59e8210627dd8a2e9ab4b5de89c50de815aa42fd01a30bf1d8a4cfef6d6c6df1

Analysis

max time kernel
135s
max time network
179s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26/07/2024, 02:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

723a6b7ea3021741277e081c6acdc510_JaffaCakes118.apk
Size

7.9MB
MD5

723a6b7ea3021741277e081c6acdc510
SHA1

54a0ac7180db6d1bfcb6ecb342efcc2ff1556f4e
SHA256

59e8210627dd8a2e9ab4b5de89c50de815aa42fd01a30bf1d8a4cfef6d6c6df1
SHA512

5cc3afd063afb5c41b96d0fb44b66b600a87bc857791a32d2af8a072c3b709f2032356c12ff46cea405deab0a1d02e1d9ae5c730befe3250d58a9e63e5be855b
SSDEEP

196608:TtuReyM+79GhUWkD80WhDokXEtMtSLnCxyPo6IEIv1OWs/QjJ:Zu195GaDDyXXwMtb8PJIEI3z

Score

8^/10

banker discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.tieniu.lezhuan
/sbin/su	com.tieniu.lezhuan
/system/bin/su	com.tieniu.lezhuan

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.tieniu.lezhuan
/sys/qemu_trace	com.tieniu.lezhuan
/system/bin/qemu-props	com.tieniu.lezhuan

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.tieniu.lezhuan
/dev/socket/qemud	com.tieniu.lezhuan

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tieniu.lezhuan

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
21	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tieniu.lezhuan

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tieniu.lezhuan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tieniu.lezhuan

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tieniu.lezhuan

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tieniu.lezhuan

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tieniu.lezhuan

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tieniu.lezhuan

com.tieniu.lezhuan
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4251
- /system/bin/sh -c getprop
  2⤵
  PID:4309
- getprop
  2⤵
  PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
228B

MD5
4e5b7148c206acf988845b6308fe3e80

SHA1
d9c823b1d18327d213eb02c16df52f02d30cb3d8

SHA256
fc80df67a1c52653a3bc044b1ac31056476ddb057f4a778dd1a2d2f6ad8f2aa0

SHA512
944a4a802f7cff85a43ff378814527ed3dcc67849be06ace61d7635d27f1168cbf7a33e6e344e1e495e1a233da86b4c08b88108d3e361c877ffb08741f36446a

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
32KB

MD5
0833f0abdb29d426af968c546e437df1

SHA1
f1e98043b86916ccc376023d6b4b03b0b2cac70e

SHA256
0929ea71a0cdde4177f420d2da8d9ccdabe024fbd94337320f1a0adbe8ef750f

SHA512
ecadcf59c1bd059b1c327a16be64464bad62b56691e1c3438c4eb230a7115d35d92e585dd176e09a035457fff4ea364dcf5098e527deaac610bb259921863d1d

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
16KB

MD5
634331de4ba46b31f4af8734a807ed3f

SHA1
51cb34354b83f9adfbb7433da70a21c5d20a5805

SHA256
3568a5e3ca70a9b800a769a9fc44d7adcb5319c08541f5c340eabb66a9e8d0ef

SHA512
e6d51b432a7fcfa360f0f55c755c6dab098c3266dd79471cb1ab708bf2629d60f86efe001b5b160f26ca1565bb3debfd7d190a914a27f4ac676743bb26fbc68e

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
16KB

MD5
9359fb1a82b50c42af6c9e8ce9a209d1

SHA1
f68a7ee446de9f7f94406d097adcc25dce953855

SHA256
16dcf0aa45ce524aa0da68a21929e712e317e3aba54047aad9130951849930c8

SHA512
7513d64f4636b2a0e842e03200cf9b3c6b7b2b8050bef00e327d142b337961976cdda0bbbd71371b151dc6876242ff7bf2051190a545cc4b0ccc190b76d66524

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

Filesize
512B

MD5
36bed0e0b6173729d5fc540697d94ffa

SHA1
127d53a6c658ff1a10a3651db35c1e0d56321f3f

SHA256
676a7ea40708bc5b21843a81f3526ef6f1fcc889298ea257290417540a0a922b

SHA512
b4c500d91a73e259cad721a36a57486e29bb30ed91476e1920ea170984c2e960b5a25bf782f4e8928f6cfc5cfa0fdaf0ab5943a6a31f6aa75c8845051237c631

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
56KB

MD5
d5f7d86f344b296d77a27dacd6f0f30f

SHA1
bc3dfc9d00d39637dacfe8cf4abe41e42765baf7

SHA256
907d5e8835d9a2582c5e76e22a143560d1f18f9ec1b76a60cb533a3e3cc5e2d5

SHA512
0ff48380df406055120c3434117fadbb60d4f2740a158cb8e86efbf33d7a30ce6b187c65f7a4c9ee5b482ebc6e212d0e36f98090603708dc41d1ba237cfd7026

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
8KB

MD5
7dbcc4f85f4aa0ca8d88bebdabbd0019

SHA1
8d3c3517520ad4befe05584e9cea149ea80bf9b8

SHA256
ffe3db3b31e8fcd951c1bd79131677e998bcce1cfdb667ed895b39ce0efe8118

SHA512
e4b3b92a39e494edbc71580140562b289926552266cdf7e34101e6485e7d24588dbd74d2f4293a095ff22f6a2c17266d28da2aa2c5b594c7904c8ebc9491ad55

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
4KB

MD5
a10fe71f58d9071e66afc3267d4c1b7b

SHA1
3d585e9d40ea926dae12b508d0bb15c61436c638

SHA256
b70c66d234fe2db7ebf06b6b167eeec55b6b90b4ba8c25ccfc7791b0192fa31b

SHA512
c4610be00eb4528eab73c5bc93b99fdd1bfa2e0fd19ec7abc660e19e56587a40ca11e906beada8fb8a91cec1263327c16fd8e3cda9d8eb8499f427fa73ddd759

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
4KB

MD5
fe100259e955daa94e59d645701e3e9b

SHA1
773baf16ce53ba29b1b97f390e6113b5fcdb91fd

SHA256
247dc9414a0e8002ca6eae71ff756050744976a1b9fff53cbce18fe2f36b7bc7

SHA512
ce1164bc8cf72c27975e8cbbae45b0c7a93fd7f7c03f607245b9eb4b8cc5a98827363d48edc813adb2f8822ad6d6f3525c2f0569d312bd2a482d901eb7ae584f

Download Submit
/data/data/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
512B

MD5
fc6662293a47cea4a2818d9c25548931

SHA1
672b2490f7b8d1faa1efd0940e5c68f632ea5e99

SHA256
cd2aac10b4b815de2c0f1f06e21655a4807c8e3399007b5f378da8e3aa33fab4

SHA512
2d4833b82ba1d55486ec57d03c913a012a17bf38e5bf0ee703dbb925ce4b6872411d1a55854135fe83424051c733682bf75448598f7c0beb8cc23104734d7e88

Download Submit
/data/data/com.tieniu.lezhuan/databases/bugly_db_-wal

Filesize
76KB

MD5
f2f1758168137f4452bd8a0a3924f185

SHA1
2f7f1f7d30771cbcd316d493da53ce0f4628b503

SHA256
ac7f972011a62b4bf563a59c856da2515bc68b100bf466c749b1c9f0adaf9a08

SHA512
c552c3d6ec2890ceb3e758dbc767037c35d868e55aa84171d387c104f24bbe69298035487e4672c66d1ea33ad5334eb2c6f7074943a4ff499d26ce166027c35c

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

Filesize
512B

MD5
87b390fc1f6cdf51c277fadc243b19cd

SHA1
940ea6dbca3bbf8380a8413480779b537dcce9b3

SHA256
0cc679ffd32dd3ee0e817725df0e6d8d5d28829e0d557daf41ca7e972a26f079

SHA512
b0578d34512852b32cc83b4d0bfff6f41d222243511beb4e8a4f37d06c27e7f40027dc15bcad5264de145d013e0641c88b0225034e6c47b87dd2cb7863ef9007

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal

Filesize
48KB

MD5
e246df4b0578bb2c57ee344057dd1590

SHA1
7786bc3baf82738242498b76ea54c0be68f70112

SHA256
9172eca73cea6d83ee41000ef858ab34306e92a31535fe7071727b31df9c3008

SHA512
fd05266883220c14072edc4e2cc64b398f4af36595c4847c3024e11f4095b2a7ebd4c7196b535981310b7fdc26d0ec0fa817a42e3a04f9de85217fe27b311b84

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal

Filesize
16KB

MD5
d81f6b8e1cf9169656c3aba9862f579c

SHA1
fa9612bbe4fefcb7e9a916104bf4d5b60b679ae0

SHA256
232ca98518776b2e5f2bacd679cbd450a19a5a3987370d058d551ac123976167

SHA512
17d0e20449ff7b9682b990e510626a8554ecb1617b671863f07c4310ab62ee8f97d463bd0db32b625f75f4829c271f9909f1b0e21793885d52a6d1e76304e1eb

Download Submit
/data/data/com.tieniu.lezhuan/databases/downloader.db-journal

Filesize
512B

MD5
3f2f9f49c18fac8b9d94994d2973b3a5

SHA1
f6b5214d783c481cc5196ec3ae251ce3c5329548

SHA256
9aa54ca94cce06e3e2ac69fce8da6dda3822c9a564e8dc6f195ed2be2d859981

SHA512
0815d0f99acd8ba86e6da4d2e759063ae31d42cd70dab215c2971b7f81a49980d50bac88d7ab5b50d05846424b98252e8664b889e5e861f5d12ca5ad419244db

Download Submit
/data/data/com.tieniu.lezhuan/databases/downloader.db-wal

Filesize
32KB

MD5
16f5997a8da5bf02270f281e99d066b3

SHA1
afa42ce5f9d73c0c9aaa60ca73c06d25aa2c3e22

SHA256
cff0e30f6fb23de67c88d39dc3fe6341dd864afa42561a187bc11811bd6a5d19

SHA512
a3b22bb2c6b87e3c9f59557aa9fcea4c3043fefa31a6008e9e644d06b913940b015ed38c2908b04511e2f72ba4d7eb10fd43ad93f2356c5d175dceec2bd493fa

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
512B

MD5
b7af31d05d03e966e8f85fc23f6767cd

SHA1
a0e81d7134b1dd9f7ba6d88b7b1649637c8bab83

SHA256
31d835e9b8f608376e869a8c4b036896dca0786d11fa08daf856df0e604e6eb7

SHA512
7e9424ede7ae063250ae5ace5aab0b500a57ee15b4dd2cf035897568096765f7126e52faa78e3163bf2f1cd6a1efc79290929ae3c07dd40a33e2928e6000dca9

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-wal

Filesize
52KB

MD5
41b9ac1e3431aea3c38b0075955424b7

SHA1
6391b7a9d73f9015cb640fb421725f70c39c423f

SHA256
66f437d140984f9b6e2f4e25034da08a1ff8894f6462573c3e7a4f9c44737c05

SHA512
666e01297031142a0e17372dd379ddac401ddba90fb8f91844f320a3d2147a99140494f32beb38ed79bc8520c315063a339e6e0805ced323a84cbb71408fa142

Download Submit
/data/data/com.tieniu.lezhuan/files/.um/um_cache_1721960571060.env

Filesize
1KB

MD5
6a537eac965868dd8f216e344a42d5a3

SHA1
d9ee00f1120bc6e1f64f09267d77b4b487554f2d

SHA256
7af5ceb6142d6b4d272a078b8d198ca9c00754bfe4fb9d4e4fc541800ab9b629

SHA512
54efd6f652ca824d1e2b19705d6d2c0b4212198eeb9b1a8c902c9d587643034316f570d6a813a7ff6919edd8ec2189893f600d721074cb310d2f2090aacadd59

Download Submit
/data/data/com.tieniu.lezhuan/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ab453b79778f6f5a011db966651a8ce3

SHA1
e0e630e2f01b5a0445e5655169a282dab831aa12

SHA256
3cf4c1c56cdd82ca937982220a3746b9ab4793f795da3cc48fcd9a938083654e

SHA512
9c7b63aa705beab9af8646ffb88d55ee6cbe50535a634b2ceec74b07d14b132e9801f27af6f9b246b05717b301412acc8c05affb290a029e83779184e3612ad7

Download Submit
/data/data/com.tieniu.lezhuan/files/exid.dat

Filesize
60B

MD5
438268e65b90bf818ea3943fbeb70f28

SHA1
8c236913f6d0659d357f03b20304f517a37456e4

SHA256
8f81be9ae015288c46e6a7f6b10349a7d5b35abe268b644284fe0af7ace1e8c9

SHA512
25873d57ec678b521b376404be517e8cf67b858a61106f87c90d22e84df28eb069d72b2cccbc4e39f59a987e70ad4eb7f3037c6e8cb4fac16e95a4ee2a281b19

Download Submit
/data/data/com.tieniu.lezhuan/files/infoc_sdk/batch/86_81969733-6ba8-4ff8-bca0-f1cb5afffdd6_1721960478917_0.ich

Filesize
238B

MD5
accecc9f79f6d47329eefd5dd0c8437b

SHA1
3fdced367f508827b2aa2513754d77ecb1552af9

SHA256
092999ac32eb4fec2af12181dee10e8218a30cec3dd4f73bf6d8e45b87869f24

SHA512
12e545e866e2f7bbc053187a3e4d7c4e6e9aba8aa3825e2b0797064739e0ecc8629fda8c307195447e79c28dc8e9589643fc8ddac74c639ebcd065d4a6eed074

Download Submit
/data/data/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_e45a6ce5-0e22-4e2c-b95c-83eb08baafe7_1721960470835_0.ich

Filesize
200B

MD5
c1ee0c6c841de8624b0451bc3b69bd2b

SHA1
9fd8e7539c4b41ee464fbae945df9e5ea64f0c8a

SHA256
609bf3b702f78cb7e07d2cc67e9cbf5f81b133b7948f1c18efb4fa0f500ca051

SHA512
6819e01520dec3e555332a0f433cc399e3eab9682839dc99555ab9553ab313d354154ab503470c0dfc62c6fccdd3767a94d760c89c451e331831ba60d574aa8f

Download Submit
/data/data/com.tieniu.lezhuan/files/umeng_it.cache

Filesize
415B

MD5
14b56c92a0a402cffc6aac578b9fe228

SHA1
65640bf28cf9b6f915ca966c4628c99c902bf285

SHA256
9c0c9339fbab89bb12f23094915b319b1eb6d22f855750dfdfc94f34740c1760

SHA512
22df05fac75306af7778b8e03503953d6079bb25c3d21691c899ac0f3ce0d5b7c71fa0454f0a9931950e738932a3cdf6ee8c76971e8855618cb8cdfd39f00adc

Download Submit
/storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
996e9b2de7d4cf13d0472c8ee4492564

SHA1
0919bbf01b7c467a69ab25ae3e19a0f1d1ea05d5

SHA256
a3f1af96b6514e59c510c5941db9173ca14b319827f4b4392e0b0f406a753d81

SHA512
8fef58443ed3a15d640a4bd6169f3bbf7484780a5e6bbb39a333e1b9b78ff243839dd27a68e51f723f5359ce5be9b08c81edf3842376318e5e868aa17767d4c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads