Analysis
-
max time kernel
175s -
max time network
176s -
platform
android_x64 -
resource
android-x64-arm64-20240603-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system -
submitted
05-06-2024 17:20
Static task
static1
Behavioral task
behavioral1
Sample
98bef21a4ab5078f10cdfeafc9101e64_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
98bef21a4ab5078f10cdfeafc9101e64_JaffaCakes118.apk
-
Size
10.9MB
-
MD5
98bef21a4ab5078f10cdfeafc9101e64
-
SHA1
3656ed45961d520f64c987d9dc12f3dbf7c9e1a8
-
SHA256
fc755962e770a353485b41fd060a4aba5819a0bc5011ee83953655832656cbdb
-
SHA512
810bf9520e81466263603715f22259428b341220b3738a18948e205f2836c187d1ae7034956692ed618bdda089c62e9c889e0a36d689dd4f64e6039adc260027
-
SSDEEP
196608:8riFBt5fJVJB/P06czL7eK2alSIUz9+LaXzjSIpGNl:8OF9JB/OL7qalSxzcLaZof
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hwl.universitystrategy Framework service call android.app.IActivityManager.getRunningAppProcesses com.hwl.universitystrategy:pushservice -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.hwl.universitystrategy:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 24 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hwl.universitystrategy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hwl.universitystrategy:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hwl.universitystrategy -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.hwl.universitystrategy -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.hwl.universitystrategy
Processes
-
com.hwl.universitystrategy1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4462
-
com.hwl.universitystrategy:pushservice1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
PID:4522
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144KB
MD51bba5dbc623d98159c6bc4db3840ece1
SHA1ecd1cb448decd2218a20b20cb3dee68f818c4c25
SHA25686fd64aa5e41b89c2a010ac03c3591b666456cf2dafa45a6553902b83763f86e
SHA5123595e9d04c7fdd99c61968d2b2a44d41a2ade2e44bf9725e45d77ea04a630686966a533931c424efcdfbeb77a8629cfd10cc6b13a78b849367924d19bc794438
-
Filesize
8KB
MD59d8ded4b351ea819079a7ab9be50bf5f
SHA1135c4739941cd618015846070fd6a5f8b63bfe4a
SHA25690b2a53ba11945b1497a5fbeedbf45486c148d2d2331e9ee521276375b827007
SHA512296c50fbe13666bbae1db852115f6e5346050c7107e17af7ccfa9925ff35ebe8d1c00ffb5ffaa48a863aa49aa8699f8bca19c68ae8821f1372241bfa1d980eb2
-
Filesize
8KB
MD53f8498e44c08b97e0d157c7e0bf48bd1
SHA11472f450996510d273084b87af9719614478fba0
SHA2563f05a44491940e60f1816164f9d11eca6d58083e6f7186ce5a20d418e42c701f
SHA51258d796b9ba983342d2cf6f8c0b4367f6b017f9c53768118c80580a385e78db6201a47ea485f90accf6d232bba82134302279b2a51e316399f82206d99b13d159
-
Filesize
12KB
MD52ef13a31d62a1b3ffe9d55898b66d231
SHA1532d6085533528529ff8f3c4243474ff4cf54ee5
SHA256d40d8e4637559d18ba7f915ade3964d048d98e5e04332d4c200706219cef8cdc
SHA5120db8ddae67b29d749a9cb45d76dce5bc7ed40eeff86eb795cc607a07b45ae9c256d5ce1a0524e31a81b3bb66573e86ae0c64e1e2873e49a4db1a97cc14bab565
-
Filesize
512B
MD55f5c037574f9ad780f44a9fa6c7466fb
SHA11669e2ac375fabbcfdfdd4fd742ad4cf885aa987
SHA256dbc246ad6ebd57bb418ce6f7bb684295f61b8226ad22692ff714f6dff541eae4
SHA512d6d4f325b399af013c5d58874ffd06239b1735f34d598fce4c94f8a4bc23a7cc653ecebec6b9802e458614a64dc7e783ebacd3918cfa49980b99a930c833d549
-
Filesize
512B
MD539bfab53aada92d690763cb0ad9649f1
SHA1aa40ebe1a01aba9c73670af6a13815c60280c509
SHA25680995f11ed7bf4e79f9dfd54d253a446559cd08d5465eca50c07719716c728f8
SHA51270d2d69b183cb0b9d21d1142a42892616d29e35afdecfe8a4deb572ca3d5f33a0b0e73db05fa8b706b12e1507b286a2a7717b3182d32832acb7cc27a33b6a5b7
-
Filesize
8KB
MD552e5e3efc0f11811a9f64b0488c757ab
SHA166c8ea8e10e38f5945f58a2190ef9b17a339b1e0
SHA256fc06cab09f5dcf19e66da6b350741dff9385ccefc17938d4d6ce8532a11c9224
SHA512141a342214dedb6f31bf5cbc89f52544c386ec3fd0c8ccf82fb88fcbf823b38721f3f0f509c62fefe0a50b00693c0976b6bd876ee9e04f4df21ff652433ab04c
-
Filesize
8KB
MD5cfe67a431e05c1a1597dbbe50b601479
SHA1ae4de732da635012334b035a4be9dc8bfca6afac
SHA25625471a459c553bf31dff0678769532fc1d1cb209187768b2e7a2ddfc37cf5628
SHA5123cc580fca7e9ae401f0d4cb87c1d46f379da9d6c074d1a14651246b5e41151480d145bd5d11cef2d4fc7b31c02f4fc523a2d29f04883afa5137a88cec35cea9b
-
Filesize
553B
MD5bee0e5cafb62f2a88aee39cd90dec4a9
SHA1853e469b611134960f78fbec29dabed87393a32a
SHA25636873afc8e034f85b75c7be2ffce95ff831b6d6086730fe010242c85873d7a19
SHA51275f89e0fcf436a6e114c31916007d2c216bb620ea8ab388a8f9cd611b118269b1e0f682c722ff6916ce4ea8875baccbb8313a634abc2e50e0b8f72d42558c5f1
-
Filesize
4KB
MD5b3756988c0bdd5fb1f9039095be1ee1c
SHA1e0347076d8c843a962dadddef645d81c6524288c
SHA2567b74277e9c54eb55729712110cd675cbeca754429f0bf54d9f2cb815442bf9da
SHA51289680af3c42e43ffd2a49c2747b452d230ae1c996bb02c1baef5ec41c39661b481cef087e0235160bf88ab3408394c45142aec745417320d3978ec8cf9dbb7f5
-
Filesize
44KB
MD543bb9b1074202ca2afcecc1fcab545dd
SHA1958fbd4aae1327660501bb5bc3c39b64fb0db924
SHA256bd39941a40345e75942c0b8fcf63ef983dec885dfaa21daf9f3300f33cdc3209
SHA51202f166b9b242e25b62d223f9fac0108fc38be592b4f373d81f680b14f0169056a47c6390ac3e7e8406e7e30a516c30a795b3f8b65a9e47e1c9244b415ba3ca5e
-
Filesize
8KB
MD58ed3b1313a2bd3840bd10d64d3a7f83c
SHA1dc093a72b5e7d7617bb17ed3ff9fa128ac8ca671
SHA256e998e1b182366cd675b3ab052413fd0d1eb3340d96491c523c82a2d83f810fed
SHA5125ad0281277ac427b23a0be4451e70f3cea99f9ace61c5ededd9f1682231003b2aaa0cc7f167fd7cccd151a7f2d4a183a0e2d0a8597d8d731505ad87ed4e8f228
-
/storage/emulated/0/Android/data/com.hwl.universitystrategy/gaokaobanghuanxin#gaokao/log/20240605/000.html
Filesize12KB
MD5e2794b60f68b13b00a2bc9ded6b177ba
SHA1527019e5023abe282e073ed38bf64700195330f3
SHA256596e84bc5a51e7881e2ef6b43d1325c8e51b90e1bdfa5d23c787f466d53a2723
SHA512715669d7e5812d7103dd5a8ba510e19c7089000b4332dddfdf0920b80ffec09f641b35ed5b2f82b8e89aa533934c1dc9d9236338101d214ae1b16b0fd5998ddc