c26bfe2baa1c5e585583e38ff3017709b6f677aa2be3b65bce0dbde2a6c7e65e

Analysis

max time kernel
125s
max time network
146s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
23-10-2024 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fe2b92defcb570de6b937014cabcc05_JaffaCakes118.apk
Size

4.7MB
MD5

6fe2b92defcb570de6b937014cabcc05
SHA1

63912f76869f39f43af2b5fea2b6e9274e81c254
SHA256

c26bfe2baa1c5e585583e38ff3017709b6f677aa2be3b65bce0dbde2a6c7e65e
SHA512

3c337248084bf37cd7ce7b241fc504161935226794ba0b630136abdc16b38a5ee57de5659913633cc5f3a93c95b5404ea36621e763368ebabfdfd95c6de6c6db
SSDEEP

98304:3IIWB8QMpkdHxQfas+AY33FBINqp1pD5U0/s6hMa8D43rQC/jZPe/Dg2BCUnN5kK:YyJpgmfoB31i81r5VPMhkorkNg

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.yingyonghui.market

ioc process

/system/bin/su com.yingyonghui.market
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.yingyonghui.market

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yingyonghui.market
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

16 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.yingyonghui.market

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yingyonghui.market
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.yingyonghui.market

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yingyonghui.market
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yingyonghui.market

description ioc process

File opened for read /proc/cpuinfo com.yingyonghui.market

ioc	process
/system/bin/su	com.yingyonghui.market

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yingyonghui.market

flow	ioc
16	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yingyonghui.market

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yingyonghui.market

description	ioc	process
File opened for read	/proc/cpuinfo	com.yingyonghui.market

com.yingyonghui.market
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4305

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yingyonghui.market/databases/downloads.db

Filesize
24KB

MD5
19837725f05e4429986a5d62dcecee2f

SHA1
ea0dd831583d82a31dc028820af4a832085a5845

SHA256
6cefec19b6a5a80affea645bbc2c12ff2ef81f56970e1461ab0ae7f8835a4f08

SHA512
b0c41c24f653fd4a3977976af02be0d9f52d94cfc3cc404ae0fc78b85a7bb499bb7f591e4c3251f1c700683e1776421e9b0a3e8063a7a83b57a97e906bbc63d9

Download Submit
/data/user/0/com.yingyonghui.market/databases/downloads.db-journal

Filesize
512B

MD5
1f73aad94870f149da8ffd237a88f521

SHA1
54fa46205c77a81f3e27386fd2f0b8afdab016ae

SHA256
352e3a264995feda7743ea4687c3e245c38705bb837fb43e0f1089cdf82fcc70

SHA512
c5e00584a0d5100fafd667093efd4e7b8b622241204477ce641c94b1a3181181f4041d3dc35a31ae2aed6457f7fd76cd592426b7915fe364c99a29b4a75d46cd

Download Submit
/data/user/0/com.yingyonghui.market/databases/downloads.db-journal

Filesize
8KB

MD5
155b4fae03ced3be440c28650ac3dd61

SHA1
8adf6c003d85d6dc7e6252f2825ce5c1a7a4d61c

SHA256
e2d17230e31a43d591a531f70eba19826ac9e62a934776ebe125ea3729b40d6c

SHA512
19369a7e428a278b2bc83fa8b93689130282e1bc3b9811d742790f3aaf18acf6593856ec41bc4d170eef67f292cf8c3507f6bd1b07b6a7233c8b5b59c8873514

Download Submit
/data/user/0/com.yingyonghui.market/databases/downloads.db-journal

Filesize
8KB

MD5
5e6d6f2a260bd95d3ab27f939e807178

SHA1
862683a8e23519bad41ce1ed4489c120e58340dc

SHA256
7590c65c0a3a2427689ecd131cf6e493203619119d276a90d0efad508048488d

SHA512
f03a1cc77933cd103a0491141453244af52f0903407b8541895ad7be8d84c50494159fd270bbea8dabef9c34c0eba478695b6432f0e9f80125ab4273b1b829d9

Download Submit
/data/user/0/com.yingyonghui.market/databases/msg.db

Filesize
16KB

MD5
3ba306764897dfe63fd8ee55b1e36d06

SHA1
510011662e86ec56ef80f59d5c8ad86bab59e92c

SHA256
ade79d1c074451e68a1be3bde79a5233c9c2531ceabc69ea4f04416160f4bdca

SHA512
2af06583fd80d0302859ab80c092d45b49e1cb79305d527f94b670499ccd007e31510569084876e50f6b2f1e25c61ed2725eb13988a5155fd6aa53650ae4b05b

Download Submit
/data/user/0/com.yingyonghui.market/databases/msg.db-journal

Filesize
512B

MD5
b12be644e0680a3bd678b8767051324d

SHA1
2700d93986be065701c8cc1ca7e0c594aa92a674

SHA256
00572d474a57aaca11e76b66d918b6182ebabaec0e53686fe25ab92f30ad9326

SHA512
a285a1c946bd0971f0863d793d64da7ea7ebe9133cebd5be1f267b1c2ba0a62437f85e21ac5b3fce1d83def7b8d6124b02b0a4236c8425f1afd0431ce9a2d277

Download Submit
/data/user/0/com.yingyonghui.market/databases/msg.db-journal

Filesize
8KB

MD5
ed183adae81d3e9b9d13d95ee69ee457

SHA1
ea37a724aa79b245d632e7a1eb77dbcc521b3e47

SHA256
68594296aef8785ab14571dfc86904f66f8294bd47bd38779a6d1161a4886e36

SHA512
9873c7644ac8014cc8e5974b94b96008ae9e5e8c6f82b7c3fb150f5de9d1b14ce8c72f7e1ae18ab0310f497a96f34ea814955f7632b3d342e412e07be2e052d8

Download Submit
/data/user/0/com.yingyonghui.market/databases/msg.db-journal

Filesize
8KB

MD5
be4a00001fead1be7f84481a34907175

SHA1
1ba910e3573674399d05d983119efc677b98db2e

SHA256
ad302d93a592c4feadac9ea6c84ab4ddc7577967807592b14106c5088eab8c76

SHA512
b9273630a90f71f415bcba09dc747ba78ad767643b81f4490d1487e4beaa4945581e0d88db1146b41c24bfcab1a722b0d390e9d3d76e2206be2a8e367d7f422f

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db

Filesize
72KB

MD5
0891080cfe17f5eea7a60796c0253f35

SHA1
e626acc2d1d3c1828ea2c0bc7bfe6d2fae895080

SHA256
560808cb87004cd53cc74264f8c8e71bf8d9aa0f5f706ab1bb8b5215c8b523d4

SHA512
2b46a1f6dc276e7f92e0a9e85ff1c1b80428ec3ccf39d9ffde19d462268a17cc2e7a857704778127c4b6df138f749d0e3928b00e107a60b80641fcc6dbc02ff2

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db-journal

Filesize
8KB

MD5
bc1d059c79591aef2ec457de7096db8f

SHA1
96a02c72336980ab7cb8089d73b49771ff0375b1

SHA256
56f549f4d27ee9e3d226ef35ae132da40c0e19fb9dbb01a3547dcbc2aec55600

SHA512
f5ef18a19feda6e4c39fa2fde2fed59976d0056707d2df3e0ad606633a03cdb6b253aa8e02502ce668a8c4d8f35ac9fffb36c4c9f038f0e9820cbaaf16339599

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db-journal

Filesize
8KB

MD5
72e7b1408a8b60c8f15ad3daa07ab4b8

SHA1
7f887b96800694ce76584baa7552df3f81a533fe

SHA256
e29d58f52fe773737d6a85305af1fabb03dc967f9c46c1c39b44323ceddc9be4

SHA512
d7ca9536a1a12f6567af39a559f21bf5dd2a15e8ec044158be96d4c64ac9a2b3ceff02c72e394a0d9f35f601d064c3f7ddef71d2d63a3b1fd3a8ceba05ffe640

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db-journal

Filesize
8KB

MD5
ddab165440d7469bda3db63f7194e718

SHA1
741b39f7550622f34a690e8beead0b2686459eff

SHA256
f19cce3c533ef1249b7865900091f32c10963faa72cc28abb57d0605f24c886d

SHA512
e77d00d94dc655b96958b50bfeb0924cec088d30b464c29e9522b4f72d5b903a5fac70f6e4e25b3776378251578ef569aa13eb604329cf19140eff9cf8f7b3bf

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db-journal

Filesize
24KB

MD5
efbba6f5694f1795e9d30702a2298bc1

SHA1
7189db9aaf502195f4a06369192c257f834086ff

SHA256
04bc9d5ac1cacbcd14e88d2c1588d164e93af48d514af3821919f47656bb1f70

SHA512
f4705d815f867fd6073efff43a400e184c2c506c06ada35a630cd13722dee7d49cb79324126f548104c4d99c24a0db37ccfa4a59ad30abfb31111609c0f26f2a

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db-journal

Filesize
512B

MD5
f9138d1f8b647443fcf9717decb45d0e

SHA1
e5a9bd75292b9dfd3baf7c2f893fe491f7605093

SHA256
64f7deeabadc59b78f04e51bece1448048495f50860f6caccffb138e39c3f2b4

SHA512
82e86f7076b5f7372c688e933fb64977fa2152c4d2f3b07b34d5d558120707e9f35a5bc6e01a85603bc1a0e53918e0f0b524067bfcc5212979661bbb7d5e2e1e

Download Submit
/data/user/0/com.yingyonghui.market/databases/packages.db-journal

Filesize
8KB

MD5
ed38582fb1eb4ad4402a341f6d8dcecc

SHA1
7137955819cbcbeb441724814b3d9a1ca7a4bdeb

SHA256
fbfb791c6888c18820be03302bd473fdbf530c2db162e90be0b87125a660f58a

SHA512
4d248b656b2e2d2797e02be763da07fcac322a08f5b3deea0dba71726f3266b41213c30907a13e7556e8ee1d00aa3f2cb65824ae3bcc7ed5f39f3b1626019c7d

Download Submit
/data/user/0/com.yingyonghui.market/files/log.1729701253732

Filesize
112B

MD5
2d0d566f2b1669740fe22e12b5bd4164

SHA1
0b0de5ba283f139d47afce46cc9de2259d22973d

SHA256
f2f5d61faca3eae754a59de61a52d40b1f25e1a1afe10867e4f41a81a08712e1

SHA512
d0ab709e0a43155775929c0224481f0098a810d9f00f3de0734bec71f5fc83c1ffb57cf6bfb2f9648e8ad4d911d66da59363b3a0d7cbcdd721201011fd8110ff

Download Submit
/data/user/0/com.yingyonghui.market/files/log.1729701253732

Filesize
433B

MD5
6bac969ad201365e264c66f8e25e97f4

SHA1
dda58be8c7cdf9bb192ecaa5b638a88f97612da9

SHA256
bdd2d71f09395137f06ce67fb476b4f243ffcb58a729ec0ba6d712633b8101af

SHA512
a6b30916aec7dee723cbafeef92a0968a1666e7b935f9863c2ab6385a4f72b99caa467921bcb2f2e1438e7c76914c35e593f11a9f2828db06a134a3bd062b08b

Download Submit
/data/user/0/com.yingyonghui.market/files/log.1729701253732

Filesize
131B

MD5
6fc0c1a44c546ebf7bdf6b29f71fee14

SHA1
96fa231f5f1bc339b03167dd7ecf3e97eaff71cb

SHA256
1d2beac8b57148b89bd070cbe51f2d45e0074b42516e3e4f76fd39f8142e4a1e

SHA512
d8afc2fd1bb250dbca8bfedba65a36379613d375233f864e7165608d942116032e3cfac2c6265be473a57cb1fb5182a0c25b8b159ecda672e137d49ddaaf454d

Download Submit
/data/user/0/com.yingyonghui.market/files/log.1729701253732

Filesize
150B

MD5
f140f97638788117525c7386ababf5fa

SHA1
64d15e3b398d98acc1287108c3f2c3b4f448c093

SHA256
6da7c092ac703a43f1b55c28f4653ea43a6007ac75fe1b70f0835e042318c289

SHA512
193685a3f1540c8063a2b2914bd6618edbc388badbf788eeed00622a0fad5273481bdbfdded32a30a40c5fd63d5ccf2652be4d173e36348bd22eb0e20c962750

Download Submit
/data/user/0/com.yingyonghui.market/files/log.1729701253732

Filesize
162B

MD5
6d7f322b31fdd73d6c3c814a4a8da0f0

SHA1
3b0d9dbfd38c0aff78c04802f5206d89a4e02267

SHA256
9a2fb244b7383e6a8b5615c9f596e2566541948c1afa12082dabd73ddfea0dad

SHA512
a61d9909d4061277f1345220d8cbcb9e2fbf95c7535af34f1e0bb820124842831164f14765d1dd390bb4fb8551d56ba83378b3a6ab1e58380efb88e93e76aca5

Download Submit
/data/user/0/com.yingyonghui.market/files/mobclick_agent_sealed_com.yingyonghui.market

Filesize
608B

MD5
1ee1fa04b6ca0435b31c10110bb76e0a

SHA1
43107f134e42aefeeaf7289fc69634c4c79e4de9

SHA256
240402b59175b77a7b7bb967de8c0152e937fff209dcc8d7681100c026569e1f

SHA512
5e80752f16fb98762059055fd78926f0514c5e275c68ae4a9f365d950dbb71c26bce53d6115e545611e8e802fa863fdcb281d712abb1fa39a2ddb1f71f977ddf

Download Submit
/data/user/0/com.yingyonghui.market/files/umeng_it.cache

Filesize
148B

MD5
28a365eb2e509bafd300e71b52136210

SHA1
8fee931f516e00f9e0261df01421a184a91ea3e0

SHA256
2896d0eefaed33d0b6f1ee93faee1812e83b9a00a5a63910775708c8b3d59ab3

SHA512
8cb3145491db6ea8bf7fd4c0c5bdd7cfa91b08aa1f962740f45b6e0e125c26e962f77d65550268453100f627fa71fe8acbcb12b3e843eaac760e39ded446e789

Download Submit