Analysis

  • max time kernel
    148s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17/10/2024, 15:06

General

  • Target

    527473de054d2338803b9e138cd89d5b_JaffaCakes118.apk

  • Size

    1.6MB

  • MD5

    527473de054d2338803b9e138cd89d5b

  • SHA1

    c6780c7d1398857548a53e4ebae90ceee88baaf3

  • SHA256

    fa81a8e0e91b5a4b75107ddfb093763d5f0fa8d44beeecaf6db65eddb05ec37d

  • SHA512

    b53d9b182a78a9e59a725fcbd686b4966364f8a3791abeb105b211d4596bdca6db2766e58b5134beab3012ffeec75e58567748976b2e84d1a7c7becb009cf474

  • SSDEEP

    49152:IrNo3jmRq2ccrf62YBRouK/dTIFbylgc8FyN4:IruzX2Lf62YDoF/dTIFbjtQm

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.longyou.haitunpay
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4254

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.longyou.haitunpay/files/__local_ap_info_cache.json

          Filesize

          2B

          MD5

          d751713988987e9331980363e24189ce

          SHA1

          97d170e1550eee4afc0af065b78cda302a97674c

          SHA256

          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

          SHA512

          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

        • /data/data/com.longyou.haitunpay/files/__local_last_session.json

          Filesize

          133B

          MD5

          f1c3deb3387875207e871059ef7b666a

          SHA1

          b485a7c323a02fcbe5d9dfca54201c469e93723d

          SHA256

          f3e65740d59a4b66998fc5c1b5efbb0a00eb0f7e6700e7e31a44cb406469a03b

          SHA512

          c0973aee92dd6a0bb05a8db0e0eec6098fb0264a310991c1bda06935da39690583711c6174f75570152509d2779d11c06d979d8057253962f632132a3f9a3c08

        • /data/data/com.longyou.haitunpay/files/__local_stat_cache.json

          Filesize

          513B

          MD5

          ac7479cdfb27f54d3220d26c1a1c370f

          SHA1

          2e0f850d0c228e784ced6cf6926dd6b401a8846c

          SHA256

          233d301cdef6f0172819227b5f832e875d5069fc6bc729ceabd61f0c0746673b

          SHA512

          7b1d6d7ccc3e7c5176e738bf04f5af103c2c43abd6820a6505b3c1893dc0fa4061c0b7ec967c9ce028df5cb9c03a0185ec678711a99ef24dd982389981901497

        • /data/data/com.longyou.haitunpay/files/__send_data_1729177579118

          Filesize

          549B

          MD5

          f6d1883d43050dd860a307d4f8fae773

          SHA1

          4c0b96a9452573f043f8a3d62e0765a1cef5ff46

          SHA256

          000fbfd59ffe43bf4a20a193bc6b550f41fa55e15a73406e4704652afb33d475

          SHA512

          7323d6392c16c2810439cd56b814b32ed28ba83cd57b6e96e391c0defceb96cadf6a153402155d722361ea1c27a4b7d268f7d65becddc0df1583ad0f829e0e86

        • /data/data/com.longyou.haitunpay/files/libcuid.so

          Filesize

          129B

          MD5

          f59aa3cb42a2e3b553c470925abb675d

          SHA1

          4b2e7f3241adb9b24d2a7cf6ed62669f0a7b7c9e

          SHA256

          ce84cbd635cb02680cd55cd64968869790328535783907df1d8fa2503ae38d74

          SHA512

          ef99447add21ff2619c1d9ecb4121a4a1f3c2b506daaede81f41dce8ec64ad3489837ee5f465d81bd36e3246fe9020b0aceb41ffb670ad6fa461073b81830677

        • /storage/emulated/0/backups/.SystemConfig/.cuid

          Filesize

          89B

          MD5

          9ae6cf845012394657e1621f5edced5f

          SHA1

          56609945a588e6c7463464b5a893eb07381a457e

          SHA256

          085fec3455858a3680856755ea658d663b2ffb09eef3cc662b8a3356042ce4e1

          SHA512

          79e3326069d05731828c543afa6b24fc8c7974cd365228fbd9969a3163b2963d003e259826820fe7a47b38a1e39840723c3ba902c9e570ed7d30384bdfe1baf8

        • /storage/emulated/0/backups/system/.confd

          Filesize

          24KB

          MD5

          20b4c5a4e7944c6575524b67929456e8

          SHA1

          8c00624e72d53734b11bbd36d92523e4d80ed5b1

          SHA256

          269e0fdb977c639320baa5a0f88db814d17c1058fe5aaffdfb723764e5029f69

          SHA512

          c4d54bdd070a8c6b8e8be330700b75c278cbebe6f2325337dbd958b2604b81f9d23e27a537352abf1c628e35a88818efa0c37b6b796b16619754db62f9481cfa

        • /storage/emulated/0/backups/system/.confd

          Filesize

          24KB

          MD5

          17b1f5fc1800c9e4c3e856541e0040b7

          SHA1

          14d72e27d470507e35e8bcec643c901f3663e6e1

          SHA256

          f181d91574b68307e877d51f9ac9820601bef527eca3e3362df9d44191c59b05

          SHA512

          39f2f755702757b2c03fc9b0d5a6bbbb9c81159dbb50eef306e41d72319e1538cabf8b71ad3a508df5115c8dca5c7a1a83e948287d037343a645c337ff0be6ba

        • /storage/emulated/0/backups/system/.confd

          Filesize

          28KB

          MD5

          5359881f99361887ab6818198ede58d3

          SHA1

          2859ff9aeb34cac1007652d4f8ff79595867f518

          SHA256

          5658c4e68723864e5aaddc4d926d7a3076c18f88b9148e2e07cdc123e7203150

          SHA512

          b4f16a9554ccb50fe19eb48a80e4d8d5ce665afd903b02f79cc5c713058c09bac0d73350e7009cf113cc121139bebbb6d592b05bc412eaa07e812e9b402390ac

        • /storage/emulated/0/backups/system/.confd

          Filesize

          36KB

          MD5

          1f899373c07adb372df01d5a421fc29a

          SHA1

          213df324f60ad70431a2bfaa82aeffce2ff61b3a

          SHA256

          10103c8f8999a755bdaea0d5d4e1950173c16b4d4a17fecf3279227cc3439827

          SHA512

          5fce6bd52d3551d62db1db28f04b058f337a0250bd0ec88a45fdcc294a64f818236b9dc3b6951159f490c360354efd0ebaa7cbbb62b10ae72addf1d96ad1ed2c

        • /storage/emulated/0/backups/system/.confd

          Filesize

          20KB

          MD5

          048c73f536f234f0ad0d2fa8bdbda899

          SHA1

          dba2e666721e0b0988807b8bb3ce0452dad3448c

          SHA256

          f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07

          SHA512

          6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          512B

          MD5

          c47db8466fc6965f2a6dd1b4ca60c4e2

          SHA1

          e46dd9311fde225a6c9d718565f8a64e83c66996

          SHA256

          d0343a7659e98960880faa9b75eff2a5034525033785627a576c865beae4a6ec

          SHA512

          3703d3e080d5f61255245b67e43d4b08c0a29b5fcccb016ee7f633b66f0407f0170edacb1801055dc5bb65107c1e1890584d55c8cad2795b602a5750a9792e96

        • /storage/emulated/0/backups/system/.confd-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          12KB

          MD5

          dcc309df0f85ad4c38db2cf7cfd39b63

          SHA1

          a1f9c3ab3ea50883e26e4e5ab4b61c02de75e8a1

          SHA256

          5634fefadad3fc59312e7dca2547483cfbbbb099c007a7aafcd0b9d70eb16211

          SHA512

          17866a7be8a44fd28fa11f828d16ee846c4f7f2d5355404e8aa8e5e11e0e2a8ee4da43985df72bf07937b6a8e12b9a6e6d60d435a584a68fec1b7ee79e6ce8e9

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          8KB

          MD5

          a375b415103e85ba5ef68b7a844d1e63

          SHA1

          2347d88d52aaeb8d0695a6956637214c875cdb47

          SHA256

          9e8f8ae16fb8d243d01f9fc9b3885557975c5964e9b98163ea7adc2caa91f6f4

          SHA512

          fb922b88833151d4e86ca0b34b2001e3bf99cbc0c6db5fbddcb05cf9dc152ff080ef00e6eff383313cb270fb5dcc3164dab2f1333140bacaf34c7cb17cb6820c

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          20KB

          MD5

          f37186a1191bfb923995445f72596162

          SHA1

          b50016f6a1fe1308888b2cd1252e112c11426e4b

          SHA256

          730c1e21981cfd47b2b006cd5c99946cf6112309b9f88b5807e65b44c9f429a6

          SHA512

          adec52e400ae4a2446ac75acdc5dab220df046d3ec528f5983871381f6e0adbc20d84d5f35143ac044bc631b1903091fc1cc0ccfacd40df1a517bbb640572b82

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          20KB

          MD5

          19c9a9b9b4bceec2b59c3d1d3439e87e

          SHA1

          1e4218d7968862e82a86baacabbe0bb4e32cee5e

          SHA256

          38126be562d7398d9da20b7241b727de8cac6448fe2a82ff8f5181a99eed39e0

          SHA512

          b2cebac3a6c0011e4b76c1932e0e0588e8cb74b9e96d0b9a6622817dd3e8d3e0d03413c510b359e82a48bfcc0d3f170f2e2c49dd115dee2d03c418077fbe835d

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          8KB

          MD5

          95d9d091b8020b66371b8034300392e0

          SHA1

          b2ca62690213a8c773223b2074e91c2c71335814

          SHA256

          04e8d56229aa56bcc574cfcdb80d635d02d75c9dbde9773efdf5e2f181a3a1ab

          SHA512

          6f02379117c8f6ec29c387a53ffbf509241c3e459d50200c1146827d91f0bb0d80e228560c4beb36064abcbce3604eebc6e3247e1bae16e5fca52185f7d217cc

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          20KB

          MD5

          f873ee4943b9b558b578d78dbe80c5e3

          SHA1

          e359efafe1bd15755e6e3f1674cc336045645102

          SHA256

          1b7fc447d49bac98dd97bb520558a4e6a6ed3127b4897da759e4a037c9d21e00

          SHA512

          2c67322057804515943dc1c2798fa598294aa17ef1a082e964ce3aa8d54166b6192e23392b86d0dfd31a5546c83771f95add9708c84444c55e32f5c0629a512e

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          8KB

          MD5

          742a50b84f02d37d93ecd993b8dd8330

          SHA1

          b002ec4a6ef8a2f985a952afb514dc38c19b64df

          SHA256

          b156446bd9738aa7f1e68f1ed8b3056e996ba4482fc57afb95e1749175dbc3eb

          SHA512

          199659e6503410a4de74b2f0d0f5eb6a2a1665efdd2cc7fbfa70d7d3858b1d3c615ad97f9a685ce6b1b320b4078f93f5633657d99a1d479bf935406d87141b72

        • /storage/emulated/0/backups/system/.confd-wal

          Filesize

          36KB

          MD5

          0487c2b314c109009e9beb3f018afadc

          SHA1

          556217b8d30edb17b4525d1f097064362a87531f

          SHA256

          79d64ebd47826f1501ef8c87e0c7fbee61e4386ed51eba9b852ff3e854f01843

          SHA512

          8fcf45a8d4f102399d03362fd1e7d68d16f85031df4edca0825a449e7e10eb9f142383333420af1178ea8cf3a879a0e9963cbb5fd3c631b0f075ead58c182aa3

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          55B

          MD5

          2ff6c4624541ef5e182cdd46e3a926a8

          SHA1

          b41394443e072fa4391e074b5a98291799f5c06f

          SHA256

          0ff36d7e23c7d5d030585a06e8b216c87848cf44db63860840882e082e6c5763

          SHA512

          5e13a8641f4211142e8434e5f41be04e491dd9cc598eb953d2cadf8836702f09016f96746c005aafc80bf0a1002620fa8654f9cf5624dc3de7559bcb67ed21fa

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          84B

          MD5

          80a308c6a6c2c91ad4445d2bb5e8bc52

          SHA1

          660fe2c01774f12a972b16b5997a457c2a511941

          SHA256

          8cbf729cb4ac7155d64f1852d348d3071c60761af1df9ad5c48e37cfc072dace

          SHA512

          4fa77325719ed53f79fb86d57781c2e09c6e43fa4e3f7db4de12db6f0526f2882eaad5aaf03516de53028e525d4cfa1c595748c95cf14e4cf0ac6b59c443997c

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          114B

          MD5

          c6794756f0a09de03f6dfa2343aaa2ce

          SHA1

          9df060c086bdbf42b1f6e8bfa9998fb7b03700a4

          SHA256

          29c4efbcf52286763b80c2ac645ca7c07e327175e4d28d9d2a0ae32fa7e5d8a8

          SHA512

          eb73e41f5b4231316d2c58ea99cc2543f935bf681c5a23c90f7bebf175f89fb18f79ed56ce3b7a68dabdc7d8a4ac6bd58eae6c68213fb7ad1b6b03af6425b19e

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          138B

          MD5

          05a1066435e406492c663edf937472fa

          SHA1

          1301814a6db6e664235f2f6f30a9a3997dc7803d

          SHA256

          7e700a49de2843f0b939641cc9f0eb9d714608ca849c042806d5faf98a9a6e89

          SHA512

          59931d2c1cfb94e8d60746607ab19cf5ab09337abf8e552c84197132d3b731738b60039ccbac655d2f6d3a58213ff8a4283dba39b325551d5ef3fb693bb63725

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          25B

          MD5

          81f527f6e42341dd126ab862049d3d01

          SHA1

          924bcf46355f701f075ebb2c8c68b6bc9f86f81b

          SHA256

          6eb0e035ab4b12518a84b45ae2a888fcf7d84fdad1e7df76d8fe9c6f7e9c97e1

          SHA512

          6fbfa1d7ec524f5f1529ae3611217c5e0e9384dae39d4d55b96b93f05f9f467d7145c549367170c8959ea26f83a45618ae181082b884184a66bfd08cb5aeca6b