Analysis

  • max time kernel
    54s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    30-05-2024 12:42

General

  • Target

    842f9651e8493660b2c437473711ee3d_JaffaCakes118.apk

  • Size

    11.4MB

  • MD5

    842f9651e8493660b2c437473711ee3d

  • SHA1

    8378785f82055b254f34d357a19a2426cfeb90cf

  • SHA256

    1a7456577b20a26c80c48b1d0bb77b6223a2dfb24422e80d16271e33b9072bdf

  • SHA512

    fa722a534ece7ebe6355eed5d449abcff65a321f94111d7dc4c7f6aada65aca924b48415508ed279617e8584e90a9bcba487eea4026567b26ca5f77bcdebdfe3

  • SSDEEP

    196608:wf25NWCcBjl+2Z+DdSKTmtl0ul+21r/uOdN9lGdBkpDsSjLpqni6K1wWWsz2cAo:K258510DdfT6yuY21r2YlGfeDsSfpMBo

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes

  • cn.pipi.mobile.pipiplayer.hd
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4267

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cn.pipi.mobile.pipiplayer.hd/databases/pipiplayer.db-journal

    Filesize

    512B

    MD5

    bf6c9c1e1855721c90ca17047430acf5

    SHA1

    49d72f69dbc14f802add53f955b57dd4a3d92d19

    SHA256

    c1ed7d048d3310d03bfb5409a6193225a8d33f20b8c7621b382283a29d4de16e

    SHA512

    2be9a395c491b568ce4085dfbfb5ace851db2ef5b149f74d6701ff618b069e6107b8a3848eb37c9fe721e25bb0860f6d2e0bc457075778b183cc16bf1090e5ed

  • /data/data/cn.pipi.mobile.pipiplayer.hd/databases/pipiplayer.db-wal

    Filesize

    48KB

    MD5

    07a456dcec2ff8f5feed0a32861c1128

    SHA1

    6f595546c6df48733ae982a7028230747fe86d04

    SHA256

    58385f2ef2bfbf6947cd32ec78b43025aac0e4ccd76d3dec904f63269a834423

    SHA512

    7d4e1ec2cd9fd52178c49ef76ba0cbc820cde41704073d0df271d81621b0d249a21e8532436caf82fb6939055b269e08a5bd02e9efe929a79204f63b94da68a5

  • /data/data/cn.pipi.mobile.pipiplayer.hd/databases/vlc_database

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/cn.pipi.mobile.pipiplayer.hd/databases/vlc_database-journal

    Filesize

    512B

    MD5

    dd38d5517829f4e3d445fece91995e5e

    SHA1

    7b566d800a6c7dac32a56336c94611406af13c68

    SHA256

    686b02a22df2be5533f28442d524936e7de27cb5e5ee3c13e1520902e0f042cc

    SHA512

    b59d94954f2af71ab44df9a1c4abdc14134f3c3e77d745eac65f824dedc296205baec752ef13fedb3093316292871c01861bb40495f062161dae7c9e1e5ae4c5

  • /data/data/cn.pipi.mobile.pipiplayer.hd/databases/vlc_database-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/cn.pipi.mobile.pipiplayer.hd/databases/vlc_database-wal

    Filesize

    64KB

    MD5

    10a1255949801a304aeab9fdcbf77014

    SHA1

    985d68ace1c9f96c43e855364f1c6bf77154fd9b

    SHA256

    f16932dc30a1534bfe8c118416fa02bb82569a8f8f4b9b958df4205ff8962f5b

    SHA512

    f096c94eaa93686ddd51546f4c1687046297502dfb3543262d5278f95cf1f3b0c4591eccab38696bd300e2449123c4ef8f86e5edd73a6ceb5e1a54efe4bb5262

  • /data/data/cn.pipi.mobile.pipiplayer.hd/files/.imprint

    Filesize

    846B

    MD5

    33727a00583d88ca4c6250d88ab6b0fd

    SHA1

    a8e060e91cbd5a2fe6648f19042b3dd62880414e

    SHA256

    06bb18ac906e75360401ce8041f9918f47dcf7ec9243ab3038ead911da626ed7

    SHA512

    c1f1aae0b680733d565d466bdedf327596e14e14e94fc0b7c42fc71e433dc5c393409214e0bf29c5f117c44ff06c7a10a756f643cf1798180a816069cb1074fa

  • /data/data/cn.pipi.mobile.pipiplayer.hd/files/umeng_it.cache

    Filesize

    108B

    MD5

    8ee08c6e03d0e820574c67cf120c6d37

    SHA1

    137d8fe15ca69c7cf67b34fa4097da72c7c1172d

    SHA256

    0e8d2ff1b605f56195cb12261c7b3c7b26eb4d897905f8c723e6f3669a1392f9

    SHA512

    3f2cbc91c468405e279b407222d4c25f447b822475d5645ccb3ffc66b62618263b428ef37410f7a861828aee75ca64fced9d22ddc730b643f2afbfae290d1764

  • /data/data/cn.pipi.mobile.pipiplayer.hd/files/umeng_it.cache

    Filesize

    211B

    MD5

    6c0ae8fb4c6c6aff41eb00da2e3aefaf

    SHA1

    25b79e2f11685edef3f97e038e4c0b4d1b011ee6

    SHA256

    6e5fd094f0e1837b7548ac9a4129903edc2e9416162481ff405a19f503ddb7ee

    SHA512

    d20c0213f8194d7509109214a36405301ac50b93259b4b417b6e0e093903023ce0c327af34ddc2a677fb5c980e55358814438c0a0071ed75bc44a331e9e08fa1

  • /storage/emulated/0/pipiplayerHD/ConfDir/hlib_block.db

    Filesize

    2KB

    MD5

    8d6a4ff3a7da8cba13a8c268f58f2295

    SHA1

    3c8c6e488f8bdf66a6f26dc6b7fd4290d0b2878a

    SHA256

    3c714047740343acd9011fc9d6a318e4f8413944660ad0b066727ac3b852de12

    SHA512

    96af344c233ba8fbeb1efb74bc4687267a27cbf2f766a40d27ff8b0d89578f5648c364ab35ee57f6e9da08b96195c03b6c9f2b252c28f9170688e76c236e0b98

  • /storage/emulated/0/pipiplayerHD/ConfDir/hlib_block.db-journal

    Filesize

    512B

    MD5

    ed08b2617d7d7ffb1d2568857efe5934

    SHA1

    e2efcb3f2a4ccde1d154dcd7b2c3c0bef4ae68e4

    SHA256

    99010c0c04c29ad02059db8f705533a44d25897d832e7dcdad6e053021265a45

    SHA512

    930783a49f2c8f4c932aa78eb6f1b5416bbb631b2dbc3e7ecf8a6d080cd9c49516dbf40f0fce2c1637580cc02876f770fa4fabe895b3e8bc884a3d5026e7379d

  • /storage/emulated/0/pipiplayerHD/ConfDir/hlib_index.db

    Filesize

    2KB

    MD5

    adfd282f62a688755e98b7dd69e22b13

    SHA1

    3883496f6e680b741488525a553f166f5770366b

    SHA256

    ae758e8836c496271f3531fd92496af950946fc0c225cd62b2c3632422a97578

    SHA512

    fed698f81173a22a9d3343afa638474e60100f77390660808f80e31afa7d69ac8397242d2ffb7219b1d1f7a9b8e98a29fd209674a4f7794bf97ef472c1a7c76d

  • /storage/emulated/0/pipiplayerHD/ConfDir/hlib_index.db-journal

    Filesize

    512B

    MD5

    6021ae8237f687a1d62eecb3da5f3daf

    SHA1

    6ce240c93aebce684b23d450ef992f1ff0f8cd91

    SHA256

    85935220aa0eca66d97a5a361d96c4729bc9a213d096ede8f027578d635702b7

    SHA512

    b628af21eae159edcbe83fd85529718f37c560f9762a4403d5d09e8efe436cc69cf6e2dd0a8cbe4665368af350ead269c7b8d985f8ad97560371bf35bd59f7c0

  • /storage/emulated/0/pipiplayerHD/ConfDir/hlib_pcrc.db

    Filesize

    2KB

    MD5

    dbccf5f5a66d47f685ed6f82a1d9c1eb

    SHA1

    a688f3b052015cf842e8d7161f6f40e061a9914a

    SHA256

    0dc2214d632c8296f7b3ddbf9c1bac094818acb3e28b73186b22769d40f9c79f

    SHA512

    3a88fea451326aa0568a567ff4d00669a6e271e98637b75a8f82b43bea527593472f69024a0405532b69a53db5c0eccaaa5d9b9d55e3868b370b06d55e6e3406

  • /storage/emulated/0/pipiplayerHD/ConfDir/hlib_pcrc.db-journal

    Filesize

    512B

    MD5

    6c60d34c429a63161c3a5c988d5a6d1f

    SHA1

    6eaf4637848b3ff92655cb4ec1c94b1647da38f5

    SHA256

    db62adceebcdc92339ca881855f3da42e7e4b03a9c07c0085b6e1747148f1179

    SHA512

    e277f59854980b1e7f1570e37872660d3e62e88bb66b8cb7f7a0d8eb49b99041453523cd35c339d0e4a1f0040e91da1efff82d3885e434305d1b3bc888d30b49

  • /storage/emulated/0/pipiplayerHD/ConfDir/profile.cfg.new

    Filesize

    32B

    MD5

    7da548f1bb83f41f506006ac24639eca

    SHA1

    ab38471e28af317f82f6f319cd963e6a3c7f3e72

    SHA256

    faa966ecf849a4c8aed7113e4a17e007174a33daa86560109040b084a72b0233

    SHA512

    5d3f1e5191cf75cf6aedd6e9481828a4013e3b046d6bae920ae743c59961e5b2f59d2d8227b9c4b58e14df96c0a7dd2be9380782c7de2cffaab05561468d96ec