Overview

overview

8

Static

static

6

6ede98b616...18.apk

android-9-x86

8

6ede98b616...18.apk

android-10-x64

8

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    142s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ede98b616e2cd24868424f68c6520d6_JaffaCakes118.apk

  • Size

    11.5MB

  • MD5

    6ede98b616e2cd24868424f68c6520d6

  • SHA1

    47e5ef0e6659e4fbcaa204501b39df99864db1b9

  • SHA256

    93cff97b27ffd59f6f1b3487eca141bf41f381856825b93a44681809c879c55f

  • SHA512

    d1aaebb0ff231f8d85b5647ad5e034424818b58b0a833f4634b88900b65f58ffa86f9848db569f26da8cba13ae27151e2d5c212508d888511b304764becccdf9

  • SSDEEP

    196608:FWAMKJz+yWJxVkbXXYBxZS0+FFWAVguWFWmkMve4lf0Oa17uSYBMwo6HzlTbs9jE:Rz+dJSSk0+DWAV9WFWm8w0OI7eU6xTeE

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.yundu.YaLiMaino3702oApp
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4257
  • com.yundu.YaLiMaino3702oApp:bdservice_v1
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4415
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino3702oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.yundu.YaLiMaino3702oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4483
  • com.yundu.YaLiMaino3702oApp:remote
    1⤵
    • Requests cell location
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4448

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yundu.YaLiMaino3702oApp/app_push_lib/plugin-deploy.jar
    Filesize

    213KB

    MD5

    7874f2d79c4b49b25c200f45eb430d80

    SHA1

    089bfb9b212e9b06cf36306d1824aec7e1ea23f3

    SHA256

    df0a91e4ba7b25aea61c86345c8ad2b989fb29c201ffa297e25f88e7ecd2417e

    SHA512

    8dfa875fdcf32023252e4cfc5b99d074054e1b91c77f16fff3cf857cf19cbeddb0823ac4dfbe2b6faa7048b797ef0894e8d71eec3f4350780a6e326ef2679393

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/app_push_lib/plugin-deploy.key
    Filesize

    32KB

    MD5

    d5791ba4495ef82b42eb2732a343d725

    SHA1

    88f939045fbab1c96af159e58777a120fa51983a

    SHA256

    9c21bb4fbc9811c57f2076716e7a72a90fd8e0a5fe011fbec063ad7a01bce93b

    SHA512

    b4691b7dfbdba9d59fe2e5e534aed61627852d8a9a67026827dbbbd6d6f8fde13f592c5d62f82ffdd482b359e79efec68e04cd6944a676461d8ed2197ed4c2a9

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    06006d1415eece8d98d9dc7570e4abc3

    SHA1

    409ee96f63b46d50b1721bb19e4e94d43ab8485e

    SHA256

    647a1ea029d12bf4efa1768a8e21f54ffc2bb64e04717c5e8b1e040c73bcb677

    SHA512

    2e133627e2badf0dd0614f385e19f89caf3b0410cc1ec584dcbd3ef12c5c3688c3c26ea86e1d83724298d28299d4a381df2ad6497407bc096a1627529ff42cfa

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    0c35b1673f448853b77a4cb5a5028203

    SHA1

    e565e7cc13f056d5ad79f19f4decb1a5427dd522

    SHA256

    890994560d9578899e45717f58c2d87bf2d3ef4d3fca96a457e33d5f89f1a8a5

    SHA512

    dce519381c2b64aca92d3952f619002c1281fa6f3062f54dc3f06e84a7ac58d85309229a8dc7106f204308a218e04df0cb95c47d6acf0dfd4c780bf17ec47e22

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/lib-main/dso_deps
    Filesize

    160B

    MD5

    8bffcb6ed4b86500b530519637fd6839

    SHA1

    9bea83bb40fb3b1d872581c8c841a515b9830b7d

    SHA256

    c74a9b87ab4a1a2667d288a850fae43c33950932d744c6788b06084d6557b9eb

    SHA512

    c6c6f4979b922019f9eaff9341be3bcc4b5debb2f6b96d193f1349fed74ea6066bf7758e9025374117c430e14a14bccc7711959c4e3f383c65eb0f5f33f7a14c

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/lib-main/dso_manifest
    Filesize

    512B

    MD5

    eae6ed30ee4b96ba66b928f77b94fe66

    SHA1

    5ec1b2077eb55abd9cc03382a736e717b499fb11

    SHA256

    d4f59ef27feffac0694d874864ce7e2ac4db5d660d96041fbd7d1ac030bfbe68

    SHA512

    2ecbae7145dcb38b7328650c077fb6cfe8758c168c8411d05baab937fc42c601a9a7fbd8ee60e619683e208ff4cdf7aa2a1e8b5bf08279b0160b03c7cadb3cfc

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/lib-main/dso_state
    Filesize

    52KB

    MD5

    4d4437994a691b83e304d743baafa851

    SHA1

    d48abcb6778a988a369c2cb3d47dc1ec1d505f1f

    SHA256

    e1b173e679f398a03fae13d31fcbac5c14185555a4a886fa6b7b2ef9cf324494

    SHA512

    89257c6888991efc3c3cd4c46021deac821075e9e7d61a062bec4f1deaa5ac2876c7bc4d1f45dc210cbf51268c2b1838b2521297f51545bd6bace69bad58fa4e

    Download Submit

  • /data/data/com.yundu.YaLiMaino3702oApp/lib-main/dso_state
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/user/0/com.yundu.YaLiMaino3702oApp/app_push_lib/plugin-deploy.jar
    Filesize

    530KB

    MD5

    bdfa71feb08b80b649fddcd7488b03b4

    SHA1

    bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

    SHA256

    f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

    SHA512

    37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

    Download Submit

  • /data/user/0/com.yundu.YaLiMaino3702oApp/app_push_lib/plugin-deploy.jar
    Filesize

    530KB

    MD5

    5597a541eabd3fb792c581587550dc4a

    SHA1

    6500b0ff20c75717e1cb67dcee76b4641a4e8a35

    SHA256

    473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

    SHA512

    39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

    Download Submit

  • /storage/emulated/0/.YaLiMaino3702oApp/._cache/.dat/yalioaData.db
    Filesize

    32KB

    MD5

    deb39df0eb58acc42eed73ea2f8f70e1

    SHA1

    baa9c705510a7a5bcc9e5ba76acc3b86843ed61d

    SHA256

    e344b16300ba215a42ce3c0c0b02ad10110c16c2eb0112b43c5ecdd032cbff49

    SHA512

    2ec5daa1e9a1fba2afd57222ff15d152ff3e9c305bb0176bb2a48a4a54f6c75f296afbbeebda2701566d72ba8086fda01d5d9b6a847fcadc0e7b3237f1ce1d7c

    Download Submit

  • /storage/emulated/0/.YaLiMaino3702oApp/._cache/.dat/yalioaData.db-journal
    Filesize

    512B

    MD5

    3946c7a96fde52d092a05279fb9a7077

    SHA1

    2689f346e617f3fa355665cd813727ab9d8da42a

    SHA256

    1e3b2d2ce48291d82355f0c1462b988c188b0a9f8c36adec4f176139211896b4

    SHA512

    55b31411b8c3a4d3c99fc13c9c86f0668c4e97601dce8e0a021887fafdc8af3f6cd345f2c59785309d80cb7b48b1d747927532d10127124c6a6b0f13a8a467ad

    Download Submit

  • /storage/emulated/0/.YaLiMaino3702oApp/._cache/.dat/yalioaData.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /storage/emulated/0/.YaLiMaino3702oApp/._cache/.dat/yalioaData.db-wal
    Filesize

    32KB

    MD5

    e002a266127dc7992061d28193d5461c

    SHA1

    df13da58433c6f812ab3b0f697f2af0eeba44dd1

    SHA256

    02c13fade52a432011ca1b0d4365c90f96745dd87cf0f23bbd24d92f017afe00

    SHA512

    d1008039e7c31f8ca6b7b5bebd93af30b0713db722a5019cc8c768103b0d0badb91bf3ad136d09e7cf9c904fedceaad826f04075d3c9f97a916e38c66e8318c0

    Download Submit

  • /storage/emulated/0/Android/data/com.yundu.YaLiMaino3702oApp/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

    Download Submit

  • /storage/emulated/0/Android/data/com.yundu.YaLiMaino3702oApp/files/baidu/tempdata/llg.dat
    Filesize

    137B

    MD5

    8199b75e895e303d5276523669a28612

    SHA1

    c81379b9b219b7f6b79e69dc034490257f64bad7

    SHA256

    e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a

    SHA512

    abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

    Download Submit

  • /storage/emulated/0/Android/data/com.yundu.YaLiMaino3702oApp/files/baidu/tempdata/llg.dat
    Filesize

    1KB

    MD5

    34d7125107f092b2e561258daa857dec

    SHA1

    52961c3c1d812598850ae4639ed6a2669ac46c82

    SHA256

    54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1

    SHA512

    d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303

    Download Submit

  • /storage/emulated/0/Android/data/com.yundu.YaLiMaino3702oApp/files/baidu/tempdata/llg.dat
    Filesize

    2KB

    MD5

    31c168cabd8d89a5de2717a4165f820a

    SHA1

    623990c0a5ece4ba084c65a73e0bb9bebad79ced

    SHA256

    b6d08fb556edba36da58ad5d9092cacf5246bf35f991195e88a8fe16a92dac33

    SHA512

    f8c403a5048c57f466c0eb72db5a269a8e1bc7a7e4caa671bfa4038c7c3a4b35b3224c8325deb543af3dbd38b591822690fbff4ba9ac6ec2626a5e6989da8ec3

    Download Submit

  • /storage/emulated/0/Android/data/com.yundu.YaLiMaino3702oApp/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/Android/data/com.yundu.YaLiMaino3702oApp/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    8df5757a333a5031833fb81ae6121fb5

    SHA1

    129cea8702dae0017e57f82ca157f82de9692188

    SHA256

    dbef4cdb5422bdc18636dc5e9ad952b435ebb6ed5cc11435f3ef6436d526c5b3

    SHA512

    7e879c83a28946b1c98ab20c5793803bb890ca6088117e20ad1f758819b7748a079c34f7afd4cff309c700cdbc5def10999d90d61f8842c0752a58a2b67a6e3a

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    de1d9124d7daa9affd4361727918547d

    SHA1

    9162a1cf0f6c88c88456ca8d0831aaab13922a26

    SHA256

    0629319732b480dfea18ecde3fd6bb5f7f6e70410316a360a2c99026ed997424

    SHA512

    d1973da7bfc96c721e41dead76f08bdc6893a5cebc3a689c697109701be6b976ef63be1f7212e8832da6ec837df5e291b3bdb8579b012e1d09ed8bc4b7dae9d9

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db
    Filesize

    28KB

    MD5

    0d3e99204c6401ea499fe9e6d9855497

    SHA1

    09829f00ca458eab7374d5079393a2cd69a2348a

    SHA256

    63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

    SHA512

    8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-journal
    Filesize

    512B

    MD5

    964019a2ff7501e381026a8e78a6e2d4

    SHA1

    a0a568c2a677ffd56747055208df3de5ac0612a5

    SHA256

    6de2a62ecd088dd35c6c1ac52913fc2220dd4104a26c020f63bbf0365a2f4f5a

    SHA512

    c0a6e2389ad022457df615113e597b9fdfa88f41d031ed59cd49d589faef3929ddb571c8df798330036e43fb249e8c9d337f5f202a1337448a207a5711e4506e

    Download Submit