Overview

overview

8

Static

static

6

845fb0b6f4...18.apk

android-9-x86

8

845fb0b6f4...18.apk

android-13-x64

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-11-2024 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    845fb0b6f4b9950b5d74fcaebb882256_JaffaCakes118.apk

  • Size

    7.9MB

  • MD5

    845fb0b6f4b9950b5d74fcaebb882256

  • SHA1

    5ba628998e75d7ff162767cfb511b67878192a45

  • SHA256

    e21bdff3127642917f48f774beeaeed37046d029d20ea7005f5e33889e8e7188

  • SHA512

    29589308ea81cb7bf7b65c46d40106b7c36ad4c453ef83bba2422589b7de3114e2de72d1aa651febc1eb563969c49eb3f28b95cd21d2a2abc3e95c006472e6a5

  • SSDEEP

    196608:mY3oHgUuCSP85ImS6ve8/UwAZyXAJuoDRUS4qq376lxe:mY4AUA05ImtvecUDZyXquolf4q46l8

Score
8/10
bankerdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.yingyonghui.market
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4300

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yingyonghui.market/databases/downloads.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.yingyonghui.market/databases/downloads.db-journal
    Filesize

    512B

    MD5

    fc84b02f8c273dba202c5c49c1561ce3

    SHA1

    0c5a90379a850c762d0fa393bcbfb53ccecf9fb4

    SHA256

    061afa6ef963297ff9dae50494213afb79e65ed5f1b1d970cffd74e32ef8d9bc

    SHA512

    174955077f5845b2f829c6869d07825692a8f9c0455fc32cd5a21eb1a484f0b69c6a8052df35782b4943ae4d8b3615d99a6660cc9a9d4bea44393b8dd85d01fd

    Download Submit

  • /data/data/com.yingyonghui.market/databases/downloads.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.yingyonghui.market/databases/downloads.db-wal
    Filesize

    36KB

    MD5

    a9c09f5904e462500a20ab779cce814f

    SHA1

    4aa2b101de418bc948d9ef839e291db1c6aedddb

    SHA256

    7cb566f6abb388e1820908079919e434bb2735d652d1f75fd00c0ff8b11873cf

    SHA512

    4789722148e5976ce90cf4e15b550fb7dd98678a1a24b4ab5aa4a46bd9226e0782832fd6e33930f832b2b61ca54be29cb1709d88c60285501c2e5f9a88f12be6

    Download Submit

  • /data/data/com.yingyonghui.market/databases/msg.db-journal
    Filesize

    512B

    MD5

    599c3baea1e9d4703a9c8bc8a6f3f03d

    SHA1

    cc4f4cb7f570c1485bb06c00ada11fc650a826e8

    SHA256

    d8b4e9972427a12320f116050e84c11fa922ac235db7ed8549cb38c8176854c1

    SHA512

    133dbf2e86fd7436ad8b9c2c8242ad2be142d9af3f3d3eea23239219cbd7fc4a14b291f4ace14347ce72ce9bffb7024b4612c5c4e47dd0f7a470df6d26ba3554

    Download Submit

  • /data/data/com.yingyonghui.market/databases/msg.db-wal
    Filesize

    28KB

    MD5

    7b09fb329faf2ce5fff0b4b0dafb4ca5

    SHA1

    430bcc73f64d0ac6320dcb7b1010af055ea98b9b

    SHA256

    f5d2a0cdb38c1ce857c9a5321c779f766a249ae773a6cc22b1ad25807c5feeb2

    SHA512

    5ed23ce1a869eef69b7e40a594f6f8ec72da900f99698de73f889881be422f09d5b9af9b674f9b32d0e922ee3aa980a74506f5f483ac508ebea920552aa0c4dc

    Download Submit

  • /data/data/com.yingyonghui.market/databases/packages.db
    Filesize

    60KB

    MD5

    9fe641853d9ab70cfce6d7f38bc50ed3

    SHA1

    890defac8cdaebaafe0fc657c558dd4bd98888a7

    SHA256

    a0987351552ff77ad866cf087d5ae673851f49ee0373bbd1b5d7403df985d77e

    SHA512

    a4294e4f969f4eef9376aa97c8518a7b935d47fc5a12972d7f8f2e01e1027cbebd6583e33ba2bb71594542e6a62b3b854c5c4dc8c144367fd6ad7b49f92e1ee3

    Download Submit

  • /data/data/com.yingyonghui.market/databases/packages.db-journal
    Filesize

    512B

    MD5

    9305217d271980f23ae32f8747cc9b7b

    SHA1

    3a405a401bda9624fc1ec1101a37e7ac5fca4a63

    SHA256

    b126c73c61a080b4240b303dacdff3df04151712f198956aac2955d1a879c6cc

    SHA512

    0cc5c93ca3e2fda80ddf51e61385a9b2e7baaf818aeaaa660bdf23e9ec2442df88017b23c035a335620a93b78014ce9becd6b8fdc6b7f373f438a3bd43734dab

    Download Submit

  • /data/data/com.yingyonghui.market/databases/packages.db-wal
    Filesize

    406KB

    MD5

    5bc83d97798842324c9d767cbbc96189

    SHA1

    da33358a0c63ca56a63fc1285f12abe1edac28d1

    SHA256

    35d0274f6ff8756656a751c9a223f683687849d1725d608b3c48c45ccd22984c

    SHA512

    3206253e3a3713286e4d4e6161a52750e7780434c5ae873e5b47fc843f0d9fd9b5a09965da550867df59ca9213aece821add49879747766a54b98b1d8d72f14f

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1730456335503
    Filesize

    112B

    MD5

    32ccce111e7fbb0fb7dec0dec3473761

    SHA1

    58fd0790c84b894613a236708d396ad1545a4afc

    SHA256

    d930bd3748ed0558701be657c5064e9a0b6cd8ca73f1b1196e7a8670a2e45397

    SHA512

    871c996d83ae3820d2e66d9a25e45685a1699950fa5f26a30e14d2a68f2a6498067e38075bc404536bc1d47917c4b5c8c383f2d9d23c5d021ce2876741816f80

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1730456335503
    Filesize

    131B

    MD5

    1b6149b4784fada610a76450cc31eb13

    SHA1

    be1c3787538345b5813db2f008d607d30bff5a12

    SHA256

    ae8698587920185918436127f233fd7030c74ceb962f1bfd615b5be966c2333e

    SHA512

    0c04b4af218a35964acdcfdb15c462bdc09a426a28e7a9adfac88a5b27a012df79928ef3f45a8e94b242b342109ba7b514916b749ce39dfc32218e0985199a47

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1730456335503
    Filesize

    150B

    MD5

    f1d95a7344981e5cc7ada893f7f4a83a

    SHA1

    cc11f6f328a30dc608ab15f413618abe1db9f86e

    SHA256

    7566da58529c7d7b893cfefdf107c6f1eed5709c9ef3f6e6301126dc5842681d

    SHA512

    83e6981a7a0462e698842996088ddab6d0fde2fb3a9050ad56fef0610eb23ed8c44d981c6e5510012325f566b9b2ef3cb5cfe5993996a81b30fe8d68f6d9e271

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1730456335503
    Filesize

    508B

    MD5

    8e2e15c9dc9d6be704761fa053c7fea5

    SHA1

    b217183cd357eb411a1c009c849e57b5fb4fb0cb

    SHA256

    77469a14c8c2bbb172447efc881f574e3bb1c558d8fd51ae2029b3ac0fd820b1

    SHA512

    68c2225ed60fb0dad378d267595f2cfad3471f077ef95318e7e63d8888feb3621542e72d577ac3b8ccff390e7c3071f9a8f80c2938f5d89d59b7e06774dd5222

    Download Submit

  • /data/data/com.yingyonghui.market/files/log.1730456335503
    Filesize

    168B

    MD5

    45f9a6681c9623ba324ff61f3a8c1d47

    SHA1

    435cc12b19b3a8eecce201cfe605d96f84ae86ba

    SHA256

    e67840341cf4c268f0965aae7770ca5b26b9eec89c8cad3f852eac3b92ba8f70

    SHA512

    881754d4191fa128c7af1801452246775f143b8e2b5e7bedab2eb714b9f888d6259be2ae3e521e77d3fb9aded2f470d837a68dd63d6f5a01261d5f9095e9fb5e

    Download Submit

  • /data/data/com.yingyonghui.market/files/mobclick_agent_sealed_com.yingyonghui.market
    Filesize

    638B

    MD5

    2619632629ada4b8b7f7cf6741d3a7cc

    SHA1

    69558ff123012621aa821211a2526e1bb1fc7b2c

    SHA256

    c968d1a78a281edfc7ef75365f1ce6e7154049e8532a3a8345840aa6abbbdd96

    SHA512

    842000f38e03daab1893552d4d712f41e6efaa8b9aa1e61905261585d2d75f86e5bbcce9e36d0f59269ce9c12330d6c16adbca94958f03a83bcdbdd4ab54c761

    Download Submit

  • /data/data/com.yingyonghui.market/files/umeng_it.cache
    Filesize

    211B

    MD5

    24dfa43afdf20f9790bf2bf73f45b37f

    SHA1

    7fd3cab9c9ffeed18cfabd229b44438bf2f7a36f

    SHA256

    6f2d8965193f2d2b76ceb425c8b8ac49853513184e86d3a6f651101bb30ddf6a

    SHA512

    71c11acefc9fb1f5872c9d69129c099b593e8a11e881b020588df13374c25fc818a8fc45b257e80b436c17373e9e59012123bd65f05b7c463c8c4c8f9674ce51

    Download Submit