Analysis

  • max time kernel
    7s
  • max time network
    164s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    01-06-2024 05:47

General

  • Target

    8985e529f9e151f91e0f372a76d66cb3_JaffaCakes118.apk

  • Size

    11.4MB

  • MD5

    8985e529f9e151f91e0f372a76d66cb3

  • SHA1

    f370722244c51a3b12c5a731e60a652564ef6432

  • SHA256

    5cedbc7d2cdd098c611faa8818d980ec0054076e9eff1e6c21a69a076c8d28b9

  • SHA512

    1da3ad771ff126866d324ffc65451b5fc0ed71738d80ddb85e4ee0e6d4f65e8c21055f975b2b7841b3bf99eeeb283c5b7ecc72cc156fe527cbf8c8fcc77612de

  • SSDEEP

    196608:zyvCidttcLd8aIDhJR9Z8iQm87Ou+XT1sdLb7Uiq:SCidttm8bJoH7OJCxc

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.greenline.palm.wuhanxiehehospital
    1⤵
    • Requests cell location
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4256

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/CMRequire.dat

    Filesize

    1KB

    MD5

    25e57636aee83606d202f04f26c2913b

    SHA1

    1ef0ade456ba38aa31584d0fbce647d0ba74b399

    SHA256

    89c56da41f0046c9e733fed330d2636d623510c217f72c2d025df3343dc66783

    SHA512

    3a8d294b8be98abe4d18116cbf7c16d44a541d1d20dd4dfbbbf3bbd8cb7997abcbaf51790bbc1978135d888c4e89868a9a2575d9cfed65a331969de77ba07326

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/VerDatset.dat

    Filesize

    172B

    MD5

    caaa975d7bf4952bd5dd695ade33f1da

    SHA1

    119373fbb2db036712df72ec9b26c0c2840dfbb1

    SHA256

    d0f94264a6b5c355dbf5c0516202c732bcae471a2401542b2ca43307727a0d02

    SHA512

    db2acdecd236eab67cb67151032f53e51c9c04e754f3c21d74e05cacb1ea5edecbbccbd66ee760624b9cac97b8dd77f568324e8abc2b9c16aa73131db81c8b06

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/__local_stat_cache.json

    Filesize

    25B

    MD5

    2d805b13f2f28dc3ca9bbcc000f49bb5

    SHA1

    9eac165b4d81258fd3967cde5cc53b53b1dabcb1

    SHA256

    c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

    SHA512

    5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/DVDirectory.cfg

    Filesize

    69KB

    MD5

    4387420494429045bbddc8dbc8036a57

    SHA1

    d00c920c88acbd73b1b09c4e36f947fb1cbc43b0

    SHA256

    c0def80bdd08026af800c61c476cabc9f1cda4d754e5e7a30d8dcd6ff0ac44ad

    SHA512

    200d360e00ae1d6f95f6fb57b217da7618a0c60abb8e17e5d2d2a5bd19434ce7ab001dd195f57bfb7c9f63a1802fb1e4e9c20f94773a772474c63485086b7ab9

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/DVHotcity.cfg

    Filesize

    1KB

    MD5

    64f064a4742aa3a40f537edde8d6b3d9

    SHA1

    f84045d96e72582238d8b35e6d508ea9129ae348

    SHA256

    905d87c66b14980402afdc2736b80d8fe108246e44f76e573291a852bd105a63

    SHA512

    5f0df60c3bece73b319b4e7c057ee8a218b0b7a9f710bf9725845fa621a4f8a53bda2d55c962e940f01ae6a81cd76af55116be55c7f196ac2dc09e86ae5e73dc

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/DVVersion.cfg

    Filesize

    93B

    MD5

    fb6694479700218b7eeb8e595dec6b83

    SHA1

    5ea06f1b529de035fcd8e4180c58f84c9d4eb49f

    SHA256

    ee862c09ac9d43be689d03a6bd29005dda386de845690f7cd369ab8ceb723514

    SHA512

    630c010a78772a3449ba0667121c743e1994f09be3b75a668e50d7340423414efb11528072efa1d630e2581ee45c49f03ddbea5d2af6ae68dfc1ee95b3ded652

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/ResPack.rs

    Filesize

    448KB

    MD5

    fc611808bd9b0edd8348d92490481ef1

    SHA1

    602fece48f0aac9835443bbe83c19ffc91fccdcb

    SHA256

    92dd9ef7734a6b9b68cbaac963d52dba9bb1a12ead615f860177577d89a40130

    SHA512

    309a1b878cf62e232e8d15bdd6ed0e7cc0f3122e6f70851a8b93016a31b4d40e99413afcd07aa6301b85c44689b88f33302f3ecc7ba7d4efddbad0b3c4a7c8ba

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/mapstyle.sty

    Filesize

    99KB

    MD5

    042f8bb92192b33fe881cf680db79d5f

    SHA1

    17b1ab10e0ffa30f3534d3f0a0240a631222ba54

    SHA256

    6f4205cb972c0c49c9480951e4d2decde58df5c7555be18b274507dbb25dfc1b

    SHA512

    4cc20908f12ec0b41fd1ea1b6e0f0ffb3fa003ab6f574a6b40f3a6ae2a7db07313ab57a9714d9891f3b798046a47e6bdc0da9ce1f4f91b7a966ed96e9b7d885f

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/satellitestyle.sty

    Filesize

    107KB

    MD5

    24b50fe4886b6d6f4011464e9a6238fd

    SHA1

    68b5c9b9345870b4f4d1b6a09258840ecc82382b

    SHA256

    c7eba9052ab1dc3c1d70541270688d63a7cfdd6cca9b0b5d62f5872413974dd5

    SHA512

    96217a781d8d23c298372ff7d005bad7e4d9528ea607bb28148f7b249be028ed0b5f0c1456aca0d78ce06335ba252790ada81135810bd5861bb74e25499aabb8

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/h/trafficstyle.sty

    Filesize

    3KB

    MD5

    1e4b535871c4feb2010b614713def5c7

    SHA1

    4c5dc67838d12b795b6882c6dbbcc6767e42184f

    SHA256

    efa3ec85127a21a8c8a74640acc5fe1d992952964d4f257682f832f63c2ad3fc

    SHA512

    0c5443dbfdafab2e6cb7740587f48ca9a2c971b93afafcebccd17691edaa7c7fb75dfd1b6c939dd591a5aa65977f55e64b6c3690ab0a660432269fc43bf3133c

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/DVDirectory.cfg

    Filesize

    69KB

    MD5

    200b74c3ebb374f1e2ca0c2d77418cba

    SHA1

    23e52a22fcbb020f4613811bde49f145657657fa

    SHA256

    8c0ad1afee4e26ed64ef30d34e612edf1e9a3ac0e78e426dab3ffbb803bf7f1b

    SHA512

    d30e07942404993b6fce92e411208e6c971712bb2efde6c0817c6e4f46dfd53bcfe2de7ffd374bba7350ee83d0a4ebacca0f1ce27480c2ba6649ef9d66f8874e

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/DVHotcity.cfg

    Filesize

    1KB

    MD5

    f389dd3b20a99988cafb81fa9833d51d

    SHA1

    601208ba2cf437be2490ce14ed3cf4cc3943a7c8

    SHA256

    dabd641f5931761bc3f202daf16e560c023b86314123fbda7bfe9428debc8db4

    SHA512

    0fc49984da0a3a681ce08a91ef1e849c122ba9f34dff29b1c3f952eb82ca90f3b6c6f4d0f47e537cd17c00b5c2f89eea411f7a2f3f9b2d674e205b95cd438292

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/DVVersion.cfg

    Filesize

    93B

    MD5

    901e9e58cb056bc895fee4f19173ae4e

    SHA1

    d5ca46f40f8b5e833a8491d8d2fdebcd91e33d4d

    SHA256

    cc73778e36a6677cd6de7ccfb5c605dfe532acebd039843d82ef3be295b73567

    SHA512

    5891cdaff2de481f98b0247748c036447bf73b0f1b1186e6cf2b05d27f39826da496d87cac93feef142f3c47bd6f37753116b18194f49064b3fc9dd6fd3ecab4

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/ResPack.rs

    Filesize

    372KB

    MD5

    8d183d412478e62d2ec90152beeb3a0b

    SHA1

    55fbb0b0808fa25deafc3de9fd26dcad5f5ec278

    SHA256

    9d26787a9fcc52d18ef6fb98b6bc4853107258ad235351116ec8ae7ee908185e

    SHA512

    9e71ebb78bd03da1a11d97ff98a3c64c1d1ddc4e1009b1ad847168f31c44eb9b4dfa1dc62cf2b020db8a10b6f1037560671ad3c07e218b0a910b98648078e074

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/mapstyle.sty

    Filesize

    98KB

    MD5

    affb6ab297e0a28c70e290bc7b0f79fe

    SHA1

    994cfa22aeebba487dd7fa4ff81fcec17d011801

    SHA256

    6e0e16c5ee516f49c30e9db4d470d57c964dfc38516f3b7ae459ceb4411a076f

    SHA512

    b94d1c81b7419dc75a158f0ba67f129885fd60438f8b31f97d5ae2a20d8069f5d60a3e5de9090493e503b41c78a981b38433b8d7c99ffdbe0a0313a79b4be2a2

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/satellitestyle.sty

    Filesize

    107KB

    MD5

    9f7410e1680f5b7cc5ee5b306e1679f8

    SHA1

    28a8c4bf92e9347b536eee59b314dd4bdf27644e

    SHA256

    110694528641874bc9b9dae26d83e701b36e18996fb91b4d249a08931942e73f

    SHA512

    297ceefc94b84092dc7c039c2cba110dc97fadbaac5fa6f2d73cc5ee1ab557813b5cea43574a84478d443097890df3ed85ead0e90851d24cd47c81b2aa022fa1

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/cfg/l/trafficstyle.sty

    Filesize

    3KB

    MD5

    ea1255472c3feae81239f87996544ac9

    SHA1

    9527474aeb5833e4e268aa55cb233f8193624bb7

    SHA256

    030529b5a75b50d5b4cbffb5c170f6ec5a9a00695dcdcc8c9918909eb5ee4671

    SHA512

    e8658bb8b37931b349dfc9e911fc6f483dd08d659ac917526ed05cc70271b97c13def353ad841436696c71a2f8794cac5d8035b0064d99d590c9b4f2db2b6c67

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/channel

    Filesize

    5B

    MD5

    bfe279945c6109d067bcd295b5189d86

    SHA1

    9969230fa9c65716f6f82a97c9ba7c7007609014

    SHA256

    a89151ba4b5ac0f22e96b71b963db927791d3808f5175f06ae4a60de5891bf0f

    SHA512

    c843adbb98d263d02ce3f9d3d9c684b9cfd8e61e8b155d8349317f122fa9089119e8eeced1a0f0f134db68a0b88ce095273acb863c86c1be6f9b8e4682eb00e9

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/imei.dat

    Filesize

    15B

    MD5

    748d9beeaa1899252a7365b780b95fb0

    SHA1

    2158cbe9044f2b138df0094615afe6616e526c9d

    SHA256

    59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8

    SHA512

    cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/imei.dat

    Filesize

    11B

    MD5

    e6698d96e4ef34bb8d40a30fcc643095

    SHA1

    da6307ae48ada70eaf21c4de479f91fa9ec5c35a

    SHA256

    abd9e83f9d20f1368946bbd0b7455bcf2e4912637a0fc6e9d76ae774428d7cbe

    SHA512

    47251138780a2922c74fa34047aecf636559f4250b19f606c623865466d2c99f3369ced8d1031ab53cbff0b1dcd328dea49aa2e8d57e2250983aa3fcbd175b5f

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/userData

    Filesize

    103B

    MD5

    76dc8f957c6989ea13a9f0fd458f4caf

    SHA1

    075e05fadbb2f06f5980f8a9e20ef2948e342cd6

    SHA256

    76b6aab8d063854dea5ca765d241901c9954942aa337452a0fe30e81d4543f7a

    SHA512

    388ddb2e61d9c496975edb73197a2fb0baa4550e844012413b3245d9935075486e257fdf3d1d08dff5267f85cd3555220d76a09c2d905219c5c03c6cbd4c373e

  • /data/data/com.greenline.palm.wuhanxiehehospital/files/ver.dat

    Filesize

    6B

    MD5

    76fabae8a08fe8991ef3b5f87490cf25

    SHA1

    e948d7ac877bf74a400a10511ad0da7b2f30b086

    SHA256

    7a4bdaa71c635e520749e1fef25711aaee6965f9efc30d5acdf39618705acd9b

    SHA512

    c9e9f8ff1dc2bf7ddfcde30b27c6bf63a64f22b580cf304671b1c2378f25223a77a45e3730f57133a3c7e3e774216cdbca23f304c148d747afb21f9aff16595b

  • /storage/emulated/0/baidu/.cuid

    Filesize

    89B

    MD5

    819b386d200561b12299d2195f9b2e73

    SHA1

    2146c7c565e2372fc7c2feb7552e77f8dfdbb6be

    SHA256

    2f0abd4b7ae99f6dec4dcdc49aa1f38136f19e13a67aa18b0b385fa310b7537b

    SHA512

    18c0f9430f826ccdef5fbba1214f0a1dd59dc6fe10c2c0014ca1f8b0354188759315d6de5e33c0b46a4c936fcc23b8bb486d4b937f281ed19be60b34f6ae802a