adf22068b4ed9493b201a06ed78c0dbcab3ac391c19b09e398e3ed7562c80899

Analysis

max time kernel
176s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6639aa49060783f36589cc6225915fbd_JaffaCakes118.apk
Size

13.0MB
MD5

6639aa49060783f36589cc6225915fbd
SHA1

be1a18c37059bd35b9b133b0b5b687f6262c6fd9
SHA256

adf22068b4ed9493b201a06ed78c0dbcab3ac391c19b09e398e3ed7562c80899
SHA512

4547b23e0f572bd6259b7e797bf95063dbc0c964618f31f01682cccb88e7d1c8ea2fbe4c3044b0f5d1fbc18c6c277ef4d10f545903400d94ad49563ae6d1d799
SSDEEP

196608:2UNWThYky8m+UDMQL5mTWVDF2+kQQ+bw4ImPXI8SuXZhSmDLDZEDOkmQ44iGMLqS:OTYdnjLcx/Qq4ImgWX5PaLav

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

org.unionapp.hssc

description ioc process

File opened for read /proc/cpuinfo org.unionapp.hssc

description	ioc	process
File opened for read	/proc/cpuinfo	org.unionapp.hssc

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

org.unionapp.hsscio.rong.pushorg.unionapp.hssc:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hssc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hssc:ipc

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

org.unionapp.hssc

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.unionapp.hssc

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.unionapp.hssc

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

T1624.001

Processes:

org.unionapp.hsscio.rong.pushorg.unionapp.hssc:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hssc
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hssc:ipc

Acquires the wake lock 1 IoCs

Processes:

org.unionapp.hssc

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.unionapp.hssc

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.unionapp.hssc

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

T1421

Processes:

org.unionapp.hssc:ipcorg.unionapp.hsscio.rong.push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.hssc:ipc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.hssc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

org.unionapp.hssc

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.unionapp.hssc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.hssc

org.unionapp.hssc
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307

org.unionapp.hssc:ipc
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4346

io.rong.push
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4373

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.hssc/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db
Filesize
32KB

MD5
7e99f43c857af9004b05de9aaac45da7

SHA1
e3d6ce2fb74e282322ecf15d144a65b796756c1c

SHA256
bfe7fbf7f37fd49d99f274480f810741aad40d60fb82cadd7a1f61f71f9edf18

SHA512
b3065b92c2328149f51e849bca47272e969c9171d87750e9053dd287e081f9f83f5be5b1c1473edf8636f961cdb559638edd0ed2db5a0879424ca7154b1e9af2

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-journal
Filesize
512B

MD5
19dd619a3bbdb62d6f574e80a446b384

SHA1
2a7f5d21971e9fcbe5173db7537f01f3876d8a6e

SHA256
f954546c36213b7de75acb678b7b081c772e34baf6c7c21b2cceaadfac0311af

SHA512
0dc0ef4fc5ba16d1278b734cede460520fba89d06412b7424ded46eb9184a32f759dec967557f36d4eb0941a1029a23890ece8b8f6e86d3e6998d6c711ae2e52

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-wal
Filesize
8KB

MD5
a55462dbd6d4644787fc5d2cf6ffe475

SHA1
427dd53078d09809c7a999ec960c3c75184c23e5

SHA256
956a8bc4af1ec175acf7e7a077c064184f728295530828dde41ed5dfa39fc290

SHA512
11348df7089841ee12d7fc984c0d18b51a314efe19dae7d0dd97e42e5499e83ac2837c7168f21fdde1decc28252266706d71de1f79f86ec88fd8d08d6b88ade2

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-wal
Filesize
56KB

MD5
d41ffeff1b90a251c935c8a2d81665a3

SHA1
afdc8a828d0563c792de8e83f60b6d0834787a80

SHA256
307987f0572490b0a129d655b2ede4d2ea010cc53dc8017c389f1fc7d8e5ef52

SHA512
de566ba22ba128f42e1c225d2190391f1e2bcbb18ef8fd8ea1e16da2dfc706e736f15b82c5eb1f179593d04b25895a8299572f07ed4f7d819d81ed93e082399e

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
512B

MD5
f5a25bf54a573a628cc2bd6bc3baf840

SHA1
100e12bfaca1e07fcd709fddd4a703acddab416e

SHA256
17029f8d2aa1b1bd502e44cccb9433ab2c9e8afcc880bdaa3e744d38907d35f2

SHA512
d470c9c631a4b0f390aad40093dcbb370828531984ce93d250c47ee6a964725cdb1471064f84bdbc8bba0130125eb1fb3f6eb7097a630f3b4ae857ffeeab92b7

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-wal
Filesize
16KB

MD5
8503be8e40051a7212d78b682b236c50

SHA1
d018d5e2cd6e3f004a89d0227e85bed029a9fa0e

SHA256
a914e65f0262bdfeaa9b99359513e62ec971a02d8dba38ca8a330e20d76affae

SHA512
cb73d2f1824db8f2d8b713d2ac414f1e3443c83a9b376c5b9d04853953a61d508972065332c807496c6b9e6ae40cde67dd2d3c106bef83a5c3190032cfbd5f3d

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-wal
Filesize
48KB

MD5
5060894eed7497707bf042da37ad413a

SHA1
da37e39dbd36b5b17728e44939aabfa32beaa3a3

SHA256
fc5918ba4123b3d2a3abec1d6dc5ff981a52f8c0eadb31b7a8de12ec0ed8225b

SHA512
e25938c9dde678b0f6eb9636e5d7e7bb14ab018878ccafc7d6eb4e38f3a12f12fafa65779e231df0ffd5654da23f83854aba005b1184c901a16a1e07e5c1d02c

Download Submit
/data/data/org.unionapp.hssc/files/.um/um_cache_1716357326817.env
Filesize
1KB

MD5
7d6c8528ad7534cf8e7c53607f070658

SHA1
b04d1ead38c0e07346e618bfea412bf6848691d2

SHA256
1e9fb94874b63041c9de3eca4dc0367102117e8e7e87816ce7c25c98767ec5bd

SHA512
aeae01565951ced4501e89c1dbf46ed6a8e23a1cd36805d8a716ea72391b0d8dc84e4ade1b1e4b6953e10e6811f0c4e28925bfb238b6d6b650e51018c63c9aae

Download Submit
/data/data/org.unionapp.hssc/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
dfbb0f6d9daeaca393ee92e681773c91

SHA1
93cf35613c0f41e7df905ee712f9d931ceeb4c7b

SHA256
5a3d7774f3bda64ae17d0f31a2b8891461219ff9728c519806d3bb8331055e8c

SHA512
e4c1a45a7336a0e3756fedd9934df9fc8191f44eb2e56b38a57af9a959d53532185c33bfbb7d261659dfb228819b0eb4fa44e0b18119794f6343e427a7d30edb

Download Submit
/data/data/org.unionapp.hssc/files/exid.dat
Filesize
57B

MD5
695f216a9730f9d61d5418f3724b1905

SHA1
e25e02675a22318861bd407ae9af5c1ecf663e2f

SHA256
2d2e19e4a9183d14542ddb9ea06239e88015542f1790df67e30e53ae95c60424

SHA512
2e07c0c87a4df27b82cebf3548496ca6b86c35a36aa3da6903901725d419808a93a938c4f7bafb16c5520ab9c22a6bb81fec71ac7cf479a41917f118ed9bdb74

Download Submit
/data/data/org.unionapp.hssc/files/umeng_it.cache
Filesize
498B

MD5
ff8cdd131c08fd89d351156d92073a91

SHA1
5d3174e6762e9108ef940d11a447ce28dbb3078d

SHA256
522d37fd3f74884175075bdc3f12d78fd20b288010297e24da276c1ed145610d

SHA512
c9c1dd78f1896f977e2a672548b978b5ce611d2872c30cc53a68920945b25aa0bc9ad6701b53c122c95fc80b01d255fed72085e3eea7b4590b89efe0c9431f5f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
85a36223d562ac340c42a383d6b721ed

SHA1
3a8bd67c4631b14b68797caff2741d6e4b96496d

SHA256
c7f52761f379eb36f2ec6592c2cd70f33492445e5b9b397bb1c62cae959a0b15

SHA512
b4db1411bd424710d188f97c96ca0f2e97c1521e19ed38263b3731e265410c51ab5c6f013dee11c5119e3bd5f8e37cf21dc2e5e1d4b8c36c0c11435f6cc6927c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
52d55aaf43f908492e6f61326b7825c7

SHA1
7c96b89f56770b62456318fab959cbe8493ad147

SHA256
b55b13636e7898513cf76cdff613bec7be126520e89f603622a4660a75322790

SHA512
f3032afbfe4afb18e053eeef3933b4416018346fb8659af6507618445d6a35227e077a817071483132b7542aff70ff7fb83502d514a6d3124c90e4e90c49327b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
ab1c7c602878e3070d968108ac2f7999

SHA1
726ecc0b22540f2c6825f78c753c9d06e6e65eb8

SHA256
5470229d349daff1ab832a453c6cd8a568c9965129354158ef3a48bffb6d2f46

SHA512
77250919f34fc3ffb54aa24a2182445b143c77c5f36ded003a54a2b6e09b5f68560d05b2951028e69ffc3c906ce9a3a4197c2a7c915c565deaa9538b3bebbeee

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
5de77e3da5c35b836efc064f446e01cd

SHA1
53e52622d85e08e047833bd367b25a953a347ef8

SHA256
3f98d7bac5f31db558342c16dba19da5aa8b8269212dfbbfd75fe858271ad91e

SHA512
676586d8f84839460b38ebd3ba050311227a84361d19f63e7218b5e3b2505b5e3967b9d65da980341fb94ae9163af71fe65f16a8a43b9e4dcba0e29fbbe61301

Download Submit
/storage/emulated/0/org.unionapp.hssc/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit