Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    17/10/2024, 15:06

General

  • Target

    527473de054d2338803b9e138cd89d5b_JaffaCakes118.apk

  • Size

    1.6MB

  • MD5

    527473de054d2338803b9e138cd89d5b

  • SHA1

    c6780c7d1398857548a53e4ebae90ceee88baaf3

  • SHA256

    fa81a8e0e91b5a4b75107ddfb093763d5f0fa8d44beeecaf6db65eddb05ec37d

  • SHA512

    b53d9b182a78a9e59a725fcbd686b4966364f8a3791abeb105b211d4596bdca6db2766e58b5134beab3012ffeec75e58567748976b2e84d1a7c7becb009cf474

  • SSDEEP

    49152:IrNo3jmRq2ccrf62YBRouK/dTIFbylgc8FyN4:IruzX2Lf62YDoF/dTIFbjtQm

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.longyou.haitunpay
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4612

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.longyou.haitunpay/files/__local_ap_info_cache.json

          Filesize

          2B

          MD5

          d751713988987e9331980363e24189ce

          SHA1

          97d170e1550eee4afc0af065b78cda302a97674c

          SHA256

          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

          SHA512

          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

        • /data/user/0/com.longyou.haitunpay/files/__local_last_session.json

          Filesize

          133B

          MD5

          c6289af07391cddbf1326515f2202cac

          SHA1

          e506d5e152d8c2ff96aac1ced069867ed5e232c1

          SHA256

          b2c43900cbb3b07e8bf8f4dbe7a5cacfd55ec6254ec75ff265068287a6bf6029

          SHA512

          362835906768620bff5641fb13bedd45a69d686ac249b08fa8e21963b157e012cc41694f3b4eac7f88df1a4cfb4b627b48d969875232eb3b7e658e0cabc5c033

        • /data/user/0/com.longyou.haitunpay/files/__local_stat_cache.json

          Filesize

          492B

          MD5

          9f3cfcda7ed63ceca67fa4557ecbe2ed

          SHA1

          cb9c18a9cb0f93d9b40f47f86533564572b8c9e1

          SHA256

          8c8dfd53d36251c248f68240534ead52c2df5a15e48270e97707a71f3c054f24

          SHA512

          e41bc3613255a11cfa0563d0ffc0b81c099b1bc7856507a2084eec87418bc2f93f90eec58d96c11fe70b6ee69aeacbdcf9ab912fe889d8a6498eb8a94f26fbec

        • /data/user/0/com.longyou.haitunpay/files/__send_data_1729177579741

          Filesize

          528B

          MD5

          0ee3270ffb9efd2a0d42aa25f997275b

          SHA1

          0e8d8d23cd9faf46e652b43df97593950915a1e5

          SHA256

          b84af7f643e2eb565611f58bd3ca8100d648a8849f9f545ffd0f99d102b21004

          SHA512

          1f832d22393278e308394b423260404033b9f31666cb89fe500757ad4cd45b0c0592c5ffe88ad3fbd9558fcd6bd5f5ac0e7f66cf288d9ce715bfbcba09811465

        • /data/user/0/com.longyou.haitunpay/files/libcuid.so

          Filesize

          109B

          MD5

          c80f07148df278f5342c8be24164d4cd

          SHA1

          1ca25db53fc3ecc0651ebb75bc4579efe2357843

          SHA256

          f3cfda51d3d3d338a16429bed62dbe141499d38c019fef7018c11f4f06280eef

          SHA512

          7392c700f86a436b1ce714c833e7aee3bc9e7af1de3a57f957152d5ed8dd526e40a26189e060015eacd4f9a77d12b1acf06358015c530f2fee9bf4cf40baf4dd

        • /storage/emulated/0/backups/system/.confd

          Filesize

          24KB

          MD5

          5ba8172059b1385bd3c8fed16dd91543

          SHA1

          7a9abd5be7fa334a203359f5dc6f986460f124a9

          SHA256

          144b82e2730266a25c0e9b35f6f6c7420d9344d6386be59a30791a2bc455fa2b

          SHA512

          2c46d42453dc740b74b0d99c1de26d389db4e8829bdbcbae11489b934fcef281daab7a5e53c6ced0c997711d3d5d08b0006e3ddcbedd26bb4f68dcc97f51ab99

        • /storage/emulated/0/backups/system/.confd

          Filesize

          24KB

          MD5

          340df521cae74a112e097e8c060d0f6b

          SHA1

          0c9e864c8cce9bf6ddb88236d926cdcb84e3167b

          SHA256

          7ebc3102a73e9806d620cde27f4d4be482461a32cc0189a0f9acb6045b2112a5

          SHA512

          605d7b652b5c773f26725818ce7fb658ac59ce297dae99dd56e49ab6f6a3900bae7701cbcd6f5958939788196ee85d81adfb193852d158b94479327e5301a27d

        • /storage/emulated/0/backups/system/.confd

          Filesize

          36KB

          MD5

          d46c1be4b424db132ef5161f5780e0a1

          SHA1

          553de15019ca5d70df7bb5f1b3aefb83119237e7

          SHA256

          aa94bcf75478e236139305330c48f56fc7ab100e1c70bbb1b0c0ba5361e127a8

          SHA512

          22737d8e068ed801f3d30f692dac3d0304f93d2b3fccd761252202568829b89a909fb7ef1a6353c3840e62435c29b41a13cb8650efad526c71e0a960a3f6b403

        • /storage/emulated/0/backups/system/.confd

          Filesize

          44KB

          MD5

          67de4df9703eb2bbec9cd15f5521b2dc

          SHA1

          ae3505692807f286d7fc4b57a910e40fa255d646

          SHA256

          932e711044c4925aad31761abe4bd1c7d5cfbbd0e4aae68184b0714366df870e

          SHA512

          a13e5f20a8d233bd315d7285a6664ee0d146b50931d98c5626361923335cf459283ec2a3da0137a12d7f4dd062a6b148e2c73c17787b0438196e7a220c1540c2

        • /storage/emulated/0/backups/system/.confd

          Filesize

          20KB

          MD5

          9d73df871bac42a97c9c7fa5fce9dd46

          SHA1

          6c8cbbeb4e548aa27c2414025b80d4bb4d1b3882

          SHA256

          f28f2c419c15e644f68dfbd92fc222caa883e64c32ab6e0db7ae650098c84d4c

          SHA512

          600dbd8d41585116f1998df8cbf08ed66cdc25c9c590b55f6fa4065708bcfaf79bf631f67c74f40e5b17c98257304cf56956b1e14441abe9252e6982dbc0aaea

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          8KB

          MD5

          a8b8b086c066eab3f4019f5c3e5317fc

          SHA1

          6efbb372cee705eca02ce6357da470a26342201d

          SHA256

          0b9e3e1d7184677b80cdbf487a08465055da3098794d1ee2586b23796ec8e716

          SHA512

          d65326a31f4e7d740da742d1e019c48eae82da5111e01150458131e9d4e40d045376d1b691c83a42d92242bfdca55f10818bd4b65b7088e86b8e110e11aa218a

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          8KB

          MD5

          fa62bea6d1eecfdb1b212384bdd3d619

          SHA1

          f7b0b8afcd56459b345261c09a5b60896151f042

          SHA256

          2b36b1ecc0dc0e70a3c1040c68d2e957112daedcf0740cb5e69b704a19d628b8

          SHA512

          c35b577fb3ad5b4619d02f42bdc06f7242df51f2bae0b23f8f1259659b63928da091388516de20933bae052efa697c49470291d4f6fd1bfeb803e79f747bf0fd

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          16KB

          MD5

          04772b9e7ef845970fec54addef530c3

          SHA1

          27ea50d7ac856d3467232606619db5965a49a0a3

          SHA256

          f0e4d6fd36571e12a78287db7e94b9ba4bebf071f0aa9459897fb746202c1931

          SHA512

          2900ef4e8971644f95048321843fe1dc06b9babe7e759accb03e0811794230f794afa19019f7f61cbab28d614b9d2e55635bef7fbd80f79cfec0af8179720329

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          512B

          MD5

          982058beeb8931fe69bc3a2a6a7bbfec

          SHA1

          bc939a8ce7d0e39785efb2bea2d684fa2dd4237a

          SHA256

          214d61e1a38c9d9cbfd99080c6143f8d67abf71568e225c1b1eceb56bb6927a0

          SHA512

          c6c21dcdbd831b05907de410058ef20dccb0c77f4c131b8e2f91dca6a9fe97a563f924b0030b444dbf4805842680af70fc9320d70d8b1f22a081c364a8dbec34

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          8KB

          MD5

          ec7ed56f3785d7f8634b1d13e3a7eaa8

          SHA1

          e63b711c4b44671d5213da7bbe5fdb6ddf0e9eac

          SHA256

          ba3ce24bf7da273eb093e34178e42c0d767565e074a2d5b1ac66792708bf414a

          SHA512

          f473d07d9c7b4104e5870ee6fbad2433d1549eb4841b9b0116dbb25153f5d47ec990cba1ee5041eabd019e32961283030006235afeaa97e3cbfa641f17491596

        • /storage/emulated/0/backups/system/.confd-journal

          Filesize

          4KB

          MD5

          4b41d47f94924370756b956ee87a4cb6

          SHA1

          73db3a7013b77eec2dfc718f4797e2b7f060b9dc

          SHA256

          dee37a100bdeecea2dec805b8b05735a39218d569677c99f07427fb3a3ae136e

          SHA512

          a3646c3def2caf81f9a4c95adff14d90c7bd2af6e20d44221e5a84946e0f89fb7c32dd3f4ad334b4445b5ba9f92b443e6de09f75030aef7451e6fcc751376fb8

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          25B

          MD5

          daa2c424c637265b26b8b1b29198825f

          SHA1

          d536460828607aff57770ad94c12fe87d6a89342

          SHA256

          02d03172fd9ebca8056e398169de04a79c9b0396d5eea86637811e184104f1e4

          SHA512

          7cbb9953d7f92bc018e248fb3fbe847c72d0a46e18e850a391e0d5abb6e8a983b25b8e64b4347064d7c341d75e8b82eaed04cb5220b874773918d538ec00e010

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          55B

          MD5

          ba83092428642e9a9837777c281a5a4a

          SHA1

          c9e57b5319cec464aa1c63464102788dbf0b488c

          SHA256

          e86d8f5b614855a8eee8ea21260663b15cc100fc7b1c69196e341e5ad0f44af0

          SHA512

          246213b7dd99bda120af20b91ed0c2760006e5c9d854f4b777a999fd941e456608a2a0b995c60f67d4dd1ed13d0e0aa26492eeb930a2c3cbda50528a3fabb651

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          84B

          MD5

          90280ad61b161ecce4d26ec4361791ab

          SHA1

          1f0700a48e761622e1b0a6513bc49d1e883065fd

          SHA256

          466fa04649875e8f871c6763cdc4953bfbea5965378a73413eb459d18283a287

          SHA512

          5cfb6ec2ccb58bc0df3e937cf5eaed567d884c1077fdfc7577cbce68451418359e26c47b7c14936b4728da7a0458c64cb2f8836429da09025f41de9cc0783c14

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          114B

          MD5

          fdb940a7b5c94182fa7e02fea68ba876

          SHA1

          4d7b03d1275ac0e31d204bcd30f12fcb1fa85eda

          SHA256

          5bbd26f18bd0b269dc4fb12a6a3ecff26926e00bdaa9dc295e1f43e479c56d42

          SHA512

          f19cb5d46d8efb5c5cead25961413c2851e02108d2d332c4187a551c37713e4c64d1cb4efe24743e8df389eeddd120a1d5b31766ca2082b362eebd3e10085aa0

        • /storage/emulated/0/backups/system/.timestamp

          Filesize

          138B

          MD5

          c6c0e52324ab435c8c35ff238473a061

          SHA1

          efb9784a585e06d6651dc3acf66657429027a335

          SHA256

          fc8eb9a55badd5923e87227e28f066c625ac4af82330300c8cf2dc6c8363f830

          SHA512

          33ec2dbb65417adbc92207d97680984a7ab620eb91602235fb92dc9fe4ef3e2a33a723750155f3831aba13289880bdc6b17d51bb361a64609e0dee8fcc98af99