Analysis

  • max time kernel
    179s
  • max time network
    189s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 16:32

General

  • Target

    55b429e4b5ed0d273ecefc0b386d30a1_JaffaCakes118.apk

  • Size

    29.0MB

  • MD5

    55b429e4b5ed0d273ecefc0b386d30a1

  • SHA1

    50e15bc23a28022aa564765adc287ba31494da1d

  • SHA256

    8252d6d25ce25cb6464ef1f6a4730c6dc2ab8547bbb1f69f7095610630ce21e5

  • SHA512

    1f06a4f1b8b1ae2be192178b416a98568f27c35f19e8c90ccaca67355cfa0e75ca9749dbec7e9ee7873beb06b566649e0b87682a62dcf86f82fd6d032d95dc6a

  • SSDEEP

    786432:t6UzJPLe7KbwxBCdGa0ejDjZLzedocNgcq3mF:5JqKkxodp0e3tKo8g5mF

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.wondersgroup.hs.healthcloud.patient
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4311
  • com.wondersgroup.hs.healthcloud.patient:pushservice
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4519

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.wondersgroup.hs.healthcloud.patient/app_SGLib/SG_INNER_DATA

          Filesize

          59B

          MD5

          cc5a0a10604619ffc9f5c2fbbcdcb750

          SHA1

          795d0c001a99e35835c60751b2a8f6e809322dbe

          SHA256

          f3e8e03ff468757132bb8308495841ae6cd11d256b1b68db5ca321de3afb2c85

          SHA512

          b764d3fa0c2c218ac580363888f3ce790e9595a93a4108ee0ee330c724fa23a8527240ef4cf869931467dba8ad384953f71cea92319218f2d5a62255ccbaeb6f

        • /data/data/com.wondersgroup.hs.healthcloud.patient/app_SGLib/app_1716049944/main/libsgmainso-5.4.9901.so.tmp.4311

          Filesize

          771KB

          MD5

          4ed88628a38d1079255b4c2bcaf6e81d

          SHA1

          afaaaf2ef14f8db896c3cc0f4f37c95854472d80

          SHA256

          336e61d1ec5c8097424fee02234bc00041e14ffd636f7ff2d0fa990ad73230fd

          SHA512

          1a282256d6aee51086432a8594c66ccd1bfeaddc2f3d74caa9de18361b1c478e479c762fdb08dd4b9964a3a10b266e4a3047d444637f5e3d638ca5f055f4d479

        • /data/data/com.wondersgroup.hs.healthcloud.patient/app_SGLib/app_1716049944/main/main_312768000.pkgInfo.tmp

          Filesize

          197KB

          MD5

          76417144b13dd1566b83c2c574ce6dd2

          SHA1

          49fadc6bd1ad61ab241d91f16d46e224473cc7fb

          SHA256

          5d7a3b905b5b71c01ce40710a81df37d08605cf05cddfc232c8837d3fc2884d0

          SHA512

          6e088f764f7e846b04b609db7bc482219b86a42b3922b475c14c30acded9e923a222c0a07dbaab3af424a23ac9835cd4786ee00e6dc13b8d013ddc35e69e7eb3

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/healthCloud

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/healthCloud-journal

          Filesize

          512B

          MD5

          65872f73d2e5b177ab65cf540c6162f9

          SHA1

          d122abde2a9b4f30538382737107d75afd91150c

          SHA256

          154074c5652303bb6ee540309e5d18fc01742e5c739be56240e8fa3d301ad67d

          SHA512

          884c5043348168030e410095544a24d97e9a90d59284ed5d89b3d5dbdda949023afa7f668f5b73c15b9e924fb1a388d03272147c738ed0072e0784615f7ce029

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/healthCloud-shm

          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/healthCloud-wal

          Filesize

          20KB

          MD5

          152d93ae988386d9dfeaeeff4e1b8bbf

          SHA1

          5d0e40c4987fd64663a22bff86a5c57199425be9

          SHA256

          314d28a9e8fcf52e71da0f7503e2d7996fff69371703725719f39247860b2348

          SHA512

          a955a300646916efaa9334f3cda2441d004fd75990b6c3e218858913cf0d9a3742681739a183c4d1fd3fcb0243311aefff56331059942122870913d924380d9f

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/local_data_patient3.db

          Filesize

          647KB

          MD5

          fd1d92a83e08f04b08b49f130c05e7ef

          SHA1

          b475d3589d57e7e93aff5b80b6ff71a0934679bc

          SHA256

          1f14bb7f0b9a082d6293256330ba4e7fd8b11bcf30e1b671a75bfd999aa0b9c7

          SHA512

          4262b60bd23957d8b4463c4f98e34dd6cd0449813f8a6802d8fc2bf88f89eac5ab1cc864cc157ffc1d0de76db34b3e88e3225b8495c7f30ed03261ca06b99e6f

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/pri_tencent_analysis.db_com.wondersgroup.hs.healthcloud.patient-journal

          Filesize

          512B

          MD5

          ad925fa26de7568d78ab5ec742bb9dda

          SHA1

          f0b81f716923ce3edc46d9ac4d2d3d7ef49d3c57

          SHA256

          7d7c4d3b80ff7983ddab47abe2c3be239da8c16954fdb864b162b8f29178e21f

          SHA512

          be88a6de21cfcdf27fda99d33acaa145fa5e5fe4327caa600cce07049d714bd81746061bffdc9eb2e2a567bfe3bf31a1131ddf661b48c4ea13c769b917baaa46

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/pri_tencent_analysis.db_com.wondersgroup.hs.healthcloud.patient-wal

          Filesize

          16KB

          MD5

          cba7f63129e5760f9cbb800bfe80106b

          SHA1

          2226538a6f9a988bb264d1862fab612bb75bb5b0

          SHA256

          bc71bd2464741282d439922614562822f927400791996707010aa9a0a4eb1430

          SHA512

          b32ed502dbf52a7b331855df4e6a01e9d6ebbb0351809a9cb33a1353416ce288ab4427ccdf9c26f78d91889e4cf68edef218f1621f75285afa20905253d62f45

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/pushsdk.db-journal

          Filesize

          512B

          MD5

          34eef8d138a8d62fb928759302676e6b

          SHA1

          f510b0a78f576e305d6df6e71a1a6c6064359943

          SHA256

          1aa72b21d1ae51ac185cec352ddaa4a3195f1e92a5012dab81c80d4555dc3991

          SHA512

          82fefa61660bd6f8a126bd27785057f2281b2aee632aa8cda9563b95170e32395f90a1e69abaccfc16d62ba321920f52893600c2cd5a4bc428aae585f0a50674

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/tencent_analysis.db_com.wondersgroup.hs.healthcloud.patient-journal

          Filesize

          512B

          MD5

          27486047480f0d5fbf48046f9e449fb5

          SHA1

          411660551aca5d0342fcdfba6858a70dcb5ade01

          SHA256

          8f15f60e99a659fff88dc8431f869ee00a57df2135a7708ce91d601b210d6737

          SHA512

          6374fcf084b53fc0dae49d425329c3d7a32d8168dc620b1c27faad42c37fa991bdf90605c187a0eb6c4fb00aeb2de9285e3692ce46005023a4dabe69fbb63fa4

        • /data/data/com.wondersgroup.hs.healthcloud.patient/databases/tencent_analysis.db_com.wondersgroup.hs.healthcloud.patient-wal

          Filesize

          64KB

          MD5

          c8ceda7252f243344f8f2a4765afa807

          SHA1

          20aa1d3637bd17db528d1252b9165896a15f9030

          SHA256

          e7abb71b99614e328393f193f3ff78661fb403c9e3bc8da159b8b6ec031014b3

          SHA512

          763c750defc9d93b80ef2c0943446310937f65afe2dff3c42564892f03d1633c3acfe7005ba3492dc05ed943250d8e3a5d41e7180bce739208256326715e60f3

        • /data/data/com.wondersgroup.hs.healthcloud.patient/files/Q0VSVC5SU0EK.txt10d7

          Filesize

          1KB

          MD5

          2769b6ce78ef4d03d99290a0ca8de080

          SHA1

          328cf6025588e52a932a4d8acb1daa89fbff4f24

          SHA256

          369b7df839484bd8f08b25a6eb95db6ff987930ae93621711d4447379629f2e2

          SHA512

          6901491541581d85f7c664b94a1d365437b7e9981c2e75648459f1790591e556aaea89700a215caabb1dd175a8dfa6a1129035b5ea4652806f2363d0930b53d7

        • /data/data/com.wondersgroup.hs.healthcloud.patient/files/SGMANAGER_DATA2.tmp

          Filesize

          45B

          MD5

          498eb3da9510807bef2674c02ddefa72

          SHA1

          2da9a404be53830763ce4f8e1003b64ea1d97cfa

          SHA256

          b5df5dd5dbc205b69bc1ad793e31aea3e811b7b3501ebee34094a65b39671295

          SHA512

          1bb42bec71f4504f736214d2f37b40f2f70f2b1970640677085bedbe18e4bcf305bf75b4f62ea85047d54753a75ee8f33b3d269c73e3540853d8da34d5e7a4dd

        • /data/data/com.wondersgroup.hs.healthcloud.patient/files/SGMANAGER_DATA2.tmp

          Filesize

          89B

          MD5

          9655d8f95da8d7b81462b6e3e38c1c27

          SHA1

          b56776a38fc2c9948b66f8a080022c0d0f61866e

          SHA256

          d0d3b3d1f5150e10afb51cd910892a036dae1952d016c3a09993078e5f77b06c

          SHA512

          907e9178f99d69827e4cd0816810f82a745f2d5cd2a12fd3b1168a0e4eae538f5295e3d4e2a34c0bce43baaf4d52303606cc667ddbb4ddb15c3dc68fedbc659e

        • /data/data/com.wondersgroup.hs.healthcloud.patient/files/SGMANAGER_DATA2.tmp

          Filesize

          152B

          MD5

          b4a6806bcf99901d36f3b58cf640495d

          SHA1

          f2495f402377d72a233598d8960cd5058533e8b6

          SHA256

          88bf74e40295e668e3c13db8ac6267e0b7227cf0e50d0c0d6dd9747393187013

          SHA512

          10bfe99e072998a73711341ad487e1ef2891ada2f45cd8ec33bccaf22bb6bcea3b5b89a6a40c8cb9e235f722c1195774ec8abbf94e4dac0fa66dd79cd5142cc3

        • /data/data/com.wondersgroup.hs.healthcloud.patient/files/init_c1.pid

          Filesize

          14B

          MD5

          58d5c4192472e68a9b6a9275c4336498

          SHA1

          3f00a0f0696f8dd10d8f193057be707bacc360c8

          SHA256

          1b9e966f08f3a9b97c3602274458d11089fb5c482fecaabb90779bf755035aa4

          SHA512

          b31a558d020d1a7a519d34573ac58d710f6c27b93cea13aace6c6310eca10d4d745c7fae8eb145054fbbc48e6b27367faa41111fc3d30ff7d690db6d4cf5e072

        • /storage/emulated/0/Android/data/.mn_410185822

          Filesize

          82B

          MD5

          e8be01a3d651b9f955cbb28d7fe2f623

          SHA1

          04010f8b539c2e98c8d7b7752e9879547aa9dc0f

          SHA256

          97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4

          SHA512

          19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

        • /storage/emulated/0/Mob/comm/.di

          Filesize

          57B

          MD5

          70a42cba408700f9a6c01c7941a8829e

          SHA1

          eab01cc2c0671538795fb0b1146017dc099d0984

          SHA256

          499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

          SHA512

          8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

        • /storage/emulated/0/backups/.SystemConfig/.cuid2

          Filesize

          129B

          MD5

          0815ad202092b08764532ee94a6b164e

          SHA1

          92bf5d1e242b39c9845b032513bd12f9b008374f

          SHA256

          4928bd35d1056ffe5c683e6b10a7a5ae5d9df44970bfc47b53435f7e099bd3c5

          SHA512

          abccd5e58fe0c18a2a6482a96f9e82c99bea38d60dbe5bbdb62a67f125dcb1652accebc1a8b5c0ec79d5435ff9a106dce3d3c7acd9e7bdd647b901a76a9186d4