Overview

overview

8

Static

static

6

83d5c4b2a0...18.apk

android-9-x86

8

83d5c4b2a0...18.apk

android-10-x64

8

83d5c4b2a0...18.apk

android-11-x64

8

Analysis

  • max time kernel
    155s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    30/05/2024, 10:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83d5c4b2a023403d1f4708fff0533eaa_JaffaCakes118.apk

  • Size

    13.6MB

  • MD5

    83d5c4b2a023403d1f4708fff0533eaa

  • SHA1

    2f7aac1addf79d6e7f46e02ed1e20c707faa0950

  • SHA256

    0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa

  • SHA512

    33e0d113c4e61d00666b3dede4d47258247159a17eaee28d223f28647f66169fe39622c154dc60515f6fdaa7bec60bd8c548d0dd6608cd47aef1937cb962c674

  • SSDEEP

    393216:1jyNj0cGzvsZG80rGzho36eVQkSRF3isSF2x+Ig8abE:1jyynk5hoxsyTgcnbE

Score
8/10
collectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

Processes

  • com.iyuba.cet6
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4527

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.238
  • flag-us
    DNS
    data.flurry.com
    Remote address:
    1.1.1.1:53
    Request
    data.flurry.com
    IN A
    Response
    data.flurry.com
    IN CNAME
    media-router-flurry3.prod.media.wg1.b.yahoo.com
    media-router-flurry3.prod.media.wg1.b.yahoo.com
    IN A
    74.6.138.67
    media-router-flurry3.prod.media.wg1.b.yahoo.com
    IN A
    74.6.138.66
    media-router-flurry3.prod.media.wg1.b.yahoo.com
    IN A
    74.6.138.65
  • flag-us
    POST
    http://data.flurry.com/aap.do
    Remote address:
    74.6.138.67:80
    Request
    POST /aap.do HTTP/1.1
    Content-Length: 241
    Content-Type: application/octet-stream
    Host: data.flurry.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 30 May 2024 10:03:23 GMT
    Connection: close
    Server: ATS
    Cache-Control: public, max-age=31536000
    Content-Type: text/html
    Content-Language: en
    Content-Length: 4
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.212.232
  • flag-us
    DNS
    app.iyuba.com
    Remote address:
    1.1.1.1:53
    Request
    app.iyuba.com
    IN A
    Response
  • flag-us
    DNS
    app.iyuba.com
    Remote address:
    1.1.1.1:53
    Request
    app.iyuba.com
    IN A
    Response
  • flag-us
    DNS
    daxue.iyuba.com
    Remote address:
    1.1.1.1:53
    Request
    daxue.iyuba.com
    IN A
    Response
  • flag-us
    DNS
    daxue.iyuba.com
    Remote address:
    1.1.1.1:53
    Request
    daxue.iyuba.com
    IN A
    Response
  • flag-us
    DNS
    api.iyuba.com
    Remote address:
    1.1.1.1:53
    Request
    api.iyuba.com
    IN A
    Response
  • flag-us
    DNS
    api.iyuba.com
    Remote address:
    1.1.1.1:53
    Request
    api.iyuba.com
    IN A
    Response
  • flag-us
    DNS
    gorgon.youdao.com
    Remote address:
    1.1.1.1:53
    Request
    gorgon.youdao.com
    IN A
    Response
    gorgon.youdao.com
    IN CNAME
    ad-tj-gorgon.ntes53.netease.com
    ad-tj-gorgon.ntes53.netease.com
    IN A
    47.236.233.186
    ad-tj-gorgon.ntes53.netease.com
    IN A
    47.237.106.171
  • flag-sg
    GET
    http://gorgon.youdao.com/gorgon/request.s?s=BPjaAalhU832QQ2ECYn%2FqRgGGSCYgU4nHMAKSf6amG8SHWJmCCZXVPrZNG8tM5B2pQzq1v7IDhq8%0AuAoE2LG5C1%2B1r1bJnjZC%2F4d9fWWFXOxprR5Z6Qn%2BL9W6cGTYNfZ1d0mqmcVELVjGMvcnRscqPgCj%0AwY%2BItWUkhk2DX7TAUZ5e0wpbTiXwAFt610pQhV1vVMRvzErkrxEvjCsVTs03umTbANyzdT6ouSPx%0ANJ9gnR%2Bd3bAXc%2BFFUvy7CZaRYmUm69ARi2vdsqc5hIvY1GCXUAjbPa2OWRET%2B3hIPVE24V2uzZBs%0At1tsujjhnQMTVeyzhH3EHNp93sRuN9oPoJ6YAYJuKPTi2ngRh9Xp%2FHC3Gj6BICToKrcNU%2BFtGSIK%0AnmObt%2BMxYkdTJiyqkJP7vUoDihKImU6Tcs6cPnhERj1FZ1XbHiQaJTLiTU1yF%2BJA3duO7BRFm0zM%0AyW35pQgf9NSzcJAzhkHs17BfdlHVtSTFqAkPXDJ%2FhYmAvimlqZIdVBGJIcoQp3TWUYY11TxYqYyB%0AArTiuH57XXtJFUOjtN7xnuWZAwfK9PvA5nYDAeTgFOP5S0sME0FYSjk%3D%0A&ydet=1
    Remote address:
    47.236.233.186:80
    Request
    GET /gorgon/request.s?s=BPjaAalhU832QQ2ECYn%2FqRgGGSCYgU4nHMAKSf6amG8SHWJmCCZXVPrZNG8tM5B2pQzq1v7IDhq8%0AuAoE2LG5C1%2B1r1bJnjZC%2F4d9fWWFXOxprR5Z6Qn%2BL9W6cGTYNfZ1d0mqmcVELVjGMvcnRscqPgCj%0AwY%2BItWUkhk2DX7TAUZ5e0wpbTiXwAFt610pQhV1vVMRvzErkrxEvjCsVTs03umTbANyzdT6ouSPx%0ANJ9gnR%2Bd3bAXc%2BFFUvy7CZaRYmUm69ARi2vdsqc5hIvY1GCXUAjbPa2OWRET%2B3hIPVE24V2uzZBs%0At1tsujjhnQMTVeyzhH3EHNp93sRuN9oPoJ6YAYJuKPTi2ngRh9Xp%2FHC3Gj6BICToKrcNU%2BFtGSIK%0AnmObt%2BMxYkdTJiyqkJP7vUoDihKImU6Tcs6cPnhERj1FZ1XbHiQaJTLiTU1yF%2BJA3duO7BRFm0zM%0AyW35pQgf9NSzcJAzhkHs17BfdlHVtSTFqAkPXDJ%2FhYmAvimlqZIdVBGJIcoQp3TWUYY11TxYqYyB%0AArTiuH57XXtJFUOjtN7xnuWZAwfK9PvA5nYDAeTgFOP5S0sME0FYSjk%3D%0A&ydet=1 HTTP/1.1
    User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
    Host: gorgon.youdao.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: YDWS
    Date: Thu, 30 May 2024 10:03:30 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 0
    Connection: keep-alive
    X-Adstate: {"code":"40103"}
  • flag-us
    DNS
    api.iyuba.com.cn
    Remote address:
    1.1.1.1:53
    Request
    api.iyuba.com.cn
    IN A
    Response
    api.iyuba.com.cn
    IN A
    118.190.119.239
  • flag-us
    DNS
    alog.umeng.com
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.com
    IN A
    Response
    alog.umeng.com
    IN CNAME
    alog.umeng.com.gds.alibabadns.com
    alog.umeng.com.gds.alibabadns.com
    IN CNAME
    alog-default.umeng.com
    alog-default.umeng.com
    IN A
    223.109.148.141
    alog-default.umeng.com
    IN A
    223.109.148.130
    alog-default.umeng.com
    IN A
    223.109.148.178
    alog-default.umeng.com
    IN A
    223.109.148.179
    alog-default.umeng.com
    IN A
    223.109.148.177
    alog-default.umeng.com
    IN A
    223.109.148.176
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.180.4
  • flag-us
    DNS
    alog.umeng.co
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.co
    IN A
    Response
  • 172.217.16.238:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 142.250.179.238:443
    android.apis.google.com
    tls
    5.7kB
     9.2kB
     25
    23
  • 74.6.138.67:80
    http://data.flurry.com/aap.do
    http
    642 B
     467 B
     5
    5

    HTTP Request

    POST http://data.flurry.com/aap.do

    HTTP Response

    200
  • 216.58.212.232:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.0kB
     8
    7
  • 47.236.233.186:80
    http://gorgon.youdao.com/gorgon/request.s?s=BPjaAalhU832QQ2ECYn%2FqRgGGSCYgU4nHMAKSf6amG8SHWJmCCZXVPrZNG8tM5B2pQzq1v7IDhq8%0AuAoE2LG5C1%2B1r1bJnjZC%2F4d9fWWFXOxprR5Z6Qn%2BL9W6cGTYNfZ1d0mqmcVELVjGMvcnRscqPgCj%0AwY%2BItWUkhk2DX7TAUZ5e0wpbTiXwAFt610pQhV1vVMRvzErkrxEvjCsVTs03umTbANyzdT6ouSPx%0ANJ9gnR%2Bd3bAXc%2BFFUvy7CZaRYmUm69ARi2vdsqc5hIvY1GCXUAjbPa2OWRET%2B3hIPVE24V2uzZBs%0At1tsujjhnQMTVeyzhH3EHNp93sRuN9oPoJ6YAYJuKPTi2ngRh9Xp%2FHC3Gj6BICToKrcNU%2BFtGSIK%0AnmObt%2BMxYkdTJiyqkJP7vUoDihKImU6Tcs6cPnhERj1FZ1XbHiQaJTLiTU1yF%2BJA3duO7BRFm0zM%0AyW35pQgf9NSzcJAzhkHs17BfdlHVtSTFqAkPXDJ%2FhYmAvimlqZIdVBGJIcoQp3TWUYY11TxYqYyB%0AArTiuH57XXtJFUOjtN7xnuWZAwfK9PvA5nYDAeTgFOP5S0sME0FYSjk%3D%0A&ydet=1
    http
    1.2kB
     350 B
     6
    4

    HTTP Request

    GET http://gorgon.youdao.com/gorgon/request.s?s=BPjaAalhU832QQ2ECYn%2FqRgGGSCYgU4nHMAKSf6amG8SHWJmCCZXVPrZNG8tM5B2pQzq1v7IDhq8%0AuAoE2LG5C1%2B1r1bJnjZC%2F4d9fWWFXOxprR5Z6Qn%2BL9W6cGTYNfZ1d0mqmcVELVjGMvcnRscqPgCj%0AwY%2BItWUkhk2DX7TAUZ5e0wpbTiXwAFt610pQhV1vVMRvzErkrxEvjCsVTs03umTbANyzdT6ouSPx%0ANJ9gnR%2Bd3bAXc%2BFFUvy7CZaRYmUm69ARi2vdsqc5hIvY1GCXUAjbPa2OWRET%2B3hIPVE24V2uzZBs%0At1tsujjhnQMTVeyzhH3EHNp93sRuN9oPoJ6YAYJuKPTi2ngRh9Xp%2FHC3Gj6BICToKrcNU%2BFtGSIK%0AnmObt%2BMxYkdTJiyqkJP7vUoDihKImU6Tcs6cPnhERj1FZ1XbHiQaJTLiTU1yF%2BJA3duO7BRFm0zM%0AyW35pQgf9NSzcJAzhkHs17BfdlHVtSTFqAkPXDJ%2FhYmAvimlqZIdVBGJIcoQp3TWUYY11TxYqYyB%0AArTiuH57XXtJFUOjtN7xnuWZAwfK9PvA5nYDAeTgFOP5S0sME0FYSjk%3D%0A&ydet=1

    HTTP Response

    200
  • 223.109.148.141:80
    alog.umeng.com
    240 B
     4
  • 118.190.119.239:80
    api.iyuba.com.cn
    420 B
     7
  • 223.109.148.130:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.178:80
    alog.umeng.com
    240 B
     4
  • 216.58.201.100:443
    tls, https
    971 B
     40 B
     2
    1
  • 216.58.201.100:443
    www.google.com
    tls
    11.3kB
     8.9kB
     29
    36
  • 142.250.180.4:443
    www.google.com
    tls
    1.3kB
     5.8kB
     10
    10
  • 223.109.148.179:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.177:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.176:80
    alog.umeng.com
    240 B
     4
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.238

  • 1.1.1.1:53
    data.flurry.com
    dns
    61 B
     167 B
     1
    1

    DNS Request

    data.flurry.com

    DNS Response

    74.6.138.67
    74.6.138.66
    74.6.138.65

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.212.232

  • 1.1.1.1:53
    app.iyuba.com
    dns
    118 B
     118 B
     2
    2

    DNS Request

    app.iyuba.com

    DNS Request

    app.iyuba.com

  • 1.1.1.1:53
    daxue.iyuba.com
    dns
    122 B
     122 B
     2
    2

    DNS Request

    daxue.iyuba.com

    DNS Request

    daxue.iyuba.com

  • 1.1.1.1:53
    api.iyuba.com
    dns
    118 B
     118 B
     2
    2

    DNS Request

    api.iyuba.com

    DNS Request

    api.iyuba.com

  • 1.1.1.1:53
    gorgon.youdao.com
    dns
    63 B
     137 B
     1
    1

    DNS Request

    gorgon.youdao.com

    DNS Response

    47.236.233.186
    47.237.106.171

  • 1.1.1.1:53
    api.iyuba.com.cn
    dns
    62 B
     78 B
     1
    1

    DNS Request

    api.iyuba.com.cn

    DNS Response

    118.190.119.239

  • 1.1.1.1:53
    alog.umeng.com
    dns
    60 B
     227 B
     1
    1

    DNS Request

    alog.umeng.com

    DNS Response

    223.109.148.141
    223.109.148.130
    223.109.148.178
    223.109.148.179
    223.109.148.177
    223.109.148.176

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.180.4

  • 1.1.1.1:53
    alog.umeng.co
    dns
    59 B
     132 B
     1
    1

    DNS Request

    alog.umeng.co

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.iyuba.cet6/cet6_13.sqlite
    Filesize

    1.4MB

    MD5

    01154722725ab3d8e8153ac16ba0c867

    SHA1

    5c512a6cad0c52a268e552b42e4519061926d0d7

    SHA256

    f2ee8ba7ed7e079e4d3ea13f6a51b189cf76d3e1b8e00665f32055ee370f1603

    SHA512

    d32cd6fdfaadb5d3513d446e7546ca89aa4dc8ae652ffc9f962816bf2f352457ba9c06c642726ff1b15b3cbb1cd6c6466445a1cb0428826007113d3043422079

    Download Submit

  • /data/data/com.iyuba.cet6/databases/lib_database.sqlite
    Filesize

    7.3MB

    MD5

    0626e960b4b6fbd72b9e142ea763fa16

    SHA1

    b113ae2eced67bd7b7747b22194778a03439f311

    SHA256

    c4c5403ca4469154ab2ea6b2a6472841c77148269cd64bc8e47a735e85dc425a

    SHA512

    7306b131f9c02a9e40325f701f56ddd439d13e1a160720d74d0f4596c9429d3763fc91a33e22bd9e7a450b1df017380635c2e4716276d55981511ceb3d0c2c81

    Download Submit

  • /data/data/com.iyuba.cet6/sayings.sqlite
    Filesize

    25KB

    MD5

    714157b88c7bf8cfefa384790c21be12

    SHA1

    9e9d731296da5c85010e3fd44f455cd1d0ac3bf7

    SHA256

    f3f2cec1e69443128e5bfaeca6c4a29223c1e8aa710f8af77fa3b38ce12b25ab

    SHA512

    3a85a539cec724596216031f568d7d995cff5cb68ea9b3402a5047aeef82e4a02cfccd00f93d66d7c1efeaf6f3839fae6c6e0dbc394e6c234d82857f943e58e2

    Download Submit

  • /data/data/com.iyuba.cet6/sayings.sqlite
    Filesize

    26KB

    MD5

    165a66e4faeca0904bc9a03fb084b6c8

    SHA1

    9d820b41c66e89e6842ac39bcc22b936be6023b4

    SHA256

    623faa910aa8d8bad40103e5c9685b2d71d20d92e551a2ea56f26ccb083c5e50

    SHA512

    bd99c497285746e32fac6d731c4a28186889c8955114b6fc6f4ba9d1e6626698bbbdafaddc45a02438fcc664267c4146163c189ee3f529cf2a7fbf08f26e6022

    Download Submit

  • /data/data/com.iyuba.cet6/sayings.sqlite-journal
    Filesize

    1KB

    MD5

    f6afde80c0ea662ee325788d08c90fc9

    SHA1

    66bdaa930cf2324eeda3209dc9e241f4ec4865fc

    SHA256

    6f568abc21301582edc9fd26eb7c222a6926b6f450db23868c157da4c1107450

    SHA512

    915ec7fd66ec86bec9aeb5b84c34bb657e444b50482e26f0c9d68add49cbc57eb1e144a638b1db042d5e58afa8c541b5b0bccc6e420a7f7c415ac72786673d2b

    Download Submit

  • /data/data/com.iyuba.cet6/sayings.sqlite-journal
    Filesize

    2KB

    MD5

    1167455e2a11b634447c73ed43bc18bc

    SHA1

    2d8712cd738f58209bbd9ea721e34c2a514a89b0

    SHA256

    57aca0b6464eae387252c8a70a281a67b61bed364b3a313a3549cd17c31d11f3

    SHA512

    2e11c47f59819cf9781485194a00d3d26a593cc21c81b8c906b02ad0e499f670afdbc8c574596b4fde071d04e1e9d88e369387aa73025b7e804f11b774890064

    Download Submit

  • /data/user/0/com.iyuba.cet6/files/mobclick_agent_sealed_com.iyuba.cet6
    Filesize

    517B

    MD5

    bb003675dcdebafedb85f425dd175261

    SHA1

    1c1b0c9b0db8c998e33b8495bc2de867cd5916b7

    SHA256

    af9c21054ee583c2531aa22894410ea09731bec58015fb2bffd42afc318c20ad

    SHA512

    08d1f49586d72c6880dfcc4591a75697da48cda2f200cc9e53f16cdfb1c0d26e81a9ec341799a5efb27284e0d427e7c2a0d6795c1e41d0226257d3e35378c223

    Download Submit

  • /data/user/0/com.iyuba.cet6/files/umeng_it.cache
    Filesize

    148B

    MD5

    62a03aca5a77953d184d2277060398ba

    SHA1

    62dfc0fc256b75c1975f3efeab0c5268eed31ed7

    SHA256

    32247b62260b134544e6496c4c31da6ec52617a935b5418126f79c434da133ce

    SHA512

    94ad80744d13eed7bcd8aa761285be3bed7a21ec060ef06199efdcd588c953c34d859fa890f4a699a829228c047c7a95e2a42c5b0ff055d15ba3fc60ef973526

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.