Overview

overview

7

Static

static

6

8a110589d5...18.apk

android-9-x86

7

8a110589d5...18.apk

android-11-x64

7

BmobPayPlugin.apk

android-9-x86

1

BmobPayPlugin.apk

android-10-x64

1

BmobPayPlugin.apk

android-11-x64

1

Analysis

  • max time kernel
    172s
  • max time network
    142s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    01-06-2024 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a110589d51d7e4138b4ddc45c4de1a0_JaffaCakes118.apk

  • Size

    5.6MB

  • MD5

    8a110589d51d7e4138b4ddc45c4de1a0

  • SHA1

    657d97e84f6b7adb629c00b96df5f955331937ae

  • SHA256

    49b878d56c6e3356daf8e10a29ff43152219bfa128f8118a2656ba237b3b40df

  • SHA512

    449431ff420f324e0d2458aba3ff15a0d50543b1c7e4d4aa82f7e7b2b7466a74340ef20cf732b6605c8449d53b79472afe92113c18b54f9ddde7f3d61fb4bd96

  • SSDEEP

    98304:4GPDX4Ri0z1tnVVlQB1k5U6IUXQhVkDk92EsIaBqwUI8hmnlHR8dpRbkkup/fY1:4ti+TlQBG5BXs9260lHR8dpGbk

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.biyanzhi
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4290

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.biyanzhi/files/.um/um_cache_1717234765193.env
    Filesize

    675B

    MD5

    1aaceafde36cc06bfc866005596f69f8

    SHA1

    e4779a325233ab3aa70f60840592bd5c023171e7

    SHA256

    55e18ba054861dfabb94dd89bdd4c1769491290fb12b6e6276b86bd77a03311a

    SHA512

    4ef77b41cc2ede0f430110d15356440c9831e57556cc2d703960c183c27469eb62ef0000f2852a2122f9cdb8b24776c04095497ae3408d235ba4b80acaa2234e

    Download Submit

  • /data/data/com.biyanzhi/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    a7930ba04a6d4fb9c29d361fcd5e10f7

    SHA1

    60eb4b169b99d10fbdc74de04c286e50a51f4364

    SHA256

    628ea7d41e465fc6ffe69f3740b413b980824cba970f2f3c4586280b582b0f1c

    SHA512

    0f73c8cdd105c574aff37f555ed469d899b99ee65e847839beb24a74e047e8bf14939251a339e8c28a7a177a433f5aaedf997e46750b653978d60305864fa37d

    Download Submit

  • /data/data/com.biyanzhi/files/umeng_it.cache
    Filesize

    415B

    MD5

    bc40cb354359f7899867ae8e4f8782a4

    SHA1

    b2073c78fe115df528d98bc99fc7b71267fc8d94

    SHA256

    47bb565e4cffe216494f8bf98a2b1239299e4ddb0f78a93db5cd40b65233fe25

    SHA512

    ecb6ada3195664910fe111fc607bd2e348d3579c9d0a4494160b96a1fd001927c48eb7f2f74468ba293efec3eee16a3e1394b2f636148845718a05c574c85df1

    Download Submit

  • /storage/emulated/0/Android/data/com.biyanzhi/774663576#biyanzhi/log/20240601/000.html
    Filesize

    172B

    MD5

    825a12c9b2844cf090ca2724f89c4b11

    SHA1

    a5f4cd7e0aeb57c1865accbd5ccf316c06dbe569

    SHA256

    f4a68e403528ee4181b510be21d4e2c54dd82519268c7458bf0cb31d8bcb848e

    SHA512

    e58432ae912faba7cca461802c8865a027f5a668b1341875186c87e765a8407a8f427c95ddf550691bb019affc7f5eced421cbaabd2d1590a0ab9d41e6b76407

    Download Submit

  • /storage/emulated/0/Android/data/com.biyanzhi/774663576#biyanzhi/log/20240601/000.html
    Filesize

    85B

    MD5

    fb5d84cc5ed432296d8f2d40b9e80080

    SHA1

    2da9ff7ce1b014381a7da20f5a9e987d52e94b7a

    SHA256

    c5c56a8db521077181602dabb017d942d304ae7e00f63a0e208c32ba36821bff

    SHA512

    0a3292c90dc3bc083fc0548bea8177ddc50bf91a6e0428150ca6b87af220e703dfc559ed1084cf866369016134f9dabe6a5bb7eb1a8d12c886ca47606683ef7e

    Download Submit

  • /storage/emulated/0/Android/data/com.biyanzhi/774663576#biyanzhi/log/20240601/000.html
    Filesize

    82B

    MD5

    bdce0e6f509169eaa30c8c020f64402b

    SHA1

    5be8d017a93bdf10863c5b7b34d9474e90b98de5

    SHA256

    230cf60c7d2078ac657ce816afa643db7aab4fc5fa2856136187ee8f25146d58

    SHA512

    cc6b794dfbf087e2637e73267e41bbaed4ec29fb66a715edcc6f0a05d2e71df56e9d77f8695b6ed12b953c8f3eeebd094719d075d0c691524fcd56b8de4ba232

    Download Submit

  • /storage/emulated/0/Android/data/com.biyanzhi/774663576#biyanzhi/log/20240601/000.html
    Filesize

    113B

    MD5

    da62846374aa57b430cecea627087e4b

    SHA1

    aa76006522a6ae0e8448f0cee79b9b3095380167

    SHA256

    db04193679ca5753109391d2cd05aa8601d76bd8e3de473ba3d5d3e7c4d4ccc6

    SHA512

    850ef1383fd4049a36094e358f2f705a96946a38658b010a716df915aabd7d87d457087c6999b9aa0776e186203331002adc10752f2f26a928a824aef085481c

    Download Submit

  • /storage/emulated/0/Android/data/com.biyanzhi/774663576#biyanzhi/log/20240601/000.html
    Filesize

    10KB

    MD5

    531495af19522513157a962d72bff08b

    SHA1

    8e5aacfd56f07affee29ef360e400a0edd959106

    SHA256

    b1576f71bb6afca9987de7c8793e160a66f4addf7572602a52287045d41aa5b0

    SHA512

    755bc28c5d67b398c4d69c9febd68945c6f29b6f0e00e1ac06fc9be7ecadbb9d878a7ea7916943958e9eb58040c8d59409e18483bfaf4596e715619ebc7525ab

    Download Submit