Overview

overview

8

Static

static

6

6fe2b92def...18.apk

android-9-x86

8

6fe2b92def...18.apk

android-13-x64

8

Analysis

  • max time kernel
    124s
  • max time network
    142s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    23-10-2024 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fe2b92defcb570de6b937014cabcc05_JaffaCakes118.apk

  • Size

    4.7MB

  • MD5

    6fe2b92defcb570de6b937014cabcc05

  • SHA1

    63912f76869f39f43af2b5fea2b6e9274e81c254

  • SHA256

    c26bfe2baa1c5e585583e38ff3017709b6f677aa2be3b65bce0dbde2a6c7e65e

  • SHA512

    3c337248084bf37cd7ce7b241fc504161935226794ba0b630136abdc16b38a5ee57de5659913633cc5f3a93c95b5404ea36621e763368ebabfdfd95c6de6c6db

  • SSDEEP

    98304:3IIWB8QMpkdHxQfas+AY33FBINqp1pD5U0/s6hMa8D43rQC/jZPe/Dg2BCUnN5kK:YyJpgmfoB31i81r5VPMhkorkNg

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.yingyonghui.market
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4251

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yingyonghui.market/databases/downloads.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.yingyonghui.market/databases/downloads.db-journal
    Filesize

    512B

    MD5

    b0b95f30fbf8b007a10773c0f2e61692

    SHA1

    19b63242a1a45098c53f207aa7c2ad3caafcfc65

    SHA256

    ec1b04e6bfcc000cdf140650c976d765808c6a6e93aea886edd0a053747a1e7f

    SHA512

    df8197186a2dd3b0e028edf9c67c1cf20e61ed406c0ddaed8559105e81eb695e25f0beb5509116b5457659437cf8bc0dcfa8e091baa9905c44fff04217f15b43

    Download Submit

  • /data/data/com.yingyonghui.market/databases/downloads.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.yingyonghui.market/databases/downloads.db-wal
    Filesize

    36KB

    MD5

    3f7f3d628a7cb6f49ad1b8a69ade02e5

    SHA1

    de0d8889e41f12bb090349e2aa0d384ad4105789

    SHA256

    7dd7beb6acd2603f89b96f2133e96fde9ebd6756b9b837f9a64e612f90de1c55

    SHA512

    276808a9ab903d18ee03453991cea5f424e859106f7082d2cb8a878c93d8ae1907c46a1f1e02533f3c3997b79ba3a7a185473c9bd876000c77cff5a2180bd569

    Download Submit

  • /data/data/com.yingyonghui.market/databases/msg.db-journal
    Filesize

    512B

    MD5

    34e1ce34f5672a5a778ec379cdad1e46

    SHA1

    ddc37310ff5bfac9504a057e5aa5c2ab1f7efe51

    SHA256

    b77feaf0cd17b50cf30734199dc8c855d065220570d8fb30200841fb46333ec3

    SHA512

    87ed5c02377a1a4dbc79586af18767e2960991d1f2fbadbc5eded9e6a54df0f56521b62c59782975e74aba4d21cf52bd70b0273bb52a8a02b066796878a8f4aa

    Download Submit

  • /data/data/com.yingyonghui.market/databases/msg.db-wal
    Filesize

    28KB

    MD5

    d0822fa7bdb29ca16f8d32efb02f16e8

    SHA1

    75ca4d62b40401cef2c9f7625377d205bfb42c0f

    SHA256

    0dd7723c43fead43514a5ef31b5056d0b5b7f4b38a3e16e7b29de6d6047e7fad

    SHA512

    b5c086864c4e6f01bef95c31a7a5e5c415723cbb1e4bf593294c6c04631da5b68251fdbbaf4c77c6cb01abb7646762c7c837494605695aeea26d6f660fc235e7

    Download Submit

  • /data/data/com.yingyonghui.market/databases/packages.db
    Filesize

    40KB

    MD5

    057027bae8747dde649771f79251cb79

    SHA1

    2f9dea65ab7fc3e5eb8adda89bcdbf901fbb59ee

    SHA256

    ef79b87afa74b1ccf128265d9b1c450ae4c3df9e160dfb5a609fb1e81b1531d2

    SHA512

    a76547b6ea3070235e06896fc1e6f6f3019bff7bc5d749c3d9700352c7f26154abe871f5598866162523b584ac54dfffd5a24b53ce41d34228087864057bfc0d

    Download Submit

  • /data/data/com.yingyonghui.market/databases/packages.db-journal
    Filesize

    512B

    MD5

    f921a6be67ced2a21439e72d92be9e17

    SHA1

    128392c5c465172c88ee070c69496aa4c17ffd59

    SHA256

    cf6e6da08380aa3b994a5250c9aff673683daaf3ab9c0fafba2f87c2e8e21e61

    SHA512

    ae1b340d30cf6ca77749b92487eb2d3c25ba4b77decb0811747583a8ae86ab282e77d1ec73a84b12a4189512f302ef5f49248ad8927476086a9b98bceaf99d16

    Download Submit

  • /data/data/com.yingyonghui.market/databases/packages.db-wal
    Filesize

    422KB

    MD5

    e31b555b452618e72a67de7755e81aad

    SHA1

    278da7df18887bc3cc7e732951498e17f7932b76

    SHA256

    e576ba96885e708a0cb32ca0121fbdcafb17688c42fc1382f70fbf8a5f4babd6

    SHA512

    c9d728c19a213b91f7ed15fd109d0247350b369544990a7d679a75d3b9b1499547740a9f39307697ac1b30627c404a44bb1f41172a81352c1313bf5a4e24cabe

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1729701251708
    Filesize

    112B

    MD5

    0ee426ca3d1d065544738f4a7d049789

    SHA1

    e422ddec657061442a89c3f634e67a8763e760cd

    SHA256

    eada2c88fedc49d5e0096ac5694591ca7666885d0f20f53d69817b9b77d56253

    SHA512

    3241a5daeb47f750f3e4d17e8c6ffdc4657695d041ef6bdcc2fd56454d79a3c9ae75f159dfc8244eb32240bf05e386e75dc37fba0528ccdb071e031c9f40e987

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1729701251708
    Filesize

    465B

    MD5

    f81fdf3fa80890c6f37e5331133a891d

    SHA1

    e6d85afb102b3d96da09f63d429fb551d9fe9587

    SHA256

    202db324025474e3f7744d51e7b14a5bf3efb1e5c6390fac22a362112091c646

    SHA512

    359b28ddab6561209f877f5718d2f196cff25b5362134ac1b6be40dc739c90a25d4e5160392768748cf6ef7c5bfe18f2ed1831aec7a8e002e66aecb193859aac

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1729701251708
    Filesize

    131B

    MD5

    48155452efe61b4717a03a7f2e2425e4

    SHA1

    20ae30da3e3cf63450c3daddce2783c55e094615

    SHA256

    b4c15918a21232f19d7e3962d1db81f5bfb235e7cda07ae78ff898ee72f65a5a

    SHA512

    f2283adce015eddaaa51e6389a49fc4e686385815e11518bdb3d4ab7439bda2cf464ce3ec3723805b8189392a3949590ed1e05e2ec9d0dd636d26288129ca410

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1729701251708
    Filesize

    150B

    MD5

    87fec76a4c49aa3030e29c103361bb70

    SHA1

    4159656eb240f82e25e24444d130ae782f59e2f4

    SHA256

    2c975626274d00f231db5ca2a779bf0c399a8a4dbfe1d9d07b00f7c8090535f5

    SHA512

    38a38eb8b8a27a9ca2edc8dfa2bb5cb84909545cc6c5c4f5c784d194ba8636743f59d428087cd9aeea2cf2f3e4766916deffc5ca22608932a31311ad375ca045

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1729701251708
    Filesize

    162B

    MD5

    3d76d2d4bd5dfb30dce2128872762c5a

    SHA1

    ccb81c7acf56bfb8ba2289640d1fe8d942f4e7e1

    SHA256

    58d8152adb88a569fe1f67fce4b4dbf34b00b7438da4bc58a6fcfdd3effc4ae2

    SHA512

    f3e70b0981db177b1d7bc7298e27f27476dccd49b3e86b6bfa88a81aa76377b34f6fc026b6aae9afddb17436801f2314e18d0d15b55bae6bc1820ec7e2e1b1c2

    Download Submit

  • /data/data/com.yingyonghui.market/files/mobclick_agent_sealed_com.yingyonghui.market
    Filesize

    643B

    MD5

    4b5184abf0c189dbaeb41fc2abea58ad

    SHA1

    6e3bfbafbfbfd69c41113817a7f64c9f0223a272

    SHA256

    da65568c29fc91c15e1eb59d7e074a3ffad0fef4a2466d388e6c754c44a6ac16

    SHA512

    56e4a57cd45acb483af6fac95412ac00eacf9f7d07ae8b735f30c1741db33529d14afc06f17c55c1bdc5a64e0f2c41df536712e60fe99c06345cf6fda7504446

    Download Submit

  • /data/data/com.yingyonghui.market/files/umeng_it.cache
    Filesize

    211B

    MD5

    873e35fa51e8d291931dd0c068e0f18d

    SHA1

    462212c5c2d97ae70536a788aabb118d91380767

    SHA256

    d03894fc7b4eea6398014b6c5752d2b443269cbd99e9fba3a7878988c5977607

    SHA512

    d9ffff7b9ad205f1d036ea4d2ff956483a5032591af0f3e3dee2792c362190c685985740942f0ce2a87bc3dae770596e6003312d677e4ea6edd06cfeb0a2e5c9

    Download Submit