Analysis Overview
SHA256
bdc1d1a4bcfdaa5e1cbf123236faa1bd205b40f30d419740ff11a425d733ad95
Threat Level: Shows suspicious behavior
The file 98ee531908a7a6b952a258674979682e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests cell location
Queries information about the current nearby Wi-Fi networks
Queries information about active data network
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 18:39
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-05 18:38
Reported
2024-06-05 18:39
Platform
android-x64-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-05 18:38
Reported
2024-06-05 18:39
Platform
android-x64-arm64-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 18:38
Reported
2024-06-05 18:42
Platform
android-x86-arm-20240603-en
Max time kernel
142s
Max time network
132s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.yundu.YaLiMaino2406oApp
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
com.yundu.YaLiMaino2406oApp:remote
com.yundu.YaLiMaino2406oApp:bdservice_v1
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | react.xinpear.com | udp |
| HK | 47.90.88.140:6969 | react.xinpear.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | f42769.xinpear.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 121.201.11.121:443 | f42769.xinpear.com | tcp |
| CN | 121.201.11.121:443 | f42769.xinpear.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| FR | 52.47.53.213:443 | sapi.skyhookwireless.com | tcp |
| FR | 52.47.53.213:443 | sapi.skyhookwireless.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 52.47.53.213:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
Files
/data/data/com.yundu.YaLiMaino2406oApp/lib-main/dso_state
| MD5 | 7fb214cbf745906422f97e526b0aaca8 |
| SHA1 | 782714d67374e02603e9d3a71b22cdf21d48b4e5 |
| SHA256 | 33bbc1fe9c9adba40f0e79cf3d74545c1f5cbb2ec73e4c58ae0a925faaf1cec9 |
| SHA512 | 45c866a75365ecdbc77ce44e4478b0e28c294fa12239eb2c4024595d7ae9a2afcf670019b1dc1e2da89f0dc3beea576f00dc146d8019a7dbb6d01c1243e148c2 |
/data/data/com.yundu.YaLiMaino2406oApp/lib-main/dso_deps
| MD5 | 1c7f44c4909b8297f24a57105c789cb0 |
| SHA1 | ba1aa342b41542bdcfe294b1b248dd87eec9ae68 |
| SHA256 | 263a0d40a13efaadef0464b310794ba0c9311922d5a9a98134103675eab10d5c |
| SHA512 | 074f18e26b5889f0a5fa6bb536b051ae10d98a2f4e63d9b595b18f8b5cdf891aaa145ec413d550a035e05d4023de4796ec8aa5372b57d0e84e8e5200bb6e5951 |
/data/data/com.yundu.YaLiMaino2406oApp/lib-main/dso_manifest
| MD5 | d184065a9b9b00c67363bed4ee1e98a0 |
| SHA1 | 67ac24b2f82ccd9b1da0e00cb6f0f866ef46bbca |
| SHA256 | f737be7c5e853084306b1e36df199ac87d68239a95599d5e421f1ca15d2d9cf3 |
| SHA512 | 77b4f2b8a2abc6b01dbf90be172356ece3d44424e4c4b4cfe1d91d0f766a1ce45a7413b6b3b6d9bc93528ce0c8a20248c4a9971e69bf48abdde8447f084249b4 |
/data/data/com.yundu.YaLiMaino2406oApp/lib-main/dso_state
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar
| MD5 | 5bd8ee492a05053afe343bdc827861c2 |
| SHA1 | 1c0595e9a807304133decbd555f7d519247b5207 |
| SHA256 | 78dace0bedf9c94c8adb9a46df2c6bedab38f574ca817c692796ffe2ec1ff0ac |
| SHA512 | add5cbe5ca15c419b030916da5a1089ca7e673763ec4677e48c7df8bf031f62ca150aa8a92463f9c4ef9cdefbfb74bc2ac896ac5715e02f7e3ab07097eb85297 |
/data/data/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.key
| MD5 | d5791ba4495ef82b42eb2732a343d725 |
| SHA1 | 88f939045fbab1c96af159e58777a120fa51983a |
| SHA256 | 9c21bb4fbc9811c57f2076716e7a72a90fd8e0a5fe011fbec063ad7a01bce93b |
| SHA512 | b4691b7dfbdba9d59fe2e5e534aed61627852d8a9a67026827dbbbd6d6f8fde13f592c5d62f82ffdd482b359e79efec68e04cd6944a676461d8ed2197ed4c2a9 |
/storage/emulated/0/.YaLiMaino2406oApp/._cache/.dat/yalioaData.db-journal
| MD5 | 860e3e83229e0b542f84dea545e53c21 |
| SHA1 | eaf6fe19f27989524d1f08a74612bef7947a962f |
| SHA256 | 29c54c0c9409ce9c90682cb8009bbffb8cf5393b78b9fff5ed24caf06af1187e |
| SHA512 | e2cfd8f0e82eebbd30065d7e92a820d4ce7e2acb652be3b95001f2e0460ebf1b9a22f8a4297e782d073e523917af38b95e0550497b723df0bc8b808fb6c950fa |
/storage/emulated/0/.YaLiMaino2406oApp/._cache/.dat/yalioaData.db
| MD5 | 6206dff9cd65b9c93526d0d8fc0602ab |
| SHA1 | 648f58e9f3661985376c775c9dc35b0d0db026ad |
| SHA256 | 8a8fbd4c46cd4f3f8014f4125ee9d4c5fa2e8dbb7db6ba6b717b2e3e3dffacd8 |
| SHA512 | d2ac97d99db7af25012c33e1be5568af36334009c91d7eee3e0280f6bc9882b23b50fe2143558686626cb6ac8c2f2223bee45cc21d66e2a6d36103ea03e6f55c |
/storage/emulated/0/.YaLiMaino2406oApp/._cache/.dat/yalioaData.db-shm
| MD5 | 81e1086c048e17a2a072914afdacd094 |
| SHA1 | 2c98a1a683377454acbcbe39231d354a43ea181a |
| SHA256 | 0cb1995c04af1d45f485cfd455908eb17317a98d8269aed0e751a659996213b4 |
| SHA512 | 0948ecf4087676377cc93231d8663175e151e5e12b5c2eba8953e5ed94779bfd6e44313f6b77c668fa5af439039619314d6aab36cfbfaa99b455c4fb4cdf82b2 |
/storage/emulated/0/.YaLiMaino2406oApp/._cache/.dat/yalioaData.db-wal
| MD5 | de1cc7bec656096b52cb4031a409f82b |
| SHA1 | e28427310ac47475c23a367e17a3527f94ec9ce1 |
| SHA256 | 4d92445ba84845a17af16510895338b66fdfe3af2f9d9848e786868103f2c565 |
| SHA512 | fc5b5e50bad37c33e34e002ee34a76c63f398f38cd24f526c85f272ecc4466124f217722eb08e312f61f5049215b565f80f67e8bcf520ce4a003ea3bdae318a9 |
/data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar
| MD5 | bdfa71feb08b80b649fddcd7488b03b4 |
| SHA1 | bcacf11199fd2c353034a7271b5dbfe2dd4cbddb |
| SHA256 | f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d |
| SHA512 | 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a |
/data/user/0/com.yundu.YaLiMaino2406oApp/app_push_lib/plugin-deploy.jar
| MD5 | 5597a541eabd3fb792c581587550dc4a |
| SHA1 | 6500b0ff20c75717e1cb67dcee76b4641a4e8a35 |
| SHA256 | 473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2 |
| SHA512 | 39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2 |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 217d8bd3f372e4a9ab62471e8b59e1b0 |
| SHA1 | d0d3de128706ad2687d5983a28db170d63821874 |
| SHA256 | f55a1c3b4fda5e5f44dbdc3fe427b4547f052ec177793bd88867aa00b0cce748 |
| SHA512 | d7cc74384e58dc988806c7c70be5207f89d22136ea112caaed4facc13c2059c7124a42a078526940ea3f3a607dd96b57254be2804d923e2bd7f78bdf00d031c4 |
/storage/emulated/0/baidu/tempdata/ls.db
| MD5 | 0d3e99204c6401ea499fe9e6d9855497 |
| SHA1 | 09829f00ca458eab7374d5079393a2cd69a2348a |
| SHA256 | 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca |
| SHA512 | 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68 |
/storage/emulated/0/baidu/tempdata/ls.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yundu.YaLiMaino2406oApp/files/ofld/ofl_statistics.db-journal
| MD5 | 2fe49e4438a1bb5d9e0ab6ff1e1baeaf |
| SHA1 | fecde9883f0962dd215abf477438a04bcc9d11d8 |
| SHA256 | 6126b27b79e4a54683febd78467bebb8f405f5251001a8c41a347164b8e2d860 |
| SHA512 | eaa7e66b1d38d10537e1b8353570220556da238b8a39fbd67ad8ea7c72270c11d2b077ec6ea55e9520715f420e2253430ca43432c3cc15096fe450feac385cfc |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | c57c0d62651676bbb936d8ece69af4b7 |
| SHA1 | 7e097d6267ede17eb4600058274caaabd71e2632 |
| SHA256 | f7d207a73d27e00b24890a0be340e884ef76711c3f4b0f591bb996fbdd22dc3c |
| SHA512 | f6d99067105a6ad60ae3a06180e7a49e9bbb24f62312a85ee18902cd0e0256738b404f37e9e7acc3858b6f71ba8b11da385d574c65ad60e82829b8728202f005 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2406oApp/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2406oApp/files/baidu/tempdata/llg.dat
| MD5 | 8199b75e895e303d5276523669a28612 |
| SHA1 | c81379b9b219b7f6b79e69dc034490257f64bad7 |
| SHA256 | e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a |
| SHA512 | abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2406oApp/files/baidu/tempdata/llg.dat
| MD5 | 34d7125107f092b2e561258daa857dec |
| SHA1 | 52961c3c1d812598850ae4639ed6a2669ac46c82 |
| SHA256 | 54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1 |
| SHA512 | d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2406oApp/files/baidu/tempdata/llg.dat
| MD5 | 31c168cabd8d89a5de2717a4165f820a |
| SHA1 | 623990c0a5ece4ba084c65a73e0bb9bebad79ced |
| SHA256 | b6d08fb556edba36da58ad5d9092cacf5246bf35f991195e88a8fe16a92dac33 |
| SHA512 | f8c403a5048c57f466c0eb72db5a269a8e1bc7a7e4caa671bfa4038c7c3a4b35b3224c8325deb543af3dbd38b591822690fbff4ba9ac6ec2626a5e6989da8ec3 |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | 4fd20b5a0227c3cfc9416a47a596032f |
| SHA1 | 67d61c1355b98baea8ce9f8cc3e0b3e8883b9b02 |
| SHA256 | ffd723e1b43bb4ce95843dd3c86d00823e109bef66d89352cf737210cfa3c9f2 |
| SHA512 | be0decf6fa30908378e719361c992c6b7f4238349997fbd7ecf881ca9c20dfb96e18301c69332a5ac4452881b9a23bc14ea2866511f74241fc18a2f9b953435c |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2406oApp/files/baidu/tempdata/yoh.dat
| MD5 | a936690571e9104e1922dda4a0ba5bd1 |
| SHA1 | 65f49c57edde2f96be2a1dbdfc3f7351f1e66554 |
| SHA256 | f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412 |
| SHA512 | 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino2406oApp/files/baidu/tempdata/yoh.dat
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 18:38
Reported
2024-06-05 18:39
Platform
android-33-x64-arm64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-05 18:38
Reported
2024-06-05 18:39
Platform
android-x86-arm-20240603-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |