adf22068b4ed9493b201a06ed78c0dbcab3ac391c19b09e398e3ed7562c80899

Analysis

max time kernel
176s
max time network
188s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6639aa49060783f36589cc6225915fbd_JaffaCakes118.apk
Size

13.0MB
MD5

6639aa49060783f36589cc6225915fbd
SHA1

be1a18c37059bd35b9b133b0b5b687f6262c6fd9
SHA256

adf22068b4ed9493b201a06ed78c0dbcab3ac391c19b09e398e3ed7562c80899
SHA512

4547b23e0f572bd6259b7e797bf95063dbc0c964618f31f01682cccb88e7d1c8ea2fbe4c3044b0f5d1fbc18c6c277ef4d10f545903400d94ad49563ae6d1d799
SSDEEP

196608:2UNWThYky8m+UDMQL5mTWVDF2+kQQ+bw4ImPXI8SuXZhSmDLDZEDOkmQ44iGMLqS:OTYdnjLcx/Qq4ImgWX5PaLav

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

org.unionapp.hssc

description ioc process

File opened for read /proc/cpuinfo org.unionapp.hssc

description	ioc	process
File opened for read	/proc/cpuinfo	org.unionapp.hssc

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

org.unionapp.hsscorg.unionapp.hssc:ipcio.rong.pushorg.unionapp.hssc:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hssc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hssc:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hssc:ipc

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

org.unionapp.hssc

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.unionapp.hssc

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.unionapp.hssc

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

T1624.001

Processes:

org.unionapp.hssc:ipcio.rong.pushorg.unionapp.hssc:ipcorg.unionapp.hssc

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hssc:ipc
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hssc:ipc
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hssc

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

org.unionapp.hsscio.rong.push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.hssc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

org.unionapp.hssc

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.unionapp.hssc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.hssc

org.unionapp.hssc
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5254

org.unionapp.hssc:ipc
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5304

io.rong.push
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5338

org.unionapp.hssc:ipc
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5425

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.hssc/databases/.ua/ua.db
Filesize
32KB

MD5
38564ad4c73e5619bc2264b0c44997a5

SHA1
e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

SHA256
1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

SHA512
30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db
Filesize
32KB

MD5
e5f6ef31a8772dc3d65ef729df44af1a

SHA1
dd743a1e6142a9c0a08e39cf47660ce16cf5ece2

SHA256
dea062f8368fea3e57b350ab144045c423149e1ce6fd40fd8630bb569d8f36ab

SHA512
5cf2431f2d54c7a8feb8c373b64ab1dc048028ba4a550375d6f8ffcc57687eae2a22306735f2798e7763441cd3f3f589af46f20cb69d0865f7088511ef8053cd

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-journal
Filesize
8KB

MD5
87400bf1ed5cbc3746a81138ca920fe2

SHA1
322e17c2f545aa663c18402c6583c3642d64d3fb

SHA256
a8cd13da724ae29e480959ca59c480e0af4206ee1a8a6409c44047047a28d433

SHA512
fd62d562c78d5700ddb7454cbb458579a68fd6533060bb4405739dbc0561c1adc378cc00174fa4b8e43c6f718f84c4c486a49865217625d8e33404bc788decab

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-journal
Filesize
16KB

MD5
4bda8b3b649b2e1c8557024286156f07

SHA1
e48da68720cdf8fd8a55053cd5c24631dcbd6976

SHA256
e8f0acf3ef25a1cec12bd4ca48ba4a7a23025cd58a47e94daad0ed9c76981aba

SHA512
c2bdf5dd28982aa8d82a376ea5079731fb6658bf543832ba6008de9c9864a57fb59ac98257ff06765237f3f995624ac7197738338ff2ea67fe3070cc5c4fedc2

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-journal
Filesize
12KB

MD5
f1c47fdc596d3b38d7a5cda14ff4fdca

SHA1
87a2d913e9e9519a1dc85fb9bc64b673fe098340

SHA256
f161a6b929bab1418d9ef507add2cb432542f40cf543e84e2792c3a5ee704b7c

SHA512
c9218fd85371b488acf4fdbe3aac2aed1fd2448b4912a01ed789a46ea14b94f05a5f6dc8cacd0a9efd10a870a55ea4d8e6f0da19d41b4fed7cb14c8b0d3ee9d3

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-journal
Filesize
512B

MD5
d152b460950706e1b46beaf2c8a34aea

SHA1
5f8b82d5d17c99e86a5f2274e55b4ecb6a048061

SHA256
feca3776693c30765f0435ac08a8b4a89d58a2695ab06be41a71e725d271b035

SHA512
01ab4ea3b48142ec06ead2e4781a112e461a2c0ed3bed2ee85e626ea1f1ffe1273807e495fca8ac7d1472a2e4ee78bb6d71132ba896d9974c1601a589792953b

Download Submit
/data/data/org.unionapp.hssc/databases/.ua/ua.db-journal
Filesize
8KB

MD5
b127991e49156461af7031c595e93d41

SHA1
eaf50affbe421df1593c0474cd2e14f8f90176fd

SHA256
6c84bb9c0557a05acf6de613586cdffd98a8e4dd51a915b7d6654454dfcc8774

SHA512
3e8fa65eb4c1c6087f573cfa47548663be2ccb02a0fe95d4134d18da73f12ab15339b77dd499f122f457c325f86db61a1bff9647c047ade64a476d7fb7846885

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db
Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db
Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
8KB

MD5
dc1d0c7baf210980e8d33fda0d006edc

SHA1
0f5da03701a13cdc79a0a2498be2d2f75d5ede90

SHA256
4c43c607b213d0b5315cb4cf2affc0fec43c4e127a8d10f392420d73d47cd6d5

SHA512
cb174c7ab07a55a676cfca626cb889b4d86070e35ad0e3268c81ea3596d8584cc3ed43d5c30026d414933288cda82cd2d67d998bf018115b87372e4a1d702515

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
8KB

MD5
ee18c2ef2f8e5eac90b0bf9f5935dbf6

SHA1
61ffc167cdfd245c37795ab6479992197176e889

SHA256
9067bf386c8e241b8a66089a73cd77997a69a9c691f3a08e03984ec5ec30e80c

SHA512
2372b2184b963545961e75af8c63be049d05a7584a79711b8b5540acad78e45a6884f9d1d1a495c27a3dbd682079b63812e1bb98eb2d2f0dec25315e5d997bfb

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
12KB

MD5
203674e5bc1e5590712ce1613e741a93

SHA1
aa772a89590c0e6a3f0641009686e9fe0f6d0f2a

SHA256
34882c1fea2677cb1c88b9ca5fa8fb6be4a035a61c18ebf8c47ba9c9d3f6efea

SHA512
dbd1ab3a596b2b8aecbf2daa85e13e5dd449e820822fd5a03ae231d8b74bd5a2795555a58f1c5dae958b184a7bb8ef941b76c67f61c7c196d1fb5607d6054fd0

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
512B

MD5
45a38e978a16d9b6cbff476e95874b5a

SHA1
29083cc89c4f225d8c72631cec36462b54b68e20

SHA256
94c09b117d01a71358895349ef1bd67d6baa343f71117bf42f51d3abe0abaee2

SHA512
5532d5fdac508f57fae7c83561f375d98a04a5285154f8adf7fcd256af111d0f3d4992ad73497ba5e74e0f1953232243aaa899d24cc1d392b5525f8701effdec

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
8KB

MD5
be27b657a9db6790750e01db438099bb

SHA1
5ff8c1b8709371dcfc7efe729007365833aadda6

SHA256
2a8e1a5640a5704c9a08c5bb94ab16b5f9048d4497eec583398d581e36e8db32

SHA512
816a4e9acb334f7517e96ab45deab8bbb5d95ec9b645378f62675184ff2726d17d1e5e85d0f84fd0eea2e53a7e9aaaf85a54035d16edab0fcf64a80a1fc28ebd

Download Submit
/data/data/org.unionapp.hssc/databases/cc/cc.db-journal
Filesize
8KB

MD5
d1697d0799a5ccf2aa043d45485fef85

SHA1
7d756175eaff7d2b8382d88fcf5e788973cf33af

SHA256
725932d9f5305710b654cb63073ffcfcd295835b1e161fb4fc611ff1f63b2cb9

SHA512
40cc79b3fb83abba8b76977e4020a95130043d5c9bc0cb14f5db068c780be104790dc860d5ec7ec2833b91ea348a8d177ee0d9175868f342b1616f4aaadbbf2e

Download Submit
/data/data/org.unionapp.hssc/files/.um/um_cache_1716357330011.env
Filesize
1KB

MD5
90ffe2d9b26e8dd0fea4f661dc51f4ec

SHA1
d1ae9012481f1df7afc0a8772f59731f7516b8fa

SHA256
96b695f704a2715b679d50d19b823012fdc88d89089bad40e7c9bbe9b916fe51

SHA512
66631dff23182f2ce7f622f202bbdde59ef43eb35cc8d814405501380c55798b1d463a5eed138796714eda5747f92f9ae3e4c6f60f56f2b86c892a5b32688596

Download Submit
/data/data/org.unionapp.hssc/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
92dd01d3321fe21e1281ac9a3052135c

SHA1
baf01c2b227bf22c1f25fcbcc240043902d78710

SHA256
a8613ee48d9e93cce217d61504f2810e3ac5db35830ec4dea131989a760582aa

SHA512
5f0b20635fde6d7305cf11de9c2da3eebd6c0b15a75c611c6dc454e5fa1960ea810afbd909a9f4c21cddde0a58d6cc9107d0ca1b8eff03f35d82dd9c21f0836c

Download Submit
/data/data/org.unionapp.hssc/files/exid.dat
Filesize
57B

MD5
695f216a9730f9d61d5418f3724b1905

SHA1
e25e02675a22318861bd407ae9af5c1ecf663e2f

SHA256
2d2e19e4a9183d14542ddb9ea06239e88015542f1790df67e30e53ae95c60424

SHA512
2e07c0c87a4df27b82cebf3548496ca6b86c35a36aa3da6903901725d419808a93a938c4f7bafb16c5520ab9c22a6bb81fec71ac7cf479a41917f118ed9bdb74

Download Submit
/data/data/org.unionapp.hssc/files/umeng_it.cache
Filesize
433B

MD5
8d4ddc8cd0709ca56994783c5476d876

SHA1
ce9bb6c67d20477bab140440005f162682a4ed00

SHA256
bddbbe066ea582d9cad5910a70afec735615cc875122940e4ca9bb763b0b6116

SHA512
9b68d0f95f833b60172ff2f33fdecca27834a6d779e0d0e70e04c5f5a7b30440317ace50718a6f6d3d52961e732d7ce8a0b7da2586434263cc8e84b6e746df05

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
8d82f28f93522c21c6b12adb0d4e66b7

SHA1
d8f2ec371914b504593ef6f5492d4c48d87935a1

SHA256
9494dcd175d9329b8f30ef4d9e1cd7fe89296ddcfd28c8940c8913032b882205

SHA512
aded790de95c4986b2a063e9c40de142bf09311e5579a9e0bdc48bcc4e76acf5432d460e5cf6ed90bd52fb94592902cf14a9302d348f485f5259944b5eb98577

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
c05039ec34fdbec9003ad53285828405

SHA1
623ca5e908fcd9a69092d7fc7e246c823d5b8b8f

SHA256
f45f935ab1fba7e6bfadec8d7289ff2749dbf96ab5f584b308f9984f50b6f8fe

SHA512
6f484a86026ea1765427feda45cc850e394472b61d133bafaad6f8c53ae923c69dc08a473268ead5d363728d6209f60f0f31f3c699b93121cf3aec6c9a647e5c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
2fd3633358c122178b423cea61aa7459

SHA1
dc062897692bfe10e02b5a309fac41edfe58b15c

SHA256
765b92a779b5e44ee0f7f34311d0531ab1eb6445f049975782adfbab01ca8fed

SHA512
95e486f62cfc3a2fcd3f137a950cccc475a9614810e3138d34420c54ab1bd34e3d9003926363ee2170498e3cf674f7e2ead822ae6c34c09e633c5df8782d00b5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
c3cdbb3bfd7da5a7711d0cdee5ce8b90

SHA1
c9ff9b0727bbd8baab279c388f9733e8a9e6678a

SHA256
1d51ae855d9e23a53d238ebdc4acbcdb5e386b2659f578f55d31a7da636fd742

SHA512
ad7beb34e080fe6c52dba51f01e112833025d946757e29db46d4a079aa52eadf9bfafc2af9b08511f463f5e37b0026880be427cdfbcd936b5f48e5fc1b1ce7e4

Download Submit
/storage/emulated/0/org.unionapp.hssc/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit