4b624d726060fe04c5710dbfe764229ea476116941a2d7ab0e0819b78eb01eff

Analysis

max time kernel
148s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
19-04-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9283d2660faceb4cbd935bd9d60e1f8_JaffaCakes118.apk
Size

15.8MB
MD5

f9283d2660faceb4cbd935bd9d60e1f8
SHA1

308f37c597f361c37d3e2589eab94e7829b2a2c0
SHA256

4b624d726060fe04c5710dbfe764229ea476116941a2d7ab0e0819b78eb01eff
SHA512

49e163dacac57fbcd65728d5060bafd2a01c2e52ac61183107e489b325bc77dca8a2d9fa8948b41d8eae2c3672a510a1d37626ffbfff079fa53d613b45b4374b
SSDEEP

393216:pjqXRHSxvVqFEQZFFFPfGI3qWpErywqDeIe8TaAMsfwevxBn:8VxFfH4WWrtqPe8T1XwA

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

T1430

Processes:

com.wstl.administrator.wstlcalendar

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.wstl.administrator.wstlcalendar
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.wstl.administrator.wstlcalendar

description ioc process

File opened for read /proc/cpuinfo com.wstl.administrator.wstlcalendar

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.wstl.administrator.wstlcalendar

description	ioc	process
File opened for read	/proc/cpuinfo	com.wstl.administrator.wstlcalendar

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.wstl.administrator.wstlcalendarcom.wstl.administrator.wstlcalendar:mult

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wstl.administrator.wstlcalendar
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wstl.administrator.wstlcalendar:mult

Queries information about the current Wi-Fi connection. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.wstl.administrator.wstlcalendarcom.wstl.administrator.wstlcalendar:mult

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wstl.administrator.wstlcalendar
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wstl.administrator.wstlcalendar:mult

Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.wstl.administrator.wstlcalendar

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.wstl.administrator.wstlcalendar
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.wstl.administrator.wstlcalendar

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.wstl.administrator.wstlcalendar

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.wstl.administrator.wstlcalendar

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.wstl.administrator.wstlcalendar

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes:

com.wstl.administrator.wstlcalendar:multcom.wstl.administrator.wstlcalendar

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wstl.administrator.wstlcalendar:mult
Framework API call	javax.crypto.Cipher.doFinal	com.wstl.administrator.wstlcalendar

com.wstl.administrator.wstlcalendar
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4236

com.wstl.administrator.wstlcalendar:mult
1⤵
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-journal
Filesize
512B

MD5
f18bd710707937c7cebaab72a5c51baa

SHA1
3848cbec14065b5bf39e6a71381755fc520ac374

SHA256
fb2601de83706f6cc17d93e09aa4b118008a249dbdc663a3aff84c075476e50f

SHA512
a7be4728762f20a5dfca12ef3b493c3faf7133c40dc852b9ba4408a491bf36378b85935817dc71eac0e7f58ea4a7e7dec61b8fe42a6edf2d23c9ed883f76c373

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-wal
Filesize
72KB

MD5
a0966334d607a5d5a80e9bee48bce7a4

SHA1
9be30c8e37880f8c3fdf06586e8d3d1ded2615fe

SHA256
8cc3a774f70f1b6f482eccb1e3c568401ec185f5de6d2dd06ab08fd3beee9e3a

SHA512
fa49ac3baafe1b03b4c920014d770e16f45ab5820ca42cf68a06fe0ba75e75b7e2ca97b2a81803a17c51eb1b79cba535ef077eb572322f91e8b5d54cf377bc43

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-wal
Filesize
100KB

MD5
4c8bb4c88d306185e32ce1cd8fc43021

SHA1
5467a96cc2807333c2cdb437360ca6ea30c9de47

SHA256
4e7db904dd78f86be25ed372465b87f45ad241488654c5e0763522fd1a896c10

SHA512
389b7d6ce9d4890c576a93b26a97dfb7ff23e46bdf661e90b4bf1e0237b15d4080c4b06883423c5e57721354b522c743f93c79a559bc985587ae073830f59564

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
76740cba91e097f8f479165ec2f35b09

SHA1
206f83e5284eb2a6451d586b17123db665d3933b

SHA256
0e5def17d5770d80b9168a5bf8ea8253f70fa2a36efbab57639947fa9b6fb61d

SHA512
82f25d6b52f7854ef215c25cc874bcbc2b3055b12c6b954886d8fd67165697da058ee3cd4b3b43cff3d84d82c2d55faa82e67c8b4c8e481fc150806d46127d39

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/calendar.db-journal
Filesize
512B

MD5
a73188c642b71756bf7c9374a61299ff

SHA1
10716e5543ee2de8f9fbf04c2225f6ce3298193f

SHA256
543d05219b924538a78b7b11533f9d9e665c533cef6b0167c1111395a4d4ede3

SHA512
837d5778db9cb13066dc8f50da84f4caf61f00ebf7a9ad30fcd180fbe38cc1a571a5c5c4486a20de8deb204dec1b7cdaf9a3558d472dae78088b9bd6ed69f711

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/calendar.db-wal
Filesize
36KB

MD5
0014120b58fc05c30d222cbe45e7c10e

SHA1
2c8d618e1c73f831375fecc7403612617fd4bc61

SHA256
db4b896e7c8b461c48d20bdbb66f4b56f541bfe4b7869a667b0b0d81886904da

SHA512
5ddc8ada3a2ee7b1ac065e49bed861d1f497049a91afeb5a63ff907e91363435bcf1868dec09d7fa68df744385e0dc400d85a070f70e1acecf9f8c93034c3681

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar
Filesize
4KB

MD5
8bb9cb81485e99faf5fbe381637bbbeb

SHA1
efa19b2675cbc51dbdbdca76ff96c8a3aa1f1592

SHA256
1a10f511a7863878377ae7f40c0c26bc9d27109f3bfd9850419b037c1f097ad9

SHA512
8e54ea16f3bb2d099fd9ad67c2285e3087a5e3fbf2832d363868f16c4da34a43dabc8034fcec95a88ef576fc7644e27ceb95b6dfff5735a2e47f8feeb55c9f65

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar-journal
Filesize
512B

MD5
15192def0fdac8d8261b4cc0261e51f7

SHA1
c80965d6869389cc13c7a82ccfcea2844d8cb983

SHA256
033f6275f96cdbd8b3d45c2e377b2c4b204364c677db218336fff850478c1f1d

SHA512
01a9c68fa0b54d35c18e83ad34164e160f3996a413f77171d353273e224bf57f2c84d68b60ad4ec4d9e29dd7a25131a104aa99f787ef92062c5af26168041785

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar-wal
Filesize
64KB

MD5
c7915b2e1072e2858a15771c573619f7

SHA1
185346ee86ce8e23034ed681e5027143ac77c01b

SHA256
e872f9beab9bee4fafb2954a99b266c5aff9cfd6de761f2c42035ff6f8e879c0

SHA512
25a6455d3def89119b8d3d410729f01df9b88a616df664c554cb833ebc52d3baff2e0c8455ef35c5b6eb42eaaa36e903803cf5f9dd39544b4d6fac63c653079c

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar:mult-journal
Filesize
512B

MD5
eb95c3674bf0272429c95a597a8d6265

SHA1
1108266a404d3de4cdd471e7272c0d3bec18049d

SHA256
20262ee9061c5d9d8e486e0212193f83f4281cc873066557cc776f9f197de583

SHA512
152249b7318e0ad055234d3a6c8e8340577b9b4623a1512fc2a2c2f3c6678a593bea74c1b1c39007f47e328f843b5bf0f017f27121c20fee59953431d060c919

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/pri_tencent_analysis.db_com.wstl.administrator.wstlcalendar:mult-wal
Filesize
64KB

MD5
08da779a76d3eee30b9747385512e2c1

SHA1
f9df9d43482835cb16b2dff9c33de0c80eae4b2a

SHA256
db6068d6a0fb6535fa1206c0b4af2590eb0e6ccf98d4098f8c9512b232ddce16

SHA512
989e045443ab2b37ef8de8e48b9a2e87d327ac66b04df92676c4e6d412325382b5235f12d0a41e72022981fec143f42631ac98547f81c62a4d30ba3e244951de

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar
Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar-journal
Filesize
512B

MD5
100f5fa367c6c2be1832394b042c4b0d

SHA1
2c51bb3a96cd8f3005d235c2f1a6e704a8973594

SHA256
697c0d1608fc691089967c6c0ae50b3eaf3956f657feb2d7676b395917025e88

SHA512
34f7bac107aff19e3298a15fd4446e26eb02c79fd898ed5ba557ff0323bbeae503692100fae63f117e5f2e9cb3cfba2e7077624cb7742af9c93699aacf9ad394

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/databases/tencent_analysis.db_com.wstl.administrator.wstlcalendar-wal
Filesize
72KB

MD5
e982b6e4483542409cfa09a34e4ea2ee

SHA1
73922dfe047a221d09cbbca3ddf6519c86fc46f4

SHA256
a675ac9ba3f6d871d1ad42154daf6ae0b5383483ab3c3be7982208ed41b03934

SHA512
51edc79df0800ee653bc0cacfb829bde6a972846c42d3e826901fac9189fd5dfa73e5a9976927702db5d495aac2adf634194851906f1d5bfe0f139dd0911eed0

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/files/jpush_stat_cache.json
Filesize
119B

MD5
5caf3d3861ef804bfce9643b3178e713

SHA1
30985e88762a27ae94017bee920127f5f65b0033

SHA256
63832d12278f0ef45487382bf548a2c2a0def2d319011aa65246280cf0e2d139

SHA512
72adff7b9b93de4a9b39ab109166ca8edc84d9ba1e0a5e9d2d9d047c317eba90538ecca03d8a83dc4995d6ab3c46dd0c126e376a5fb259d134664e3c523970f6

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/files/jpush_stat_history/normal/nowrap/f2c711dc-0189-44e2-a251-309d86e18211
Filesize
159B

MD5
f257ab0e75e777e960bacd7d1301b9ae

SHA1
47451f175687a0df83af340735d973033d2128ae

SHA256
4108142117b06dfa62b2c819f764423d562e2d57f0569a790924129fa0d3fa14

SHA512
526bc85e4ee653d981e8bd272ec18d83f9f5f8f050ead0011d68a7d4dd232f9b3c58d374b46ef71547c4e14368e4e7c437d235a949921222e73a9924f7e0dc06

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNDg4NjE5NDI5
Filesize
1KB

MD5
c798ef7049c5814c8b7079e6a96eb121

SHA1
a19bf0e90e527452f331b1554dbc06c3ef2d990e

SHA256
a4d3fc81c819de966e8424b63ddd524592537add9d6a825c74c073c5f9cb86a8

SHA512
88c1663cb5ed758e997b33007543a8a95c4c897299c6ca1a2dfdd5186ae0ac151acec0a44251ee9309097f39438d39878efcd4ed8664abfd5a54540cfd19644e

Download Submit
/data/data/com.wstl.administrator.wstlcalendar/files/umeng_it.cache
Filesize
498B

MD5
b991622570b53e16c49332b11f611bcc

SHA1
edd3ce44d48e499f39e8b71920b2c603acc3cc15

SHA256
cd1804756e51cffc1fac95ba333c199bd5e64b82c206f3f105501ce314c82966

SHA512
c5661425578947c308beb8cdcdb9090dba3fa8ce15b4656fc00ab5e3608c39e176eee6ffcabf2006a6e6ab840f73f1bfab4be59a0718f15738ff94fa2d7ae421

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
55036e534437b142cd048aa880bf3d6f

SHA1
ae96b7cd2c8e5603793becd5447aafdb1ad7fdea

SHA256
fcf799c18d20c0787b404608dff178ef46292133acd9aea3bf68b4e04b353830

SHA512
850cd6ed5c20812491ba11b0b441466f66866b0e9809ba4f84fb0705f152df0afbabb415431e2387071e6a4f1477eec60f40640476ddbf6d37f78537f262693e

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
482e272f45b310664126c93030f7e1c1

SHA1
71740c915e6e823607e7b65d5932e1914f2a6106

SHA256
d6cff81e6a42398e91564d52b986f8246e72b21ddee151aa0251196603198044

SHA512
f556127e696c5efb01ab3c73353bafd021488e1558169ecaea10e518d1f687628c49fdab6ecbc255ed84c92cdb4786d8b8b6716d30b31e3e3b891915b040f7fa

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
bae35ed5de89409a20c427b54471a8e4

SHA1
c4150caaab9ba1091ffd439252420410693d967a

SHA256
e496cf80a014b9a88e26fbc55c50327060a49844ac011283af88073c66a17229

SHA512
c19a0f06c0fcbad7989a793ae4d63c659ce41c64d82f73086140eda59b19ba38d3d4a68befe1b42cbc3c718f827905db96f58425864b271b0497cb138ddcbd12

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
2ee373fc71b84dbade62003ff15a9cd4

SHA1
39629e5ca203b8fb258dca426eec2a075a3ce8e1

SHA256
f1b852954cff3d616486f6cfc9f2fa9c1256b936122424064b4b00356d769704

SHA512
f715975422c6c9affcce89c3dae671085ceccf6db33d2a217395b5e5194a7d8cefc42baf9181a206fa1448866b4d86927f3c2dfe27b319f1d12e71c74ffaed7b

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
1ad75459696d7566b5e4c0063f2411b8

SHA1
744de2dc75bb3aa9f37c906ad9b2fa92c629e56b

SHA256
09ef9f8a38237134ff649e77dc3a1bb3af4f9ebf913e586f5647515501cbcd8f

SHA512
c10ee922bb70f038bec2c1886f865dbb98633f1e1184b7fb846d92ab3122fb40880167b709f73b64e8b4e29e4f5e6f53045acd01b1af0a5c9f55cf3055a6ca1e

Download Submit