Analysis
-
max time kernel
175s -
max time network
181s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 17:20
Static task
static1
Behavioral task
behavioral1
Sample
98bef21a4ab5078f10cdfeafc9101e64_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
98bef21a4ab5078f10cdfeafc9101e64_JaffaCakes118.apk
-
Size
10.9MB
-
MD5
98bef21a4ab5078f10cdfeafc9101e64
-
SHA1
3656ed45961d520f64c987d9dc12f3dbf7c9e1a8
-
SHA256
fc755962e770a353485b41fd060a4aba5819a0bc5011ee83953655832656cbdb
-
SHA512
810bf9520e81466263603715f22259428b341220b3738a18948e205f2836c187d1ae7034956692ed618bdda089c62e9c889e0a36d689dd4f64e6039adc260027
-
SSDEEP
196608:8riFBt5fJVJB/P06czL7eK2alSIUz9+LaXzjSIpGNl:8OF9JB/OL7qalSxzcLaZof
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hwl.universitystrategy Framework service call android.app.IActivityManager.getRunningAppProcesses com.hwl.universitystrategy:pushservice -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.hwl.universitystrategy:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 16 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hwl.universitystrategy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hwl.universitystrategy:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hwl.universitystrategy -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.hwl.universitystrategy Framework service call android.app.IActivityManager.registerReceiver com.hwl.universitystrategy:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.hwl.universitystrategy -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.hwl.universitystrategy
Processes
-
com.hwl.universitystrategy1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4268
-
com.hwl.universitystrategy:pushservice1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4324
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD52846bf16429f78f33949b87b7ade5a15
SHA19371dc6a42fbd2ce7566366c2ba409b41c2b4f0f
SHA2565943c615562eb0e7812d33fdf787ee98a499f2dc462d2f80e8b0d44b96b5d871
SHA512abdaa268efb3d9e18372eef243694c8955d5483d16504d2c6ec712d6bf07f84613e5cc874441961b11d71e1f9c9b30d16e8ddcaa01d6b448fd13708fc940225e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
169KB
MD5afb72994334397f0d342854b9f9a0775
SHA191b71400ec048fcdcc28316de0011504b4ca4393
SHA2567cf881951000e0bd4757a52e386f42f8e5bc2e3efc56c6afeb51b8ccc56d7507
SHA512cf4a76757b651cd7f296bca26d91c26b4539880618f9dbabf89f9a207a1855a9d547b706c7bfe2d64f0ed7eb6bf4b7827e3c56d11e6cde190fb404137949fc93
-
Filesize
512B
MD5debf41b44b78aafb879d5e6b17a0a5ae
SHA17656432a16000760aa02def4b90bf5c4275c57be
SHA256a8f517dfc8c6f17220fd2830e4a423e3eade478c8fb2715aa06e1aaf0b093fb1
SHA5124f52a2d1fdbfff1fc0165689b878c22d0505752d0040e9e2b5eec42e28593f6ae65ff837d9dfeeb0ee6cb187b3475537bbe6726ef885a2c3e81c112e6778538e
-
Filesize
80KB
MD5955fec1fdb5effd02f625fd64788cdc8
SHA15471c7f35767654b46fde5aec61a6addd10e7509
SHA256f35f22ec5829e88d806fe82b72d02646de731f2b840f2936de2ca3791b55cbbb
SHA512c9afa5c1b076de3ab8a2c3c7c6fb678a75c6cc77718c4a2e96955258c58a15f3ffe7f8d75743c818755b81c18177616c488a1e03f20852179b4383be09810592
-
Filesize
585B
MD56ad7c7fb8402ac78da7a8979d22fffe3
SHA12be2d069cd0e34d7acd6a60b086874b5e5d1049d
SHA256f750a2d2467708de203a515bfcc5cfc9d1a4ac5e5339633242c7917f673e95ec
SHA512d6764dabad8f4ff7c1c6b3b52fa536d51f058840eb3921b5732f1808679be6d2cdd3a7fbb1f66fa9da8f9151e6c878c4670b0fd2e13d0a4b9195245ef940e5c1
-
Filesize
310B
MD5f7d15edc550090ace20e368fc03f3776
SHA10fccd1bdc40782d3268bc7a23639220a2cce6178
SHA256a2673a845a85106a61866a2d5134ba93156944f5e11de22d3b832bca30e0b93b
SHA512ce63c0fdf8ca87a6cc3d2c3985ee798a70268aeed9ffaa1e7c68fe46662d10a133ab161412d86b085eed7817a1aab45cec6ee11fc1b762328dab082b9d822e6b
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html
Filesize904B
MD573683a22ca4a2364b12ee869c7e20569
SHA1543c5f012ecbf07ec5fddee3b3776a6b4df3b2e7
SHA256a1700fd8b1a99c243d944e8f712f979eee6ae804e87e9d17f5dcad95d48c16ec
SHA512a3118c612a0edd9eac9c356d86a4f0880f80d9ebff95707aea88bf5ccb92fd498d1826d238312a54853ef626b3dc8150ec3cc26911f69e39027715737f304923
-
/storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html
Filesize32KB
MD5f61bd5003da9fa964f87fd39709608bb
SHA1e20d86dfa1242afd04a9b1887a7a01d22f01d1b3
SHA2563e222927365eda5738a9281a014ecc0c4d947af075b3b5093c7ddb77b75b42c4
SHA5124c8eacf54846ccd3f85806b56c53f30449de54b68636c5515111ee051c980cd2595b6e7fb5fa5ea185b179b333779a74eafba88a5a27c5223f46fb3ec8b7c0f5
-
/storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html
Filesize85B
MD5a2968403f444d21d71c4e37de8df5d73
SHA158de993fcf309545ecdd89319f4aa1414142ff1d
SHA256181c0f9b6af88e029e792e871a318724db5383dec87b0d58845a469649415c71
SHA512810911d26b85294c0d1ac3c0da29c116087c9adef5e33b654f31f2fda16eaaae96bfaa88e836f11f91dd6bff9bdeace850a2254c862aa81797d64c8575bde65a
-
/storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html
Filesize82B
MD53036104ed7830b98d7642626afd48767
SHA17912ff6c43d93fc1300e735c75180e61d5edcf11
SHA25607efed28d24063b86e7e0746fc896ff3ddbfcf934a96059f4a2522636b42393f
SHA512ef7040aa0308b85851d756bffa4769f4cf51e9fc7315bba6b11f007994c7483c162077c38233a172aae8664853bb3cc2e61228950b8a3b5de64aacf5499ecd37
-
/storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html
Filesize113B
MD5d9193e2c31e78a10e4fc7880efa8546c
SHA1656aeb3250878c5192805f6431ee4b4e31cb81e3
SHA2563376cb3cf9cbf3ae521b3d75668e76dd94f6bbf1a23393fcf3bb66cfbf617ccc
SHA512d96e823bbc633a5b01cc36b51d118a39e197a0a9b0122c771b9a0cc05875b7d181c09f2d8db4be402982028c2101880400c9e40a2584e3b698fb7eb32b14f685