Malware Analysis Report

2024-10-19 13:10

Sample ID 240618-tmlzds1aqb
Target bcd264a82e545a2f8668ed4142feb05f_JaffaCakes118
SHA256 555ba3f7e9c78939a2a90a78f4d4e0734d60dcfd696480eb12f758d4f0e9a2f6
Tags
banker collection credential_access discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

555ba3f7e9c78939a2a90a78f4d4e0734d60dcfd696480eb12f758d4f0e9a2f6

Threat Level: Likely malicious

The file bcd264a82e545a2f8668ed4142feb05f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection credential_access discovery evasion impact persistence

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 16:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 16:10

Reported

2024-06-18 16:13

Platform

android-x64-20240611.1-en

Max time kernel

173s

Max time network

184s

Command Line

com.ayl.lifebk

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ayl.lifebk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.wapx.cn udp
US 1.1.1.1:53 stat.gw.youmi.net udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 oc.gw.youmi.net udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 app.waps.cn udp
US 1.1.1.1:53 r.yyapi.net udp
US 1.1.1.1:53 au.youmi.net udp
CN 183.131.178.88:80 au.youmi.net tcp
CN 183.131.178.88:80 au.youmi.net tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 172.217.169.42:443 tcp
CN 183.131.178.88:80 au.youmi.net tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
CN 183.131.178.88:80 au.youmi.net tcp
GB 172.217.169.14:443 tcp
CN 183.131.178.88:80 au.youmi.net tcp
CN 183.131.178.88:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp

Files

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 26912818f0fa5bf38e777145c9f4317f
SHA1 58ce4f562aff84e266ccb7ffd0f9969df7f7b722
SHA256 a793aa6a4cdb15825f58ff842bffb035c72d9eb8da45145786db1fcee31d7ea7
SHA512 f2a1766fbabab20df25a8b97d04e7c6e1b99546fbae3fc7e8a542450df280e173bbb288de8c9478b99be39581d22678db0e2245cf999dbf30e7526ed3ce7b86b

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h

MD5 083bd5e53e85c1499b3f3f39a8b27c05
SHA1 539208db3761fbd4628dbdea4da20d47364982d0
SHA256 10cf0e705cc51a4da915dfd2e0360bf05fa0dc1caf52b9755a93f928c4fd4ce9
SHA512 b8ddeb321ee6d7233282e625b28cfeb103a50983b312797ad0e156596500c524072050240415b85f70c4989a828276ac17333be52fa6f9dab8a81443ece37589

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 d527ede9b7c17cae9e40563b55602f5f
SHA1 b11b62b984b94a6b3fb247dce3fe4a96386484f7
SHA256 ec2aafb8cf62ad9d015c9d6189fee96a7780dceb74a534f139f42f73eb4c18e2
SHA512 198c7a27be25c63e8738ba0404831b7e2540399441af5572de1bcbb3c53c497febaf4c152829e7e199cf5b0c784ce046ef1c4da821d7593ae88f7db99ce4f6ab

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 fad09d41bbd40edd84773daf962877e8
SHA1 81990423cfae8f49236f87eeddbd025bf9042b3e
SHA256 41f7f450cbc216dcd2118e5ac7df23ae86355c8c0095c92c8ae52c41c5cbc9eb
SHA512 7c68544c46f5e498f170b4ef9f86b29316aee94f2cff7d717d1e099122b22842a7d97934617d7ddceebe355f89ae39b45f377a7716c94c7701608fd36e9b57e6

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 3514575f6faae7ae456c8f8392d5fad9
SHA1 af9d37d456ce10a5d04ab4b98e21e2fefcee6e26
SHA256 7aef1f7ee76b99fbc65f10e392c3738f5c9830398c259073636e31e704f5ebd2
SHA512 bc185c1ddc2f33c6fd75cfceb5bf13dd5fe0d5a59829bdb17375a18fc2af71bb392a9b19870db1245c1957b1967c3aa25322fc3d0fb542d1a86449a6ca866247

/storage/emulated/0/Android/data/cache/CacheTime.dat

MD5 cf4892211df3092b1c3b408c217710fe
SHA1 a324d71915d621485151ee253a47a8f451ab907f
SHA256 1ec2035ba596453cd7dec161e804bb82cbf8494d90d518d0fc78185f2a7a5ebb
SHA512 6acd6e837f326264ef51b9fc190ce273b0ca0ee83a908e1eb24633d7a30e08906176bf51b3a7c51b00794f2651779474b783e660fd53a3e9cd82faac7ca38c67

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal

MD5 cc858e7c48d71be8c8126dfc5e820537
SHA1 97707634d2a9707fa3a067a2ba13931e0b73c586
SHA256 6b4e371463a1c8ca27a2c1729e0f3c1c398283120def867b3e2af05c036f19cf
SHA512 cc126719a469204ea0687c3ecd144b89d0d0d4a6e31b3d8b0e34aa62ae6aa2deecc12de5520bacf05845cfbcbdd3e334551f7244dfb69e223b7aca581a950d39

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT

MD5 0831e7409f4719cf4cae2e154106bd73
SHA1 04f6b7592f36fc7c3aa8befb3ea6cc247c3b3190
SHA256 443349b5ad00c150da1f10fb05ef5905ea42f92826469a52bd24c9ccdb133331
SHA512 e2f7e79713153daecd31aeae488fac12415ee9792a749eb976ec9f210889c43eda42b53391bc2aa46a3ff59de3602865ca68bcc58af96894050718468e253796

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal

MD5 ef789c75654fb68206a847f5ba6bcda2
SHA1 6ba1b800a9e05cca1e59f3d8cc59121f404d6b34
SHA256 09247b94aa5dacc2720525c552096a497ccec030361d1cb7cb7401a3772247a4
SHA512 7aecd9b1cc49d566ef614c4e70e7c099f8517faab291c65c5f0b242a2b1ed61caac01bdef4fc2714cff26232a0fc2f1eb0a9bcb3085f17b518bda85fbc17479f

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal

MD5 9aa0386fe40fd3d9159da46d967aa252
SHA1 17cbb5eab77b5a005575745325a264a0aa440461
SHA256 660c0a98cfabc7bb0f5811c24a13acd61bda617ab80b34a1688bd8e8e5793061
SHA512 72c5b6074857bb456104229e69b5137e30657be105796db5be48499eda44be6b2564e6e8c9e6baf1ea74899178e68ad9cbf67d54412312cadbd54bcd0fac1fae

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD

MD5 18fe38af58e5f87856a790c33aa701e3
SHA1 c6891a756dd4fb4dc0579264bdeddae216b38d6e
SHA256 0406afc81c76b3b2e95bf4856a2bb48ad44ba02e4c45b45b64d1a495da518b4b
SHA512 0713ec95c92b5d8faf3fb30545c197c5fe1865f05e850f06846f35fc0b473d0f85cfb60572b1861defda63c52ac88eee9d4b71ceb184c5e1dd8ecb29333e1438

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal

MD5 f0f15836845698d1e50d04e065902557
SHA1 18f76fba9fa234c4c079a3fae009d23b795cbb66
SHA256 ae52a66f06737a2b6357a79632b14c30910a4eae82e8c37cc716874383df8e5b
SHA512 12de0a645007401124d552962749914bebca97b8a30deb67fd0140e6796025955c3d9645fc8d19639af9001bb4f4275036d4a507c6545b9c87d4351332266971

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal

MD5 68182ab97c1a8e466c3c7b060fa32da0
SHA1 29f6afafca1116030c79462e7b4554756cf85e31
SHA256 34c22a077dd15d5c39639976bea969df0479dcdf5769134cda65535f2b229d2f
SHA512 168124d115f431edb347b1b00e0fe3420f49251b5265a7b24c7eb1695f1cefbf0138f2d667bfc50d80a2643bda2133b4f882be72f00a4c605dee762783ba2468

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 7efc3d6649ebceca295d3dc0fdfb51a4
SHA1 ad613bea130163be00eb394e7cbec264710ee24f
SHA256 062f82cbcb58ea1cc64512b025be932ee50e2b5ac3b5cdb9ffa332c0525fcefa
SHA512 1bc45adeb5b8c0b4df207dc7d75f3fb7dde6bd4d65a8d8e5eec7d5d18f25a8d2e01aa54c2fd474182d48e3598df7b41e64cc66d72a9eff7d0b2f53a38da76ad2

/data/data/com.ayl.lifebk/files/d929bb76e8110d1a70260af57b446eb0

MD5 bc51a59f793204e53617040d713c7232
SHA1 5920db5e438f7486bba3ed204dddf9206f24d388
SHA256 4ca23b0af17845231164e7d8531b7177f1e27afbd3e0f9b6fd4c2aae457363e5
SHA512 5ff5ef4057e87b6e8e2f0048694fb56eb86c81164ebc792706a0f328985c54f8fdc3851afe07559af875e9d108c608e03d84ab4c201b6d750ddd8c5008ecfec8

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal

MD5 6fe5c57cc2cdf02929fbbde899117a33
SHA1 75cdfa13e124c3ce55025f3cbfc0b918a9ee9af4
SHA256 a8e8fccbc7692300051779404eb5ada4227fd6e39d8eb6ce8f328a23ba55a712
SHA512 8d0c028ab687c59f21e59b27c3ec2da2a68e175f7c80f31936e5c9fe591dd4bcdf62e6564a2198a4dd34f2b085f22e0fa6c710fe55134b06d7cbd45327f8e17d

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 b3f72490aed0c7a27945c2540b7ae7e3
SHA1 c44dc8604ebd7a22aa614d1b322d49bb639ed5e0
SHA256 7cf586b663b224d561f52c01c18dc25acc2f9b2ea545cda2c6db650ef7c061eb
SHA512 d426f2e1836111cd3ff9b3734d94a46f1b1ce68a7bb0001f7b6c9ae6ab5565c72dcc96ff997f524964413d227c7881001a2a48ae09336b7a9d6350fbceb238f7

/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal

MD5 f858a71729620cc6b47e2359b2868d14
SHA1 06f110598ba4361dde3e577c97bb0dc4dfcf5f43
SHA256 27edc16c93718aafa1e05a9400aa5a2a529b89ace72bbf0954bf14e5cb3b45d2
SHA512 5c94e656920fb314a2518ec24783ca47c9595019e8c29ac85317964e54f48b7c2cb49d225844c4f61ddee1e5a8d7e126d17e99740464a1f505406a43cd6a0907

/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal

MD5 93d5ad07cd9a572ea3e9b5a6e7079a46
SHA1 1a1f50d3647428fb60d97b2f72546de3ef36d21a
SHA256 814c0b01f7e6bc1835e238b70526a4d60c54933124053bf0ac3a10a86f84aa96
SHA512 4e8b0c0b860ebda23ca27aee8a03ceba03b0e66b10a4d497d18c97746fdefea301c00f077cd7f3641b2007020301783d2a3de0534bb405d6db6d0ba93193bf78

/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal

MD5 ee2006ee97d46e2dd0d043e80dec616f
SHA1 ae05d8c6ab3e421de31c5c7c2f6fc7c237924e73
SHA256 eeefc7f596cf8b88a94dffe9f4167d89eb48ee45818def94a6ec6da561780fa1
SHA512 3b80ca7b6b6aeaa7b40998193173a526c1282b223a034344aec3e335eb7cebafefa404c664b894cdf7eef1ea92d0586ca0860748189e81fec0ca863ec35a8808

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal

MD5 81098c681a9ff8dccfaf7516defdbfd2
SHA1 b5cf9163ff28b4c02c3e8970724c77cb7c2c6d8e
SHA256 3d1c18bc61ceba9c713d70e862200a407414476befc7dda4d8426840d73a5572
SHA512 ec6efc1cf96e1a945ab53fdf07100300379b960c203cd198c02961ed94ddb385bfb67f1110690dbc6b6c237292dbeb73371e95982e5b4e190763f06b004fddac

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m

MD5 653710ef7f6a06e00e981adb12683e2f
SHA1 e8a1718747ff359c3084ec2c0f7f2586119c90da
SHA256 e25f08c7a081b452f680b9b2b74bf4a758421833ff42f44a6ad6cd2510118dae
SHA512 f69272f26176434c5e66183a55e72a9a0c85b9c6006de33618bc652930d98890beed77fdb73cc422d3854336457b2af64e5ac7346fa06668ead7a0178af4cce7

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal

MD5 a28f150fe912dd74b6a717b24a70cad8
SHA1 05c78133d56b107f842c13e490af8ab092e7e1a1
SHA256 0080441ab55583cae0ee56c5fa72d4a53079a36d8933b63b57b69d0fd66b7f93
SHA512 1dc2d93827a5d1f28357fb8841bfd8ec30e66834b5973a5ba1286829b419491243aca4d38c370a50d9fc386f502ef65118f4bf22b9ec261278c86f26a9b54cf5

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal

MD5 1dc9e1cd03aa07c61328dd6fee9df336
SHA1 c97b6f3c33f489e1f4eb173c439d8e9505143cdd
SHA256 721f276ce401e3e813ce2c6144de5fe5dbd37440f692f293437c4c9c048b86e6
SHA512 3e4a1590ca754d292c4f0d118e4577878b95fe15db184e01bdc380d7cf523e826c397d373043ed9a599eda139aa1ac97b98123bdec81a4d3cad8239a6f73e4e9

/storage/emulated/0/Android/data/cache/AppPackage.dat

MD5 55ce2a0d54825212393d502c1b385f6e
SHA1 5cd9dbf218c5ef9246b49f0cec18469ef7a356c9
SHA256 069a80460ad26eaad5bc9a1a0032ee3df70f5633ea9c32a594abfabf638a1fab
SHA512 5938f704eac7d577c79e6002b814e119f1180e4c62763950189aaaeb7460a3edacf84841f44a8cc7f15d66dd6b2c1a7121ec76fcdf1db2ee9983374f33344d52

/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal

MD5 f49d63a302eb906e8b16d0791f1e82c2
SHA1 554bf2cf10d26f1f93241341f3a77237abb39a67
SHA256 93f224b5c49d9151cfa44d2d58f67043d18aeeeb6d1264b5ff28bc261ed70298
SHA512 e99a6b9dfc489751706c4786d00edf7e4797828e727d542cce239d6deeacc953c2ddaa920ae8b8f9ddd1a7b61041e79f1b193008810ceed5d80c102ea8928901

/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal

MD5 ed91c6d9ad2c3a2bafcd1f6b322c230c
SHA1 34ef21c4cb2954fc470a6db4baec31854df04c80
SHA256 09913c9f231039b250a8d5bb18a0ff3bb2ba1a4ab6674a1b7346547c2bfe977a
SHA512 d7374e4f38480431e7795e881ceb156dc46b19a24b8f1fa60634d51fee3a1b9c9f90b3523876de7670d6e3083e2438a13a52c2a68826a8267f7922a3098aab58

/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal

MD5 92ad6482ea7ab153baf2cbcbe9242fbc
SHA1 cd327b759dcb7e4ea850f30ca1f14f252a2c775a
SHA256 92115c1dd1312ecc577081a1030b812ac5f489bfd0e496cbf12cf10823429b99
SHA512 f621487a5dbe4071185a5c63a9833f0b0712edafd2a0d09e4949f4a3849f0c95a15ce476fc1e69323c2ed2f1edd0d130889672cb4bf4b88d9d54b1f5c996e5ab

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal

MD5 d62d3f4d61fdae6d2ffdad779c90bc30
SHA1 83f035ae4ffa6c81508b433299efc84524e1339a
SHA256 bac7e4f621ec084a3a9fa101a113e07db3070f9bcba33a7cebc9047cbee2f645
SHA512 80592539b05f5cbeea42440a9ee55f73fee244939a00e92d8634aa5dd9194e4f977c14a4b5e40f9bc13fc5082b871b5ae9f53bbb1512eb0397b0630eeeefffc4

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX

MD5 ecbff9653eef62492fc88d864bd03eef
SHA1 ba72b8a8e90d4264e28c94d6b6caf78a04a267d3
SHA256 7dca83b099edb9689164bedb8a6e99292e1dd02c63efe1671dc1275e4b5ce3c3
SHA512 4018fbd16e983db63f5e7d59c919c20357674cac3796aef290f4399e4e1d26e7842f8dbfa67d26a54ca8fdb82c583fc449fbc2ac39c0c8f94f454ad6c8a53c2d

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal

MD5 fa9cafee1f15bd8e1b669c1d23bcb802
SHA1 1656d3869145e87092a92257c5ad6e5b930a5e03
SHA256 70d37b6aaff684944647f96a1fddb0b004b1deba0925c5cc19b04e02538e212d
SHA512 3db7e6a7899c15bd368dc458e955e15f596f12c381843bbebb9060a0ac1f0d0897709c231529999494450c313518de53c870c0bcd00835fbc04e0336fb35df4d

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal

MD5 99067ae68ef72e08e753f56f1d12aef3
SHA1 c06281c41c448f89f22f684b240b2851b123c9c4
SHA256 6c98ac91df0f3b919f53871ca691fa838abc3c33d1869302b6d6d1a5baedd236
SHA512 9470b0f2bba5769e00f0c04056d689d0155d5a5ae4242e376aae4aa169802498d7750c2b0a6d26a338e282b5705336d366c1bcebfc1828e96e86ec9f1a52455d

/storage/emulated/0/Android/data/cache/UnPackage.dat

MD5 0c10dda6c0803b0aba2432404ab4b7d6
SHA1 6d7296e47620a42a3b1707b04195cd4d509d3ef8
SHA256 046c39fec550c831995f1238bc43d951c3b5685a2d5248cafb08be716117cc20
SHA512 b36d6c6b809672e7fd53a6fecd0a0d1bec898abc3255b8ad6cc76688e4dfb5c4061b0ef5557ef70ba73638209cbd83669d353e8d4b6bc76ce8bf36731fce8120

/storage/emulated/0/lifeBK/toContent1.txt

MD5 afae783ac947cca5b8c1d71ba1b492aa
SHA1 a1960e0f03be6433d0eee76ba4480d0c800c581b
SHA256 2fb8f1fa33d1748dceab4f16179ff27cf9eee2cd475fbbba2ed6b0811cbd8708
SHA512 6170afc4d6fd4375e6907a71381fc9bf16c1b9d35d926677c546c61037da0a11b4f8d8678ff4f25a8da45231fa2f691666b95cf5372f776fd456bd72aa44fe59

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 16:10

Reported

2024-06-18 16:13

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

132s

Command Line

com.ayl.lifebk

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.ayl.lifebk

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 app.wapx.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 16:10

Reported

2024-06-18 16:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

173s

Max time network

185s

Command Line

com.ayl.lifebk

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ayl.lifebk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.wapx.cn udp
US 1.1.1.1:53 stat.gw.youmi.net udp
US 1.1.1.1:53 app.waps.cn udp
US 1.1.1.1:53 oc.gw.youmi.net udp
US 1.1.1.1:53 r.yyapi.net udp
US 1.1.1.1:53 au.youmi.net udp
CN 183.131.178.88:80 au.youmi.net tcp
CN 183.131.178.88:80 au.youmi.net tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 183.131.178.88:80 au.youmi.net tcp
CN 183.131.178.88:80 au.youmi.net tcp
CN 183.131.178.88:80 au.youmi.net tcp
CN 183.131.178.88:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp
CN 218.92.216.53:80 au.youmi.net tcp

Files

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-journal

MD5 64006117683fd7d9f628cb8f54bca4db
SHA1 519a8791998c40e7518c9c69a8c3a17c95155f33
SHA256 0abb20d1827fe21eb5a695a14b79e96cf735f22e8cd5e81fd74ab1f631c394eb
SHA512 cff394810b5ded4d189d432a441d620e2fe3562bf543480336d3069582f7a7bdb4dcc5b74d7c1510c06ffb67e37f772a0e22041815698a000eedea315d1fca06

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/Android/data/.youmicache/.CCA9582BC81E888EA674F157E5540CF8/Sw2Md3B4xR5gT1h-wal

MD5 a6687def2de2b6ac5e241a22b5ab012a
SHA1 6eecb3ee6476fb67ce3c63355d321cc73bb0f0c9
SHA256 dbcc0509175834a7d5576617e10ecbec353d80e1bfb89d1e54890ab53a0180bd
SHA512 9330603ccffa2020d3858d47f64424a76c0370aea345759638de7bf8d3331f10909c7321b9687a4b179093e5068e7ca9941cef10d47b48388c4aabd50f868e08

/storage/emulated/0/Android/data/cache/CacheTime.dat

MD5 715a19f2b7dc41a5fa0ada4c77aecc60
SHA1 b725d4ed822e29e90247f1b2b7d33be7034d4d14
SHA256 cad7e2efe84fc07233fd2a671c5f258219764a6eccca3f704120afe27b15e97b
SHA512 23dbba205b30ee0c437e2d182f5fe61fa4b2d47e7db36d861682d3748dda9bfebadf88c42b72861c4d2dfd0dda744dc9e1258e8572059814d93ceb92a6317842

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-journal

MD5 a83c3fa577da0f8c09b6b7f40b4caa33
SHA1 ad92f47e4a52f81ed60b26935eaea7e76cc5ee14
SHA256 69671d6d4d76b6001614fdf019096dfd2907ea8908bc3038b79ef0afae091332
SHA512 2a3b5bf840f29daae02df97a25da434cbdaeaca5a7921d2222659011b5efd8da8c533b92c79931390b5d8ce8fc2313b87f1fac5802f9c9991c5305e4f13a6c69

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-journal

MD5 f6cddef27aeef83696ae85fa2c23a97b
SHA1 08c73c8f53cac6153feb04f1b0d794e575a8b049
SHA256 39dc61a86fb390465cba9dcfc8a5365a14f18c5f4d576dfc7a2b5fd18b585526
SHA512 1c64eced03b4b14f2ff3d39510f0cce830ec8e122a7ee49482976199aa92421f2fc2bc841490226e10b2e23fbcfd2a317ebf5fe39266415e1f523ecdf8c304bc

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT

MD5 9c37108c041a67252d4fb5059436eb9f
SHA1 f65bdd652f9b2a098993d2aca0be2578e8eed20a
SHA256 f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55
SHA512 d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD

MD5 59413190ea19211285b5c0fed44c19c8
SHA1 ee67b7590047c3c17309f6e6eed48556aabe4c92
SHA256 3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d
SHA512 6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e

/data/data/com.ayl.lifebk/databases/wsUL1uCdKvjD-wal

MD5 a3a205e9c99fe3124360523333457ba2
SHA1 514f47af680fcdc71e748081cef4a44ba3150ad3
SHA256 0706cd5ec9249610750d5df3864d1f3515bc187834bbf797e6155634f52a893f
SHA512 4d90f58fafda0f68088685eba5caa069c6dd4495756fabd3497eefbf272c325ac637cb67308b911b1eeac7465b3b8d999f201d552a7a8bdb65c9a999ce3acfe3

/data/data/com.ayl.lifebk/files/d929bb76e8110d1a70260af57b446eb0

MD5 bc51a59f793204e53617040d713c7232
SHA1 5920db5e438f7486bba3ed204dddf9206f24d388
SHA256 4ca23b0af17845231164e7d8531b7177f1e27afbd3e0f9b6fd4c2aae457363e5
SHA512 5ff5ef4057e87b6e8e2f0048694fb56eb86c81164ebc792706a0f328985c54f8fdc3851afe07559af875e9d108c608e03d84ab4c201b6d750ddd8c5008ecfec8

/data/data/com.ayl.lifebk/databases/jqIqJYOT3JpT-wal

MD5 abf8e442967a3b6b45ce341e6a628b19
SHA1 37774e177ccd3dd418640d4edc67d050a25177ee
SHA256 6256099d8940a0bc0c4c47fe2782a050097816671fee1bc194368b5752fccf51
SHA512 5dcfef2ec23ac4687c1b13b26056f2db37f6442895b142d5448d789ac3e538529ba84d8069d6ba536536c87f5a372b56cf50b517af86fd1cf5cb871d4c6406d8

/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-journal

MD5 1dc3e024cc6f14575679561b11565de1
SHA1 fca6e9d1ba8c790b888492c87a932c88c9f988c2
SHA256 6590a4003dd2ce68da39469141286dd1799ae65ed69d3492800460bca6a7b49a
SHA512 fdbf5b47c07b1955c28b9e01fc31eff9701b3da33db0dce4cbb41e9ecdef0c1386e0e880dff0ee478d35b182d1d342c407e558cf59c0181c3a6ffc249d868651

/data/data/com.ayl.lifebk/databases/T1oX0rhhuXWt-wal

MD5 cb543a09993c65898cdefeb3a96802a2
SHA1 38876cc21faf516aa74ecf3cb6ff219db70fe263
SHA256 87fbdd6101ffe0fab4b968046d94e3d96cc19254e85233d412716b968e396e41
SHA512 824e207fa0ddc9b440ae22b60929425e075ec0acd24ba9506968a8f8ccfe77c27d4fdae2afe5332ffe35fa7fd612aa7c62f37b39375fa57ba7df49be473f34d2

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-journal

MD5 e3ba9389857af16eba13b5511406b1f6
SHA1 7ab48304532c7981bcccaf27a009f067182fa9d7
SHA256 985745e5e6c32c460ef8bf4f1a2b462ed34f841753d0019480227ffa1f5e5534
SHA512 e05f3c54c134cdb0ccd6338056b6a1413cc45367992127790c736b2baf3839074c11d4338f1727fb4111507577e7f4a5f7713a6bed5cb08175dffb20c1cb64e4

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m

MD5 032abd6bc70ad7c9484f10a7daf57bc7
SHA1 12e3c03375192814883d5fd1671e2b0c64b0ae43
SHA256 9cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976
SHA512 aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f

/storage/emulated/0/Android/data/cache/AppPackage.dat

MD5 55ce2a0d54825212393d502c1b385f6e
SHA1 5cd9dbf218c5ef9246b49f0cec18469ef7a356c9
SHA256 069a80460ad26eaad5bc9a1a0032ee3df70f5633ea9c32a594abfabf638a1fab
SHA512 5938f704eac7d577c79e6002b814e119f1180e4c62763950189aaaeb7460a3edacf84841f44a8cc7f15d66dd6b2c1a7121ec76fcdf1db2ee9983374f33344d52

/data/data/com.ayl.lifebk/databases/P15pKIjsm64m-wal

MD5 408eeb831990f47debe1c7acd44d1200
SHA1 f5c60c250e22ce904c520046efd4f95e57e5ddcb
SHA256 c362e0c536b0914c406683f0e7ea4fa8958275b1e83f6ade67b2e55b13cff865
SHA512 d95857d9c89069a8f1ba6af83548551a5a02060f80ab799b44d5da1dcdfb52e4d8addfe45b4efa5b71b350d22ea658fefa5ea701d774f045f2d1edbfb13ec520

/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-journal

MD5 4a6b5bdf7642ff521c65cc8e1f7a31b7
SHA1 cdfdd7498aff5feead6ae03317da7f22d51c97a8
SHA256 2ea9b9c73c0881cd8ab8e6caadf9c70385fe9778ed23d0493894f0deb60b5438
SHA512 d78baa9fd0be282dc68b337cae6fb4c9655e65c6fb42fa6c8df3e964e646a4e1dad231fc50a193529c14f54a2640a2a7351ad0a26b99ece64a3fb95608a49486

/data/data/com.ayl.lifebk/databases/XKwVoK0huy3R-wal

MD5 47c8e91b00aa86ce9f9f26528bff38b4
SHA1 d1cf2f1072a5312114446b13dab8900aa5cc769f
SHA256 a0e6ba65647620d5fbecdb386c7e0e54392b7cbc9aed1c319753bb2ccab49bee
SHA512 02e11ecce804a842bc292618f9196098d94b3e9cae6fff2749c76b48ae828d802696006d5fd70dfa83d62d9678cde4316f78fb5a5cecaa847cd045ea210236ca

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-journal

MD5 03204f5ba849ff1ceb8c51c2982892e3
SHA1 c0b97883636c1c744488f24e9203ca2dd9bf09ca
SHA256 a1c234eda93cd471d9a3df562cef9c4fd30b09c9bfe43db89919fe1fd453a19b
SHA512 dd3aa70471c93684c5677a8410563ba0ae7c773b4a272e149e5a1d45e97517efcfad2aa270e11d1beaaee7beab4ba53095aad32a4dfdb5bf04fee9f7accf2e58

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX

MD5 3f46387c5a9161a06c35918e4715e9e4
SHA1 f03b4527b29495a3f50be85d6afba301e9e3f1c1
SHA256 687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9
SHA512 614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef

/data/data/com.ayl.lifebk/databases/wIU6pTyUBYWX-wal

MD5 b2cf9ae24cb102a0568bef681d84b957
SHA1 f960af6f02d6024906e1d7026ea497882c34af85
SHA256 391deca548014dcdda2cf68f63836aee8c38b9178340ae957a4d4c17c3292a6c
SHA512 dccdd3bc8b227bdb0297c9ea771d7fdc8699758fcefefc1d852e2c218160e15366828145b4a7d9f6be7a02d15746b76fd795759387995f7a54c29466a6e8c550

/storage/emulated/0/Android/data/cache/UnPackage.dat

MD5 0c10dda6c0803b0aba2432404ab4b7d6
SHA1 6d7296e47620a42a3b1707b04195cd4d509d3ef8
SHA256 046c39fec550c831995f1238bc43d951c3b5685a2d5248cafb08be716117cc20
SHA512 b36d6c6b809672e7fd53a6fecd0a0d1bec898abc3255b8ad6cc76688e4dfb5c4061b0ef5557ef70ba73638209cbd83669d353e8d4b6bc76ce8bf36731fce8120

/storage/emulated/0/lifeBK/toContent1.txt

MD5 afae783ac947cca5b8c1d71ba1b492aa
SHA1 a1960e0f03be6433d0eee76ba4480d0c800c581b
SHA256 2fb8f1fa33d1748dceab4f16179ff27cf9eee2cd475fbbba2ed6b0811cbd8708
SHA512 6170afc4d6fd4375e6907a71381fc9bf16c1b9d35d926677c546c61037da0a11b4f8d8678ff4f25a8da45231fa2f691666b95cf5372f776fd456bd72aa44fe59