Analysis
-
max time kernel
65s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 00:02
Static task
static1
Behavioral task
behavioral1
Sample
6cb8700b959e537cec3a31ed10cb424d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6cb8700b959e537cec3a31ed10cb424d_JaffaCakes118.apk
-
Size
4.1MB
-
MD5
6cb8700b959e537cec3a31ed10cb424d
-
SHA1
577416a6cd68439cb1ab233a586aa473551789d5
-
SHA256
2b073ecb7bd5bb4b6ab64ca010b08694367a5a83deb210a133c0ba48901325c0
-
SHA512
b54084ad0207c777942bbc41c7304a2e1dc69f5f62baa1da8fdbe86f5d6e2aa238e645fe8b5599f28ae08b16353867d2da1ff42e3fe90fea533018fdc6730585
-
SSDEEP
98304:Kh+PY6PxT1v5EJbqq7GUzZfAnpR7aU4lqJRMn5fgrsh2D:AqY6PxThuJbTCKZf4pR7aFqPe5orshQ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yidian.healthdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yidian.health -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yidian.healthdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yidian.health -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yidian.healthdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yidian.health -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 17 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
Processes
-
com.yidian.health1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
logcat -v time -r1024 -n5 -f /storage/emulated/0/.health/logs/log.txt *:D2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yidian.health/databases/hipu.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yidian.health/databases/hipu.db-journalFilesize
512B
MD5eced1fd272f79cb4210d74d5012fb820
SHA15dcaaff69a824a264c372020c04201f8f3675cd4
SHA2562862d6b9ad425d7a1e9dce2ebda355fa23328989183dd8688021f4f28ef73505
SHA512ad1e5e82b02184a5a9eb727d6bc88d2a367c6e34ece25ae94198e2d371cccf7ef373a4d1fe8e67086946f094b8b8eeadcec4220979020eb6c971392abd818b77
-
/data/data/com.yidian.health/databases/hipu.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yidian.health/databases/hipu.db-walFilesize
152KB
MD55981ab53ddb43ca8750610e8e58b148e
SHA1ea0cbe0f514e2d62f6cbed925a95645e92fac8a3
SHA256e9220071fc53e4e1f9967afd1395ec4472ea399dba8d405927ba6128ccaf1da6
SHA512a951c3f16b7b4da953621a6fd92403ac66ab0212ab2426d03e0ca8810b077f7abebb3c8ac4ddd69c4f1a77adbb60e18f2ce5de92798a91559e7507cd4e873061
-
/data/data/com.yidian.health/files/.imprintFilesize
1KB
MD5642cff82c35da534a59d7c39a5226aff
SHA1cf3d319112310eb33d3ddc3ae82fc7074cb833cf
SHA25674a07e24f0cdca7ed9cb820ba6520f882523da36cec58303f33271a0f6c7c521
SHA512f25a39c1ab8cf860de62d0ed12a3d96a5b11aa276478c27add9073f89656fe17dbfc3dc51cd901e2a689814ae51049ba4bd0158c8d248aade29ed23390699ce4
-
/data/data/com.yidian.health/files/report.log-1716508937310Filesize
471B
MD53468282bf773bd26c08bc6f2fd5240be
SHA102255b32d97eec9e4af52d6e92e048c41d172755
SHA256923ed5db078f22886194e9de1bc3b30dff7f33ffd5a8869b1e10c72c6fb689dd
SHA51239bd6ecfc93cfdbaed19d3c6442db8761fc96412df7fc540e5537898a87b6981df15d04df1ecb39634ef290c5a5c9cbbf0e1c45435c3dfcf13c61a0bcb5bb8db
-
/data/data/com.yidian.health/files/report.log-1716508937318Filesize
1KB
MD565677662e3574769debc1df24e3e9698
SHA167e601b56bedb41ac569a403b2fc3dc65c7ff0b2
SHA256da042984b8b0bdd0d890876c0ab9fe50bf662ed8d515841551f28d5cc0d0835e
SHA51230f1887aa84a862a3b0d1cbd626225ae975b69b944dfab37eaa921d3855d72c4f4cd91c30621114cd4ba3d8465e50fcfcb28b3b748c5c74275c2243320c50d9d
-
/data/data/com.yidian.health/files/umeng_it.cacheFilesize
158B
MD5e1ab6ec10281e23a378de51949e9d267
SHA1331f05731cdea62da19b1fc2d0dbbd7d116b42ce
SHA2568e29cf79ab826d9e9c3f67bd1b965897ed65ef0b75432bb8e0e505740f273e79
SHA512a8c1f926000460b440f49c7a32874f873ef5b6f9930354e731d3135fde2f8a3728ffdcdf6d4b95541cf6a67f572b036df5a3d5240110ce46235176d43f726483
-
/data/data/com.yidian.health/files/umeng_it.cacheFilesize
310B
MD5bf12500f7001f3597595ff40a899b32d
SHA1e6ef9e2e10f45c64d16e27a1fd3b7d08d8d2faae
SHA256f3675e18de40b312f2521a877004128e42c91f00002971313ccae80a7cdeb69a
SHA5128bdd06410c5d8530965ff3b805d59bf3d552f86e922ef9156b9d2d520dbcadd35364cb0d06b406b219a42bdcb26cf971913812a00d6c569b894433e5bcaf4207
-
/storage/emulated/0/.health/logs/log.txtFilesize
23KB
MD5b3fdd705f51f9a203f41b9f69aad367a
SHA13325e67fe340a789e7b1b4c4debac58f04a68371
SHA25695cffc6a37849cded2ab691b3894dfcfa077c3f73422aa68410caa26f1b53787
SHA5126cbd484a06732fb2ddf0129b750043c9c12f004462e57f005d7e01c2cc0a6618dbf16ed133b1a4c11e5cb099f7d41fab18e8b4cc8c5a0d870182916d417ea698