Overview

overview

8

Static

static

6

8f26478b0b...18.apk

android-9-x86

8

8f26478b0b...18.apk

android-11-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    02-06-2024 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f26478b0be3bff11b0044eb3972ff56_JaffaCakes118.apk

  • Size

    13.7MB

  • MD5

    8f26478b0be3bff11b0044eb3972ff56

  • SHA1

    8a728e061434a50bb59388fcfef8784caea0d744

  • SHA256

    2fd8269ddb71c8c748926d83cee1a0a63bb01a76af63915430a73711dc8f78cc

  • SHA512

    c1d78c0173dcaaae0ca1e3dfe2018454b6bfb1fadbf5e0b56bf7fdebfccb6a44613e2a03eba3919649d67a59091f2127d4d75f0f9c17750fbae8659d1433fe3c

  • SSDEEP

    393216:AzQheW3kNd2VDIxIPmFFTJ2FfIviHI+WIviHBJPnSyYM:aQheW3k8DpAF0GUI+3ULSxM

Score
8/10
collectiondiscoveryevasion

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.chunshuitang.mall
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4633
  • com.chunshuitang.mall:TcmsService
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4687
  • com.chunshuitang.mall:push
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4793

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.chunshuitang.mall/files/degradeinfo/sdkobj
    Filesize

    408B

    MD5

    23e4856f7bc8566686d085a654fb97e6

    SHA1

    f4c935ea533d37bbf52e9efe892fa487278d71c9

    SHA256

    105ccb7629aeda73b16f68b0b092cf6d8ce47a474f07236daa6a8cc42e7cc224

    SHA512

    7705d7712003b8b84976583731d67f83f00057af309e024a4cffa5058ea43d67c0f96913a72300ee54e09b2ae958ec29185d2f4da45390797c184ddc400d616f

    Download Submit

  • /data/user/0/com.chunshuitang.mall/files/degradeinfo/wxobj
    Filesize

    301B

    MD5

    bbf3528bfedf14a8ac8da33150a0d119

    SHA1

    5797996c847d74cb927bbdfc4916604c26dcff61

    SHA256

    2eeff95f1e64a691f36e74c8eadb99104abc3f8e072adeb7655ddc6696be9361

    SHA512

    d329cbff9283983c26f2c2c09542afb6657ee71b363e897f0a4f67c45d2eb9d26b1cea62251e8a0a8410a9d9273232c9acbd3527738590d4809efdb08be00420

    Download Submit

  • /data/user/0/com.chunshuitang.mall/files/umeng_it.cache
    Filesize

    328B

    MD5

    446536d13a6d4af9c5d1669c287ff59a

    SHA1

    4ca382948700876f18f65bc365268ea18763a72e

    SHA256

    464ee80e2b72508ec1e83b3182b81bf41594cc495e88bf8ae79badadfdd90e1f

    SHA512

    0249d5ab00bdb8161f7d157edb1724204f7c30e37bb292efd2fb6d795a897b0427981340f4346638d95f70c924deff7fa80ba74b23c177a624c2ad7dc80fc019

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    34e878a4a3b6b438680b4813066fb141

    SHA1

    6d991084d2ee2688eb50ff66319551b931641f5e

    SHA256

    86b25dd8856dc2f91dc85656e7ef5af4a0387be37a3e86bb31b4f0f2dce8b2a2

    SHA512

    b202b742181cdde347980bf0bfd6a55f055a0ba8c3496063566fb61fd020d34c295acd129f2218731a2e9826a102fb76c40bb951a45ccc16714f655f510ab3dd

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    408B

    MD5

    a2729974b92d5be8ed90752cc6d74c74

    SHA1

    438f314f116a498140ca6ffd5ceccdbff454cf37

    SHA256

    ba35c50d93874a61de3e020f34f3edaf61f2e01f95521cdb7fd05607b73ce802

    SHA512

    da272a63a3e7a30207a1b25c9f7d751d397742377deef01b88b2123541976352194b87fc629321e872955fc49a9043d168097a8237fcb9df3f413fbeec08f5d9

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    847d6d9b76df8febd968f37cd4440624

    SHA1

    9d674b0c8d1c8e5debcdd9e8f1969f0929e5dadf

    SHA256

    81f73dba63ba2c0230443eee6326794852655613df5e4ffa0b6aeb9707a96308

    SHA512

    af780a2189dde9b6dce85a80575708bd7283a908e88b42dc15a909cfe6f0f856abfdac05764ba6412ed96a1b206db8ef552c45604e2f1f6a804ae6892dd68057

    Download Submit