2b073ecb7bd5bb4b6ab64ca010b08694367a5a83deb210a133c0ba48901325c0

Analysis

max time kernel
65s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cb8700b959e537cec3a31ed10cb424d_JaffaCakes118.apk
Size

4.1MB
MD5

6cb8700b959e537cec3a31ed10cb424d
SHA1

577416a6cd68439cb1ab233a586aa473551789d5
SHA256

2b073ecb7bd5bb4b6ab64ca010b08694367a5a83deb210a133c0ba48901325c0
SHA512

b54084ad0207c777942bbc41c7304a2e1dc69f5f62baa1da8fdbe86f5d6e2aa238e645fe8b5599f28ae08b16353867d2da1ff42e3fe90fea533018fdc6730585
SSDEEP

98304:Kh+PY6PxT1v5EJbqq7GUzZfAnpR7aU4lqJRMn5fgrsh2D:AqY6PxThuJbTCKZf4pR7aFqPe5orshQ

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yidian.health

description ioc process

File opened for read /proc/cpuinfo com.yidian.health
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yidian.health

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yidian.health
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yidian.health

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yidian.health
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yidian.health

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yidian.health
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

17 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.yidian.health

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yidian.health

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yidian.health

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yidian.health

flow	ioc
17	alog.umeng.com

com.yidian.health
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4339

logcat -v time -r1024 -n5 -f /storage/emulated/0/.health/logs/log.txt *:D
2⤵
PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yidian.health/databases/hipu.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yidian.health/databases/hipu.db-journal
Filesize
512B

MD5
eced1fd272f79cb4210d74d5012fb820

SHA1
5dcaaff69a824a264c372020c04201f8f3675cd4

SHA256
2862d6b9ad425d7a1e9dce2ebda355fa23328989183dd8688021f4f28ef73505

SHA512
ad1e5e82b02184a5a9eb727d6bc88d2a367c6e34ece25ae94198e2d371cccf7ef373a4d1fe8e67086946f094b8b8eeadcec4220979020eb6c971392abd818b77

Download Submit
/data/data/com.yidian.health/databases/hipu.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yidian.health/databases/hipu.db-wal
Filesize
152KB

MD5
5981ab53ddb43ca8750610e8e58b148e

SHA1
ea0cbe0f514e2d62f6cbed925a95645e92fac8a3

SHA256
e9220071fc53e4e1f9967afd1395ec4472ea399dba8d405927ba6128ccaf1da6

SHA512
a951c3f16b7b4da953621a6fd92403ac66ab0212ab2426d03e0ca8810b077f7abebb3c8ac4ddd69c4f1a77adbb60e18f2ce5de92798a91559e7507cd4e873061

Download Submit
/data/data/com.yidian.health/files/.imprint
Filesize
1KB

MD5
642cff82c35da534a59d7c39a5226aff

SHA1
cf3d319112310eb33d3ddc3ae82fc7074cb833cf

SHA256
74a07e24f0cdca7ed9cb820ba6520f882523da36cec58303f33271a0f6c7c521

SHA512
f25a39c1ab8cf860de62d0ed12a3d96a5b11aa276478c27add9073f89656fe17dbfc3dc51cd901e2a689814ae51049ba4bd0158c8d248aade29ed23390699ce4

Download Submit
/data/data/com.yidian.health/files/report.log-1716508937310
Filesize
471B

MD5
3468282bf773bd26c08bc6f2fd5240be

SHA1
02255b32d97eec9e4af52d6e92e048c41d172755

SHA256
923ed5db078f22886194e9de1bc3b30dff7f33ffd5a8869b1e10c72c6fb689dd

SHA512
39bd6ecfc93cfdbaed19d3c6442db8761fc96412df7fc540e5537898a87b6981df15d04df1ecb39634ef290c5a5c9cbbf0e1c45435c3dfcf13c61a0bcb5bb8db

Download Submit
/data/data/com.yidian.health/files/report.log-1716508937318
Filesize
1KB

MD5
65677662e3574769debc1df24e3e9698

SHA1
67e601b56bedb41ac569a403b2fc3dc65c7ff0b2

SHA256
da042984b8b0bdd0d890876c0ab9fe50bf662ed8d515841551f28d5cc0d0835e

SHA512
30f1887aa84a862a3b0d1cbd626225ae975b69b944dfab37eaa921d3855d72c4f4cd91c30621114cd4ba3d8465e50fcfcb28b3b748c5c74275c2243320c50d9d

Download Submit
/data/data/com.yidian.health/files/umeng_it.cache
Filesize
158B

MD5
e1ab6ec10281e23a378de51949e9d267

SHA1
331f05731cdea62da19b1fc2d0dbbd7d116b42ce

SHA256
8e29cf79ab826d9e9c3f67bd1b965897ed65ef0b75432bb8e0e505740f273e79

SHA512
a8c1f926000460b440f49c7a32874f873ef5b6f9930354e731d3135fde2f8a3728ffdcdf6d4b95541cf6a67f572b036df5a3d5240110ce46235176d43f726483

Download Submit
/data/data/com.yidian.health/files/umeng_it.cache
Filesize
310B

MD5
bf12500f7001f3597595ff40a899b32d

SHA1
e6ef9e2e10f45c64d16e27a1fd3b7d08d8d2faae

SHA256
f3675e18de40b312f2521a877004128e42c91f00002971313ccae80a7cdeb69a

SHA512
8bdd06410c5d8530965ff3b805d59bf3d552f86e922ef9156b9d2d520dbcadd35364cb0d06b406b219a42bdcb26cf971913812a00d6c569b894433e5bcaf4207

Download Submit
/storage/emulated/0/.health/logs/log.txt
Filesize
23KB

MD5
b3fdd705f51f9a203f41b9f69aad367a

SHA1
3325e67fe340a789e7b1b4c4debac58f04a68371

SHA256
95cffc6a37849cded2ab691b3894dfcfa077c3f73422aa68410caa26f1b53787

SHA512
6cbd484a06732fb2ddf0129b750043c9c12f004462e57f005d7e01c2cc0a6618dbf16ed133b1a4c11e5cb099f7d41fab18e8b4cc8c5a0d870182916d417ea698

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads