cd918a81a7dd88e05d4af6ba65603e52d1c8d9c7ff7e261b9602a93540c83284

Analysis

max time kernel
10s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
16/09/2024, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b7840fa024f0568f612fdc9cc16291_JaffaCakes118.apk
Size

9.9MB
MD5

e3b7840fa024f0568f612fdc9cc16291
SHA1

c3f10a79e41d0f2fe0401207ad408143388cffa9
SHA256

cd918a81a7dd88e05d4af6ba65603e52d1c8d9c7ff7e261b9602a93540c83284
SHA512

c480c20b1fc1371dd4cf91b5affea46e4dcf7e70021ce76792527886e012c9645390c78fd793e72bdfe469c3c2386a6561b672c9484b5a378535814ad047ad1f
SSDEEP

196608:zpmE9b8/MxWrChhW2H3HKR08jpAFW6w8aHmkioSf62ua/z4Q6RF/TO:1vF8/MxJ7Wq3KRFn63Umkiv0LF/TO

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.lenovo.safecenter
/system/xbin/su	com.lenovo.safecenter

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lenovo.safecenter

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lenovo.safecenter

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lenovo.safecenter

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lenovo.safecenter

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lenovo.safecenter

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lenovo.safecenter

com.lenovo.safecenter
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4492

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lenovo.safecenter/databases/permissions.db

Filesize
177KB

MD5
b1e2b0d2f0cda7a6656d05520b397869

SHA1
89687daf788ba9850b58efb95865d8ab726f82b6

SHA256
d0db6b0721022d8303a0df3b31abe8e4b2f8e043d42b0040efb7c6e9eb7bb37c

SHA512
5aed13fdab85b8b33584344a9db0a06db849715a4dfd14c95cd888e9a9b059186ef09e30a8548e47eef0e64b076e90e03c472a9eefcaa208c5e1165ff0582007

Download Submit
/data/data/com.lenovo.safecenter/files/lenovo_reaper.db12

Filesize
4KB

MD5
fc0ded5ac3fe02595dd0895de4f4b960

SHA1
a5445bfd0c1c861d92d971a3144488aaeb6f7ba2

SHA256
9b21cc0788025f1b70b86743339d63e0ee4f64329ab080dfb5c3d813db5480bd

SHA512
7e1c1c83572514ae49b7b5928c229f255fc3b33821531790abae2d99b16646da08e0a3bcaf45ef6dadeecefd6de78758f09fd75bcb7a82511c98448a618cf44b

Download Submit
/data/data/com.lenovo.safecenter/files/testa.sh

Filesize
186B

MD5
0b6fd45e9abecd5f9c8f7551cdfe458f

SHA1
cce68a9ad566beefc89958d2174bcb5647c98098

SHA256
ae80d2f76f11ab73adb93ab7fb3c4dff10cfc39e74a6fc1f02e043dae18caa3a

SHA512
c26650cd9c6424a895e4e6285e4eeb5e7db5d66ea7c02e1fad011e5c94a41d524488dddb12490172229665383a3c2520ddc04ac9cb0eac49b18613aab0396327

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db

Filesize
24KB

MD5
cc950b7c5a4ee37ba3d573893a9d9ea4

SHA1
d54e97237fa47ebdb483da3a52a53593c4b5ee41

SHA256
8b475455ffa36704d1e07f17987221e0fd184ef06dc76f2ffc55bffd60f6fcd2

SHA512
25b147c7f6bd67e41ffc870161759dc5ecaf78594a82466bd6fdf17f746f2aab1991978530e3ae50a65f54e68f5cf66405f557103de9791c17cd69c025ab8138

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
8KB

MD5
3ee033959b2ae2c3e3a9868077ab8044

SHA1
c12438d23e4bc542c4b79f1daaefe2c2d3b1a28f

SHA256
a43ab64b02db26c5d1eb6706309412518646e6b189829ea3d62ebd7a09e7f3be

SHA512
8db1bd56760de3bed71da7c62a34abe1c2c0a506bb3330d6ca0838bcc6baec51273864b1579af04fd6cf66aefb5ef06d35b2cd346224cfef878d391788dfbe6a

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
12KB

MD5
028813d6b3be3a6356fed73d18667074

SHA1
bebd4842d2bcc0fead42a0d916692f7f6fdecc03

SHA256
c1d2a9a4479ff87041b3067c8925e4c01c11ea0919a1ff9f7fa8b73354675132

SHA512
e5301857ecb920d29bac75d11d9874cee735e76454022abfdf98e5faf045d0360827765d9dff5569f658aeb75aec68bc502763322749c8489796560efcfa4fb7

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
512B

MD5
2cc4ed68755ecbc2d46b796c42a44278

SHA1
96ceef518453589fb103c045adfdd27b07a3391e

SHA256
6533d9bb3f1047779628b4be7e38ded68d9a53d65db0752603c40839b32a5d9f

SHA512
95861ccb2b23ad6d45dba2b182c8cd2891634b021983757a3d4b04b3753eed052a43591d4502647cc5de5b97168c5032666a5c702783164d1a02d82a0ce54974

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
8KB

MD5
390cfb9da15c83c48cdc8bbcbcda5016

SHA1
3ff49515a0c88e512291e9ee55dda04e65ad881e

SHA256
08a04a5f611fbdcc03fe90d1041ecf0b0db5e4d2f106782d009c171305458c55

SHA512
3af16b8a1a0b346ce1fc1ed6d299bd05344421dac6e39b04714558a4eee4873c5eaa03e68c624dfbba0855a19d96ce4337cfa8ae5b33df0593226565bca7c2c9

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
8KB

MD5
02995e0050c035b982f731a4fdae7f16

SHA1
bd88864e1d6fde87782949b55d9cb370ea7cf00f

SHA256
26cbadb9efc75ec13497f0253da3b076e6099831771745e27672d19a355481c4

SHA512
fd62b32e7993de43d7b9e26eaf0ed0a580621da37c8fb5c210ad30bd2b1beda40abb9a48eba800b379fa7ff65073335bf017fb57a0e90cdddb65f66ae691238f

Download Submit
/data/user/0/com.lenovo.safecenter/databases/perf_leemcenter.db-journal

Filesize
12KB

MD5
e27eec033363e84cf009c1edef6a6eb5

SHA1
5b8eb22104c2acbac49e27ae1404d825539e1092

SHA256
ffd9afd5b44c55614503c52744c32889817825c60ae4a67aeeb9966909dc1635

SHA512
b8f6fb3de01e739dbe297433114b6436f8805dce80873002a72b22e85db9977b87ddb22a28d3965aa6aaad47d5cf653ba6a172a83030193ee3dafcad269336e9

Download Submit
/data/user/0/com.lenovo.safecenter/databases/privacyguard.db

Filesize
48KB

MD5
56525e35f29434ca8bb068a9b6ca23c1

SHA1
0645747ed01efc1e18d34d0655503edbee7ca308

SHA256
c1f8d7f1baa94fe4972338c3048bfd712546ffccc652c920354283a06e74e7ac

SHA512
3488e05dc05c01b39943f3e08fa1332827abe54e3913e7e52f462b39175b72f2e7e31525e40002824832c451d2e5ffd7b90dfc95579399096674d6470c3aa2fd

Download Submit
/data/user/0/com.lenovo.safecenter/databases/privacyguard.db-journal

Filesize
512B

MD5
74c2c6d549c8c01bad509b524922d5d1

SHA1
441721770280781076793dfca97d6a1fe20eb41e

SHA256
7f990a68c68942bd5aecd314b0e0551035b21690ec10e4fa4f6daef560ed8046

SHA512
c7ae36f7cabe1d1820beff99de0a0c74cba675927b60efa22febfa5fa0f05abc975b0dbccf13a7ebba7f1d99c2006c35ca4ed071eee7e35ae95f64772b965475

Download Submit
/data/user/0/com.lenovo.safecenter/databases/privacyguard.db-journal

Filesize
8KB

MD5
8ee4caec6154f0e83352513cb9dd6981

SHA1
2a7a578ff7e56a9c55f257922b10fb566c0afe5a

SHA256
c9a8469753353595021f4145db95c43e2fc9f9101c5298349a358bb3c365051f

SHA512
1dd663bf4e1a4bce7eaf566215a56b36ac3afc6b4ae94a52d8ba30278edef16cc5d008d8e138bcf382f1aa4d43facc0e5ec0008991679a4670cb21f4273988ee

Download Submit
/data/user/0/com.lenovo.safecenter/databases/privacyguard.db-journal

Filesize
8KB

MD5
d8577c2de7f605c8decf07f9c817fcf7

SHA1
c0c8c6f398faa5bad776b7805677a3991ca68beb

SHA256
87f722fab30b19a50db231be0b28d78c7c88c52cbf4e220ae98e2718b8777d70

SHA512
bf4ddd9e1e37e866299350cae4c83dfe326af09e2944cc7346f0ad9eb241ce4745efbf267f162a1452ecde7bb11ac09df7aa700d0970b2c046f0e8551b7273f9

Download Submit
/data/user/0/com.lenovo.safecenter/databases/safepayment.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.lenovo.safecenter/databases/safepayment.db-journal

Filesize
512B

MD5
13092e4d87fbf52fc5e5dbe46be03a9f

SHA1
1e07a66b036289b1db6a89388f0668ee4b378ab2

SHA256
365dc368083e30ba0f02e2bfaeb927a3f3caf48159e12c9c25a7b5adecb2c1df

SHA512
48a2a4b2bff7eb9ff819340cad6e928fef456fbd14f5f77e14b2271a97a101a7b9f1670a642d1c0c3a4b6f0a0fc75c8b743ce6306d3e5476fbcb5647f5720a56

Download Submit
/data/user/0/com.lenovo.safecenter/databases/safepayment.db-journal

Filesize
8KB

MD5
14c27d9a9bc9ee60e90cb251e9c8ce40

SHA1
83bfbdfb873957923653cb7440072a4dcac9e082

SHA256
4bb7f512cbaa3d7e91bd3bf48a24f8c2fecb250a58d2d99131e978a656288872

SHA512
2728f80c67322cda5b08e90cc4c01e1bc4fc6a1e90493b40c8901ae666cb4994cc62cfaf6bf989262ec77d53592eae51db0c6163ae1f26cefde1336a945daf28

Download Submit
/data/user/0/com.lenovo.safecenter/databases/safepayment.db-journal

Filesize
8KB

MD5
6bf13ba28c58cdcf842ebcfce0321f17

SHA1
ea5f3b190ca239ca185f248b7292678cddbd900d

SHA256
855043ff3eef03298671b662ea95432425a59dad574160ce766b3e9c40b9694b

SHA512
1d3d27b6af74fe7c3dc280dc3d5f981677032e5a3fdb395932b63eb5d5c0848393ebc6f55d8ab9bc8e822fe0b12c8df1e5f2f7690e0662ad027c8f8181b928da

Download Submit
/data/user/0/com.lenovo.safecenter/files/hosts_tmp.zip

Filesize
180KB

MD5
eed47a76250893a3a0e8ad31521470ab

SHA1
fcf9b627c567899d8e45018c209ea0881fe256c9

SHA256
cf0a255de23d8172853235e6b4457374fcad98098f1dd53e65a31ca1c72f1607

SHA512
d55f15f423b58e09d05c8ec86be502a05df1d52f9084f610c4261a2ac549065d05d394a0e2e4bca3ec9b8724779176ffbb0628d54360eeb30dcdc587befb01de

Download Submit
/data/user/0/com.lenovo.safecenter/files/killer

Filesize
758KB

MD5
b5c6ed492e9a2c8499d1889708bf65fd

SHA1
9b1c3e106ec595f2325e2b45718da393fa4de253

SHA256
22ae1a21f55df92cdbb975e250ee0ae05987ac257306f125a3a80fde7f36468e

SHA512
43478c56d5de0a9a6329c80bf6c6565497b19ed93c4d14d2d6676ff83c77b3a36cf89f52fd9c8162fc81953d6d38759775bf913e4dff92f272df0e186b8e6aa0

Download Submit
/data/user/0/com.lenovo.safecenter/files/lenovoapks

Filesize
6KB

MD5
d3faa3feab90bb94150a132422e098e5

SHA1
910d71ac1031512606fbf18dc7443500aee07fa0

SHA256
b234788f18a7989c6df7a693dd852d31803842593c6a261901336bbeeda0981f

SHA512
0b315accf0543b4d52e722b05d33eebfe03e23fb941bee602035c3e03c8f59a6294b57dfd381ec5d0ad04a09db45bda5caf28054197b46241cec3e56f794b5ac

Download Submit
/data/user/0/com.lenovo.safecenter/files/nb.21.jar

Filesize
25KB

MD5
d0a00b3405692d0bc271eee8d60fee91

SHA1
9898e65615f745445cec1c8c7d949a0f58299ed3

SHA256
02dbea266a0aa85e95721186d29a059ab2420f492c41489f74d7e753c992363e

SHA512
ad51f65c8dca3cdc153003cd5ac9ab970cc13219263e2189974a4e12910d249ff39ab929415df258a2c3df9b68757627f2801fc91def4926d75c99521cd31fae

Download Submit
/data/user/0/com.lenovo.safecenter/files/whitelist

Filesize
1KB

MD5
b500343021ad9ea8a369166f4c3434e3

SHA1
ce5ceacba2663931c9146831d5d2955b90a75901

SHA256
449349f03cc7768268784e90cf4fc500b7a5d12077b3ceac23d19fc31f71bc42

SHA512
7525100f2480267108a65260a850312018436fb32d148da364d9a17827b690109d60d0425569ba26ee3f655974afd32e8132f513842d9a3134599238a7d0a9dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads