Analysis

  • max time kernel
    175s
  • max time network
    181s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 17:20

General

  • Target

    98bef21a4ab5078f10cdfeafc9101e64_JaffaCakes118.apk

  • Size

    10.9MB

  • MD5

    98bef21a4ab5078f10cdfeafc9101e64

  • SHA1

    3656ed45961d520f64c987d9dc12f3dbf7c9e1a8

  • SHA256

    fc755962e770a353485b41fd060a4aba5819a0bc5011ee83953655832656cbdb

  • SHA512

    810bf9520e81466263603715f22259428b341220b3738a18948e205f2836c187d1ae7034956692ed618bdda089c62e9c889e0a36d689dd4f64e6039adc260027

  • SSDEEP

    196608:8riFBt5fJVJB/P06czL7eK2alSIUz9+LaXzjSIpGNl:8OF9JB/OL7qalSxzcLaZof

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.hwl.universitystrategy
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4268
  • com.hwl.universitystrategy:pushservice
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4324

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hwl.universitystrategy/databases/gaokaoInfo.db-journal

    Filesize

    512B

    MD5

    2846bf16429f78f33949b87b7ade5a15

    SHA1

    9371dc6a42fbd2ce7566366c2ba409b41c2b4f0f

    SHA256

    5943c615562eb0e7812d33fdf787ee98a499f2dc462d2f80e8b0d44b96b5d871

    SHA512

    abdaa268efb3d9e18372eef243694c8955d5483d16504d2c6ec712d6bf07f84613e5cc874441961b11d71e1f9c9b30d16e8ddcaa01d6b448fd13708fc940225e

  • /data/data/com.hwl.universitystrategy/databases/gaokaoInfo.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.hwl.universitystrategy/databases/gaokaoInfo.db-wal

    Filesize

    169KB

    MD5

    afb72994334397f0d342854b9f9a0775

    SHA1

    91b71400ec048fcdcc28316de0011504b4ca4393

    SHA256

    7cf881951000e0bd4757a52e386f42f8e5bc2e3efc56c6afeb51b8ccc56d7507

    SHA512

    cf4a76757b651cd7f296bca26d91c26b4539880618f9dbabf89f9a207a1855a9d547b706c7bfe2d64f0ed7eb6bf4b7827e3c56d11e6cde190fb404137949fc93

  • /data/data/com.hwl.universitystrategy/databases/pushsdk.db-journal

    Filesize

    512B

    MD5

    debf41b44b78aafb879d5e6b17a0a5ae

    SHA1

    7656432a16000760aa02def4b90bf5c4275c57be

    SHA256

    a8f517dfc8c6f17220fd2830e4a423e3eade478c8fb2715aa06e1aaf0b093fb1

    SHA512

    4f52a2d1fdbfff1fc0165689b878c22d0505752d0040e9e2b5eec42e28593f6ae65ff837d9dfeeb0ee6cb187b3475537bbe6726ef885a2c3e81c112e6778538e

  • /data/data/com.hwl.universitystrategy/databases/pushsdk.db-wal

    Filesize

    80KB

    MD5

    955fec1fdb5effd02f625fd64788cdc8

    SHA1

    5471c7f35767654b46fde5aec61a6addd10e7509

    SHA256

    f35f22ec5829e88d806fe82b72d02646de731f2b840f2936de2ca3791b55cbbb

    SHA512

    c9afa5c1b076de3ab8a2c3c7c6fb678a75c6cc77718c4a2e96955258c58a15f3ffe7f8d75743c818755b81c18177616c488a1e03f20852179b4383be09810592

  • /data/data/com.hwl.universitystrategy/files/.um/um_cache_1717608128788.env

    Filesize

    585B

    MD5

    6ad7c7fb8402ac78da7a8979d22fffe3

    SHA1

    2be2d069cd0e34d7acd6a60b086874b5e5d1049d

    SHA256

    f750a2d2467708de203a515bfcc5cfc9d1a4ac5e5339633242c7917f673e95ec

    SHA512

    d6764dabad8f4ff7c1c6b3b52fa536d51f058840eb3921b5732f1808679be6d2cdd3a7fbb1f66fa9da8f9151e6c878c4670b0fd2e13d0a4b9195245ef940e5c1

  • /data/data/com.hwl.universitystrategy/files/umeng_it.cache

    Filesize

    310B

    MD5

    f7d15edc550090ace20e368fc03f3776

    SHA1

    0fccd1bdc40782d3268bc7a23639220a2cce6178

    SHA256

    a2673a845a85106a61866a2d5134ba93156944f5e11de22d3b832bca30e0b93b

    SHA512

    ce63c0fdf8ca87a6cc3d2c3985ee798a70268aeed9ffaa1e7c68fe46662d10a133ab161412d86b085eed7817a1aab45cec6ee11fc1b762328dab082b9d822e6b

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/cache/cache/journal.tmp

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/cache/uil-images/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html

    Filesize

    904B

    MD5

    73683a22ca4a2364b12ee869c7e20569

    SHA1

    543c5f012ecbf07ec5fddee3b3776a6b4df3b2e7

    SHA256

    a1700fd8b1a99c243d944e8f712f979eee6ae804e87e9d17f5dcad95d48c16ec

    SHA512

    a3118c612a0edd9eac9c356d86a4f0880f80d9ebff95707aea88bf5ccb92fd498d1826d238312a54853ef626b3dc8150ec3cc26911f69e39027715737f304923

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html

    Filesize

    32KB

    MD5

    f61bd5003da9fa964f87fd39709608bb

    SHA1

    e20d86dfa1242afd04a9b1887a7a01d22f01d1b3

    SHA256

    3e222927365eda5738a9281a014ecc0c4d947af075b3b5093c7ddb77b75b42c4

    SHA512

    4c8eacf54846ccd3f85806b56c53f30449de54b68636c5515111ee051c980cd2595b6e7fb5fa5ea185b179b333779a74eafba88a5a27c5223f46fb3ec8b7c0f5

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html

    Filesize

    85B

    MD5

    a2968403f444d21d71c4e37de8df5d73

    SHA1

    58de993fcf309545ecdd89319f4aa1414142ff1d

    SHA256

    181c0f9b6af88e029e792e871a318724db5383dec87b0d58845a469649415c71

    SHA512

    810911d26b85294c0d1ac3c0da29c116087c9adef5e33b654f31f2fda16eaaae96bfaa88e836f11f91dd6bff9bdeace850a2254c862aa81797d64c8575bde65a

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html

    Filesize

    82B

    MD5

    3036104ed7830b98d7642626afd48767

    SHA1

    7912ff6c43d93fc1300e735c75180e61d5edcf11

    SHA256

    07efed28d24063b86e7e0746fc896ff3ddbfcf934a96059f4a2522636b42393f

    SHA512

    ef7040aa0308b85851d756bffa4769f4cf51e9fc7315bba6b11f007994c7483c162077c38233a172aae8664853bb3cc2e61228950b8a3b5de64aacf5499ecd37

  • /storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html

    Filesize

    113B

    MD5

    d9193e2c31e78a10e4fc7880efa8546c

    SHA1

    656aeb3250878c5192805f6431ee4b4e31cb81e3

    SHA256

    3376cb3cf9cbf3ae521b3d75668e76dd94f6bbf1a23393fcf3bb66cfbf617ccc

    SHA512

    d96e823bbc633a5b01cc36b51d118a39e197a0a9b0122c771b9a0cc05875b7d181c09f2d8db4be402982028c2101880400c9e40a2584e3b698fb7eb32b14f685