Analysis
-
max time kernel
166s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 02:04
Static task
static1
Behavioral task
behavioral1
Sample
6d04af25e1e9b7336d2e57afbd62b999_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6d04af25e1e9b7336d2e57afbd62b999_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
LibMemoryLeakMonitor.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
LibMemoryLeakMonitor.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
LibMemoryLeakMonitor.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6d04af25e1e9b7336d2e57afbd62b999_JaffaCakes118.apk
-
Size
15.2MB
-
MD5
6d04af25e1e9b7336d2e57afbd62b999
-
SHA1
37750e7a23b0fe3c3e876c1898c456d6b525da3f
-
SHA256
1e8067ef7f6fce35184e7898724222374567f0f468edcff1d25e7636e0fb2528
-
SHA512
1091b69b459446691b74979eeebf3118685296097b214989a05d6edca7c390019a241c63cd9563aeb69f9f2f20986acbb8f4385f7a02ca9d12938ab84a510042
-
SSDEEP
393216:AS4kiviQJ95v4e751utE02uck8x3q1Nm/g4E6C:9/Qb75eETuc3x61A/gx
Malware Config
Signatures
-
Requests cell location 1 TTPs 3 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.dajie.business:remotecom.dajie.businessdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.dajie.business:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dajie.business Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dajie.business:remote -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.dajie.businesscom.dajie.business:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dajie.business Framework service call android.app.IActivityManager.getRunningAppProcesses com.dajie.business:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.dajie.businesscom.dajie.business:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dajie.business Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dajie.business:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.dajie.businesscom.dajie.business:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.dajie.business Framework service call android.net.wifi.IWifiManager.getScanResults com.dajie.business:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.dajie.business:remotecom.dajie.businessdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.dajie.business:remote Framework service call android.app.IActivityManager.registerReceiver com.dajie.business -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.dajie.businesscom.dajie.business:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dajie.business Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dajie.business:remote -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
Processes:
flow ioc 17 alog.umeng.com 69 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.dajie.business:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.dajie.business:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.dajie.businesscom.dajie.business:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.dajie.business Framework API call javax.crypto.Cipher.doFinal com.dajie.business:remote
Processes
-
com.dajie.business1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.dajie.business:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.dajie.business/databases/campus_offcial_appFilesize
28KB
MD5f4be03730c9e486eef87a64fad10dea3
SHA19bca4a6910595a7bd0fd1d50402b8b81cead4561
SHA256899a844ef5b53ce9b80ea9556ed38d3eb99483109bb2a3332a64618d3c65a2df
SHA512ffe2f04349867e7f4135fabfe8ea72cc7955a2cbbd0a20a50e20842525228dd70174ea08d1f88e153e039ba2818ca26f1bb75011a27e1a3fa0a75ee2b0cee3d0
-
/data/data/com.dajie.business/databases/campus_offcial_app-journalFilesize
512B
MD5f29d5e5ad74c2db84df1b3ab462688ae
SHA1fdb434623bdad22dae5e5a014c33a58a1a94d374
SHA256ef9d15ce27ff7cd541fb55f162c903b61f9d82841c98190be46f1060713b7206
SHA512b32195b092a166a815b36d814ba19aa13d7ee4cd247e077b1334ad23f62c6bd9a4a4f1831f6c008839a7b9c7c26110508d3f366f1854cf9464d048c718c82f7e
-
/data/data/com.dajie.business/databases/campus_offcial_app-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.dajie.business/databases/campus_offcial_app-walFilesize
40KB
MD54480885f6f548ed5f099595dbb1e5b39
SHA1a78d3a2f67640b0a010f4e93de9f5a0fe690ab40
SHA256cfe8bfc05e50e1cc5556f06b195562862e31b58ce0309e7d0dfedc09b1329a90
SHA51232ef3a75e3dbe6777ec50c61dea16c06f8e1330cf062806369148407926a02457d8420542224c6ac7dc0446ddf1e80948d1af420d1b114ae770c7aabfb77c8af
-
/data/data/com.dajie.business/databases/dajie_businessFilesize
4KB
MD59b35874f5471f31296c20a6084a6a304
SHA159d7eb1ab86e37280082d710e2fc2cf5d5afd294
SHA256c9b76beb7a0a85ae2b6aecaca67453226dedfbf314d88baf28be3bf9d30bf76d
SHA5129b0524eb069c475a6ef06e4370119a8084216030efc76e8ac621c728a8fa85e42a5aa9bb35c54e9db6d321913a65cea686712ae1c6a15e1864fb83a99a19c648
-
/data/data/com.dajie.business/databases/dajie_business-journalFilesize
28KB
MD50d3e99204c6401ea499fe9e6d9855497
SHA109829f00ca458eab7374d5079393a2cd69a2348a
SHA25663ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA5128d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68
-
/data/data/com.dajie.business/databases/dajie_business-walFilesize
124KB
MD52964fb9e3d6daac410cc90212769707e
SHA183a173d6788c76c74fd8ca77ba36c351ab75a087
SHA2564c9e93a449721bbc33e335f54b82c06eee7db8247a88d349de721d3e0c71f9c9
SHA512149b54c787521d85e2dfaf296d7f5dbf567a1fc94c2d3728b604f93ddd3e7e467cf5bdfb9b40ddd8f2bc4f876e43d50b7ca905e115ac1740564cf430759ac512
-
/data/data/com.dajie.business/files/libcuid.soFilesize
129B
MD5b42a7ac232b6bf3014220399868060d9
SHA13185f30a6eb81182eea2ad25e5173d020a3aace4
SHA2566e07ab3b34b2815f14fb3e56c5d763f25d35264b5e8af38672c8fb8d32f48741
SHA512afed8bcf16585c8edd3f4f60cbf62d42ea6b230ac704ff92d3da3ccb12d5410784a1e52339c1ba6b4d0cbfb01f41ef6c45b4983630e26f6677a4121563f9750e
-
/data/data/com.dajie.business/files/lldt/firll.datFilesize
3KB
MD56f04bbcd663a46bcea64745560e2bed3
SHA110a3bdc2a10e7032fa268770709f9ee0feab83b4
SHA2561c5ad96ad7b236e614b04352d8ffe2b948e7234a4146a25b070dfa4b8073ef12
SHA5127b68e88bf9abd3abf1c212905fd538bbf841d0e1e753a8eb99e4c4139919bb39cb27b8e3e2bd8aa88f3b93a79fdf4b958f3ff7d3792a7f47a68becd8cff6e13f
-
/data/data/com.dajie.business/files/mobclick_agent_cached_com.dajie.businessFilesize
208B
MD5b6085bca126964d9b08f18c749cda6af
SHA122406d1cc9edebbe24b52adc62ac2ea74e0a678a
SHA2561045c2573e4f3380c088dcf2e7d6192074f1a42c7ec6ff93227ff39b304d8b42
SHA5122d1573282a43014ac83bf7e538fe2a0af0da0e2c49ff51b8ea10aacfd8642820ccd7e13a1046719fba74e6b2076c2ee605ec88cb202f41b0c61899224596cff5
-
/data/data/com.dajie.business/files/mobclick_agent_cached_com.dajie.businessFilesize
196B
MD558035f14bf0865caacdcbca04b89ab29
SHA1102fe9ae04bd2bb43d0a2b97a465caca69ae6000
SHA25687c4c51e4cbf891a7022b62e6bb7c6c53cd9acdb8b45f0c4e773fc204fd2dba4
SHA5120c62de1b43d982d89ee5bf6e8df72fc0c625d07e0116d246484f6f45df140cf08ee84ccb1ade2082603689aa9fe9c2bbd34c5725e656df8e6aed369663f64f19
-
/data/data/com.dajie.business/files/ofld/ofl.configFilesize
235B
MD54924d4386c45aac68e2bd336adc0aeb6
SHA1dba02785a6901f2e174cee45c5b35e3dea0c4805
SHA256a5db215e7c6a42fb60f1708ac2029067255e5d9ca64807be1ef88fefcb9988d7
SHA512cc440331714e7c5ec5a69f749f009c562dda05db8d277c01dc925397f33d366964c2ea1a3935230a14cbbbee25980f4989f4c9ac2258b22a9b070cdc44ca4ff5
-
/data/data/com.dajie.business/files/ofld/ofl_location.dbFilesize
4KB
MD5088b0b5fdc321e8beeae3ef2e81c2b69
SHA1bf5bacfcb6476323495673f967a7903415f2009c
SHA256eccb451b93b591e398f222ddd236daea9a00d8a332750a78b6d7e090ec5b4762
SHA512bc447b7db5841575d9a20a63fa05f532439d46c6b13c86ec62e6613257d66d6ac620591626e6794f8abdfa229f8a28f0bdad465515fac8bdb51b9fdefa8bb5b1
-
/data/data/com.dajie.business/files/ofld/ofl_location.db-journalFilesize
512B
MD52257c5349c624159ef67f1e25c27dd82
SHA16c3176bd93b8ec033004c5466c97e2f24c51fa8d
SHA256c2957db6ec16d06bb065472616eb1c5708bf54418052fb7b23e343f4239df69d
SHA5120e7a8e04ba9f59d8f7513e10b02fa71d2ea568c5c9c462b5e55d8e7785f07c1ba79cb91143a4b6599954446bf010faf207af438e4322df26a9d969d8119913ac
-
/data/data/com.dajie.business/files/ofld/ofl_location.db-shmFilesize
32KB
MD53eac6862d80600b1ea428c1fe069ec90
SHA14c74f43e44dc3c65bf6b15cf9504796502826086
SHA2569b16e3577a3cd82cc398b04a3f63b6ae70da05c360cb056f1b2f4e764558c5fa
SHA512b9e1fa553885f6c4d021885b7bf586322e21a0945eb4e1b91978eac8b5293da2ffc6e70879fac56541a4017cada17bdc8ce382e3f4fb194b10e002bb1f73db9d
-
/data/data/com.dajie.business/files/ofld/ofl_location.db-walFilesize
48KB
MD5dd666ecf111d56e0ef7a50c7041ef332
SHA1aee54c93ea76e7731f08a7aca8bdbd0cd567d8c4
SHA2560fbb4aa0f910c0b974dd9e0cabc02de9312e8498cf563b62dc69d7582b5c9b38
SHA512e0b7abcb40882f67b7fb1fb71d21bf1de90e8e169611b63c446ba5d80509610e76fd219dafde03058e2e49b9c7cf6d07c51c84d3a13c9e0deb71ab56cd845183
-
/data/data/com.dajie.business/files/ofld/ofl_statistics.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-journalFilesize
3KB
MD565f677da6aceda3b0fcb46a37923a582
SHA1de2a1b609b0bcd2acf26a21934cb70cebc5b4564
SHA256fa5a0e7380f7f466924f16199eaff70ce91e8c866b4d6a8fa3890b783c53913f
SHA5126b16eb6dec696379ccf2b729037e028eb9a01607e4b9df4b0a2fef91ab62f0205db39e1e886607852f76c31142c361c5150a1759c8a23386ed2013dd1314610b
-
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-shmFilesize
32KB
MD56476d447ab61beffef93573980d56afb
SHA1b5b39a23c565d7452a5381a95ff3571162efe05d
SHA25699beea3ca0129670f13bd9f7fe1c1226508a3dbd8f8a8e10bad308d686fa1310
SHA512b194dee902a627b8407f0b51456df7b89b1838af4df022580a764ea97f6e8f0c4aabb4d6ed4d52a249f00af3141124d3e32ffc686e29e5834d69b91411e0290a
-
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-walFilesize
156KB
MD5e027af32c4e9ca53018eb251056fcf2c
SHA1353e587e41e2a5428c45489393e61635f36031b6
SHA256abe3e7c8d46d9ed58c2d3ef6973788a4a2c188a8545cb64b27c779f265e2de1e
SHA512034f493f7e4e167ed59e6e9b0b3600a92190eaf3111b543fb137836dc6f9883848d3e31a14e450cc44b134d36fdc3fe95c1ec580d550804a528d7cb7114598a1
-
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/conlts.datFilesize
155B
MD54a6119f3858692f4891d0dd1789c4c26
SHA1c040e1fb8f2f6916f941181f83113c2bd27ae6d0
SHA256ba68ae29d5cf9f8ac50db246a4c7d62a5ee83963c4423a5949024862f544ca25
SHA5128e63a42adb8c10b58c8a540d7bd12dd26a958eb8e49b387f199499a12080a65d906b1cc0194dee44d530c156d98e6cd171b9f447304738a4e4babe2dfe00062c
-
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/llg.datFilesize
498B
MD5ae6d351ab47d82cfa527a3dc376c790c
SHA1b37ba519492829f6ffcc43e6f06efc8eaa09f7cf
SHA256695a811765d19323a3cb730420bae90231546fb60c6ead040c20dcc8f9c60d47
SHA512a89106f46791cba0bb10e667c66150eab64c31013d4f5674685761ed6e20b1142da1ac8562497045130205aa4b7e3dfd765743f47b70107946fc4db9f71b4f17
-
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/yoh.datFilesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/yoh.datFilesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
/storage/emulated/0/Dajie/crashlog/crash-1716516427590.txtFilesize
3KB
MD5a809e5e6fd9953688882fe6e322510ec
SHA1dfd63d8404b2860969e4e029224975fa70d96c25
SHA2561b8aac263724442f11ed0cda5d10d35b1beb02a9485b30d8c12a1fe158f75b1b
SHA5128007ffb17dba9270724f14940cfaf1dbff2364f95a137e3236589c362f555545163a1fd8c36881523f7f40d93b9afc3195183842c0dd2c32e86c1d04f27b6689
-
/storage/emulated/0/backups/.SystemConfig/.cuidFilesize
32KB
MD516ef1550e28ce260df72e0522a13d2ed
SHA1e50cb937b331a4c02c1e09b011124174d7e3e589
SHA2567c1f0a889819b5a4ccbb2a9ad8c702e72799af18e59f76e65edb9bc69a6fe422
SHA5123125ab1dc385db878912f09c320c0c8c43deeb8963e4b88a425881c330886647477b0095af21db3856965efeb50d4238e975d497be00c6fd26a1cfe8ee82043f
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD5c8011858445ec3d46214d440f1b69dee
SHA19eb6d6796f65a0249e279e7fa267818d239677ed
SHA256db267cab254741003143b9048b9cd679517ae34d6470cbe181d57ef4710614ef
SHA512fd01845eb95b1418d209d937742e81532671184089896a72adc4e4c59bed35c073b8462c6e00ee4e6a1e76e6a1be8ffb3d8fac1c2da50ad90650a6d3f97e5afe