07535e5399cf0256e808b80638216ac79355c1dfa2f8cafadffe46c16ef7b29d | Triage

Analysis

max time kernel
35s
max time network
181s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
31/05/2024, 02:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

85c398de69bc50dc866f9cdb299bb6a8_JaffaCakes118.apk
Size

18.2MB
MD5

85c398de69bc50dc866f9cdb299bb6a8
SHA1

e1ea5b072f45579fb851abc1405cd8c3e151eb35
SHA256

07535e5399cf0256e808b80638216ac79355c1dfa2f8cafadffe46c16ef7b29d
SHA512

466c77fbe0c0b911c9911c02e30d9a9346adb02214dd26f71eaaab79ca1f7bd08e3f1b7ff7f6692657ae2bb27113ece95e78b079caf4c08dcd43e453186f7ebf
SSDEEP

393216:DK21PZ9YS98mN2o/NPRgMPQKAHKmRuFXulg+0M1yGMc3bHaWbfkEszyH6V/Qiu6:++KS9PXuK2KeuF+KpM1yGMcunzoyz

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/cpuinfo	com.puhuahua.www

Checks if the internet connection is available 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.puhuahua.www

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.puhuahua.www

com.puhuahua.www
1⤵
- Checks CPU information
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.puhuahua.www/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.puhuahua.www/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.puhuahua.www/databases/cc/cc.db-journal

Filesize
512B

MD5
0d1959acc93752f8ff62f3f061a66bfe

SHA1
0619c578eb69ff3acba258e1c2651f41e4b3fa5d

SHA256
33e727563fca7f4fb6b07501c786cb4198c3e049b2d85275a9707c6c8521ec9d

SHA512
31c709ead82bb6c748eba86d26df93574c0eb7f93cc6af8ef811f1001c211eb39c802714e90343d1eadc27d8b54f4ddb8f82a1f91228746c2af868e0659fff74

Download Submit
/data/data/com.puhuahua.www/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.puhuahua.www/databases/cc/cc.db-wal

Filesize
16KB

MD5
3fab06762d64d3d5983e6208e1cdca60

SHA1
fcc396c9cced861b2a2cce67ac8444a8bff59623

SHA256
5bc556c88d93e3ce811b01079f98c456afa53a3ebaa50401651e772f877a7cbf

SHA512
f68bbdaefc4d1f5668168c4158c3f94dde327b66764a3fbad9e182240d3296179d7a56f5e57d840b10064c4610444221a7ba948a791d2c1c874e25e5fa81b22e

Download Submit
/data/data/com.puhuahua.www/databases/cc/cc.db-wal

Filesize
48KB

MD5
b7e48be0de34cd04cde50327dc1b1fe1

SHA1
43b4a1ec72e4954c9f80853cb09db34db1e24498

SHA256
c6b00ad007a849418b730a4a6def29486c5a22fea653bf66dc8e73f92a464401

SHA512
fb6a457b2ea6a0bdd3afe51bfbe2cd09b63ed0442866298e721d1092e76e76538ce1c8edef4912b19936b21a3ef6454bac35ddb0ec8c4c14461aa26ea3aa46d2

Download Submit
/data/data/com.puhuahua.www/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.puhuahua.www/databases/ua.db

Filesize
32KB

MD5
70f10632546dd10adf575351e733d952

SHA1
ae9f1dfd32541ff3fb5c9327bacdeb1a384ea5f1

SHA256
fb36c0d27300cbecc4ab6f8e1f48388de09003715277b18f47f1130977977ed7

SHA512
e5aadcd1731943f3d80ae7ef4022042140cf2cb40c90e90ae87b8c3c4c18c55ce8173c665b14fe86a13c66b4908fbeaaa884192ce4d26df5968000a3cbea8d8b

Download Submit
/data/data/com.puhuahua.www/databases/ua.db-journal

Filesize
512B

MD5
47d30f06ce69cf9b11d04b015ebc6834

SHA1
06410edafd3617d77e923c9274da89ac74163215

SHA256
a54fdc4bbbeb0493da5a2c6304c3baac18547a785aec2eb0127cd483036aed0e

SHA512
e0d53d39257c96b61de158aa11a24828a14c92988d020c2d97c7949e34e9955930eccd245cd942f7313656588b739e43121dc996d4157ad360e1915e7e45a33b

Download Submit
/data/data/com.puhuahua.www/databases/ua.db-wal

Filesize
8KB

MD5
44935075ff503b3e839016d17b1c04a8

SHA1
b90790bbe843b0494f788879d310d26c67538280

SHA256
01fa37591a4a712fb020eb9262e9c464539a62418d9c0ca6a6a6ded3d343ffe4

SHA512
6af81485cddb86758f91d381f57722cdf33c8082d247fcf530dba48ea1e4c43c258676c80ab548b2d3e63f3b41aa3a5e48e4d2efd7372d56299492f5a3d2e273

Download Submit
/data/data/com.puhuahua.www/databases/ua.db-wal

Filesize
56KB

MD5
50b679597b5cdf475e36d1cf32b88371

SHA1
5b685ae28c87646244908f55346a23f6c3a14bc4

SHA256
bb09f3561a71d990547b8fc60531e0e5dfe5dd733c66b9df8e432293ade4c0af

SHA512
94c9ba5d8f2e955c6e3550f2ff57498c4ccf70f027a3c36c4b7887b87ed062740fffbbb99657a489f24a40d55c08923d78490aa6b9ecb902f252fc0014c6ac98

Download Submit
/data/data/com.puhuahua.www/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
1a10209eb0d40e1670066ce39510af71

SHA1
4bb640f32546d059eca5228cfb7fee07e4b1f026

SHA256
b02edd54eb6062e43b33a6e3c4845763f93b0e321844658a73e969d452623ba9

SHA512
2db6e9433adbb66be5b842fa8861d7aa666b89a764ecba6d943917027f07153d95fc80672e38ec391cd343df7a6a1b1725abbb61773bc1baa50949913e81c0f4

Download Submit
/data/data/com.puhuahua.www/files/exid.dat

Filesize
57B

MD5
0ee401251a02a8a32025890b08bb7283

SHA1
957e4638932e7b80458c93ede45815a50db4098c

SHA256
ff8cdf2b76d68a61cc057ef86ce9b72c138063ea2a15529e25ae3f1291127e1f

SHA512
a000e673248fcf3b2502ef74b1f9fff40f213a6e1c82986a2e7299fc01ae54a32eb24bababd43f45097a3ac7657b40054ac73d49e523a4312a13c3a937c583c2

Download Submit
/data/data/com.puhuahua.www/files/umeng_it.cache

Filesize
498B

MD5
284df091281fb5eaf9461ca07d7d619c

SHA1
b384b0db5616a589a6ae72dfdea855a0da61722d

SHA256
c335332471203c5712c95b11782360293d203985408b620b5ef35761ce5e4274

SHA512
bd82735b24d9d226acdfba3978f78c2a3c322c21501930626e0677242ce33c9dda0e81fb0afdd00ff99505bec37e9ba65db3d959b8b6022fa7d85cf19bf5d75c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
43578acdcdc3d2e3693319431885123b

SHA1
d7ed7389744d365f70970d1c1acd9a4d2bdda0d6

SHA256
e8d3108536733ab08f1ecdff3768e8ad73d2af3c256e883b5e8362b40ef2e34c

SHA512
34f785fbef8531f2ccf25ff97d41dc7a6767e7b20bca5839ceeedb36dad6d55005da3e8d52d092a65b383a45680abe1930465dfcb8913c9adf78f8f7ee573b9b

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
ad60dfe358d70572323777bea0e719b8

SHA1
9c5d734289ecdcf2296643d5bc4fb94f27b1002f

SHA256
de5996e43ec0d14ab8a1a1d47146cf172dfd39f3fc40681d05fc89a91f1a0fa6

SHA512
4aaeeb2191616e6ed026461acf11f5f512bc26476ac1f02cf0424533049909c02cb49b68168bfdc83feee0dd0bf373707e015ff87c5e1af64ad84a7c3d37a4ab

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
f350a855a7c1710c089329dc2558a72c

SHA1
debff8241d640e95a11eb5c933548c580a8aa4d5

SHA256
020c4bd995455d0f33a13f49a5bbfad2c15a815154bb9570d04838753c20a1b6

SHA512
9bde86497aaee2e8d017c67c336594d8d741d028836f647acc4317b6574d4d687990dbdfddab5e907099327b963a011f36ebec6b178095689bdb69ea5fc96d78

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
39cb788662194ddc19977ac1da927f18

SHA1
2336f278e0b3e2985c46b5f849918f73ce4d7d4d

SHA256
f4362f85e2a606f539cce46830d2ecb6e0db2f0a8d5fc952fcea7071f96f08b0

SHA512
b162c231c7465fa97f83029bcb7cbd334c306d07595580e6ef7e5c919baf2c8c279ed6aef71c73aa369182896f491d2a02ee34b1e3ace766c7eba4519be514e7

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit