3b736a91dca7ae8608c2174ad589400d3fd5fae55a395920841a49eb10657a37

Analysis

max time kernel
12s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01/10/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

071252efdf552ed657a1d6cbc62f52e5_JaffaCakes118.apk
Size

1.0MB
MD5

071252efdf552ed657a1d6cbc62f52e5
SHA1

b21f52062fd6805506edeb078e56812636ac4378
SHA256

3b736a91dca7ae8608c2174ad589400d3fd5fae55a395920841a49eb10657a37
SHA512

01b6e8485872bbfbb940db1d5679fb0667e9bfa6c29f9f48b3a47ba3bfcda7e7165017692fb29a806489146dcbb9295972ac7627f34d1e07e09a70c02129e478
SSDEEP

12288:oorhaww5VIK4IQqKJxRAGwG/MFf/pjP61n2jthi2iqL5sP32hn7LXCwAwuX3TgyM:oKhw5VfG0G/MptG2j832VLIDgyM

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.tutusw.onekeyvpn
/system/xbin/su	com.tutusw.onekeyvpn

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tutusw.onekeyvpn

com.tutusw.onekeyvpn
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4936

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tutusw.onekeyvpn/files/WebView.db

Filesize
17KB

MD5
5309753eac135d7b968b60956d5de5f0

SHA1
d683acfb19ab9719028ffceadd35e64d5488ca6c

SHA256
644df98f9bc8071ac1a938418c4f397a61e992f619619ed9fc8e23d5c1c2a043

SHA512
96ce45140cecf97ef490cb8e6c68b1ea989ebc83a8d93ca191ed41f26efa418daa0295edec7f77682c7521512968109da3054e57b94374eadd75ff1f623ecfa1

Download Submit
/data/data/com.tutusw.onekeyvpn/files/busybox

Filesize
785KB

MD5
9eb7a3769fa746ddeba101f0f9e420c6

SHA1
23b5ca0e113d91435451357cf83c8748073a71df

SHA256
f2f0671a40a256cee4138128ed109e05dad9bba31c93aa75fa3cbf7e45901b1f

SHA512
d817f1a87569a422e085df57ab56937e190fc049e3f4a838253468c3747e7281bf68aa4e6b2dae9fbcb3e6651a0dba73ffd49c57d347ee7213ee9013cad4d5dd

Download Submit
/data/data/com.tutusw.onekeyvpn/files/mycfg.ini

Filesize
33B

MD5
c26b8fe0fdb0a866cdc5b4210f9bbb1e

SHA1
d9d7bd6631d38f58a78d44077639180cf1d146a9

SHA256
67a5702e0b4e6397a925f8148392163be0c725cdcb240d570c37ab0933e4a56e

SHA512
fee62ede02ccab5598462472f50f52809f89e1e3cd9595f40948632a946e545c6fcfc10bce181bf44dde122adda4fc31656eec826ea0b89ef0e33eb008c26bd9

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/02.pem

Filesize
3KB

MD5
2d1e4e3040f808a4349c57ed204401d0

SHA1
12f7927aec249a014f820a2231f1ee04aeedb6e9

SHA256
fa55e81ebcbf17c6b726fc9802585740c0cbce3e6771c5a6ca7ee6c166b6a6d2

SHA512
b3ef56759d8d40fe8f159f96be1293d6c13f0f3c94d86fcf93697a5e313fcaea640471532d072abcd5b662b14b24f7779d88a32ab8813a7bc37ea95cd82fbce6

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/ca.crt

Filesize
1KB

MD5
45d1c013ab772af67d0b669a8f12eec2

SHA1
d892147a34dc0d04255bdb7201fade38c837589e

SHA256
f270aef66cc69fdac788049999e5cab2855ab6e89eef0aa1f70477d46cdff9b7

SHA512
e2f3c1ba719bbef7d38a19127b689bd5230856965eb30e12c9199a8b35044384dd0861499d10808353142bb8ba8f9a4f2f2973e6fff7743c5c08b2c9cb2bc4c8

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/client.ovpn

Filesize
613B

MD5
845a13332ef421d367d303cdb0806cd5

SHA1
66cc614d08032c58781f0b6cad640381c76dc24c

SHA256
a7e559c89e904df6941673eaf3ebae45c291506a167233a8568f1497a8f8960a

SHA512
e71289d714d10adcd6cd55d06427614b9df377bb5c476decae933270dadcdc0fa30b86b36f8a25050a1e3dded28b8842b5c8f376debf242875f9a1259e967476

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.csr

Filesize
712B

MD5
b6c607eb585c7af8ab32fe1ac1e07711

SHA1
13fbc973ca86c5c35552e8442c5828d0417e0748

SHA256
10a51dad7a120b48ac196d59d7118ef0342c97d546a1796fdaf3dcee5cc9efc3

SHA512
1a2cce5f6bb3b8fa1f870d138bde0e45f5c7ac4b405bfffe0fde0ef379b18e10126da1de6986acd0232316ddfbec52cda338710a87ce878b0196b2e98691e0ef

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.key

Filesize
887B

MD5
1d1e700161e3bd953f3735c2b457a30f

SHA1
2465eb38c216e075d82979adfd419892bd4420bd

SHA256
0009de3e23aae8f04bf71d57ba5facef13c0543a903c3806fddd9ca866121a24

SHA512
4c26502d4da5c9b57b98b1e001900aefef7497837ae058eb00fc9f3fbb6b864e10a6bad65606a4ff0b176425c461fe5cf5175a66a5415b09e7dac03b9095079c

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/ta.key

Filesize
636B

MD5
783b5be3bfab0e6ab734da7417b4375d

SHA1
46378b7ce0d8223a8eba6786369840a5ce64fa85

SHA256
c57c4b8f81fca1c6fcc87d635e15564b03679ff61643fbf6fccfbe0a555087d2

SHA512
36e0e80d1960917059fe6ff70e0bc405697688c984eb39dad129dbe625b11187f3ebdae3f97547bcceb32254dc906fbbadf362d8b0c7398a629a2056adb4da05

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpnbin

Filesize
886KB

MD5
2f0cff429e7c14c46c3b400592773f7e

SHA1
630a90548a3cf3a7d0c04c93f4fa2840481959b4

SHA256
aeafe62cf946b4a1cdd3f16e9f74d8e2109fd0d8d9955d97403fe5d99ca03bf8

SHA512
6b662e9133c282b12bd57c0ca9449d0213f62d418bd0eb761ec2ed75432eb8364dded2b4b879b096601d03dae42b5179275fadabc31e7dc81f18d110b3e85544

Download Submit