248977e818db08253c954ef98200f3c90360e48161a37e15541a48b49da8add7

Analysis

max time kernel
147s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
15/10/2024, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46605f58913bd5df45fe8d40f376bd69_JaffaCakes118.apk
Size

4.3MB
MD5

46605f58913bd5df45fe8d40f376bd69
SHA1

c55da426d2e512c3abd5c82c7bcc27e70b4b188b
SHA256

248977e818db08253c954ef98200f3c90360e48161a37e15541a48b49da8add7
SHA512

b2f09f7952f7da0b26df2c656f87ab8bd9b5d42b74f9f3dc2e5486923100f5b383d07b8ef56c77ab80da59804aacf4d0fa9c5bc540736164ad055630c27d5488
SSDEEP

98304:L3heT29ecJ7b9i7ZDkPEvO5ZD02CccplZrL327O2EjTth:L3hfeK7b9wZDqEvOEbXpT72Mj

Score

7^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk	4282	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk --output-vdex-fd=48 --oat-fd=49 --oat-location=/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/oat/x86/com.lyhtgh.pay.ltplugin.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk	4253	com.kai.xzxxl3
/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk	4383	com.kai.xzxxl3:dcv
/data/user/0/com.kai.xzxxl3/files/b3c621aa755/4386d79b-3a42-406e-b621-5d8f4e752e19.zip	4701	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kai.xzxxl3/files/b3c621aa755/4386d79b-3a42-406e-b621-5d8f4e752e19.zip --output-vdex-fd=49 --oat-fd=95 --oat-location=/data/user/0/com.kai.xzxxl3/files/b3c621aa755/oat/x86/4386d79b-3a42-406e-b621-5d8f4e752e19.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.kai.xzxxl3/files/b3c621aa755/4386d79b-3a42-406e-b621-5d8f4e752e19.zip	4383	com.kai.xzxxl3:dcv

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kai.xzxxl3

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 2 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.kai.xzxxl3
URI accessed for read	content://sms/inbox	com.kai.xzxxl3:dcv

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.kai.xzxxl3
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.kai.xzxxl3:dcv

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kai.xzxxl3
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kai.xzxxl3:dcv

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kai.xzxxl3

Queries the mobile country code (MCC) 1 TTPs 2 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kai.xzxxl3
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kai.xzxxl3:dcv

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kai.xzxxl3
Framework service call	android.app.IActivityManager.registerReceiver	com.kai.xzxxl3:dcv

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kai.xzxxl3:dcv

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kai.xzxxl3:dcv

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kai.xzxxl3:dcv
File opened for read	/proc/meminfo	com.kai.xzxxl3

com.kai.xzxxl3
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the content of SMS inbox messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4253
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk --output-vdex-fd=48 --oat-fd=49 --oat-location=/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/oat/x86/com.lyhtgh.pay.ltplugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4282

com.kai.xzxxl3:dcv
1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Requests cell location
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4383
- sh
  2⤵
  PID:4679
- - chmod 777 /data/user/0/com.kai.xzxxl3/files/look
    3⤵
    PID:4718
- - /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.kai.xzxxl3/files/look /data/user/0/com.kai.xzxxl3/files/look am startservice --user 0 -a com.kmi.pro.action /storage/emulated/0/.tk.tocl
    3⤵
    PID:4737
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4760
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4760
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:4782
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4805
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4805
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:4827
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4848
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4848
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:4870
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4914
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4914
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:4936
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4957
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:4957
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:4981
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5002
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5002
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:5024
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5045
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5045
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:5069
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5090
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5090
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:5112
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5133
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5133
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:5155
  - - sh -c am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5176
  - - /system/bin/sh /system/bin/am startservice --user 0 -a com.kmi.pro.action
      4⤵
      PID:5176
    - - cmd activity startservice --user 0 -a com.kmi.pro.action
        5⤵
        
        PID:5199
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kai.xzxxl3/files/b3c621aa755/4386d79b-3a42-406e-b621-5d8f4e752e19.zip --output-vdex-fd=49 --oat-fd=95 --oat-location=/data/user/0/com.kai.xzxxl3/files/b3c621aa755/oat/x86/4386d79b-3a42-406e-b621-5d8f4e752e19.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4701

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kai.xzxxl3/databases/MF_CFG

Filesize
9KB

MD5
7d77d5ebf42e3262b0cb08e54f5f44b8

SHA1
8c3f5f724136b47fd5d479d55636bd54fbb4cba8

SHA256
e04b58bd139893484c85c3edf11e1ff53e8f8699fd553b16ea9cb80535235343

SHA512
011b5d997570bc72c70d18571f2e74e8e9d24b20870735a7dcefd5a0a5e3e63c3f2a9e93dbdb39ec64721499c6b06ed85a0dce8bf144a5de3013bd54193da19f

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_CFG-journal

Filesize
512B

MD5
16406c54a65607eec11bb618dbaa4d70

SHA1
c21079b308c9ebb63b11b547f64bcf11824df181

SHA256
7ccbc155ce33614c6de82ce74458db77a77341f5e00a9e6c22d90272034efe62

SHA512
c4e9445d4f56c2c1f91a092be2fe3c2a8e0cd14591bdb8cab350ff8a162cd039418aabd960999bac778db284983fdc41739958ac161f01180ad9c7c9fa5d1942

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_CFG-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_CFG-wal

Filesize
84KB

MD5
81e3c6b7539e2943226560aecfd58447

SHA1
2894b0ae255805f13ef1d050be7dee4bd509da5b

SHA256
97ed49377052e181925a942270df30292000c4ec5bd712edff148e68bc5e4c8d

SHA512
47c90f5d4c07bddd5ddd8e473a13fbed015939c9fe98e8c4542fcbc2ddaee49b58d0bfbedad0cc5c439119ce2e2d575600f2c296d508730a35ebab1d26b2d1d2

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_CFG-wal

Filesize
60KB

MD5
4311aa2cc4b6bb7fcb18d2d57fa9b1e2

SHA1
68afa3b6ee3ba9390ba694d3ddf09a05277442d5

SHA256
4eea1216f455d51bcf600af6cf601ee029ccd2583502d59caa3775eed8421dd5

SHA512
3a705685fbbda4921509d710471fd48b6046dc85a6b7801e3cd57587ab905a94fd0eb170461ebab5efe4cad4545808e3ed94763d8246823c418b974f3ce6c03e

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_SQdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_SQdb-journal

Filesize
512B

MD5
83467ed69bc659ca82c6f34ba1ad2897

SHA1
c4b4425d2ef78af2cbe556d3e3d89acfb684a1b6

SHA256
782f7a7acba095f85239c5a790782b848f80cb6b8b4545ea5081fc54dbfee650

SHA512
4157ce981d6d995d6b7916f8798e06e8f868fbb34b938c98f92e8379979b8e8a5682c8af7bcc8b03612dcea245a33c1a1e02d4fbee00745dd420896cb8f1f9f5

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_SQdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kai.xzxxl3/databases/MF_SQdb-wal

Filesize
52KB

MD5
d1ed146d2829c66a80e34da2ed301b87

SHA1
b043390ba52887ca686f83fae7312b7de47019f5

SHA256
677bd0609450627635819e965f31641c19a96414dfae1cae117fc79e2de8cd52

SHA512
d5eeb2fbd6ac421a874ac4c0732608fcf9a3355539db4f2557bce6ae83b547f62f1313903d8c1572edf5b4924661131cbc7d287c666c0e6fa5cb35258a23f17f

Download Submit
/data/data/com.kai.xzxxl3/files/b3c621aa755/oat/4386d79b-3a42-406e-b621-5d8f4e752e19.zip.cur.prof

Filesize
208B

MD5
b7d5e1fb30edb095471e1da9ac3084fa

SHA1
b0617b20e9053187911681241311c66fc047a049

SHA256
3e42982dfeda5ed59603837aab665900afd9e13041be281dba515f282a7c8369

SHA512
ba9359c3ee55e6ecd9a0fbfe424d37c86dd8cb68fd3458651a8c78e0ca7f9dc3752aa817e6f8e44352c2dc9a143ed41b0ed38074bb4d02c6b522fee4c3fa6b26

Download Submit
/data/data/com.kai.xzxxl3/files/lotuseed_jr.s

Filesize
445B

MD5
6d94a983d1e0d1dfc0c971092ffeaff0

SHA1
e3f95e6675953e750bbd9c3c7eacfab67afbc8b3

SHA256
14aa500a5d0b525ff20b9e53b27db8fb3547ce72b625f66814715dd7928ecb14

SHA512
4df652c14c53a169617442bd7dd3e3b7dd8dccb4a73c240eb339fb0757a1b650179a57af1e5b0fdd950fbf4d5bffeaa546f07731c31f8abee2412d76e6e60aa7

Download Submit
/data/user/0/com.kai.xzxxl3/files/b3c621aa755/4386d79b-3a42-406e-b621-5d8f4e752e19.zip

Filesize
246KB

MD5
936cc66f614eef707619c828fa6c99b0

SHA1
7e3e0f8cce468ba80f84b413b32d95f6817e448d

SHA256
0ffb693d706ebc4d6c143d522da304fbdfb2acae5c2c3d091b8c268b828b5d86

SHA512
c1d924935f85fa2b9646b775a4205fa24075e762f59831d8ea389a674933f576c80e3e695ea879515073c483e72c4295099ae699714564d868261b3ee22b48e2

Download Submit
/data/user/0/com.kai.xzxxl3/files/b3c621aa755/4386d79b-3a42-406e-b621-5d8f4e752e19.zip

Filesize
246KB

MD5
7ed8c255e0d1934f0a7e2eb66b112f95

SHA1
f23bc7e5cde426dc23ecfb356deee75413b59135

SHA256
a7e0c874de853eb5f56ad6ae4a244b334aba05cd3f35dad534820c4221517f9b

SHA512
6be217f5b87acf289dea0f8ce9ad634467563754175159c29ade3052963f9e9dabd7f57536639289dc27f2d115d73440c289b908751ebd1054ebe2652ba5cca4

Download Submit
/storage/emulated/0/.287a564d31/.fsks

Filesize
56B

MD5
96ae374c68db73053f597a9be080ff57

SHA1
cf876943452255a9c44f375c66f504f2b2b8e421

SHA256
943fd3ee46348782640f6c043ff8c72ef8726c21ed0dd3b8eddefea441f07ce4

SHA512
ff5dd02db2c023bef261a3c2f5258b08fc31d8bf7748aafd7160332678283956e6aa7bc4b5aebebab800c8a5d779980c436e901cb40bc558890d7521c58d7537

Download Submit
/storage/emulated/0/.287a564d31/.fsks

Filesize
76B

MD5
74c713e12f9cfb9f4a05c3cbf14c9633

SHA1
322ae8fa620c900cc980174f13c5a4697866fccc

SHA256
8f2a4de57b8ce5f355da98f74f3c9db2b2aa51aa6eae4405b5e1a4e3fe857109

SHA512
4fbd2073d4175d495f555e7e20574456ef93669a77a721cafc2faedd1e7aab62c08f959407d21c1e76facedc5ad9664a13b064833c511a7765b37381368c029f

Download Submit
/storage/emulated/0/.system/lotuseed.devid

Filesize
85B

MD5
b05a29e0f25e9cca01cac1e515b05aa0

SHA1
d2c7f5849bc2aea0b2fd3e2122bb325a812721be

SHA256
4837f4149280be591dff83660ce6918f3360379b08d88d1052e7e310abb806b0

SHA512
7fb53ee8b96eb10a84e8b0d9a5bcd69adeda3087c55a4515f6986bb6c73bd703dc3f535e505c66470d7548dcb34d56d83194614a26a5f77fcbf4eff26f4a10c9

Download Submit
/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

Filesize
145KB

MD5
278e8100ea1ee2c466d55451e87cef73

SHA1
8347d2b269f74841ca92cef51d450ed953d73aaa

SHA256
06d08532287fc6a934aba8d5a361eb83e4d7a1c8cde4f6663ab2746e4fc09a38

SHA512
3e7fcf245a07ce8e03a78f75835c30e0b0f270e68987f85b92aa97f7b0894d73702ebdd80372cddea310a52624db1ccf65125399b6bf218dbd717ad053dec088

Download Submit
/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

Filesize
345KB

MD5
8e7387a025d55a6ebf8c4261bfa220dd

SHA1
dae3cb0192bcc5fa75a74489a7d09eb10f30946c

SHA256
826c6f5b411322ccdd48470d2716cda4a2197aa63369870333064030545aacae

SHA512
b3d7ac61e13980b2b06ac946a00163eaf1cb132d843ddd50291f7a4c7c9059e962129e7c92ca67d40ed637a3733cbce3bd6a4e6e99134eb2e2e8e4876ad65f7b

Download Submit
/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

Filesize
345KB

MD5
21c7c675b3dc4ba37ecf2e58fec9ccf8

SHA1
16d524195e74f324010e7e5cf5a73e39bf757864

SHA256
7502952614e205d4d5605d0af83169fb70efedc52b0feaa1f9003cbfd830ea93

SHA512
ad3725129013e75c632b383999b7a936beed98418ed7d92d4dd4a5fb9ac7a1f518b4b6444324d5f366f422fe5099f6a54bc7ce62be4f8077ab4957b144b85482

Download Submit
/storage/emulated/0/com/android/system/uid.sys

Filesize
144KB

MD5
2e57a9b7b80b3a256dfa2c4587d49966

SHA1
22b9578d3f7f2d259420a5ba991d1fbe85207d46

SHA256
fadfb9ef2ebc521701d90fecaba6b60819e53d2694fa32cd4e39a940cedada4f

SHA512
fa1effb756c8d6619e659e8306a7926d9d042596b740b78ef894cf7271ac9c5e3ab2bfa62e98d37f1799567335546649096e1e66bbb0d8c660244e6d70aa677c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads