Analysis
-
max time kernel
148s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
19-04-2024 01:03
Static task
static1
Behavioral task
behavioral1
Sample
f9283d2660faceb4cbd935bd9d60e1f8_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
gdtadv2.apk
Resource
android-x86-arm-20240221-en
General
-
Target
f9283d2660faceb4cbd935bd9d60e1f8_JaffaCakes118.apk
-
Size
15.8MB
-
MD5
f9283d2660faceb4cbd935bd9d60e1f8
-
SHA1
308f37c597f361c37d3e2589eab94e7829b2a2c0
-
SHA256
4b624d726060fe04c5710dbfe764229ea476116941a2d7ab0e0819b78eb01eff
-
SHA512
49e163dacac57fbcd65728d5060bafd2a01c2e52ac61183107e489b325bc77dca8a2d9fa8948b41d8eae2c3672a510a1d37626ffbfff079fa53d613b45b4374b
-
SSDEEP
393216:pjqXRHSxvVqFEQZFFFPfGI3qWpErywqDeIe8TaAMsfwevxBn:8VxFfH4WWrtqPe8T1XwA
Malware Config
Signatures
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.wstl.administrator.wstlcalendardescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.wstl.administrator.wstlcalendar -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.wstl.administrator.wstlcalendardescription ioc process File opened for read /proc/cpuinfo com.wstl.administrator.wstlcalendar -
Queries information about running processes on the device. 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.wstl.administrator.wstlcalendarcom.wstl.administrator.wstlcalendar:multdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wstl.administrator.wstlcalendar Framework service call android.app.IActivityManager.getRunningAppProcesses com.wstl.administrator.wstlcalendar:mult -
Queries information about the current Wi-Fi connection. 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wstl.administrator.wstlcalendarcom.wstl.administrator.wstlcalendar:multdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wstl.administrator.wstlcalendar Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wstl.administrator.wstlcalendar:mult -
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.wstl.administrator.wstlcalendardescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.wstl.administrator.wstlcalendar -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.wstl.administrator.wstlcalendardescription ioc process Framework API call android.hardware.SensorManager.registerListener com.wstl.administrator.wstlcalendar -
Uses Crypto APIs (Might try to encrypt user data) 2 IoCs
Processes:
com.wstl.administrator.wstlcalendar:multcom.wstl.administrator.wstlcalendardescription ioc process Framework API call javax.crypto.Cipher.doFinal com.wstl.administrator.wstlcalendar:mult Framework API call javax.crypto.Cipher.doFinal com.wstl.administrator.wstlcalendar
Processes
-
com.wstl.administrator.wstlcalendar1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4236
-
com.wstl.administrator.wstlcalendar:mult1⤵
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-journalFilesize
512B
MD5f18bd710707937c7cebaab72a5c51baa
SHA13848cbec14065b5bf39e6a71381755fc520ac374
SHA256fb2601de83706f6cc17d93e09aa4b118008a249dbdc663a3aff84c075476e50f
SHA512a7be4728762f20a5dfca12ef3b493c3faf7133c40dc852b9ba4408a491bf36378b85935817dc71eac0e7f58ea4a7e7dec61b8fe42a6edf2d23c9ed883f76c373
-
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-walFilesize
72KB
MD5a0966334d607a5d5a80e9bee48bce7a4
SHA19be30c8e37880f8c3fdf06586e8d3d1ded2615fe
SHA2568cc3a774f70f1b6f482eccb1e3c568401ec185f5de6d2dd06ab08fd3beee9e3a
SHA512fa49ac3baafe1b03b4c920014d770e16f45ab5820ca42cf68a06fe0ba75e75b7e2ca97b2a81803a17c51eb1b79cba535ef077eb572322f91e8b5d54cf377bc43
-
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-walFilesize
100KB
MD54c8bb4c88d306185e32ce1cd8fc43021
SHA15467a96cc2807333c2cdb437360ca6ea30c9de47
SHA2564e7db904dd78f86be25ed372465b87f45ad241488654c5e0763522fd1a896c10
SHA512389b7d6ce9d4890c576a93b26a97dfb7ff23e46bdf661e90b4bf1e0237b15d4080c4b06883423c5e57721354b522c743f93c79a559bc985587ae073830f59564
-
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-walFilesize
88KB
MD576740cba91e097f8f479165ec2f35b09
SHA1206f83e5284eb2a6451d586b17123db665d3933b
SHA2560e5def17d5770d80b9168a5bf8ea8253f70fa2a36efbab57639947fa9b6fb61d
SHA51282f25d6b52f7854ef215c25cc874bcbc2b3055b12c6b954886d8fd67165697da058ee3cd4b3b43cff3d84d82c2d55faa82e67c8b4c8e481fc150806d46127d39
-
/data/data/com.wstl.administrator.wstlcalendar/databases/calendar.db-journalFilesize
512B
MD5a73188c642b71756bf7c9374a61299ff
SHA110716e5543ee2de8f9fbf04c2225f6ce3298193f
SHA256543d05219b924538a78b7b11533f9d9e665c533cef6b0167c1111395a4d4ede3
SHA512837d5778db9cb13066dc8f50da84f4caf61f00ebf7a9ad30fcd180fbe38cc1a571a5c5c4486a20de8deb204dec1b7cdaf9a3558d472dae78088b9bd6ed69f711
-
/data/data/com.wstl.administrator.wstlcalendar/databases/calendar.db-walFilesize
36KB
MD50014120b58fc05c30d222cbe45e7c10e
SHA12c8d618e1c73f831375fecc7403612617fd4bc61
SHA256db4b896e7c8b461c48d20bdbb66f4b56f541bfe4b7869a667b0b0d81886904da
SHA5125ddc8ada3a2ee7b1ac065e49bed861d1f497049a91afeb5a63ff907e91363435bcf1868dec09d7fa68df744385e0dc400d85a070f70e1acecf9f8c93034c3681
-
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendarFilesize
4KB
MD58bb9cb81485e99faf5fbe381637bbbeb
SHA1efa19b2675cbc51dbdbdca76ff96c8a3aa1f1592
SHA2561a10f511a7863878377ae7f40c0c26bc9d27109f3bfd9850419b037c1f097ad9
SHA5128e54ea16f3bb2d099fd9ad67c2285e3087a5e3fbf2832d363868f16c4da34a43dabc8034fcec95a88ef576fc7644e27ceb95b6dfff5735a2e47f8feeb55c9f65
-
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar-journalFilesize
512B
MD515192def0fdac8d8261b4cc0261e51f7
SHA1c80965d6869389cc13c7a82ccfcea2844d8cb983
SHA256033f6275f96cdbd8b3d45c2e377b2c4b204364c677db218336fff850478c1f1d
SHA51201a9c68fa0b54d35c18e83ad34164e160f3996a413f77171d353273e224bf57f2c84d68b60ad4ec4d9e29dd7a25131a104aa99f787ef92062c5af26168041785
-
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar-walFilesize
64KB
MD5c7915b2e1072e2858a15771c573619f7
SHA1185346ee86ce8e23034ed681e5027143ac77c01b
SHA256e872f9beab9bee4fafb2954a99b266c5aff9cfd6de761f2c42035ff6f8e879c0
SHA51225a6455d3def89119b8d3d410729f01df9b88a616df664c554cb833ebc52d3baff2e0c8455ef35c5b6eb42eaaa36e903803cf5f9dd39544b4d6fac63c653079c
-
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar:mult-journalFilesize
512B
MD5eb95c3674bf0272429c95a597a8d6265
SHA11108266a404d3de4cdd471e7272c0d3bec18049d
SHA25620262ee9061c5d9d8e486e0212193f83f4281cc873066557cc776f9f197de583
SHA512152249b7318e0ad055234d3a6c8e8340577b9b4623a1512fc2a2c2f3c6678a593bea74c1b1c39007f47e328f843b5bf0f017f27121c20fee59953431d060c919
-
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar:mult-walFilesize
64KB
MD508da779a76d3eee30b9747385512e2c1
SHA1f9df9d43482835cb16b2dff9c33de0c80eae4b2a
SHA256db6068d6a0fb6535fa1206c0b4af2590eb0e6ccf98d4098f8c9512b232ddce16
SHA512989e045443ab2b37ef8de8e48b9a2e87d327ac66b04df92676c4e6d412325382b5235f12d0a41e72022981fec143f42631ac98547f81c62a4d30ba3e244951de
-
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendarFilesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar-journalFilesize
512B
MD5100f5fa367c6c2be1832394b042c4b0d
SHA12c51bb3a96cd8f3005d235c2f1a6e704a8973594
SHA256697c0d1608fc691089967c6c0ae50b3eaf3956f657feb2d7676b395917025e88
SHA51234f7bac107aff19e3298a15fd4446e26eb02c79fd898ed5ba557ff0323bbeae503692100fae63f117e5f2e9cb3cfba2e7077624cb7742af9c93699aacf9ad394
-
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar-walFilesize
72KB
MD5e982b6e4483542409cfa09a34e4ea2ee
SHA173922dfe047a221d09cbbca3ddf6519c86fc46f4
SHA256a675ac9ba3f6d871d1ad42154daf6ae0b5383483ab3c3be7982208ed41b03934
SHA51251edc79df0800ee653bc0cacfb829bde6a972846c42d3e826901fac9189fd5dfa73e5a9976927702db5d495aac2adf634194851906f1d5bfe0f139dd0911eed0
-
/data/data/com.wstl.administrator.wstlcalendar/files/jpush_stat_cache.jsonFilesize
119B
MD55caf3d3861ef804bfce9643b3178e713
SHA130985e88762a27ae94017bee920127f5f65b0033
SHA25663832d12278f0ef45487382bf548a2c2a0def2d319011aa65246280cf0e2d139
SHA51272adff7b9b93de4a9b39ab109166ca8edc84d9ba1e0a5e9d2d9d047c317eba90538ecca03d8a83dc4995d6ab3c46dd0c126e376a5fb259d134664e3c523970f6
-
/data/data/com.wstl.administrator.wstlcalendar/files/jpush_stat_history/normal/nowrap/f2c711dc-0189-44e2-a251-309d86e18211Filesize
159B
MD5f257ab0e75e777e960bacd7d1301b9ae
SHA147451f175687a0df83af340735d973033d2128ae
SHA2564108142117b06dfa62b2c819f764423d562e2d57f0569a790924129fa0d3fa14
SHA512526bc85e4ee653d981e8bd272ec18d83f9f5f8f050ead0011d68a7d4dd232f9b3c58d374b46ef71547c4e14368e4e7c437d235a949921222e73a9924f7e0dc06
-
/data/data/com.wstl.administrator.wstlcalendar/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNDg4NjE5NDI5Filesize
1KB
MD5c798ef7049c5814c8b7079e6a96eb121
SHA1a19bf0e90e527452f331b1554dbc06c3ef2d990e
SHA256a4d3fc81c819de966e8424b63ddd524592537add9d6a825c74c073c5f9cb86a8
SHA51288c1663cb5ed758e997b33007543a8a95c4c897299c6ca1a2dfdd5186ae0ac151acec0a44251ee9309097f39438d39878efcd4ed8664abfd5a54540cfd19644e
-
/data/data/com.wstl.administrator.wstlcalendar/files/umeng_it.cacheFilesize
498B
MD5b991622570b53e16c49332b11f611bcc
SHA1edd3ce44d48e499f39e8b71920b2c603acc3cc15
SHA256cd1804756e51cffc1fac95ba333c199bd5e64b82c206f3f105501ce314c82966
SHA512c5661425578947c308beb8cdcdb9090dba3fa8ce15b4656fc00ab5e3608c39e176eee6ffcabf2006a6e6ab840f73f1bfab4be59a0718f15738ff94fa2d7ae421
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD555036e534437b142cd048aa880bf3d6f
SHA1ae96b7cd2c8e5603793becd5447aafdb1ad7fdea
SHA256fcf799c18d20c0787b404608dff178ef46292133acd9aea3bf68b4e04b353830
SHA512850cd6ed5c20812491ba11b0b441466f66866b0e9809ba4f84fb0705f152df0afbabb415431e2387071e6a4f1477eec60f40640476ddbf6d37f78537f262693e
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5482e272f45b310664126c93030f7e1c1
SHA171740c915e6e823607e7b65d5932e1914f2a6106
SHA256d6cff81e6a42398e91564d52b986f8246e72b21ddee151aa0251196603198044
SHA512f556127e696c5efb01ab3c73353bafd021488e1558169ecaea10e518d1f687628c49fdab6ecbc255ed84c92cdb4786d8b8b6716d30b31e3e3b891915b040f7fa
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5bae35ed5de89409a20c427b54471a8e4
SHA1c4150caaab9ba1091ffd439252420410693d967a
SHA256e496cf80a014b9a88e26fbc55c50327060a49844ac011283af88073c66a17229
SHA512c19a0f06c0fcbad7989a793ae4d63c659ce41c64d82f73086140eda59b19ba38d3d4a68befe1b42cbc3c718f827905db96f58425864b271b0497cb138ddcbd12
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD52ee373fc71b84dbade62003ff15a9cd4
SHA139629e5ca203b8fb258dca426eec2a075a3ce8e1
SHA256f1b852954cff3d616486f6cfc9f2fa9c1256b936122424064b4b00356d769704
SHA512f715975422c6c9affcce89c3dae671085ceccf6db33d2a217395b5e5194a7d8cefc42baf9181a206fa1448866b4d86927f3c2dfe27b319f1d12e71c74ffaed7b
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD51ad75459696d7566b5e4c0063f2411b8
SHA1744de2dc75bb3aa9f37c906ad9b2fa92c629e56b
SHA25609ef9f8a38237134ff649e77dc3a1bb3af4f9ebf913e586f5647515501cbcd8f
SHA512c10ee922bb70f038bec2c1886f865dbb98633f1e1184b7fb846d92ab3122fb40880167b709f73b64e8b4e29e4f5e6f53045acd01b1af0a5c9f55cf3055a6ca1e