Analysis

  • max time kernel
    160s
  • max time network
    167s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 15:45

General

  • Target

    9889e12ab019be9b7b7c59d64abf06ad_JaffaCakes118.apk

  • Size

    11.2MB

  • MD5

    9889e12ab019be9b7b7c59d64abf06ad

  • SHA1

    8b6119dcf8fd9ee0bcda904ab2a172dcedd842f3

  • SHA256

    63967e52d82896b20a1a6af777060b9c3556a9aaf42dda7ecc5ea0b540b2244a

  • SHA512

    4a8ffb16110e8f144b66160029b84b315a4fcdee7cd3c36303e655ad4a530546fb1068a6663148fec10e6d7bd1bb2620f572350dc4b87c50a1ddc097ddc6c909

  • SSDEEP

    196608:VqFQQf7/s4xE9927bjw9xfZuABYMh335aQrBCssxtsgVLfU3v:YQQD/NC99Sch5FIssPnVbU/

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.jetsun.course
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4283
    • getprop ro.miui.ui.version.code
      2⤵
        PID:4333

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.jetsun.course/databases/cc/cc.db

      Filesize

      36KB

      MD5

      ce6135aa1b1fe4f2c2db2a546d2a5558

      SHA1

      79b59582154017aadab783dc266fcb158c252940

      SHA256

      7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

      SHA512

      2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

    • /data/data/com.jetsun.course/databases/cc/cc.db

      Filesize

      36KB

      MD5

      5d7ea1a23af19b4340cc8d90f28297d5

      SHA1

      4cfe95b23a9e98378d69c4290af81b51fbe76aea

      SHA256

      474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

      SHA512

      33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

    • /data/data/com.jetsun.course/databases/cc/cc.db-journal

      Filesize

      512B

      MD5

      ac8125d4443884e964263ff756722d7b

      SHA1

      35b9d2d1d616c77aaa5a49bf8f390ca21319ddd8

      SHA256

      d9e3dbdd63c2178f24ae35e9daa3edb659c7e8f5bac6cb5bd339c5cd9be49031

      SHA512

      512632a5d42a1f0f37d484d475d07b66000b8d27a74ea37be80463b5b848ce0d43e0809354eddc37843157af87f76891df0c779e323ef92715b0f2399eb082d8

    • /data/data/com.jetsun.course/databases/cc/cc.db-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/com.jetsun.course/databases/cc/cc.db-wal

      Filesize

      16KB

      MD5

      b7ab2dea403172b9041d9450d755f71c

      SHA1

      473ade558f7727caa7445ec76489b5c40c76415e

      SHA256

      4e5997dcc88d67168dfc44e89aba38a77b2eccf74c13787eaf6783e69e960bbb

      SHA512

      0e22ee758c2af6588987ddef6865b90123589d362fb58239a673ba2de289b3dc0334206d869bed0f1f6c964325b7fbc0f236d8c3529ecc792c2dda6223964a37

    • /data/data/com.jetsun.course/databases/cc/cc.db-wal

      Filesize

      48KB

      MD5

      6f8b16974ec3e3b7523d512cc9607a9f

      SHA1

      016043d0e6db21288eb495c3629ce3ed951b93ee

      SHA256

      15e2e3f8b0899eed33afa00989a6d06d4ee5f0a4843fac9e48634fcc2d99d11b

      SHA512

      7e540635d94318db7fd04c2b6ecc150881e80f83ab73d1f888b808641bcbc85965746918d777c1db4e51c6ce8018b3f6cd4816b86abe6837fefa7bd071473bdc

    • /data/data/com.jetsun.course/databases/mwsdk_analytics.db

      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.jetsun.course/databases/mwsdk_analytics.db-journal

      Filesize

      512B

      MD5

      9fadba4d3d24bf59bd7161f47a523b58

      SHA1

      94c2eb32cf51ff183ae2a00cb10c3bbc14cebadb

      SHA256

      ff2e80852ee7363ac79b6b1568800c7595229e74b530188300f9bb155b92a649

      SHA512

      410058de69e69a6371cdde284ea30c0118f9c8350227c69eefa4de07f670f6c580b01ad4e8024edff48143506c3269c25d91637164b61987b83b516354750d10

    • /data/data/com.jetsun.course/databases/mwsdk_analytics.db-wal

      Filesize

      40KB

      MD5

      b844e472f75504ce2b9c2562d5d8c4fc

      SHA1

      f09cbbd7b8cedf0148128fa2a3abc69f472fad48

      SHA256

      ba514005111668d01f86ed69c73c9a4d89e778630531e5eea4f633dc448e163b

      SHA512

      1431720306eb7300ee00bb37ec5cbf0134974c3844aec06efd9fe9f799b024288a14fb252b467f0d4735e6be40c3bb867a9c6cd3dd94158574adfec28fdf982f

    • /data/data/com.jetsun.course/files/.um/um_cache_1717602505804.env

      Filesize

      1KB

      MD5

      d72eb7044977cda3eae857b2ceea7e8b

      SHA1

      c4dc4d931aa64fcdb0c1636da6be0f924d472b35

      SHA256

      42fa4da839a2ea530b6cfc27e4c21bd02e58b0dad0180778be2be6a1fa6ffee5

      SHA512

      83afbe26ae9925f0bb2cc864334e0d469fd3df86a50531a0294e12809fdc509369504f4103dd3b9612d7458d09a76812361d2f4439d7077a5dfc1c740925268f

    • /data/data/com.jetsun.course/files/.umeng/exchangeIdentity.json

      Filesize

      162B

      MD5

      d0116754da7bab05086222e56086ad4b

      SHA1

      97f86545a34c61868ff6d6f557e2d90710addb49

      SHA256

      2e72c4482215459135f79a4feca72564ec217a8612ee05a8d96925da2b1de7e1

      SHA512

      89e2abb485442ee06a0a7eebfb5a56677995d4c45e7cae3c24a8588bc235b1d4c34f4fbe4d933d6c3d7be5401f22253967c9c4bbe534f3674490bff5bbb25232

    • /data/data/com.jetsun.course/files/com.tencent.open.config.json.101527751

      Filesize

      1KB

      MD5

      f526172de1566b34fdcea744710d9559

      SHA1

      000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

      SHA256

      8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

      SHA512

      dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

    • /data/data/com.jetsun.course/files/exid.dat

      Filesize

      58B

      MD5

      c960f3333bb1df8b3f067b6488d8d586

      SHA1

      05687e383dbeff8c7b140aed6637b855b7ca8250

      SHA256

      9da0e4dcf42bb6e10fe8aa7de95a8bf467c4fff7b23a37ba82c57bbc844b02f8

      SHA512

      670d08d4fb3512109974ba664699a6a2f25b46bc42fe4bce6fa066ad0cd2e6263ef7f5e334b0d4aa51e48640bfa4c4a6b5cfbd07d5b4b72d5099086bda3a001c

    • /data/data/com.jetsun.course/files/umeng_it.cache

      Filesize

      415B

      MD5

      88249fed421fcfade9f7bfdb5248fb51

      SHA1

      470f0d52b7cff0d0bdccf4b8325dab29b4305654

      SHA256

      9be9b881a8480f335e2e6567d534098cbd58d5bfe2d93f28293915cbafe384ca

      SHA512

      c2fd2c3c2d9e0619c393c8e86a6d94b7cfb6d44afc385220030aeaa400b314e5239448c01d9677cce8eb49e9ba197dc29f11c5528eac52f4c17c3bfe3c23d758

    • /storage/emulated/0/data/.push_deviceid

      Filesize

      32B

      MD5

      4157b5b7c650372ead81ba93f62cbca0

      SHA1

      26def1fb26aa3c2c657011a73c184862ceefeb40

      SHA256

      dd7764afdd56f98cc44808d3007bc0d50df8c0849fee3ff18d59786b7d9f2624

      SHA512

      dcafc77d306212caa7469f9dbddb8c5a7ff258fc5847f934b3e50839040a8dae22a5072678b93a5610c66bde7dcac7e53a3948c3545cc56dc9472e92a64e6277