10c698669d76

SHA256
d09300634d4d6bb7b4e6141ff85130f64119f02836f297976fbbd0c12bb679ff

SHA512
75bee419376ac312d8229ce49226cf9c91383aa8b11541af91ecea2856a039790a2b83507e2b7348d8c461119a0d0a22e3b443e6cd2a086d561e01215a24cf8f

Download Submit
/storage/emulated/0/.YaLiMaino2594oApp/._cache/.dat/yalioaData.db-journal
Filesize
156KB

MD5
16588f3b8e4cc4dce469b4f7d9628344

SHA1
fcd277803bfbb6fe57b6eecbba93cacc6c0ed920

SHA256
5e7257d19b8b6d5bd90289507e9264ba4761de4aedc602dc53e1bbdaa9def666

SHA512
bc0ea47d5b2b3d808a484a10fe18a935befa7d66ee98cef40d4164f202585caa183d0c450de4825ae8b476a11f6108b5f6c688da2ebd70a77ee627b3e49412fd

Download Submit
/storage/emulated/0/.YaLiMaino2594oApp/._cache/.dat/yalioaData.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/.YaLiMaino2594oApp/._cache/.dat/yalioaData.db-wal
Filesize
32KB

MD5
571739d6f14833374cc5d1144d4bbd4c

SHA1
947c81a251960f33adc5e34dcdfc9c6718505478

SHA256
a57c9eabeb6e1a50fefe56496fa3e4ef76c3496da8938845e9c3cb37c1bd2148

SHA512
48ee2a76c1df6281648c1c81671efb5ab3cef9a0b856564374ab8479400d34fe483211c59c85086661520b7391881e59bb33473522b6c22c766290ef7b16d61b

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2594oApp/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2594oApp/files/baidu/tempdata/llg.dat
Filesize
137B

MD5
8199b75e895e303d5276523669a28612

SHA1
c81379b9b219b7f6b79e69dc034490257f64bad7

SHA256
e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a

SHA512
abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2594oApp/files/baidu/tempdata/llg.dat
Filesize
1KB

MD5
34d7125107f092b2e561258daa857dec

SHA1
52961c3c1d812598850ae4639ed6a2669ac46c82

SHA256
54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1

SHA512
d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2594oApp/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2594oApp/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
51c55b31ebe34825fb3c11a8d39cd4d0

SHA1
d7b51665cac584e2fb069472efb2874ca7c16dd8

SHA256
315544381d6a7e1f570e07dae534607c99e5fc528dbfbf69b315e083073af161

SHA512
2ef3651eb80c0c0d5c89404a42d753abed4902d6a20532dd91e59e32032fbc1a688a384a385986f6eea239659fa1dd32060df69106eb0191606a6860376ff7d6

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db
Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
512B

MD5
3a6ebc5c50cab960e7d2269d50008fce

SHA1
fc0e3579153e1918612d23a5ae4ecc764aa7f4ad

SHA256
d0d2b624ebb87228ecb85e92380066a43ec74a08906049a64210a9b3e5f81cd6

SHA512
5faf5875dcd736ed73a5511f6e588b78a07bccb3e6971f59876035b1dec7306fb622f413ddac0896baf10dc325313a2bb14e214b02bd861bbb92022a9f970909

Download Submit