1e8067ef7f6fce35184e7898724222374567f0f468edcff1d25e7636e0fb2528

Analysis

max time kernel
166s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d04af25e1e9b7336d2e57afbd62b999_JaffaCakes118.apk
Size

15.2MB
MD5

6d04af25e1e9b7336d2e57afbd62b999
SHA1

37750e7a23b0fe3c3e876c1898c456d6b525da3f
SHA256

1e8067ef7f6fce35184e7898724222374567f0f468edcff1d25e7636e0fb2528
SHA512

1091b69b459446691b74979eeebf3118685296097b214989a05d6edca7c390019a241c63cd9563aeb69f9f2f20986acbb8f4385f7a02ca9d12938ab84a510042
SSDEEP

393216:AS4kiviQJ95v4e751utE02uck8x3q1Nm/g4E6C:9/Qb75eETuc3x61A/gx

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 1 TTPs 3 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

com.dajie.business:remotecom.dajie.business

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.dajie.business:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dajie.business
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dajie.business:remote

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.dajie.business

description ioc process

File opened for read /proc/cpuinfo com.dajie.business

description	ioc	process
File opened for read	/proc/cpuinfo	com.dajie.business

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.dajie.businesscom.dajie.business:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dajie.business
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dajie.business:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.dajie.businesscom.dajie.business:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dajie.business
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dajie.business:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.dajie.businesscom.dajie.business:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dajie.business
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dajie.business:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.dajie.business:remotecom.dajie.business

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.dajie.business:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.dajie.business

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.dajie.businesscom.dajie.business:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dajie.business
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dajie.business:remote

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

Processes:

flow ioc

17 alog.umeng.com
69 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.dajie.business:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.dajie.business:remote

flow	ioc
17	alog.umeng.com
69	alog.umeng.com

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.dajie.business:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.dajie.businesscom.dajie.business:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dajie.business
Framework API call	javax.crypto.Cipher.doFinal	com.dajie.business:remote

com.dajie.business
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281

com.dajie.business:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4369

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dajie.business/databases/campus_offcial_app
Filesize
28KB

MD5
f4be03730c9e486eef87a64fad10dea3

SHA1
9bca4a6910595a7bd0fd1d50402b8b81cead4561

SHA256
899a844ef5b53ce9b80ea9556ed38d3eb99483109bb2a3332a64618d3c65a2df

SHA512
ffe2f04349867e7f4135fabfe8ea72cc7955a2cbbd0a20a50e20842525228dd70174ea08d1f88e153e039ba2818ca26f1bb75011a27e1a3fa0a75ee2b0cee3d0

Download Submit
/data/data/com.dajie.business/databases/campus_offcial_app-journal
Filesize
512B

MD5
f29d5e5ad74c2db84df1b3ab462688ae

SHA1
fdb434623bdad22dae5e5a014c33a58a1a94d374

SHA256
ef9d15ce27ff7cd541fb55f162c903b61f9d82841c98190be46f1060713b7206

SHA512
b32195b092a166a815b36d814ba19aa13d7ee4cd247e077b1334ad23f62c6bd9a4a4f1831f6c008839a7b9c7c26110508d3f366f1854cf9464d048c718c82f7e

Download Submit
/data/data/com.dajie.business/databases/campus_offcial_app-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.dajie.business/databases/campus_offcial_app-wal
Filesize
40KB

MD5
4480885f6f548ed5f099595dbb1e5b39

SHA1
a78d3a2f67640b0a010f4e93de9f5a0fe690ab40

SHA256
cfe8bfc05e50e1cc5556f06b195562862e31b58ce0309e7d0dfedc09b1329a90

SHA512
32ef3a75e3dbe6777ec50c61dea16c06f8e1330cf062806369148407926a02457d8420542224c6ac7dc0446ddf1e80948d1af420d1b114ae770c7aabfb77c8af

Download Submit
/data/data/com.dajie.business/databases/dajie_business
Filesize
4KB

MD5
9b35874f5471f31296c20a6084a6a304

SHA1
59d7eb1ab86e37280082d710e2fc2cf5d5afd294

SHA256
c9b76beb7a0a85ae2b6aecaca67453226dedfbf314d88baf28be3bf9d30bf76d

SHA512
9b0524eb069c475a6ef06e4370119a8084216030efc76e8ac621c728a8fa85e42a5aa9bb35c54e9db6d321913a65cea686712ae1c6a15e1864fb83a99a19c648

Download Submit
/data/data/com.dajie.business/databases/dajie_business-journal
Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/data/data/com.dajie.business/databases/dajie_business-wal
Filesize
124KB

MD5
2964fb9e3d6daac410cc90212769707e

SHA1
83a173d6788c76c74fd8ca77ba36c351ab75a087

SHA256
4c9e93a449721bbc33e335f54b82c06eee7db8247a88d349de721d3e0c71f9c9

SHA512
149b54c787521d85e2dfaf296d7f5dbf567a1fc94c2d3728b604f93ddd3e7e467cf5bdfb9b40ddd8f2bc4f876e43d50b7ca905e115ac1740564cf430759ac512

Download Submit
/data/data/com.dajie.business/files/libcuid.so
Filesize
129B

MD5
b42a7ac232b6bf3014220399868060d9

SHA1
3185f30a6eb81182eea2ad25e5173d020a3aace4

SHA256
6e07ab3b34b2815f14fb3e56c5d763f25d35264b5e8af38672c8fb8d32f48741

SHA512
afed8bcf16585c8edd3f4f60cbf62d42ea6b230ac704ff92d3da3ccb12d5410784a1e52339c1ba6b4d0cbfb01f41ef6c45b4983630e26f6677a4121563f9750e

Download Submit
/data/data/com.dajie.business/files/lldt/firll.dat
Filesize
3KB

MD5
6f04bbcd663a46bcea64745560e2bed3

SHA1
10a3bdc2a10e7032fa268770709f9ee0feab83b4

SHA256
1c5ad96ad7b236e614b04352d8ffe2b948e7234a4146a25b070dfa4b8073ef12

SHA512
7b68e88bf9abd3abf1c212905fd538bbf841d0e1e753a8eb99e4c4139919bb39cb27b8e3e2bd8aa88f3b93a79fdf4b958f3ff7d3792a7f47a68becd8cff6e13f

Download Submit
/data/data/com.dajie.business/files/mobclick_agent_cached_com.dajie.business
Filesize
208B

MD5
b6085bca126964d9b08f18c749cda6af

SHA1
22406d1cc9edebbe24b52adc62ac2ea74e0a678a

SHA256
1045c2573e4f3380c088dcf2e7d6192074f1a42c7ec6ff93227ff39b304d8b42

SHA512
2d1573282a43014ac83bf7e538fe2a0af0da0e2c49ff51b8ea10aacfd8642820ccd7e13a1046719fba74e6b2076c2ee605ec88cb202f41b0c61899224596cff5

Download Submit
/data/data/com.dajie.business/files/mobclick_agent_cached_com.dajie.business
Filesize
196B

MD5
58035f14bf0865caacdcbca04b89ab29

SHA1
102fe9ae04bd2bb43d0a2b97a465caca69ae6000

SHA256
87c4c51e4cbf891a7022b62e6bb7c6c53cd9acdb8b45f0c4e773fc204fd2dba4

SHA512
0c62de1b43d982d89ee5bf6e8df72fc0c625d07e0116d246484f6f45df140cf08ee84ccb1ade2082603689aa9fe9c2bbd34c5725e656df8e6aed369663f64f19

Download Submit
/data/data/com.dajie.business/files/ofld/ofl.config
Filesize
235B

MD5
4924d4386c45aac68e2bd336adc0aeb6

SHA1
dba02785a6901f2e174cee45c5b35e3dea0c4805

SHA256
a5db215e7c6a42fb60f1708ac2029067255e5d9ca64807be1ef88fefcb9988d7

SHA512
cc440331714e7c5ec5a69f749f009c562dda05db8d277c01dc925397f33d366964c2ea1a3935230a14cbbbee25980f4989f4c9ac2258b22a9b070cdc44ca4ff5

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db
Filesize
4KB

MD5
088b0b5fdc321e8beeae3ef2e81c2b69

SHA1
bf5bacfcb6476323495673f967a7903415f2009c

SHA256
eccb451b93b591e398f222ddd236daea9a00d8a332750a78b6d7e090ec5b4762

SHA512
bc447b7db5841575d9a20a63fa05f532439d46c6b13c86ec62e6613257d66d6ac620591626e6794f8abdfa229f8a28f0bdad465515fac8bdb51b9fdefa8bb5b1

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db-journal
Filesize
512B

MD5
2257c5349c624159ef67f1e25c27dd82

SHA1
6c3176bd93b8ec033004c5466c97e2f24c51fa8d

SHA256
c2957db6ec16d06bb065472616eb1c5708bf54418052fb7b23e343f4239df69d

SHA512
0e7a8e04ba9f59d8f7513e10b02fa71d2ea568c5c9c462b5e55d8e7785f07c1ba79cb91143a4b6599954446bf010faf207af438e4322df26a9d969d8119913ac

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db-shm
Filesize
32KB

MD5
3eac6862d80600b1ea428c1fe069ec90

SHA1
4c74f43e44dc3c65bf6b15cf9504796502826086

SHA256
9b16e3577a3cd82cc398b04a3f63b6ae70da05c360cb056f1b2f4e764558c5fa

SHA512
b9e1fa553885f6c4d021885b7bf586322e21a0945eb4e1b91978eac8b5293da2ffc6e70879fac56541a4017cada17bdc8ce382e3f4fb194b10e002bb1f73db9d

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db-wal
Filesize
48KB

MD5
dd666ecf111d56e0ef7a50c7041ef332

SHA1
aee54c93ea76e7731f08a7aca8bdbd0cd567d8c4

SHA256
0fbb4aa0f910c0b974dd9e0cabc02de9312e8498cf563b62dc69d7582b5c9b38

SHA512
e0b7abcb40882f67b7fb1fb71d21bf1de90e8e169611b63c446ba5d80509610e76fd219dafde03058e2e49b9c7cf6d07c51c84d3a13c9e0deb71ab56cd845183

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-journal
Filesize
3KB

MD5
65f677da6aceda3b0fcb46a37923a582

SHA1
de2a1b609b0bcd2acf26a21934cb70cebc5b4564

SHA256
fa5a0e7380f7f466924f16199eaff70ce91e8c866b4d6a8fa3890b783c53913f

SHA512
6b16eb6dec696379ccf2b729037e028eb9a01607e4b9df4b0a2fef91ab62f0205db39e1e886607852f76c31142c361c5150a1759c8a23386ed2013dd1314610b

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-shm
Filesize
32KB

MD5
6476d447ab61beffef93573980d56afb

SHA1
b5b39a23c565d7452a5381a95ff3571162efe05d

SHA256
99beea3ca0129670f13bd9f7fe1c1226508a3dbd8f8a8e10bad308d686fa1310

SHA512
b194dee902a627b8407f0b51456df7b89b1838af4df022580a764ea97f6e8f0c4aabb4d6ed4d52a249f00af3141124d3e32ffc686e29e5834d69b91411e0290a

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-wal
Filesize
156KB

MD5
e027af32c4e9ca53018eb251056fcf2c

SHA1
353e587e41e2a5428c45489393e61635f36031b6

SHA256
abe3e7c8d46d9ed58c2d3ef6973788a4a2c188a8545cb64b27c779f265e2de1e

SHA512
034f493f7e4e167ed59e6e9b0b3600a92190eaf3111b543fb137836dc6f9883848d3e31a14e450cc44b134d36fdc3fe95c1ec580d550804a528d7cb7114598a1

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/conlts.dat
Filesize
155B

MD5
4a6119f3858692f4891d0dd1789c4c26

SHA1
c040e1fb8f2f6916f941181f83113c2bd27ae6d0

SHA256
ba68ae29d5cf9f8ac50db246a4c7d62a5ee83963c4423a5949024862f544ca25

SHA512
8e63a42adb8c10b58c8a540d7bd12dd26a958eb8e49b387f199499a12080a65d906b1cc0194dee44d530c156d98e6cd171b9f447304738a4e4babe2dfe00062c

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/llg.dat
Filesize
498B

MD5
ae6d351ab47d82cfa527a3dc376c790c

SHA1
b37ba519492829f6ffcc43e6f06efc8eaa09f7cf

SHA256
695a811765d19323a3cb730420bae90231546fb60c6ead040c20dcc8f9c60d47

SHA512
a89106f46791cba0bb10e667c66150eab64c31013d4f5674685761ed6e20b1142da1ac8562497045130205aa4b7e3dfd765743f47b70107946fc4db9f71b4f17

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/Dajie/crashlog/crash-1716516427590.txt
Filesize
3KB

MD5
a809e5e6fd9953688882fe6e322510ec

SHA1
dfd63d8404b2860969e4e029224975fa70d96c25

SHA256
1b8aac263724442f11ed0cda5d10d35b1beb02a9485b30d8c12a1fe158f75b1b

SHA512
8007ffb17dba9270724f14940cfaf1dbff2364f95a137e3236589c362f555545163a1fd8c36881523f7f40d93b9afc3195183842c0dd2c32e86c1d04f27b6689

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid
Filesize
32KB

MD5
16ef1550e28ce260df72e0522a13d2ed

SHA1
e50cb937b331a4c02c1e09b011124174d7e3e589

SHA256
7c1f0a889819b5a4ccbb2a9ad8c702e72799af18e59f76e65edb9bc69a6fe422

SHA512
3125ab1dc385db878912f09c320c0c8c43deeb8963e4b88a425881c330886647477b0095af21db3856965efeb50d4238e975d497be00c6fd26a1cfe8ee82043f

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
c8011858445ec3d46214d440f1b69dee

SHA1
9eb6d6796f65a0249e279e7fa267818d239677ed

SHA256
db267cab254741003143b9048b9cd679517ae34d6470cbe181d57ef4710614ef

SHA512
fd01845eb95b1418d209d937742e81532671184089896a72adc4e4c59bed35c073b8462c6e00ee4e6a1e76e6a1be8ffb3d8fac1c2da50ad90650a6d3f97e5afe

Download Submit