Analysis Overview
SHA256
555ba3f7e9c78939a2a90a78f4d4e0734d60dcfd696480eb12f758d4f0e9a2f6
Threat Level: Likely malicious
The file bcd264a82e545a2f8668ed4142feb05f_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Obtains sensitive information copied to the device clipboard
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 16:10
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 16:10
Reported
2024-06-18 16:13
Platform
android-x64-20240611.1-en
Max time kernel
173s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ayl.lifebk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | stat.gw.youmi.net | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | oc.gw.youmi.net | udp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | app.waps.cn | udp |
| US | 1.1.1.1:53 | r.yyapi.net | udp |
| US | 1.1.1.1:53 | au.youmi.net | udp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| GB | 172.217.169.14:443 | tcp | |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
Files
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | 26912818f0fa5bf38e777145c9f4317f |
| SHA1 | 58ce4f562aff84e266ccb7ffd0f9969df7f7b722 |
| SHA256 | a793aa6a4cdb15825f58ff842bffb035c72d9eb8da45145786db1fcee31d7ea7 |
| SHA512 | f2a1766fbabab20df25a8b97d04e7c6e1b99546fbae3fc7e8a542450df280e173bbb288de8c9478b99be39581d22678db0e2245cf999dbf30e7526ed3ce7b86b |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h
| MD5 | 083bd5e53e85c1499b3f3f39a8b27c05 |
| SHA1 | 539208db3761fbd4628dbdea4da20d47364982d0 |
| SHA256 | 10cf0e705cc51a4da915dfd2e0360bf05fa0dc1caf52b9755a93f928c4fd4ce9 |
| SHA512 | b8ddeb321ee6d7233282e625b28cfeb103a50983b312797ad0e156596500c524072050240415b85f70c4989a828276ac17333be52fa6f9dab8a81443ece37589 |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | d527ede9b7c17cae9e40563b55602f5f |
| SHA1 | b11b62b984b94a6b3fb247dce3fe4a96386484f7 |
| SHA256 | ec2aafb8cf62ad9d015c9d6189fee96a7780dceb74a534f139f42f73eb4c18e2 |
| SHA512 | 198c7a27be25c63e8738ba0404831b7e2540399441af5572de1bcbb3c53c497febaf4c152829e7e199cf5b0c784ce046ef1c4da821d7593ae88f7db99ce4f6ab |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | fad09d41bbd40edd84773daf962877e8 |
| SHA1 | 81990423cfae8f49236f87eeddbd025bf9042b3e |
| SHA256 | 41f7f450cbc216dcd2118e5ac7df23ae86355c8c0095c92c8ae52c41c5cbc9eb |
| SHA512 | 7c68544c46f5e498f170b4ef9f86b29316aee94f2cff7d717d1e099122b22842a7d97934617d7ddceebe355f89ae39b45f377a7716c94c7701608fd36e9b57e6 |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | 3514575f6faae7ae456c8f8392d5fad9 |
| SHA1 | af9d37d456ce10a5d04ab4b98e21e2fefcee6e26 |
| SHA256 | 7aef1f7ee76b99fbc65f10e392c3738f5c9830398c259073636e31e704f5ebd2 |
| SHA512 | bc185c1ddc2f33c6fd75cfceb5bf13dd5fe0d5a59829bdb17375a18fc2af71bb392a9b19870db1245c1957b1967c3aa25322fc3d0fb542d1a86449a6ca866247 |
/storage/emulated/0/Android/data/cache/CacheTime.dat
| MD5 | cf4892211df3092b1c3b408c217710fe |
| SHA1 | a324d71915d621485151ee253a47a8f451ab907f |
| SHA256 | 1ec2035ba596453cd7dec161e804bb82cbf8494d90d518d0fc78185f2a7a5ebb |
| SHA512 | 6acd6e837f326264ef51b9fc190ce273b0ca0ee83a908e1eb24633d7a30e08906176bf51b3a7c51b00794f2651779474b783e660fd53a3e9cd82faac7ca38c67 |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal
| MD5 | cc858e7c48d71be8c8126dfc5e820537 |
| SHA1 | 97707634d2a9707fa3a067a2ba13931e0b73c586 |
| SHA256 | 6b4e371463a1c8ca27a2c1729e0f3c1c398283120def867b3e2af05c036f19cf |
| SHA512 | cc126719a469204ea0687c3ecd144b89d0d0d4a6e31b3d8b0e34aa62ae6aa2deecc12de5520bacf05845cfbcbdd3e334551f7244dfb69e223b7aca581a950d39 |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT
| MD5 | 0831e7409f4719cf4cae2e154106bd73 |
| SHA1 | 04f6b7592f36fc7c3aa8befb3ea6cc247c3b3190 |
| SHA256 | 443349b5ad00c150da1f10fb05ef5905ea42f92826469a52bd24c9ccdb133331 |
| SHA512 | e2f7e79713153daecd31aeae488fac12415ee9792a749eb976ec9f210889c43eda42b53391bc2aa46a3ff59de3602865ca68bcc58af96894050718468e253796 |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal
| MD5 | ef789c75654fb68206a847f5ba6bcda2 |
| SHA1 | 6ba1b800a9e05cca1e59f3d8cc59121f404d6b34 |
| SHA256 | 09247b94aa5dacc2720525c552096a497ccec030361d1cb7cb7401a3772247a4 |
| SHA512 | 7aecd9b1cc49d566ef614c4e70e7c099f8517faab291c65c5f0b242a2b1ed61caac01bdef4fc2714cff26232a0fc2f1eb0a9bcb3085f17b518bda85fbc17479f |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal
| MD5 | 9aa0386fe40fd3d9159da46d967aa252 |
| SHA1 | 17cbb5eab77b5a005575745325a264a0aa440461 |
| SHA256 | 660c0a98cfabc7bb0f5811c24a13acd61bda617ab80b34a1688bd8e8e5793061 |
| SHA512 | 72c5b6074857bb456104229e69b5137e30657be105796db5be48499eda44be6b2564e6e8c9e6baf1ea74899178e68ad9cbf67d54412312cadbd54bcd0fac1fae |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD
| MD5 | 18fe38af58e5f87856a790c33aa701e3 |
| SHA1 | c6891a756dd4fb4dc0579264bdeddae216b38d6e |
| SHA256 | 0406afc81c76b3b2e95bf4856a2bb48ad44ba02e4c45b45b64d1a495da518b4b |
| SHA512 | 0713ec95c92b5d8faf3fb30545c197c5fe1865f05e850f06846f35fc0b473d0f85cfb60572b1861defda63c52ac88eee9d4b71ceb184c5e1dd8ecb29333e1438 |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal
| MD5 | f0f15836845698d1e50d04e065902557 |
| SHA1 | 18f76fba9fa234c4c079a3fae009d23b795cbb66 |
| SHA256 | ae52a66f06737a2b6357a79632b14c30910a4eae82e8c37cc716874383df8e5b |
| SHA512 | 12de0a645007401124d552962749914bebca97b8a30deb67fd0140e6796025955c3d9645fc8d19639af9001bb4f4275036d4a507c6545b9c87d4351332266971 |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal
| MD5 | 68182ab97c1a8e466c3c7b060fa32da0 |
| SHA1 | 29f6afafca1116030c79462e7b4554756cf85e31 |
| SHA256 | 34c22a077dd15d5c39639976bea969df0479dcdf5769134cda65535f2b229d2f |
| SHA512 | 168124d115f431edb347b1b00e0fe3420f49251b5265a7b24c7eb1695f1cefbf0138f2d667bfc50d80a2643bda2133b4f882be72f00a4c605dee762783ba2468 |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | 7efc3d6649ebceca295d3dc0fdfb51a4 |
| SHA1 | ad613bea130163be00eb394e7cbec264710ee24f |
| SHA256 | 062f82cbcb58ea1cc64512b025be932ee50e2b5ac3b5cdb9ffa332c0525fcefa |
| SHA512 | 1bc45adeb5b8c0b4df207dc7d75f3fb7dde6bd4d65a8d8e5eec7d5d18f25a8d2e01aa54c2fd474182d48e3598df7b41e64cc66d72a9eff7d0b2f53a38da76ad2 |
/data/data/com.ayl.lifebk/files/d929bb76e8110d1a70260af57b446eb0
| MD5 | bc51a59f793204e53617040d713c7232 |
| SHA1 | 5920db5e438f7486bba3ed204dddf9206f24d388 |
| SHA256 | 4ca23b0af17845231164e7d8531b7177f1e27afbd3e0f9b6fd4c2aae457363e5 |
| SHA512 | 5ff5ef4057e87b6e8e2f0048694fb56eb86c81164ebc792706a0f328985c54f8fdc3851afe07559af875e9d108c608e03d84ab4c201b6d750ddd8c5008ecfec8 |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal
| MD5 | 6fe5c57cc2cdf02929fbbde899117a33 |
| SHA1 | 75cdfa13e124c3ce55025f3cbfc0b918a9ee9af4 |
| SHA256 | a8e8fccbc7692300051779404eb5ada4227fd6e39d8eb6ce8f328a23ba55a712 |
| SHA512 | 8d0c028ab687c59f21e59b27c3ec2da2a68e175f7c80f31936e5c9fe591dd4bcdf62e6564a2198a4dd34f2b085f22e0fa6c710fe55134b06d7cbd45327f8e17d |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | b3f72490aed0c7a27945c2540b7ae7e3 |
| SHA1 | c44dc8604ebd7a22aa614d1b322d49bb639ed5e0 |
| SHA256 | 7cf586b663b224d561f52c01c18dc25acc2f9b2ea545cda2c6db650ef7c061eb |
| SHA512 | d426f2e1836111cd3ff9b3734d94a46f1b1ce68a7bb0001f7b6c9ae6ab5565c72dcc96ff997f524964413d227c7881001a2a48ae09336b7a9d6350fbceb238f7 |
/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal
| MD5 | f858a71729620cc6b47e2359b2868d14 |
| SHA1 | 06f110598ba4361dde3e577c97bb0dc4dfcf5f43 |
| SHA256 | 27edc16c93718aafa1e05a9400aa5a2a529b89ace72bbf0954bf14e5cb3b45d2 |
| SHA512 | 5c94e656920fb314a2518ec24783ca47c9595019e8c29ac85317964e54f48b7c2cb49d225844c4f61ddee1e5a8d7e126d17e99740464a1f505406a43cd6a0907 |
/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal
| MD5 | 93d5ad07cd9a572ea3e9b5a6e7079a46 |
| SHA1 | 1a1f50d3647428fb60d97b2f72546de3ef36d21a |
| SHA256 | 814c0b01f7e6bc1835e238b70526a4d60c54933124053bf0ac3a10a86f84aa96 |
| SHA512 | 4e8b0c0b860ebda23ca27aee8a03ceba03b0e66b10a4d497d18c97746fdefea301c00f077cd7f3641b2007020301783d2a3de0534bb405d6db6d0ba93193bf78 |
/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal
| MD5 | ee2006ee97d46e2dd0d043e80dec616f |
| SHA1 | ae05d8c6ab3e421de31c5c7c2f6fc7c237924e73 |
| SHA256 | eeefc7f596cf8b88a94dffe9f4167d89eb48ee45818def94a6ec6da561780fa1 |
| SHA512 | 3b80ca7b6b6aeaa7b40998193173a526c1282b223a034344aec3e335eb7cebafefa404c664b894cdf7eef1ea92d0586ca0860748189e81fec0ca863ec35a8808 |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal
| MD5 | 81098c681a9ff8dccfaf7516defdbfd2 |
| SHA1 | b5cf9163ff28b4c02c3e8970724c77cb7c2c6d8e |
| SHA256 | 3d1c18bc61ceba9c713d70e862200a407414476befc7dda4d8426840d73a5572 |
| SHA512 | ec6efc1cf96e1a945ab53fdf07100300379b960c203cd198c02961ed94ddb385bfb67f1110690dbc6b6c237292dbeb73371e95982e5b4e190763f06b004fddac |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m
| MD5 | 653710ef7f6a06e00e981adb12683e2f |
| SHA1 | e8a1718747ff359c3084ec2c0f7f2586119c90da |
| SHA256 | e25f08c7a081b452f680b9b2b74bf4a758421833ff42f44a6ad6cd2510118dae |
| SHA512 | f69272f26176434c5e66183a55e72a9a0c85b9c6006de33618bc652930d98890beed77fdb73cc422d3854336457b2af64e5ac7346fa06668ead7a0178af4cce7 |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal
| MD5 | a28f150fe912dd74b6a717b24a70cad8 |
| SHA1 | 05c78133d56b107f842c13e490af8ab092e7e1a1 |
| SHA256 | 0080441ab55583cae0ee56c5fa72d4a53079a36d8933b63b57b69d0fd66b7f93 |
| SHA512 | 1dc2d93827a5d1f28357fb8841bfd8ec30e66834b5973a5ba1286829b419491243aca4d38c370a50d9fc386f502ef65118f4bf22b9ec261278c86f26a9b54cf5 |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal
| MD5 | 1dc9e1cd03aa07c61328dd6fee9df336 |
| SHA1 | c97b6f3c33f489e1f4eb173c439d8e9505143cdd |
| SHA256 | 721f276ce401e3e813ce2c6144de5fe5dbd37440f692f293437c4c9c048b86e6 |
| SHA512 | 3e4a1590ca754d292c4f0d118e4577878b95fe15db184e01bdc380d7cf523e826c397d373043ed9a599eda139aa1ac97b98123bdec81a4d3cad8239a6f73e4e9 |
/storage/emulated/0/Android/data/cache/AppPackage.dat
| MD5 | 55ce2a0d54825212393d502c1b385f6e |
| SHA1 | 5cd9dbf218c5ef9246b49f0cec18469ef7a356c9 |
| SHA256 | 069a80460ad26eaad5bc9a1a0032ee3df70f5633ea9c32a594abfabf638a1fab |
| SHA512 | 5938f704eac7d577c79e6002b814e119f1180e4c62763950189aaaeb7460a3edacf84841f44a8cc7f15d66dd6b2c1a7121ec76fcdf1db2ee9983374f33344d52 |
/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal
| MD5 | f49d63a302eb906e8b16d0791f1e82c2 |
| SHA1 | 554bf2cf10d26f1f93241341f3a77237abb39a67 |
| SHA256 | 93f224b5c49d9151cfa44d2d58f67043d18aeeeb6d1264b5ff28bc261ed70298 |
| SHA512 | e99a6b9dfc489751706c4786d00edf7e4797828e727d542cce239d6deeacc953c2ddaa920ae8b8f9ddd1a7b61041e79f1b193008810ceed5d80c102ea8928901 |
/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal
| MD5 | ed91c6d9ad2c3a2bafcd1f6b322c230c |
| SHA1 | 34ef21c4cb2954fc470a6db4baec31854df04c80 |
| SHA256 | 09913c9f231039b250a8d5bb18a0ff3bb2ba1a4ab6674a1b7346547c2bfe977a |
| SHA512 | d7374e4f38480431e7795e881ceb156dc46b19a24b8f1fa60634d51fee3a1b9c9f90b3523876de7670d6e3083e2438a13a52c2a68826a8267f7922a3098aab58 |
/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal
| MD5 | 92ad6482ea7ab153baf2cbcbe9242fbc |
| SHA1 | cd327b759dcb7e4ea850f30ca1f14f252a2c775a |
| SHA256 | 92115c1dd1312ecc577081a1030b812ac5f489bfd0e496cbf12cf10823429b99 |
| SHA512 | f621487a5dbe4071185a5c63a9833f0b0712edafd2a0d09e4949f4a3849f0c95a15ce476fc1e69323c2ed2f1edd0d130889672cb4bf4b88d9d54b1f5c996e5ab |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal
| MD5 | d62d3f4d61fdae6d2ffdad779c90bc30 |
| SHA1 | 83f035ae4ffa6c81508b433299efc84524e1339a |
| SHA256 | bac7e4f621ec084a3a9fa101a113e07db3070f9bcba33a7cebc9047cbee2f645 |
| SHA512 | 80592539b05f5cbeea42440a9ee55f73fee244939a00e92d8634aa5dd9194e4f977c14a4b5e40f9bc13fc5082b871b5ae9f53bbb1512eb0397b0630eeeefffc4 |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX
| MD5 | ecbff9653eef62492fc88d864bd03eef |
| SHA1 | ba72b8a8e90d4264e28c94d6b6caf78a04a267d3 |
| SHA256 | 7dca83b099edb9689164bedb8a6e99292e1dd02c63efe1671dc1275e4b5ce3c3 |
| SHA512 | 4018fbd16e983db63f5e7d59c919c20357674cac3796aef290f4399e4e1d26e7842f8dbfa67d26a54ca8fdb82c583fc449fbc2ac39c0c8f94f454ad6c8a53c2d |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal
| MD5 | fa9cafee1f15bd8e1b669c1d23bcb802 |
| SHA1 | 1656d3869145e87092a92257c5ad6e5b930a5e03 |
| SHA256 | 70d37b6aaff684944647f96a1fddb0b004b1deba0925c5cc19b04e02538e212d |
| SHA512 | 3db7e6a7899c15bd368dc458e955e15f596f12c381843bbebb9060a0ac1f0d0897709c231529999494450c313518de53c870c0bcd00835fbc04e0336fb35df4d |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal
| MD5 | 99067ae68ef72e08e753f56f1d12aef3 |
| SHA1 | c06281c41c448f89f22f684b240b2851b123c9c4 |
| SHA256 | 6c98ac91df0f3b919f53871ca691fa838abc3c33d1869302b6d6d1a5baedd236 |
| SHA512 | 9470b0f2bba5769e00f0c04056d689d0155d5a5ae4242e376aae4aa169802498d7750c2b0a6d26a338e282b5705336d366c1bcebfc1828e96e86ec9f1a52455d |
/storage/emulated/0/Android/data/cache/UnPackage.dat
| MD5 | 0c10dda6c0803b0aba2432404ab4b7d6 |
| SHA1 | 6d7296e47620a42a3b1707b04195cd4d509d3ef8 |
| SHA256 | 046c39fec550c831995f1238bc43d951c3b5685a2d5248cafb08be716117cc20 |
| SHA512 | b36d6c6b809672e7fd53a6fecd0a0d1bec898abc3255b8ad6cc76688e4dfb5c4061b0ef5557ef70ba73638209cbd83669d353e8d4b6bc76ce8bf36731fce8120 |
/storage/emulated/0/lifeBK/toContent1.txt
| MD5 | afae783ac947cca5b8c1d71ba1b492aa |
| SHA1 | a1960e0f03be6433d0eee76ba4480d0c800c581b |
| SHA256 | 2fb8f1fa33d1748dceab4f16179ff27cf9eee2cd475fbbba2ed6b0811cbd8708 |
| SHA512 | 6170afc4d6fd4375e6907a71381fc9bf16c1b9d35d926677c546c61037da0a11b4f8d8678ff4f25a8da45231fa2f691666b95cf5372f776fd456bd72aa44fe59 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-18 16:10
Reported
2024-06-18 16:13
Platform
android-x64-arm64-20240611.1-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.ayl.lifebk
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 16:10
Reported
2024-06-18 16:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
173s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ayl.lifebk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | stat.gw.youmi.net | udp |
| US | 1.1.1.1:53 | app.waps.cn | udp |
| US | 1.1.1.1:53 | oc.gw.youmi.net | udp |
| US | 1.1.1.1:53 | r.yyapi.net | udp |
| US | 1.1.1.1:53 | au.youmi.net | udp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 183.131.178.88:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
| CN | 218.92.216.53:80 | au.youmi.net | tcp |
Files
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal
| MD5 | 64006117683fd7d9f628cb8f54bca4db |
| SHA1 | 519a8791998c40e7518c9c69a8c3a17c95155f33 |
| SHA256 | 0abb20d1827fe21eb5a695a14b79e96cf735f22e8cd5e81fd74ab1f631c394eb |
| SHA512 | cff394810b5ded4d189d432a441d620e2fe3562bf543480336d3069582f7a7bdb4dcc5b74d7c1510c06ffb67e37f772a0e22041815698a000eedea315d1fca06 |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-wal
| MD5 | a6687def2de2b6ac5e241a22b5ab012a |
| SHA1 | 6eecb3ee6476fb67ce3c63355d321cc73bb0f0c9 |
| SHA256 | dbcc0509175834a7d5576617e10ecbec353d80e1bfb89d1e54890ab53a0180bd |
| SHA512 | 9330603ccffa2020d3858d47f64424a76c0370aea345759638de7bf8d3331f10909c7321b9687a4b179093e5068e7ca9941cef10d47b48388c4aabd50f868e08 |
/storage/emulated/0/Android/data/cache/CacheTime.dat
| MD5 | 715a19f2b7dc41a5fa0ada4c77aecc60 |
| SHA1 | b725d4ed822e29e90247f1b2b7d33be7034d4d14 |
| SHA256 | cad7e2efe84fc07233fd2a671c5f258219764a6eccca3f704120afe27b15e97b |
| SHA512 | 23dbba205b30ee0c437e2d182f5fe61fa4b2d47e7db36d861682d3748dda9bfebadf88c42b72861c4d2dfd0dda744dc9e1258e8572059814d93ceb92a6317842 |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal
| MD5 | a83c3fa577da0f8c09b6b7f40b4caa33 |
| SHA1 | ad92f47e4a52f81ed60b26935eaea7e76cc5ee14 |
| SHA256 | 69671d6d4d76b6001614fdf019096dfd2907ea8908bc3038b79ef0afae091332 |
| SHA512 | 2a3b5bf840f29daae02df97a25da434cbdaeaca5a7921d2222659011b5efd8da8c533b92c79931390b5d8ce8fc2313b87f1fac5802f9c9991c5305e4f13a6c69 |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal
| MD5 | f6cddef27aeef83696ae85fa2c23a97b |
| SHA1 | 08c73c8f53cac6153feb04f1b0d794e575a8b049 |
| SHA256 | 39dc61a86fb390465cba9dcfc8a5365a14f18c5f4d576dfc7a2b5fd18b585526 |
| SHA512 | 1c64eced03b4b14f2ff3d39510f0cce830ec8e122a7ee49482976199aa92421f2fc2bc841490226e10b2e23fbcfd2a317ebf5fe39266415e1f523ecdf8c304bc |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT
| MD5 | 9c37108c041a67252d4fb5059436eb9f |
| SHA1 | f65bdd652f9b2a098993d2aca0be2578e8eed20a |
| SHA256 | f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55 |
| SHA512 | d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548 |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD
| MD5 | 59413190ea19211285b5c0fed44c19c8 |
| SHA1 | ee67b7590047c3c17309f6e6eed48556aabe4c92 |
| SHA256 | 3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d |
| SHA512 | 6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e |
/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-wal
| MD5 | a3a205e9c99fe3124360523333457ba2 |
| SHA1 | 514f47af680fcdc71e748081cef4a44ba3150ad3 |
| SHA256 | 0706cd5ec9249610750d5df3864d1f3515bc187834bbf797e6155634f52a893f |
| SHA512 | 4d90f58fafda0f68088685eba5caa069c6dd4495756fabd3497eefbf272c325ac637cb67308b911b1eeac7465b3b8d999f201d552a7a8bdb65c9a999ce3acfe3 |
/data/data/com.ayl.lifebk/files/d929bb76e8110d1a70260af57b446eb0
| MD5 | bc51a59f793204e53617040d713c7232 |
| SHA1 | 5920db5e438f7486bba3ed204dddf9206f24d388 |
| SHA256 | 4ca23b0af17845231164e7d8531b7177f1e27afbd3e0f9b6fd4c2aae457363e5 |
| SHA512 | 5ff5ef4057e87b6e8e2f0048694fb56eb86c81164ebc792706a0f328985c54f8fdc3851afe07559af875e9d108c608e03d84ab4c201b6d750ddd8c5008ecfec8 |
/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-wal
| MD5 | abf8e442967a3b6b45ce341e6a628b19 |
| SHA1 | 37774e177ccd3dd418640d4edc67d050a25177ee |
| SHA256 | 6256099d8940a0bc0c4c47fe2782a050097816671fee1bc194368b5752fccf51 |
| SHA512 | 5dcfef2ec23ac4687c1b13b26056f2db37f6442895b142d5448d789ac3e538529ba84d8069d6ba536536c87f5a372b56cf50b517af86fd1cf5cb871d4c6406d8 |
/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal
| MD5 | 1dc3e024cc6f14575679561b11565de1 |
| SHA1 | fca6e9d1ba8c790b888492c87a932c88c9f988c2 |
| SHA256 | 6590a4003dd2ce68da39469141286dd1799ae65ed69d3492800460bca6a7b49a |
| SHA512 | fdbf5b47c07b1955c28b9e01fc31eff9701b3da33db0dce4cbb41e9ecdef0c1386e0e880dff0ee478d35b182d1d342c407e558cf59c0181c3a6ffc249d868651 |
/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-wal
| MD5 | cb543a09993c65898cdefeb3a96802a2 |
| SHA1 | 38876cc21faf516aa74ecf3cb6ff219db70fe263 |
| SHA256 | 87fbdd6101ffe0fab4b968046d94e3d96cc19254e85233d412716b968e396e41 |
| SHA512 | 824e207fa0ddc9b440ae22b60929425e075ec0acd24ba9506968a8f8ccfe77c27d4fdae2afe5332ffe35fa7fd612aa7c62f37b39375fa57ba7df49be473f34d2 |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal
| MD5 | e3ba9389857af16eba13b5511406b1f6 |
| SHA1 | 7ab48304532c7981bcccaf27a009f067182fa9d7 |
| SHA256 | 985745e5e6c32c460ef8bf4f1a2b462ed34f841753d0019480227ffa1f5e5534 |
| SHA512 | e05f3c54c134cdb0ccd6338056b6a1413cc45367992127790c736b2baf3839074c11d4338f1727fb4111507577e7f4a5f7713a6bed5cb08175dffb20c1cb64e4 |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m
| MD5 | 032abd6bc70ad7c9484f10a7daf57bc7 |
| SHA1 | 12e3c03375192814883d5fd1671e2b0c64b0ae43 |
| SHA256 | 9cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976 |
| SHA512 | aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f |
/storage/emulated/0/Android/data/cache/AppPackage.dat
| MD5 | 55ce2a0d54825212393d502c1b385f6e |
| SHA1 | 5cd9dbf218c5ef9246b49f0cec18469ef7a356c9 |
| SHA256 | 069a80460ad26eaad5bc9a1a0032ee3df70f5633ea9c32a594abfabf638a1fab |
| SHA512 | 5938f704eac7d577c79e6002b814e119f1180e4c62763950189aaaeb7460a3edacf84841f44a8cc7f15d66dd6b2c1a7121ec76fcdf1db2ee9983374f33344d52 |
/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-wal
| MD5 | 408eeb831990f47debe1c7acd44d1200 |
| SHA1 | f5c60c250e22ce904c520046efd4f95e57e5ddcb |
| SHA256 | c362e0c536b0914c406683f0e7ea4fa8958275b1e83f6ade67b2e55b13cff865 |
| SHA512 | d95857d9c89069a8f1ba6af83548551a5a02060f80ab799b44d5da1dcdfb52e4d8addfe45b4efa5b71b350d22ea658fefa5ea701d774f045f2d1edbfb13ec520 |
/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal
| MD5 | 4a6b5bdf7642ff521c65cc8e1f7a31b7 |
| SHA1 | cdfdd7498aff5feead6ae03317da7f22d51c97a8 |
| SHA256 | 2ea9b9c73c0881cd8ab8e6caadf9c70385fe9778ed23d0493894f0deb60b5438 |
| SHA512 | d78baa9fd0be282dc68b337cae6fb4c9655e65c6fb42fa6c8df3e964e646a4e1dad231fc50a193529c14f54a2640a2a7351ad0a26b99ece64a3fb95608a49486 |
/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-wal
| MD5 | 47c8e91b00aa86ce9f9f26528bff38b4 |
| SHA1 | d1cf2f1072a5312114446b13dab8900aa5cc769f |
| SHA256 | a0e6ba65647620d5fbecdb386c7e0e54392b7cbc9aed1c319753bb2ccab49bee |
| SHA512 | 02e11ecce804a842bc292618f9196098d94b3e9cae6fff2749c76b48ae828d802696006d5fd70dfa83d62d9678cde4316f78fb5a5cecaa847cd045ea210236ca |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal
| MD5 | 03204f5ba849ff1ceb8c51c2982892e3 |
| SHA1 | c0b97883636c1c744488f24e9203ca2dd9bf09ca |
| SHA256 | a1c234eda93cd471d9a3df562cef9c4fd30b09c9bfe43db89919fe1fd453a19b |
| SHA512 | dd3aa70471c93684c5677a8410563ba0ae7c773b4a272e149e5a1d45e97517efcfad2aa270e11d1beaaee7beab4ba53095aad32a4dfdb5bf04fee9f7accf2e58 |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX
| MD5 | 3f46387c5a9161a06c35918e4715e9e4 |
| SHA1 | f03b4527b29495a3f50be85d6afba301e9e3f1c1 |
| SHA256 | 687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9 |
| SHA512 | 614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef |
/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-wal
| MD5 | b2cf9ae24cb102a0568bef681d84b957 |
| SHA1 | f960af6f02d6024906e1d7026ea497882c34af85 |
| SHA256 | 391deca548014dcdda2cf68f63836aee8c38b9178340ae957a4d4c17c3292a6c |
| SHA512 | dccdd3bc8b227bdb0297c9ea771d7fdc8699758fcefefc1d852e2c218160e15366828145b4a7d9f6be7a02d15746b76fd795759387995f7a54c29466a6e8c550 |
/storage/emulated/0/Android/data/cache/UnPackage.dat
| MD5 | 0c10dda6c0803b0aba2432404ab4b7d6 |
| SHA1 | 6d7296e47620a42a3b1707b04195cd4d509d3ef8 |
| SHA256 | 046c39fec550c831995f1238bc43d951c3b5685a2d5248cafb08be716117cc20 |
| SHA512 | b36d6c6b809672e7fd53a6fecd0a0d1bec898abc3255b8ad6cc76688e4dfb5c4061b0ef5557ef70ba73638209cbd83669d353e8d4b6bc76ce8bf36731fce8120 |
/storage/emulated/0/lifeBK/toContent1.txt
| MD5 | afae783ac947cca5b8c1d71ba1b492aa |
| SHA1 | a1960e0f03be6433d0eee76ba4480d0c800c581b |
| SHA256 | 2fb8f1fa33d1748dceab4f16179ff27cf9eee2cd475fbbba2ed6b0811cbd8708 |
| SHA512 | 6170afc4d6fd4375e6907a71381fc9bf16c1b9d35d926677c546c61037da0a11b4f8d8678ff4f25a8da45231fa2f691666b95cf5372f776fd456bd72aa44fe59 |