Overview

overview

7

Static

static

6

eaa96bea86...18.apk

android-9-x86

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    19-09-2024 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaa96bea86136a1ec557d1116ec29df0_JaffaCakes118.apk

  • Size

    8.2MB

  • MD5

    eaa96bea86136a1ec557d1116ec29df0

  • SHA1

    27148d2efedd6157135532159fcb5a064892abcf

  • SHA256

    3f242b0fbd72c54a97a66a7c61bb4272df0b4f2d8a4fc55178bc1d2a8b125bcf

  • SHA512

    37e38aa51aeeec2a77762da5db81893e888660e50cd80ba6288f785c1397b23962a45536ea8a368bf4abc11032d91ab374c4ed2e6b46e14fda0dd01bd21ddc83

  • SSDEEP

    196608:mmTlY5Fzqd8i+gaG06ikbimxLZl4uZtBITHR8dpGbSVZzF:mmTlY5lvgaG06ikbTxjOHR8fGb4Zx

Score
7/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.yubso.cloudresume.activity
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4253
  • com.yubso.cloudresume.activity:remote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4307

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yubso.cloudresume.activity/databases/sharesdk.db-journal
    Filesize

    512B

    MD5

    ddddcffb43b8cad675ca396f78d90ab6

    SHA1

    c6278ec383d9dcfdcdee00744bc9192e82ed37e4

    SHA256

    8e3f0f53a25f0d4d432e1d149f90cd9afee258b228c5cd3d6e5286d4bb7d6408

    SHA512

    a9c7aa77d68cbf5c9acff87e74d9a55509bde0cb23336c78d5b87b4e9f3fc3049053be2d79767464bed4559abb0e614368e1786d3fdfba630e2176013b2be5d2

    Download Submit

  • /data/data/com.yubso.cloudresume.activity/files/jpush_stat_cache.json
    Filesize

    187B

    MD5

    7cfc40c321b74f5571aec861d5ec3176

    SHA1

    a6ad4d6b20394e24937422d37321491d2a6597ea

    SHA256

    7ef653c40fc1f0717f73c17cd4f238aa845cb657e491b4cc6d8c88ab74f3534b

    SHA512

    7c879dedcdda2c7ad36e2a03cb11132f8bda35d67794c30ae4eeb9a2c8aca64751dd5afccffb4b84762026363ee5a48874e8b8e7a2a29dd7fb5bc619fffb3558

    Download Submit

  • /data/data/com.yubso.cloudresume.activity/files/jpush_stat_cache_history.json
    Filesize

    158B

    MD5

    356c83e3d569fa0cae434373e65f748f

    SHA1

    dd7ec4e44b5fe2718853502a4311a90430e41089

    SHA256

    4d91cfa5ad3848407a68a717837da0b26b602945a8ba30be31e21bf0f99619e1

    SHA512

    8011a761c6f5d2a8c5b9d5eb34d1b4b2f89e46c945b53c7650526288c9814b8f9d1e577394c6feb032dac9e67e3946d51b51f4d51ef5a57ed819cb2b2224f150

    Download Submit

  • /data/data/com.yubso.cloudresume.activity/files/lldt/offinfo.dat
    Filesize

    488B

    MD5

    bbfbff7a27ccee442941e4c3fe1a73da

    SHA1

    9cc61725a4f793d1ffd3764a92cd3299e538798f

    SHA256

    7d281116a5aaefeb5c1f2f3c836a82f2dcd7d4623a5c77716edd09c868d51319

    SHA512

    803df59a74fba0c427d4a45f853f04e612168b8afeb4edda38724c460186b26f527016163fabb7f50feaaf4a7b47bbd16cba5ee33425fae8e310d98e8f47e25f

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    28KB

    MD5

    0d3e99204c6401ea499fe9e6d9855497

    SHA1

    09829f00ca458eab7374d5079393a2cd69a2348a

    SHA256

    63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

    SHA512

    8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    28KB

    MD5

    6ee6878a15dabb8eed7cfd2a89500eb6

    SHA1

    d14e771b110830d630c0f4a3d441700a4e869ce8

    SHA256

    9c2a031ed2dc5fcee01e4d99131a5ab84537dabbf0b0f09958b855dd99b152d2

    SHA512

    c70a2ce93ec70e81ee5fd6ed83bf669b8e9ae243c5a3f83321b2d7112dcdb2205e1b633623e1c70caf56c3016c152988fc57cca502f90a46bfe7225743b238c0

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    512B

    MD5

    aa4e4640a3b464532f9d4ec1b9b91753

    SHA1

    c546b2f2f5ee714653557bbc86950aae3551b6f6

    SHA256

    654b0b028cce32d5c9a6a89c7d5235bef749ed9de3715f3876325c20bd9e834d

    SHA512

    88e0f232e68676ca2e6ace27b7bada9060747af1a091eede1a11366ce75334273f8ea73e38f5eb91abb457caf78a997e2bfc1bdcb56277a56692c6b1f4595490

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    2ed9397331e2b7a4e01e3eeb3e5057cb

    SHA1

    5eaa43daa0b7939ef3a32aa6c78462cec31c3583

    SHA256

    196ad9c177aed64d9d3b087168162194bdfc50eae1072e80871767614d1a4f83

    SHA512

    2f5605981c1c42f681a814ff737e74e2e6441edbf1843207a3a0156491cf5ad4f15c336c097ac8950e98d24548a0f4f45fb6eb6ce157b3828894e8ea00acca63

    Download Submit

  • /storage/emulated/0/ShareSDK/.ba
    Filesize

    389B

    MD5

    95365e376937162ea04966a6a9938c21

    SHA1

    fe2b3a9cd105c37b145150aa9d2d1e906e1bfc4f

    SHA256

    ac24b51875b18855663d829fa9bb32ceed10f542e06ee98a370670c39c6a17b0

    SHA512

    b4cd08e34b1d8d24f2b8ff962cb2266de8dc6a4705278feba5401c0e33a8403518db8d642cd6c8441accb369f3d98c76467e0998a965e0c50c09d173b1d6b12a

    Download Submit

  • /storage/emulated/0/ShareSDK/.dk
    Filesize

    52KB

    MD5

    46a1b4f62726d931660a76d1aea8e94f

    SHA1

    50a6f02116fcae53b4da2d384f53dc6e2540489e

    SHA256

    42ab024b6627c547176a51885705ba7fd09d93b61117ca6157c60cf960dcfaad

    SHA512

    4ff73072d5a1773f5df035ca7a4d6b9c85a3287a72138fb58c095d33bd02f909bb66e7de6bd334550a59d18557b44f9baa333da006f438a5d1cb47df74c2ec93

    Download Submit

  • /storage/emulated/0/baidu/tempdata/conlts.dat
    Filesize

    32KB

    MD5

    333976ec178177e858135f21d9be7fdf

    SHA1

    56c48ef935c9d8554690d45a69b8b2c8e5267359

    SHA256

    e5e3da3d4925bb699aab2905c9f4707010fa1326827c1437dfc6db03c8ff1c4c

    SHA512

    ecffc3e95304b47615d38beb499e682b2d174091e4e4309cdf3efd323164632844324de33c7578268eb8d8d6420d11936a8a48a8bba9e706aa4c1d056cee54e0

    Download Submit

  • /storage/emulated/0/baidu/tempdata/conlts.dat
    Filesize

    32KB

    MD5

    e770d166fbee02ce0d5753c5c78c9136

    SHA1

    c58a7ad2456c8989c2b78fd24ab07dc91dacc51a

    SHA256

    0bb92f8ea44cf870aaf7fc98306de17a56faa65f6b4d7c74a224d8ec7ea56379

    SHA512

    c81f98171e0d50e278077177b9851f7e5044345b3b1baa7ccea4f199249df2ba3eb7e2aeb899fcf13fe05449fe2c52aa0c82bfcc7a331e5e9f33870db5939a35

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /storage/emulated/0/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit