Analysis

  • max time kernel
    172s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    02-06-2024 11:00

General

  • Target

    8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk

  • Size

    9.7MB

  • MD5

    8dd7c1bba6929f3a6d96d0b697748e04

  • SHA1

    528ad28047e07513fc03f702e12d05de9e6a658c

  • SHA256

    73ce0801147f8ac19242d837e7d4f2f3331429005751723c0d1d06acf209a616

  • SHA512

    1d9606e4b327116671bc85d24309595e3888c4a85d04b7f064eb12c154ec8ab7fb35b7c58497c8a82ff92a639d4e636efaddf02b418c78cb7ea6ebc53b4159be

  • SSDEEP

    196608:82tKbUYwu+bdshM+FixWHCo/1O7XX3FL+OP9J80wt1qdRITBuu:Vx3pshXMrMOgt1qdq

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.jiecao.news.jiecaonews
    1⤵
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4556
  • com.jiecao.news.jiecaonews:pushservice
    1⤵
    • Queries information about running processes on the device
    • Checks if the internet connection is available
    PID:4740

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.jiecao.news.jiecaonews/databases/db_default_job_manager

    Filesize

    20KB

    MD5

    d70cea691d8524d853f2a35de2f20a97

    SHA1

    84a87be7d34f5971444989c2a4a18dca35a9348a

    SHA256

    63395943542cf36e59cb0b050b14e7611beced009e3abf96bd5a5dba83d9a255

    SHA512

    44ca20e99cc412c705dfe346fe6e189baa03bc09086386f21b98eedfeba0cade2e9b22caf6cff4cf441df7e136ab849eac0be0d8cd37b7de565c80751ea3e916

  • /data/user/0/com.jiecao.news.jiecaonews/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    9f8175fa0d8c6a8e4a58fac240a511eb

    SHA1

    e681328fde79cbe24c02e821befddabbfb0d58f2

    SHA256

    709e5218e87b530170522bbcfaea92b8e1458129714357233d2d6f340313a6a1

    SHA512

    0a234b0d909159d83c3b56291741e1c37ed8b4ebe1af08a31aec61a91fd07ac08ead2d9056b99d143d9fe47777d9749205bc73e3a0a3e6feef34f2cefd51b187

  • /data/user/0/com.jiecao.news.jiecaonews/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    8031f042b5e945e817e0de374ec4fe5b

    SHA1

    b9affab8a562560dca7662e52c653e7287d31234

    SHA256

    eeadb785f1fbcde9bbdbedea4c8a093a573d1e8fca9634d2f643318dbac990cf

    SHA512

    6f36fca9e602e768a632b75ae0af59108bb3cefe1feec07bed37ff2aa055205007ed20662c396fc7236bc710363f42d70ebfa0b0b0329c7f8a9c5fa9a7b7f246

  • /data/user/0/com.jiecao.news.jiecaonews/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    d799e8db54aefe4aeb90152d84171d7f

    SHA1

    e4cedcea70a84b0a1922f518230e28288f54da70

    SHA256

    7cd184c01030b0eea0e013e995c67e8c6a13e52b8ac2b92c7c6e2b162f880298

    SHA512

    f5291be099bae3ea114b4f69ddc6dee0fcf8e24280fb2e72a9c9cc2105b30e0ad324862efe4a312782fa0e81f1722d929ebf90b52cafd42b80db425a78cf5f47

  • /data/user/0/com.jiecao.news.jiecaonews/databases/jiecao_news.db

    Filesize

    112KB

    MD5

    59abbc479be534ceaebd74f512bbc2c7

    SHA1

    1ca9a24dfe5b96b7e892797151c4a7822fa70650

    SHA256

    dd648944a9f5f1b39512cca1ee62c49e4d045c66c7c134ec281232d390f02513

    SHA512

    162a8f3bdb5f4475c275f75f60c573c82335f9d0a1552cc5c707291fc1da6f053cededf78c76ed34f595c1929e077738346f9b25229ede9be8c38d7b6484b9a6

  • /data/user/0/com.jiecao.news.jiecaonews/databases/jiecao_news.db-journal

    Filesize

    512B

    MD5

    943f608c0baf42bb0815b5632f02c6ab

    SHA1

    b5b200d8f4410c5a8a783be7735e89b54cf27c4c

    SHA256

    87c30a55b9c37add36c03508a9f441ae1f4bce441f8d52834decfcf7f457c94a

    SHA512

    bdc3072c8903b7e6e530686d5154c7cb363bd605dc8bc6557e9494d203fb181b03f9c03d49e4b1422871db15a4ecbfcc4f69eb48175318450a3f1c9d9b51ca25

  • /data/user/0/com.jiecao.news.jiecaonews/databases/jiecao_news.db-journal

    Filesize

    8KB

    MD5

    05458857d798911c860bfdf1be4ff02a

    SHA1

    e00ffab510982e2e10f9e79a45c31dfab35dc927

    SHA256

    03a56adf7a3a43dc02803b47a75a11966dd23ad6e07a518c8e1e5551773e65a7

    SHA512

    2d67c0d01ea20291776cc92d41407ff41350dabae75f1a434c26b46c93b413c41681b22893894dde878c2b8580068ae8215c168bc9a6651094f37fd0efa37886

  • /data/user/0/com.jiecao.news.jiecaonews/databases/jiecao_news.db-journal

    Filesize

    8KB

    MD5

    c832a29bcff97aea9e4d2db586b9027f

    SHA1

    25fc876cf5a2820b4f97b0ff77592fceed603ddd

    SHA256

    643ae17c5829991a7e8c1f3dfee4a4dcb41d5cfefe54f7e58f82e6d930844dad

    SHA512

    696c5428349700c31426f770cfa436392b367d7cc49b4adff857a09024ba6a481ea2a1576678ec9a87af002c9da3ac2cb5cd2eaf6a9d20a00892c49ecbb8cb1f

  • /data/user/0/com.jiecao.news.jiecaonews/files/.imprint

    Filesize

    827B

    MD5

    102c6a7f836b2db5e4fb353e24261073

    SHA1

    ae1b198b4495a939b7160892aae02aa937679fd8

    SHA256

    1ccdcb27f7a915fa1c4a54665bf60e7678b5ab5e161153061a8808a254a28a6f

    SHA512

    d33e126b86d5818c65898a122ea93d8587019112f8d42791bb92d24d2958cdbd085be0bc2dd1c017296dc8999766f0aa721c807f5bd7f9ed7806b70cea64c6bd

  • /data/user/0/com.jiecao.news.jiecaonews/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    e7d438889ec670bf68d09eb38fc52ea6

    SHA1

    ad70473e719b733361ac742ef912f51ff44a0a96

    SHA256

    5357a4c82bcfb5afdec61f9a0c40112a978b763c72c25a76cedd93dbf5ef7142

    SHA512

    a5afaf7046291572b65aade0715a078496e2e8e55f579b9a041a15616f2fab4c121b43aafd6ebb5a9c1f4bd155d353ffcff8ec11fd0246d1ccbc4f461ff3814a

  • /data/user/0/com.jiecao.news.jiecaonews/files/umeng_it.cache

    Filesize

    245B

    MD5

    4b159e57b6fcd211c20613b2bde0fa93

    SHA1

    d5321f14df9324557771496cccdb088feefeadf9

    SHA256

    1fc686d99186faec4077c91ce7206a2a9fcc9f8904674ca81ae103e3b4d29876

    SHA512

    18faf1ae314c29e8e489cd7d1d0cc91cef97bceeef20ad459e04d30cd7609d84c8e73d35a37275bb8b06a790edd7877b5b55cd088605170a2df3a9a28cef3ea9

  • /data/user/0/com.jiecao.news.jiecaonews/files/umeng_it.cache

    Filesize

    125B

    MD5

    449bf8d2166b0f104fb48989bd7d5b21

    SHA1

    9c3692379eb5dc80e6a66fbed84e7bd1d77755bf

    SHA256

    6dd7e2660558b84a57d60bd3f36125a279baa6ef2d94c422f46906799b9b3665

    SHA512

    8093de71f199608db3b68486fec4d7eb38ddd5c60f7f53977864a265cf61754899c6485d84d7416446ff2f6ddd78812b119ccae1e3a4ee5e8afa3396586a9415

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/cache/temp/journal.tmp (deleted)

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/files/MiPushLog/log1.txt (deleted)

    Filesize

    236B

    MD5

    3cc474addd67065d66cf8161cc6e4e81

    SHA1

    700b08482a8d2c989d401bc150b16cc865e19ef3

    SHA256

    5bd9bab8d79b6272060068b4f9185b72815b466bc103a7fdcb38b5a9b529f9cb

    SHA512

    673b04e12c9ee73d87d15707753bcc93ebf85b95137543b7fd545c2ba4a2b48a4dff78e62e05e197f8f5d3d76489eff3ced7d40e59b5034f9b1577b13e10b28e

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/jiecaofm#jiecaofm/log/20240602/000.html

    Filesize

    172B

    MD5

    33d79253bc2348a7b4c76cb18c0d54a6

    SHA1

    c7d745adf44d450de5a0296105b27d3811fe20f4

    SHA256

    cbd2d2d62095a3af4ea4a66d898cafd59fe1a0b31096ebaf3c6595bf177c3759

    SHA512

    94a22f022774435f1ceb4576065eb0d21a12c1c7f549d9136f538e5143d5718c275df24123a5756d34ab22d7f3b8a4376f66a71105ef25e062568ce3ae4535c8

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/jiecaofm#jiecaofm/log/20240602/000.html

    Filesize

    85B

    MD5

    57de702d36888a760b265ba0465fcdc1

    SHA1

    361ac6d21a54402d6c2d632db21b1e9116a2a15a

    SHA256

    ac9b33efed4013e3d4f687c4505a8a198461e9c596f84b8c5b035afc2f737c1a

    SHA512

    aebddbefe0c97038f2a2aecca0eb2cf7460f2c7604fbf4e880fcf8f12743682f4bfde7aed62ed1dc2307c27024e33c22d1ff9706364c7777bf1e10deb69207c4

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/jiecaofm#jiecaofm/log/20240602/000.html

    Filesize

    82B

    MD5

    386dbe0122ef88ed9e390a774508f84a

    SHA1

    b9cd0182711571370e3e74c375c5a741bf5a200f

    SHA256

    6406a1af4c58cd4e4aac498bda2ac9f443f6ab3d25d75c44f3a57be1d6028c99

    SHA512

    fd0767ed3fcc90921677191702606d96b03f76a72b098afe5994655daf96e4b2ea277fe4c8ef8da804639171b8addddb4b419767bff3bacc2939d6104699bd6c

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/jiecaofm#jiecaofm/log/20240602/000.html

    Filesize

    113B

    MD5

    2d2434756e622a15ab3465de008ad6ea

    SHA1

    a4e6222fdfde6b72b15adbb943d0784816fc4d17

    SHA256

    a9b149cc4eadb9262aa825520b10ffd59138aa4577d87af85192565cc263cac1

    SHA512

    27785b842989dd63aae756b866150ceb0dddf397dd573ec8d753241569f499b6d93b418a8f0680d4c9a0a77b049d114f393105edf9cc0f1916cfe040cbd9343b

  • /storage/emulated/0/Android/data/com.jiecao.news.jiecaonews/jiecaofm#jiecaofm/log/20240602/000.html

    Filesize

    1KB

    MD5

    bcdcdfca73d82d399ae80e565b947dc5

    SHA1

    9d2778c9069735ab68188057cc02920e397f609e

    SHA256

    428213d8a802d32e2b1c441cc83b72d26e9d0425b14d54b419c193f830d360d1

    SHA512

    0e6d278959e7415121442c700178207abf11f2c0a5e8e809f7f890025659b4112f123ef5734978e9c6c54a570cf2b17079d5a002e28293a5c8d532b89f217aa8

  • /storage/emulated/0/tbslog/tbslog.txt

    Filesize

    3KB

    MD5

    bddb5b1fddcb655b85625722eec41a34

    SHA1

    1dcc38024cfd33389d53b7af3d0dcb0fa7cc6a85

    SHA256

    095dc5b9ba746ff19b63d4b3ce1b7f3750aad304be2a8b4de501b825ed47312c

    SHA512

    8009a3a4c1234732cc364ef58fae57036156fcba763f51e537e831e79a48cfbe1aa52fbc1148d5f31197b1fd54fbbac0376b4d32a28935db4c4b72cbe3e790b9