cd918a81a7dd88e05d4af6ba65603e52d1c8d9c7ff7e261b9602a93540c83284

Analysis

max time kernel
149s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
16/09/2024, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b7840fa024f0568f612fdc9cc16291_JaffaCakes118.apk
Size

9.9MB
MD5

e3b7840fa024f0568f612fdc9cc16291
SHA1

c3f10a79e41d0f2fe0401207ad408143388cffa9
SHA256

cd918a81a7dd88e05d4af6ba65603e52d1c8d9c7ff7e261b9602a93540c83284
SHA512

c480c20b1fc1371dd4cf91b5affea46e4dcf7e70021ce76792527886e012c9645390c78fd793e72bdfe469c3c2386a6561b672c9484b5a378535814ad047ad1f
SSDEEP

196608:zpmE9b8/MxWrChhW2H3HKR08jpAFW6w8aHmkioSf62ua/z4Q6RF/TO:1vF8/MxJ7Wq3KRFn63Umkiv0LF/TO

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.lenovo.safecenter
/system/xbin/su	com.lenovo.safecenter

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lenovo.safecenter

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.lenovo.safecenter

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.lenovo.safecenter

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lenovo.safecenter

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lenovo.safecenter

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lenovo.safecenter

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lenovo.safecenter

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lenovo.safecenter

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lenovo.safecenter

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lenovo.safecenter

com.lenovo.safecenter
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4243

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lenovo.safecenter/databases/dailytraffice.db-journal

Filesize
512B

MD5
1c34c32815b452ef0dd78880d7c88b32

SHA1
80750986e5f3ede7494a9f3ad2a3bb2642aa2bc9

SHA256
5bbe062815385222c78355f0d9689975b1db8469dc01e168c6e1181247c07912

SHA512
61173a5495d91c4383512be73fb1e2fe0c3f5dc390c3682f8cd558dca0ae03d32ed313f3b5e5b8e13702082ff5e608e137e6249024c7ff5be95460dde303364f

Download Submit
/data/data/com.lenovo.safecenter/databases/dailytraffice.db-wal

Filesize
80KB

MD5
c6b1d801c179204fb398a2717295c0b2

SHA1
503ceed464d9e70c81b8897d76b3892d4f4b5cec

SHA256
eaf84a68cf76465537f462b500d43db2e2fad7cbc2b58832be69ff4ec82d5678

SHA512
ffdd7c3a3983d3c3d511e40115c8366389b5c1b55f39898d89e9583186bf4104546ed8f28fd8a5a219a37ae6f5af30155fc8f10f02fdf15507925f205fab4ef8

Download Submit
/data/data/com.lenovo.safecenter/databases/harass.db-journal

Filesize
512B

MD5
bbd7f6b60685829d1d8ae492a4c7eae1

SHA1
8f1ef0dc8ee3b2c65cec0c2f31afd01b6b0631db

SHA256
aa60d3d7f4350061916125c97e3f9b715b75e05046b1560b7763965594e3e62f

SHA512
cef0cab87b6ab4e0201d5f443e878acfefba9f66b4a67ec50998026a45dcee653e3bb7dca9dc08f8fe7378c92996cd6e2a58af3094423336e3a4ee159de697fd

Download Submit
/data/data/com.lenovo.safecenter/databases/harass.db-wal

Filesize
76KB

MD5
e285d86ecfa9e9c863623ebbb6b11b63

SHA1
5280a956c388f31cdeee22f59e35d178bb665f7f

SHA256
3e963a80934b47b1859506f4949c09317c1a0f91839f6cd285acaf180735a816

SHA512
13ef19be52e6057bf240641b38bce544d3a448208fa0870d35ef676c36572b1852c7aa20590af28ae3460a66d1cc3874292daa23700569951af46337c711ce41

Download Submit
/data/data/com.lenovo.safecenter/databases/perf_leemcenter.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
512B

MD5
9917e6dacc1d795320d3b680970db9f3

SHA1
17fbb2e58f5deab1b27317e5fcb85bab154d1c77

SHA256
e4b7df2507016ee99e3e8501fb487c5619feb8e13ac63e431f6b7e1412d58bd0

SHA512
70886b292587e2cf1246f937f0b51ecc12345147011daaa8983ed334897b99bf396f270b1d63cf672cac9aad9a5889c68dfaaee6efda4e4c5e8fd9f51e859075

Download Submit
/data/data/com.lenovo.safecenter/databases/perf_leemcenter.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lenovo.safecenter/databases/perf_leemcenter.db-wal

Filesize
56KB

MD5
0032fe9c1096b121f82dec9ca0649e15

SHA1
a21744de0b9c939fe5b7da0ec6ade58daafe3814

SHA256
f210c023a6e68708127f03ce6b9f4e2997478f99bee5f9dabcaa9ac299ef1dcc

SHA512
7097141364dee5872889734f9f82768ad5a8592e695751ea89af8ddacbf42d29a0f4c398947247e989ac37570d6429fe5698917b5a9cfca189f8129ced43c779

Download Submit
/data/data/com.lenovo.safecenter/databases/permissions.db

Filesize
177KB

MD5
b1e2b0d2f0cda7a6656d05520b397869

SHA1
89687daf788ba9850b58efb95865d8ab726f82b6

SHA256
d0db6b0721022d8303a0df3b31abe8e4b2f8e043d42b0040efb7c6e9eb7bb37c

SHA512
5aed13fdab85b8b33584344a9db0a06db849715a4dfd14c95cd888e9a9b059186ef09e30a8548e47eef0e64b076e90e03c472a9eefcaa208c5e1165ff0582007

Download Submit
/data/data/com.lenovo.safecenter/databases/privacyguard.db-journal

Filesize
512B

MD5
9f22fa357f04ed76d239587a041d66bd

SHA1
4a98cf06181ec4b681a2a84f7e601cf1570eb304

SHA256
caa43c27abedc3413633ee038a37a5462957e82a9e7f325f092a2460e82bf1ac

SHA512
8e468ae376022de45cbffcdf6cb64a2fffc971b7aa27b7217ea6a06a839ef0c193de1b556c9d99a2d441b49b4f83228ea570c0034899028525688f83017a5f16

Download Submit
/data/data/com.lenovo.safecenter/databases/privacyguard.db-wal

Filesize
60KB

MD5
d11e8d246e66739759cb14e47463abc8

SHA1
05e051d05ef4c96f44c18c32b0d7f0536b194ea7

SHA256
935ea4a4ef69b6f609cf55060af275b0525f7fea149b495051e2803758e11b8b

SHA512
3116fd1de9214fc7ebcba2c3058ed36d1cb1bfa75321ea83805029dd9ae9a20ca00a01de40ce1e52cf7b7980b648efe049cf69d7010287b762abc159180c3f35

Download Submit
/data/data/com.lenovo.safecenter/databases/safepayment.db-journal

Filesize
512B

MD5
94c4cec45c7a6f7e888e0ff79b302ee9

SHA1
cdd551cf64f78e3511f74f08307a4c224ba5d6d5

SHA256
c7d331a1f9ada2cde8b3c8724c0cca0d77d782a10152df1c12a453982bc80302

SHA512
1ca5091229a6bcde03b7b632a5673fa39575b990cece09f9b74eb45a4455f1585f8a6d402f136dd5a880dfde2d4efd965883b18000c40feb1686912c25958d2e

Download Submit
/data/data/com.lenovo.safecenter/databases/safepayment.db-wal

Filesize
56KB

MD5
61b31b4b7aa8eba2ac1a5f6e96a0093a

SHA1
862e05b6ec5fcf65664d1b121dcaeb5903962ae6

SHA256
9d4b818b450033d08d429ac2b347b64d7348af133a37cdd0f3965cd9799d786f

SHA512
682c44b14d89c53e1bf02cf81aa2a11c7e83239074a3a654ae25da56638b68d2e48ff60e923af54ccc05491fa2908ae623d4b585c46f1ff6d35392128a2ef5a0

Download Submit
/data/data/com.lenovo.safecenter/files/hosts_tmp.zip

Filesize
180KB

MD5
eed47a76250893a3a0e8ad31521470ab

SHA1
fcf9b627c567899d8e45018c209ea0881fe256c9

SHA256
cf0a255de23d8172853235e6b4457374fcad98098f1dd53e65a31ca1c72f1607

SHA512
d55f15f423b58e09d05c8ec86be502a05df1d52f9084f610c4261a2ac549065d05d394a0e2e4bca3ec9b8724779176ffbb0628d54360eeb30dcdc587befb01de

Download Submit
/data/data/com.lenovo.safecenter/files/killer

Filesize
758KB

MD5
b5c6ed492e9a2c8499d1889708bf65fd

SHA1
9b1c3e106ec595f2325e2b45718da393fa4de253

SHA256
22ae1a21f55df92cdbb975e250ee0ae05987ac257306f125a3a80fde7f36468e

SHA512
43478c56d5de0a9a6329c80bf6c6565497b19ed93c4d14d2d6676ff83c77b3a36cf89f52fd9c8162fc81953d6d38759775bf913e4dff92f272df0e186b8e6aa0

Download Submit
/data/data/com.lenovo.safecenter/files/lenovo_reaper.db12

Filesize
28KB

MD5
02b7772d24b2b2dcef14aee0fff6862a

SHA1
8f73c64ca765b5cda1c3eaede6e71d26bea8a4e2

SHA256
32f143d5df5854467f6682b3d764b2f7a25a28cd09ed68e68547c4758b7aca9f

SHA512
de797ec69685e1f12ba657b9580786a8d97e1251bdeeef0a10135c0777c36302ea0cafef12745280deb325d52a864032bb43d306cd5cc228be74dcd0df58a483

Download Submit
/data/data/com.lenovo.safecenter/files/lenovoapks

Filesize
3KB

MD5
e54d5214f52eedf2262039edf56ef5bb

SHA1
d564761708b1a3f9736d0bc76868fe42c09cd520

SHA256
3f2d6b38368ce8ef64bffd5842f1333e99fe6a88451df2ac581dc9deac116533

SHA512
9b8c49ac13f5605f434006f5bbfcfdefa9ff763bba3309f1994d1cefab4ac66cea284a6f0501b9015d7a690eff47a2091a17efaff1a7440e0397c9eceebdaa7c

Download Submit
/data/data/com.lenovo.safecenter/files/nb.21.jar

Filesize
25KB

MD5
d0a00b3405692d0bc271eee8d60fee91

SHA1
9898e65615f745445cec1c8c7d949a0f58299ed3

SHA256
02dbea266a0aa85e95721186d29a059ab2420f492c41489f74d7e753c992363e

SHA512
ad51f65c8dca3cdc153003cd5ac9ab970cc13219263e2189974a4e12910d249ff39ab929415df258a2c3df9b68757627f2801fc91def4926d75c99521cd31fae

Download Submit
/data/data/com.lenovo.safecenter/files/rule_store.sys

Filesize
46KB

MD5
a5f1b532834cdc7f80aca5a502a15a92

SHA1
13a54c9494abcf64deb246ad60fb9f8c0fcae400

SHA256
b0b841bec0c9077e22cfd71acf8a31a238c365e3385afcf2173ff1a437ed0658

SHA512
428bf58dac9bf519649c73dfb84bf3e87f045e01bd910d78bae915b02a604b72d84e032d86f5c799dac6b81c8e2316685d43714f93d930b588af967948049b0d

Download Submit
/data/data/com.lenovo.safecenter/files/testa.sh

Filesize
186B

MD5
0b6fd45e9abecd5f9c8f7551cdfe458f

SHA1
cce68a9ad566beefc89958d2174bcb5647c98098

SHA256
ae80d2f76f11ab73adb93ab7fb3c4dff10cfc39e74a6fc1f02e043dae18caa3a

SHA512
c26650cd9c6424a895e4e6285e4eeb5e7db5d66ea7c02e1fad011e5c94a41d524488dddb12490172229665383a3c2520ddc04ac9cb0eac49b18613aab0396327

Download Submit
/data/data/com.lenovo.safecenter/files/whitelist

Filesize
558B

MD5
f3adcadb5389df3d2b378ede25084111

SHA1
b586bc821e299c9cc7bec4b9c925384d1e2a1967

SHA256
f8f87576a94266b7f3759bf1ac62b787bc84b7842490af727964b0ce7573fd60

SHA512
85b312f14621cbdfad08d4ca243ae730644a133f4cc1bdb6d903b0d00c3938af5e6ba7ac395edcd5b45b0027d1670b5866254dc26ef90e803cff25f78ddd3db7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads