f13a55d3c7d450d31bf2cde8ecc50b182a859083bf3ad3b488faa8508e37c12c

Analysis

max time kernel
179s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e675186db3d494e442b1cb48ef59a9e_JaffaCakes118.apk
Size

15.1MB
MD5

6e675186db3d494e442b1cb48ef59a9e
SHA1

d4aa523f0b9528405ca37bec0a54e178c622a331
SHA256

f13a55d3c7d450d31bf2cde8ecc50b182a859083bf3ad3b488faa8508e37c12c
SHA512

294a2f2e38a3086a404452ff5e98749e50b6e61109a051e6de03832c4389f41a77eb02e1023b077b8b87abe70a039aff1a88f179537a3b63a1ec86097ce7adeb
SSDEEP

393216:683oi8v0YT0kOgpTFQqMxqIurTKuzpO2qjt:68YiA0YAeFHQqIuxsFx

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.lezhi.townpolicewoman

ioc process

/system/app/Superuser.apk com.lezhi.townpolicewoman
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

System Checks
T1633.001

Processes:

com.lezhi.townpolicewoman

description ioc process

Accessed system property key: ro.product.model com.lezhi.townpolicewoman
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lezhi.townpolicewoman

description ioc process

File opened for read /proc/cpuinfo com.lezhi.townpolicewoman
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lezhi.townpolicewoman

description ioc process

File opened for read /proc/meminfo com.lezhi.townpolicewoman
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.lezhi.townpolicewoman

ioc pid process

/data/user/0/com.lezhi.townpolicewoman/cache/1582435991586.jar 4315 com.lezhi.townpolicewoman
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.lezhi.townpolicewoman

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.lezhi.townpolicewoman
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.lezhi.townpolicewoman

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lezhi.townpolicewoman
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.lezhi.townpolicewoman

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lezhi.townpolicewoman
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.lezhi.townpolicewoman

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.lezhi.townpolicewoman
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.lezhi.townpolicewoman

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lezhi.townpolicewoman
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.lezhi.townpolicewoman

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.lezhi.townpolicewoman

ioc	process
/system/app/Superuser.apk	com.lezhi.townpolicewoman

description	ioc	process
Accessed system property	key: ro.product.model	com.lezhi.townpolicewoman

description	ioc	process
File opened for read	/proc/cpuinfo	com.lezhi.townpolicewoman

description	ioc	process
File opened for read	/proc/meminfo	com.lezhi.townpolicewoman

ioc	pid	process
/data/user/0/com.lezhi.townpolicewoman/cache/1582435991586.jar	4315	com.lezhi.townpolicewoman

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lezhi.townpolicewoman

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lezhi.townpolicewoman

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lezhi.townpolicewoman

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.lezhi.townpolicewoman

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lezhi.townpolicewoman

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.lezhi.townpolicewoman

com.lezhi.townpolicewoman
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lezhi.townpolicewoman/cache/1582435991586.jar
Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.lezhi.townpolicewoman/cache/__chartboost/CBRequestManager/69603116530
Filesize
330B

MD5
711bbf063cc569842f27b306dc608088

SHA1
a1ae96313ae1e7c348fad865316b9295237bb12d

SHA256
8957cab996f84c2a75b020c79378b5af15ae06edd78af2ea11d9af348f3d09c1

SHA512
9bd5fb5c72acaeb06906e0a91b77818631d0512c4b0a072cfe9b847d595938bcdd4f70ef852c539d48317f1b38aaa0358f4b0a5f8c9e88bc6774cf31f1a21112

Download Submit
/data/data/com.lezhi.townpolicewoman/cache/__chartboost/CBSessionDirectory/cb_previous_session_info
Filesize
189B

MD5
9a57b045b0b5acb6a268556effecfa6f

SHA1
31f9ff541835994007573e5e87e37b81d0edc748

SHA256
d0439ae90668aac6a14fd333a7a730000e4642e79da719b26a86f518e13cb855

SHA512
bd0388458e633dd5ab62174152cfae63e6e2351af6590f736be42b32d49f93d0361adce295915898efa0765a95eb8759fc24a64ec3ade05fcef9045d57f47267

Download Submit
/data/data/com.lezhi.townpolicewoman/cache/oat/1582435991586.jar.cur.prof
Filesize
148B

MD5
a3b78d197d786c13687c3f0f89703bd8

SHA1
9967f0726b6b1ed3f198904547b81920f8329621

SHA256
c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97

SHA512
9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1

Download Submit
/data/data/com.lezhi.townpolicewoman/databases/google_analytics_v4.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lezhi.townpolicewoman/databases/google_analytics_v4.db-journal
Filesize
512B

MD5
68aea03f7a9d458ff103a31672ef980e

SHA1
76c693e6a5c7322d14d365448ad031d521475681

SHA256
c80ddd0572f9bbfb5b7ca9e65fe27db512a87d3622cfc3d3804ac20ecdadfabd

SHA512
99b0f1bbaa6b2c5da0819b7eefaab47e37263089e1d962f7b7f92a88d2107258ea0cb8bd0fe1159d5a23ff26f29716e31407ab5b1bb43bc7b487ce34107ae25b

Download Submit
/data/data/com.lezhi.townpolicewoman/databases/google_analytics_v4.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lezhi.townpolicewoman/databases/google_analytics_v4.db-wal
Filesize
60KB

MD5
9af1ae6562c5597294ab76ea48ff08c0

SHA1
aec26487935d15260bb994bca1c4c9ea009e4257

SHA256
1ea78d88240a7f5ef8a227ca15770802b06ccd545a5b46bc03b360801635439c

SHA512
1e7daf8d41e70dfd31909fd865c7955239003d5870143fdace66cbc9817d24e499835145e25d7581c723d40eeb3bf8d3fde96dc1671c62c20fddff4657922df7

Download Submit
/data/data/com.lezhi.townpolicewoman/files/STICKEEZ_assets/stickeez.html
Filesize
1KB

MD5
5745f1513e9a4f633ad7b042a3c1a7c5

SHA1
34a993d7951fda1c9d109c5cc2946e8792cc7aee

SHA256
ea9dc12ea4e139b77430f41273d26f182c495c94ccf0594b532a71e6ac45529e

SHA512
ee7d3803c018f054a1aaa48fc2c73c71b6cdea7635eeb9b5f7c67df9d69d3bb877056c11dbbc0fc682eb30a62a62bebd5cecc1ef676056bf713b87af152d8240

Download Submit
/data/data/com.lezhi.townpolicewoman/files/gaClientId
Filesize
36B

MD5
1e6b24a8542a966ce1ab0c97ee3f1126

SHA1
9c9c67b5b683d867893daf0cb3499d28b891698a

SHA256
658c4c8c578d2e1f382fbd329d1cc305c24492d9b4a9dff7961201b717bc0d78

SHA512
3593237fd15a0de9235880bc9c8d3959c170136f13bb4b4852b2c7e35816629df22ce74e99893e79efcea287264e9d48651ed0ef20311d02b4638886e40d7685

Download Submit
/data/data/com.lezhi.townpolicewoman/files/log_stack_errors.dat
Filesize
1KB

MD5
253ad04f9a42c1fc7cd944f6230c4e37

SHA1
5e5c163480bdeeeb2ccfd0bc0c3a49fe3a4c0a9c

SHA256
42934beb385bc931b804101fe6174f9131c4b6926e847c73e206e4ceec9bc2af

SHA512
6a08d1b823b2ef7f755e5a2fe48d7471d80e5b8ea072ff425d40343e6c585a322e67e83e99a42fa495df7b7e85b39b614e0d9f6ce51b81a8edb4f140957fded8

Download Submit
/data/data/com.lezhi.townpolicewoman/files/log_stack_errors.dat
Filesize
1KB

MD5
9859f93f511ba1839406dc01f3933fa2

SHA1
1cc85026f9a95d50fb7f969ece4a3bb7af06aee9

SHA256
d7faa4d0efd0ca11b3f78a217734cec6d28d23cadb93df1acba030a7954e88c1

SHA512
6886e8feb1ffbd4af8a957341cdb4bae8102f9ff8119615ac35be4841ac52c6d42ac450811f9516bccc45854d610de2adee8f96dbe9d0b32c3a845e5cbcf4847

Download Submit
/data/data/com.lezhi.townpolicewoman/files/log_stack_errors.dat
Filesize
1KB

MD5
7c5e72ac57747d15ac8852d9a0f6c840

SHA1
c8371ca54debebfaf83947456c8355001222e768

SHA256
31c4422c3f91f790dc15363823d0d1045cc83a980f4553ce03a2e1b35644db7a

SHA512
4fa7d4e14e741e477218f982b594a6c48e68dd9e9d510dbf96e2dd4bba6c903f788b121d70169ce6af2f6698fcc6665eaa158794ee212d4041a9d2df9cec6f62

Download Submit
/data/data/com.lezhi.townpolicewoman/files/log_stack_errors.dat
Filesize
1KB

MD5
4d5587dd56eb7bf3c79cb7ec9c2314aa

SHA1
bcb3b45961ecb2073fa756d7ae5b200c75fe95ba

SHA256
20d715cc301a84dd7cda88dd93653a43292220f76018ed88ce7998ba7f5bb59e

SHA512
5dc3ed760cc1f382d0ef99308253dd63da45f3eff0610108c8a690b8fc87f007620927cb3f3438da4d4d355a873b7008345cbcfa8fc7d1ed4e423c5b17474e3a

Download Submit
/data/data/com.lezhi.townpolicewoman/files/log_stack_errors.dat
Filesize
1KB

MD5
0bb18a0b2db8f378e8643a75ccbc33f6

SHA1
92ba9a6c6462ddb8162e796d5ccd2224ec5ccd9b

SHA256
641fcfd6ed342b4c7beea3072a7725d9914733377b4b533ab9b6e74ca7f63958

SHA512
9aeff8c6152e14e0b86ef1bce5d6b5118882b3d8e39a9aa697a3f13f1e84acd0ce85d9d1033cefc06b39450b19c032996e2f5fc24fdbf4fe2cd500552afa2caf

Download Submit
/data/data/com.lezhi.townpolicewoman/files/offerwall/offerWall.html
Filesize
1KB

MD5
729cd68015bb18ee94a9566b60673369

SHA1
62cd5a00cb7795725d64fadb3f87d48ec9fd93ab

SHA256
8feed1db3c3b0937ac4f42d25025de68786b857d2e743ecb35a22819e6b1d6a4

SHA512
185f88fab30cda2e4695ad58c74e23ff0395cef81861b7ea55b771ac37804a29b9e340470ceb9469f5092900383f2eff82f6c17225cd84e741038582b9898288

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0001.png
Filesize
3KB

MD5
a5a1805829e553cad9be7846533b91af

SHA1
647e147cb8affa2e45d18b45f88849ae7f3b7366

SHA256
6cef1b0ae2d52b305cdf5d096a66ace4766724e791c455844c91fe698db691c2

SHA512
165e89f37a32022cbddc64f733fe8f60c6927bfbf3ec5e9df0a09dca604f88319d9b4599f60f5081ee5932b3914f16d7dcfadc3a75848241d5271cb3a7ecbad3

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0002.png
Filesize
3KB

MD5
c675fd30143320d065c7a3073bd0e3d8

SHA1
e66c61f00d23061416af7fec1734fa8ffadc12ff

SHA256
723097be9a56bf0fdf4375a22168f8cd1679776f5516bce2c8e4e66e65b60175

SHA512
04a64c092166ed18822886d6e1f324f5306bde6071479df59d110ea83e63e3f97c312a58ddec1ca84dc7d06389905bd9dc2f681da7e6782b7152b1ccdc2df447

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0003.png
Filesize
3KB

MD5
cc8439891ff1227bc2691ffd484a19aa

SHA1
5bd09ccbb982efb86d10cd78081c1976c1c1214d

SHA256
e0ad3f35ad332383b6999d26c4a4e5ec500ede57b1df0685d58800e461632f26

SHA512
2039a19e38c79790761d465feb688f7a7a104ed24b7ccc7f039336538bdd921a37e62d04b90e632fe772d1afadd183cad855e5018aea151d56e09a48ef972ad2

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0004.png
Filesize
3KB

MD5
a1d05df0b026011a40b2ae85282b7ad0

SHA1
7b225fbe5c02db93165c1876465e8074d1bfa81b

SHA256
4c9aa21e2c287bf2ebd56b4c73b7011b2dcc2164c2a3091b68bf52c2c6da4fcf

SHA512
17f87a5d542221c6d1af0382fb80c3b8480468a16e8131ca852bb9855a65d6750b26c11b7685b3a35a844203df4e9380eaf2325e75ae9c1badcd06b8faae8140

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0005.png
Filesize
3KB

MD5
e71761502dad346755d9e12923acab4e

SHA1
cd3aae137c9b381e4f0617cbede0126f236350a4

SHA256
d4eaa7e311aa5706bb0f0d43fcfa5593aa0035753439a0704258c4c66028f89e

SHA512
f474e403d8c6b45b5d642af2bbe58d7ccebd308171f9f9a93c3459e32bfa56bcd5116c8349d4dd1447e968f0899a05acff9feda4af0e932e9283f47e51c8b453

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0006.png
Filesize
3KB

MD5
d7e606100f3d0e7a688da2f698c568bb

SHA1
52f585bc7b048aa418f36e82b0f2dd9163e92e17

SHA256
47acf0c528abd5dca1bd899aa41b99f6bbee469e204074cba259657d9a589378

SHA512
2a57e31f8c044db85f27cc7b159d8e827ce026b074c1814b4b9f82685a330223e6abf8f956be36360dcfec20c08c22d841db66384fbd3bfbc0cdc86dd50a8e7b

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0007.png
Filesize
3KB

MD5
84f0ccc36af5714961e14b77374d1f15

SHA1
3a7f8163501d560f1a88324f5c8dfa2b14b3a40a

SHA256
0237e32468aa870098878f124cbab5d365310ee9fbd2c074cf8e31859272beb9

SHA512
4a8b6439ead11f73c285b0ed123cb5e20ab1f772dd57e7cbaf5ea12cd08221d9f6e2036e5d1515abf0b095fba79c2d26d7aa0b5f5dba890cd484f1c3cda9eba4

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0008.png
Filesize
3KB

MD5
b7da3a818e98bdd9c5651c9858a7a3c6

SHA1
6a9d4cbfaa263c74b5827d9b2c7960519cb07eb5

SHA256
5137e718727890e7572e63868435f34538aa0fb9c735540cb0223c39fa08305f

SHA512
fabda0a518758c4a2f6fb2e74b13abf0e4b26492fd6e9261791d7572237ef21ba8cf37830ed83286a7a50fd2005d42f43097a7c9c872da06e4f32749401a3dc7

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0009.png
Filesize
3KB

MD5
ded007117da35843c1a3282963068c24

SHA1
c0dcded1f4030216d62d5d1afb849b6d0212952e

SHA256
4f125fa2b62a10c2b78fce29861f3c8f52400092d5baa929d1e70a3a762cf6c9

SHA512
a1d4987d40f28631a70a455540907438682e68b14a05495744df2e75b9eb17b192a122937108f500269dd4f37a478409becad3b4b06ff6e2a8948e9d7bab825f

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0010.png
Filesize
3KB

MD5
8eab6bfb9c95a44f08b1b2f80188a870

SHA1
c7cd5ba7280390d4b3872c1658c80462f05bc478

SHA256
d9f2c8bb2ffe191f2ed7740d45a6c6cdc92a82a7da51ba3d3f798e778cd0dfbc

SHA512
796d8f6c7fa5602e43022c6a9e69959bdfa1f92c5aef75631742938630f8be294d1ceb5c19bf89332e4f38f04627c9c299e0f0722ce25ac90224d7828ef9785d

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0011.png
Filesize
3KB

MD5
66e07e1574af0312354bbb410ce1ecaf

SHA1
7f37bf34f6a9364dec2278e4432a4434596a3ab5

SHA256
ca37435682330a7cfe9562f7419f6a353191a613750657d18cf7f65b19ffb039

SHA512
5e596ba8b7b7872270a98c04728f19f1175c75257ea4f66005b57602f74fee8710cfef1608ab921e75b7e6e236230ff7a6be6c15fdc9954fec31c307f2d59ea8

Download Submit
/data/data/com.lezhi.townpolicewoman/files/preloader/preloader_0012.png
Filesize
3KB

MD5
ba2e26488d6b8ac46c84e48d61f04bab

SHA1
8a4f36e18a40fc4e8310f66b16b97c1c13009add

SHA256
094c72476e0752e1eb4c36b03a757669827d40d449dcc0f2c90aeb573b4dfe32

SHA512
e325dbeb4878d069e998b022e9a18ce7b08218699b9d26c1929c3a23bddf401fa47e7deb085b6b0e84631fbddcfb36e9d40812cb75e8c29f9231b8805c14ddf1

Download Submit
/data/user/0/com.lezhi.townpolicewoman/cache/1582435991586.jar
Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit