Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    17/10/2024, 15:06

General

  • Target

    527473de054d2338803b9e138cd89d5b_JaffaCakes118.apk

  • Size

    1.6MB

  • MD5

    527473de054d2338803b9e138cd89d5b

  • SHA1

    c6780c7d1398857548a53e4ebae90ceee88baaf3

  • SHA256

    fa81a8e0e91b5a4b75107ddfb093763d5f0fa8d44beeecaf6db65eddb05ec37d

  • SHA512

    b53d9b182a78a9e59a725fcbd686b4966364f8a3791abeb105b211d4596bdca6db2766e58b5134beab3012ffeec75e58567748976b2e84d1a7c7becb009cf474

  • SSDEEP

    49152:IrNo3jmRq2ccrf62YBRouK/dTIFbylgc8FyN4:IruzX2Lf62YDoF/dTIFbjtQm

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.longyou.haitunpay
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5065

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.longyou.haitunpay/files/__local_ap_info_cache.json

          Filesize

          2B

          MD5

          d751713988987e9331980363e24189ce

          SHA1

          97d170e1550eee4afc0af065b78cda302a97674c

          SHA256

          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

          SHA512

          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

        • /data/data/com.longyou.haitunpay/files/__local_last_session.json

          Filesize

          133B

          MD5

          d62234acb548f41d5f5aa290de40a234

          SHA1

          4052820b56d0a9c81390a5aea416deb01e7fd3b6

          SHA256

          7b014a3efad5aa2f6611f3e8c4041b4a49d51c0fc8782f6cb163e683f0bcf56e

          SHA512

          09a3ed23dd7198acec7258741a9bbd37d55e7c80238d91e5e0c8f34a0bf4ea3bbaf91ffc9aa6f88c5e446429010cf69a6c2b23e2beeed4df83ab9d65050426ed

        • /data/data/com.longyou.haitunpay/files/__local_stat_cache.json

          Filesize

          492B

          MD5

          4b00fe9f1f5fb61e13d37d464df46e94

          SHA1

          b27e39626837f284c46c53b3c069524f8a2e9b24

          SHA256

          ac4d0c70b5322828b39cb01db688429517e021679e32e2095edbadc562be0a25

          SHA512

          6dee7e5e6a72c08ba94b24c442dbe73fe2259c7dd0d363c0bbbe6de2955f72126ac6e15b4d0619c0971cdb4adcd1f3c8f8a80f20d0d624332b51e24f08b2ac3c

        • /data/data/com.longyou.haitunpay/files/__send_data_1729177577971

          Filesize

          528B

          MD5

          4d59f62305c55e48b76623d206a17f5e

          SHA1

          5e90fae5d9b0823afcab1368c6040e871a183464

          SHA256

          0dd79ab3a9fc3127550aa21fa23011829b1b833f1c9473b10dde459f8e296486

          SHA512

          afbc02ebfb4af3ef03575f5f9ea296d396d3896096686c5c3f6ba1db37b947d68605713f3410dc194f2bb836fedb49ff4a27f152a82ba75126866a113c90fa35

        • /data/data/com.longyou.haitunpay/files/libcuid.so

          Filesize

          109B

          MD5

          84407dbf3d444ba0554d00186fb17e88

          SHA1

          3834c8603d96f37e441724b4a889a7f5466a3b44

          SHA256

          4ab7e786456b51091dd048f75376331f58428506dfe21141a01f53a0bdd92c8a

          SHA512

          ada062a1cdd27f99d15254ca28976aea692dc67c4e7b3c9aedd9aa6b3e7e2127ac0cec5981ca865a937938fa2ab5a48f18626fe14e0e3015db42bf2950c3a215

        • /storage/emulated/0/backups/system/.confd

          Filesize

          24KB

          MD5

          e833300dd2e1df29b95a9139e1e6bca1

          SHA1

          e0158acfa7495e2fc2bca567d0a4196c94d0ba9b

          SHA256

          67e386e6ca8398d959d3dbb45f5dc06f205c2cc4f68958d1e4fedfb5c423cae9

          SHA512

          4c14c4e57ed780de2e8a1e921ac090c4e84068552c47b6e260b47b84bfdbba047a7b84e1e6a77dc4b8ce7a934ef9cc7ce31bef72edf9b2c6493378c7210800b8

        • /storage/emulated/0/backups/system/.confd

          Filesize

          24KB

          MD5

          4795d93fc02cbb3efc1c0942a92e12c0

          SHA1

          9177b4762ac39bde72fa64bec5e82370f7b7e1a4

          SHA256

          7e6359508819458271d1b9c2856039f2cfbb587e4bbe3e0e388376368b8e2e52

          SHA512

          59d18c1c5b5f8d33d3c0fde92264b581c2b48acf80a289500c449c47f7a94859d5803dc306a55530063998b079a5297e4061a5c0dc0a8648c45fcf2028330c7f

        • /storage/emulated/0/backups/system/.confd

          Filesize

          28KB

          MD5

          4bbd89a1ae21b0b0a0bb9db7535eb36b

          SHA1

          d1185045ff81d1f560e886f0a34791dd6685f38d

          SHA256

          1a0c140f4d4bf51d09449fefd34c36ef1da1ffd5939898a942bb0fe269246eff

          SHA512

          e0ddbf3503328dd187eedad62ac499a8139cc709033b3c475d3bc5bb51b23423997d46f5d58858352956e83ee497ee3d03bf549d1fcfaa87115db7dcb9087007

        • /storage/emulated/0/backups/system/.confd

          Filesize

          36KB

          MD5

          96008062c2a46f7455ef910c6b7a16da

          SHA1

          ad9af6707654003a7b557831fbdb8a99f8658cb7

          SHA256

          ef33cf88610ce1a143c3f3178ec3aff69720903902f646e3d3a80d404fa20b61

          SHA512

          1cbab748c53400f2645ec1f557776a0cc392154ff7dceb3a32d53b7687b35091061c11fcb0f021dc8012e9cf9268becd7670655c721fb2c0ee37eabd47bb4182

        • /storage/emulated/0/backups/system/.confd

          Filesize

          20KB

          MD5

          826d5e706922799591873ad10d261b23

          SHA1

          01d46a29ea4a338669f7753a50a19d6ab54f5c4e

          SHA256

          2418a7e344c022770996b8db13d3bb83ab784ad167c1c1f40f2689a4c2c30028

          SHA512

          1b143edc7b49f7289fd3e7a52ee0a90c72bbdc8fda7825b3d854f94232528e6c8f920470ae7552881a32c3f4f2275e670e4836f3bface35fd3150edfb1c3e815

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          8KB

          MD5

          527fd3d2c423c9765a183f5d6efcb6ad

          SHA1

          f7db2cbe372688758f8ab472903f033177d2ba5f

          SHA256

          1282eaeb25e9024432879f6645146c2f71c6c98c39506e54f0a94920ec9b34b7

          SHA512

          da9e2cab1bcbf08d9e770921a0660f7d0a6dfa8e982ee5bbc9af2269d9cbe7ca4d844c4cda7fe11749c752262f903f88fc75f71fc6b44aa89e444aad3a5e0921

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          16KB

          MD5

          466fc3c9e2dd6a3cf189743671b9f047

          SHA1

          2da5bfe58eba233bc791e68bed008685cc80895b

          SHA256

          6cf6fd6055bec00c73009a34f73d10b6d19f08fa435474636474707bd3c9ed8b

          SHA512

          2947df1319c66b29cdb6830c30ea13940c49b120b1b65fb5d50c07405d99056008eb32c54fa91cb897072cd92980cd3b88d03aab0c757b440a2cf330be582114

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          512B

          MD5

          926a25521b84aec281ba6d513ddaf0c5

          SHA1

          87d53cc9c7f5db2945ed501427c21895b463cc0b

          SHA256

          a7954aa4df1c6890747a137331431414f2ec60ac4c28d8878fb521cd2ddca832

          SHA512

          97c6cc7196dbbf5eddc6f5db6c2b7a5bf053a6d5072c21a947ff0877682c8158471fa5d42490fc4614374d602147a375420c225b4a4abb07ad6b400ad0be0a91

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          8KB

          MD5

          bd1a0173ea7aacc0b85e2a3dcfa4191f

          SHA1

          0dbd0f6b9537fd7186be78073c6edbf061de183f

          SHA256

          5ff6a2743868f79a6413273cc048148d07bb144544c051dee4834a600bc688ff

          SHA512

          28430b45ed73cf3cb2bc6deda253e6255b3341c051e7965077e7ca13167606eed5b83d27da694befe5894569d03a4a4aab174c5c5e0918fa55986b534eb84a69

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          4KB

          MD5

          0685e552412d1e179b01bf24ba88a097

          SHA1

          193c2c07e8de51c6bc4a59831f492d5f0493e54b

          SHA256

          0c428a2c6f69485ecb055af3986ddeb664944e7046ee776ba37b0e06bbd59d92

          SHA512

          3ed8ff83e58c67f94b05ed2f7e3651f726d518a566e4d425686ebe9e7e335e294d562ae15ac4af5e93c046a7c2190ec58165ac90c46523e1963efc9092ba08d0

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          8KB

          MD5

          957a0328d754e6030d586dbbeb5790cf

          SHA1

          d0271d0ae4c064ca8a4b64f4d0f35443b62a5221

          SHA256

          755988402a0e4f24e193e7c43d86019f170233a187b06b9693b81bc82f5535a1

          SHA512

          2ae103202f7ee19baee542c30523639f59514d47f43cb0d56e721f4cc7903139b69e137816622039a339003007412ca6d1f2b6ad330fc01d2cb774c03dff7c8c

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          25B

          MD5

          244af2cc5ff8455f6ddff8000850def6

          SHA1

          d65c2cd09168a0b0ea20667fbddcf3660c2ff82c

          SHA256

          ff205e37c790f143178dbeee91519ec73902c5a3d15ede8cef6fe9abe12d29a4

          SHA512

          4d7188c49e8b76318be6c8be4f71c69220d06111e005333aa4eb47063ec7e49a9d503fc4ea0a0aa029736b5c877624c82a10042cfe49c181a8c0ec3db37b27b4

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          55B

          MD5

          1c3c1e1fc4c4734ae172fdb88d7ad1ce

          SHA1

          d920b069606ce7389428b5bae03c4d06aea1ed71

          SHA256

          81a46ddaa6c2371c56bb80133b0311d9939b5561536a7668d86d5f087df45f42

          SHA512

          f5eda4b122b28df8ef66a6034943f24f425dbe4ba3c4031450b3088f95c86efd859bea3c3947ccd83034104083e6e257b4d25ec5ccfe567b4358abc378269682

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          84B

          MD5

          91d8e69e5665a74637c7f8f9ea117dbd

          SHA1

          0bbee13991f597beeb846aefaf0f3620883a2ed1

          SHA256

          b5e42c0e2031843f9bbb9290e036d8361d949c6ab345a2c85dbe3d57f4da2d63

          SHA512

          2c2355c0f491fd5f4daa2295c6d4414dbe55deabf869620ac7019be16f596c83938d14842b8afa41aa3c4a506d17ef766df3cae12881f46057ceee28499303d7

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          114B

          MD5

          f7c2d45632ffb86982fbf4a4a8a68f8d

          SHA1

          a8398a1f44b12134bc9c60103a0cc9d3fb1bacb3

          SHA256

          9caf697c2445c74a97cca6d19cb4bca235abc055fb2d4028321206ab5be8ceb6

          SHA512

          ea80995795f4fed53bd64981de1bb7b371f7eb1e6108dc0b21c5ee6b096313ca3a33bea1e2b9a4d64bfd3d4f5629226dc0b98db2a51a456dc102c2d56bb75d05

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          138B

          MD5

          f045c41d46f753c7e2d076a88aef433f

          SHA1

          725ce4f3e217086f8c109ade4cac6466502110e2

          SHA256

          cf4ef482532261b8ccea45f4dc12d100efac5a4b1d8b7e045a7f4cf097334d14

          SHA512

          4f9f5ad693c1d28096e5fc188a57e98b05847e9cf7159cea8daf1a418d24c5cb9516b0fe465d8da3baeea38486061103fb7bd3592c32dda4af46084897526ae2