Overview

overview

8

Static

static

6

8f26478b0b...18.apk

android-9-x86

8

8f26478b0b...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    188s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02-06-2024 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f26478b0be3bff11b0044eb3972ff56_JaffaCakes118.apk

  • Size

    13.7MB

  • MD5

    8f26478b0be3bff11b0044eb3972ff56

  • SHA1

    8a728e061434a50bb59388fcfef8784caea0d744

  • SHA256

    2fd8269ddb71c8c748926d83cee1a0a63bb01a76af63915430a73711dc8f78cc

  • SHA512

    c1d78c0173dcaaae0ca1e3dfe2018454b6bfb1fadbf5e0b56bf7fdebfccb6a44613e2a03eba3919649d67a59091f2127d4d75f0f9c17750fbae8659d1433fe3c

  • SSDEEP

    393216:AzQheW3kNd2VDIxIPmFFTJ2FfIviHI+WIviHBJPnSyYM:aQheW3k8DpAF0GUI+3ULSxM

Score
8/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.chunshuitang.mall
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4276
    • getprop ro.product.cpu.abi
      2⤵
        PID:4317
    • com.chunshuitang.mall:TcmsService
      1⤵
      • Requests cell location
      • Queries information about running processes on the device
      • Queries information about the current Wi-Fi connection
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Checks if the internet connection is available
      PID:4328
    • com.chunshuitang.mall:push
      1⤵
      • Queries information about running processes on the device
      • Queries information about the current Wi-Fi connection
      • Checks if the internet connection is available
      PID:4466

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.chunshuitang.mall/files/.um/um_cache_1717356314032.env
      Filesize

      783B

      MD5

      25a60c8c4b645a4153ae42bb8495ca9b

      SHA1

      04670c7da1196422a2681c54579819c48af2e1a2

      SHA256

      0e72d49a705a36757aca55a90c0f9153830f0f35ce17b086ca236a53a0515d25

      SHA512

      58886156e113e0334f55c416b9d1feac9a44ddab4a5a3312cde54c02fcaf9e430552664cd8c9f3596d45a0661188f90e49856ad5b7c9234f0b9adc560cafd640

      Download Submit

    • /data/data/com.chunshuitang.mall/files/degradeinfo/sdkobj
      Filesize

      381B

      MD5

      00905e5e6e9fe9c5215e64a9b8094228

      SHA1

      bb14839c31be81763151ccbd191084bf3f9c8f40

      SHA256

      985cacd8c72c77d9766129a3f3e0da532ad3bd2ca52ba2828cde39194bab05e0

      SHA512

      e1afbfe6bb7a20d116915adb5eacd845151d2a2137e84a6c3cf003f9f2824e64f48d77c78d7fd7878b565eaf66e7f59dc902601ed5bff949f532673d7dc6c430

      Download Submit

    • /data/data/com.chunshuitang.mall/files/degradeinfo/wxobj
      Filesize

      301B

      MD5

      946e723c03e017b8dd4c9e2af5941909

      SHA1

      75e069014aa6382eeb448a76b98c5da769facf10

      SHA256

      840811e959519ffd4b588aace497411de25c12d1512439f801c89432699ac3e6

      SHA512

      ca2e6aac2de2c6730cfe237d584e4bddcab5a95f897bbe4ffde9de795c57c27a00fb67c88cd4786bcf20a00dac67467a6cd3d577f74868700bfd26a2587a5ce0

      Download Submit

    • /data/data/com.chunshuitang.mall/files/mobclick_agent_cached_com.chunshuitang.mall2620
      Filesize

      761B

      MD5

      759d5ed1c022e3a6cb1a9f21b6f8b59d

      SHA1

      dac7f305c616bd50475b1af91799555970cfcf81

      SHA256

      7c2e1edc3ad9cc1bbcd7c0054aaed0d5d08071005c72ee06437ce0c1ca7a0b81

      SHA512

      5036ad2a086033f4ea92a115673f2c6c5e3ac06e1c274692039f497ea60266636db8038f4738ff85261dfc966924b2edcebdabf7101f8b5c2bf43f9530d545f0

      Download Submit

    • /data/data/com.chunshuitang.mall/files/umeng_it.cache
      Filesize

      393B

      MD5

      d9844b7d496d8845b9ca7acda00cea32

      SHA1

      6051ab407c613d9b3551368e4797a076aa5e21ef

      SHA256

      4cad92775582b3de3bb22b78e928fa284aa61ee449cc22310e51002b9eaf131f

      SHA512

      756f999267095927c4c12bc83b69c2168b5b94f6f6f2800a22ab2d4029de94cb2e87ec9a85697514edc7e8dcf0de1eef57a93d93ced0e76f85c6dc5db26071e4

      Download Submit

    • /storage/emulated/0/.DataStorage/ContextData.xml
      Filesize

      65B

      MD5

      9781ca003f10f8d0c9c1945b63fdca7f

      SHA1

      4156cf5dc8d71dbab734d25e5e1598b37a5456f4

      SHA256

      3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

      SHA512

      25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

      Download Submit

    • /storage/emulated/0/.DataStorage/ContextData.xml
      Filesize

      111B

      MD5

      766212afa026dbcbf0a63cfecbb35012

      SHA1

      376f2054d650af05486ab0a8e62d512e8dfb6dae

      SHA256

      6bed0317389b3ed7e0776db39ce289a152fc5c156d867a2f7c6cc53118d19d3f

      SHA512

      8632d0bf0c2d5964c814965f09b73cd09d528db33c318dbb0dfafc395cd901c65f75603c613199eeaac9d2febbddf90693f5e2e671d40cc84974c704d01cf7a1

      Download Submit

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
      Filesize

      381B

      MD5

      751fc258f3f0262f7efb5b3bec89a5d9

      SHA1

      780d28d3e0f2431412d424799ec4c47b3c59ac08

      SHA256

      6356eac6172ccbec5d6335fd6447b7c1a61bc433542e5e30b21750fd7a0c2353

      SHA512

      5b69649e769c89be28af9074d3029a679ba55fee73f67fbf329ca6c4f574c881189b2075422e209485818102b444fd8fb5ea1b9f3dac0c48b562575d968ed928

      Download Submit

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
      Filesize

      111B

      MD5

      b2b26a4d5884311c6e68f65f99bd0374

      SHA1

      f8ff390c9ec36b121dd913eb4c1d3ba8ea563b2f

      SHA256

      0a892bf390bf535926fad4130e6f96e97c5d1e66a1db2c43c71c1ac7fb418dcd

      SHA512

      163bb0994ca879cb1f2b82a84cb084117f23069d75253c7faf247de9e58c99095648e956c5f498f929ed2509b237d3423e65b6fbeb5cad0db21e51d4af2807d7

      Download Submit