Analysis

  • max time kernel
    160s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 17:57

General

  • Target

    98d91d4e761d8bbc987a924b5d4b728e_JaffaCakes118.apk

  • Size

    14.6MB

  • MD5

    98d91d4e761d8bbc987a924b5d4b728e

  • SHA1

    b65459dc9caa57ec173a59708110f7db4d469fa9

  • SHA256

    e542f150c7eaf25c2adfb9ae27a7f76056cba91f0ba5886d0c2ba5f24cd7768a

  • SHA512

    d0bdfab887a236202b3e0c99ca71a49be3cd385095b6e5c1a14d9434c866c4722eb91fd82a6e44c5e99a254b4b658e3e4f374da568ed112e328411cba5f91748

  • SSDEEP

    393216:LoRir8Ef0x07KvKZPSS7m61p96/kTwT+ibjn+Rupo3AY:kR88H0ey3bYGwTD3n+Ua33

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 10 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.application.sven.huinews
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4229
    • sh -c getprop ro.yunos.version
      2⤵
        PID:4260
      • /system/bin/sh -c getprop ro.board.platform
        2⤵
          PID:4275
        • getprop ro.yunos.version
          2⤵
            PID:4260
          • getprop ro.board.platform
            2⤵
              PID:4275
            • /system/bin/sh -c type su
              2⤵
              • Checks if the Android device is rooted.
              PID:4312
          • com.application.sven.huinews:channel
            1⤵
            • Loads dropped Dex/Jar
            • Queries information about running processes on the device
            • Queries information about active data network
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Schedules tasks to execute at a specified time
            • Uses Crypto APIs (Might try to encrypt user data)
            • Checks memory information
            PID:4612
            • logcat -d -v threadtime
              2⤵
                PID:4680

            Network

            MITRE ATT&CK Mobile v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.application.sven.huinews/databases/MessageStore.db-journal

              Filesize

              16KB

              MD5

              3389fd7f6cb45e7ce96a5de68e4fb9e4

              SHA1

              c526b161e3ecda002798477eb3e511042975356b

              SHA256

              15148480d0b0fd31a027c6e3768e6419c89d30d67d045f3fd360a00f46eca591

              SHA512

              759a062bb2311fb8b4cf275e7ce52772e9d540c24b5c31c2c15f4b4cc5aa95bb7b3123bccfc9484bdcea98e600f5bc0a8e6847c12fb5d8d9530fe470d6f9c6e8

            • /data/data/com.application.sven.huinews/databases/MessageStore.db-shm

              Filesize

              32KB

              MD5

              bb7df04e1b0a2570657527a7e108ae23

              SHA1

              5188431849b4613152fd7bdba6a3ff0a4fd6424b

              SHA256

              c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

              SHA512

              768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

            • /data/data/com.application.sven.huinews/databases/MessageStore.db-wal

              Filesize

              48KB

              MD5

              1f1e8548271be233e8dde28177756b40

              SHA1

              098a582035c747ebf149a547d4dd1156563ab3bd

              SHA256

              8898752b3f86ddf5cd1cf5fe24c4f494354c5fa518774b5f83e787eee93e9c3c

              SHA512

              eac27c8361950c337c2a3bfced6c3a4c04d1a58ab00b934d21796a578acdb66fc9153b40b4f5c9be9e923657f7e0c44a7625bc539b045cf56b6628cdcc5ddc22

            • /data/data/com.application.sven.huinews/databases/MsgLogStore.db

              Filesize

              4KB

              MD5

              3196446de933601376ff7ecbf833ee4a

              SHA1

              736ed5232eb3a6360f16488ad4f329d298620152

              SHA256

              c1d57cab4d9cfdd99a577834f2e64731e12048b9b58e4fd6f612ed0888766269

              SHA512

              6079102ab30250efadc3173d20a7fd45b288c9fc5487ddac706fb0b5ae6141086f3775734a8879e10cd29d23903b1a05e9a605ea054373bf035d26218d4887f1

            • /data/data/com.application.sven.huinews/databases/MsgLogStore.db-journal

              Filesize

              512B

              MD5

              df0f0d96c8b3d40f4c7790c282793729

              SHA1

              df0a9557aa99636b47026ed69aed7fa5ed744155

              SHA256

              8f0d4e14ad6df20eb7fcf35b31125137f1b46cf112e74f3c1eff11bfc57cafee

              SHA512

              1288e8daa4538e16c148acc5fbc2e0c90246c82375ac2a0ec8aecc37792fc197001a74730664d734f7932919ec831029c58021a2d899c51f89eb067fc7c58ea9

            • /data/data/com.application.sven.huinews/databases/MsgLogStore.db-wal

              Filesize

              68KB

              MD5

              b9f47d07f8e23a733ee6daeb8303866e

              SHA1

              c5ba926be81fb92923ce9e7f2d88829ea7453329

              SHA256

              bead27d4158e76a5b17dc953152cde29c28c9cf94a59156e61e85c1e2bcdcc30

              SHA512

              7ee16bd4b5181eb769269f40447242f96c19acddf400418a7671e7888529868862f54f881bb32b8f29684192fbde6667060fbe41f8f98c5bea8a53c54697ad37

            • /data/data/com.application.sven.huinews/databases/ThrowalbeLog.db-wal

              Filesize

              132KB

              MD5

              523ab9d7a7711f84f32d35839b826b30

              SHA1

              7bd3f0cb738c9717cb3bcd8e500454ea54419d5f

              SHA256

              c93fffba35a6aa634ac274d79f731f686d0fa86c3fc2f3c53098d74f7db6263d

              SHA512

              b7d622643621a3f1f31e08ca3a72b79bcc44a3b8864e1b02d479b51f3958478809a33c772855383e2626fdb60fe102d742a8cb3b7c74d6c742da09d6d034f5e7

            • /data/data/com.application.sven.huinews/databases/bugly_db_legu

              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            • /data/data/com.application.sven.huinews/databases/bugly_db_legu-journal

              Filesize

              293KB

              MD5

              8125e52c5203b6775378288c896bc67a

              SHA1

              96bc3fa4c0176990bc44caa6e75ac2c45b1d286d

              SHA256

              2bbc9412d6fe4074b03998a221f705e50bef54d4290c95b7fa98c256759f6ac4

              SHA512

              cc2e75cb4b85372240e5847d04965cdd69f418f3e1b631ed40c29f2ec986058dc4674c805e7b21b8ab30cf63fdfc1bdd5d8ef8a9df904d3f718a18ffbe99a77d

            • /data/data/com.application.sven.huinews/databases/bugly_db_legu-shm

              Filesize

              28KB

              MD5

              cf845a781c107ec1346e849c9dd1b7e8

              SHA1

              b44ccc7f7d519352422e59ee8b0bdbac881768a7

              SHA256

              18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

              SHA512

              4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

            • /data/data/com.application.sven.huinews/databases/bugly_db_legu-wal

              Filesize

              92KB

              MD5

              24cb78f07961d4ccaf8896709a2038a0

              SHA1

              9293c05ad8bcf8343dd60352abd3e6d036405367

              SHA256

              9cd92272d83e3c335bc6989d01d1d0895a38afe8cac87dd0d6abcda8081236f6

              SHA512

              dce1f5be57cf1a60ed4cd4f3cc3624873120b73c18d7eee666d5666188bcdae56c4c95a9c0476ec63b9ba1675623c36ac4ad77526c579bc151466962211f86ba

            • /data/data/com.application.sven.huinews/databases/message_accs_db

              Filesize

              36KB

              MD5

              486e2bac2b3e9e1cb411d2838a4854bd

              SHA1

              81dd0a7537f4af319b830ae834908986be85da8b

              SHA256

              5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

              SHA512

              c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

            • /data/data/com.application.sven.huinews/databases/message_accs_db-journal

              Filesize

              512B

              MD5

              a98e0c6ec661f5a14bd13da382e33dd7

              SHA1

              2f8c7818e01a6c5df0d9d8805be21142daa3b66c

              SHA256

              5b1a5c4ff61be3b80069bf277964c7caf0e74cd3a1987ad15d1e68f53cc05e8a

              SHA512

              a83522c411c0b2f72ed6fd1be703d11f7f5ee2ea5e1bcd05f9baf81f041d40a24b130d8890a58a79848f5aeeb1c876531691bf0b44d5675c6472a64df3a5f865

            • /data/data/com.application.sven.huinews/databases/message_accs_db-wal

              Filesize

              48KB

              MD5

              a1953b4037483c8f5d6ef7d394b7147c

              SHA1

              fe2bc3fc36c3a281a920afc99bfe3da5ec77634e

              SHA256

              2681c93a4385292f70d17f03c7a8dad8ead3dfcf814a44f8756fa03d029afe27

              SHA512

              af21d0d4706b683ad80fea4160babd1e3e7cab2588dbf2db5449b6fc01ff65236ce7c28cebb07463eb87c7d9d3ecaae16e220dd97d488286e9021e3f8f2c98a4

            • /data/data/com.application.sven.huinews/databases/readNewsDb

              Filesize

              24KB

              MD5

              eb81c8999fe3b85f215a1c004b27be4e

              SHA1

              8a382623a31a2d8d6944fe04ff51ff2ed2d3dbc0

              SHA256

              846b490c8de1866772390978762c3c06e97062605914a54f8a4a72151cb178e7

              SHA512

              0748d723d2e07c096b2a7a2ab6cf2ade5cfec073a2f2403fd7822027557d43c6a0dee5b880040ffbbcb16d8a345e59e461191ed22e9c25ebd2754f43836cd463

            • /data/data/com.application.sven.huinews/databases/readNewsDb-journal

              Filesize

              512B

              MD5

              155d3590d878046eec15d8a6965d74fa

              SHA1

              ea4e0038b953911c43b401384b737218c2c4893e

              SHA256

              e1982a80e540996d93ee964fecc5c38c071b0f84f774ba4a93bf1bf77dd4f209

              SHA512

              dcedb5626f0e8f8731fa98caeef1fa3a093e0cdb9c08a9bb5e99969caccb1e97e32db9aabba92423586fdbeb03ca19ce1eeebc96f7d484a34c754b67d0f1de8e

            • /data/data/com.application.sven.huinews/databases/readNewsDb-wal

              Filesize

              97KB

              MD5

              70baddf1de527c9b87945d0a20b113a5

              SHA1

              aa541a4c5a6420f48ced284b7f7fbe65c17cde2b

              SHA256

              9610900b78765c0ba8d614ae85b310607fc1823b2b95354fbbad801ba5b396dc

              SHA512

              1669ef3bc83c0330ce2dfbc06093f8b1dcf398d3e81afcf09e82d4a1acf918a98d1b0032349b173c299790bd5933ca81ce3bb9f063b521154767a079f6e631c8

            • /data/data/com.application.sven.huinews/files/Mob/mob_commons_1

              Filesize

              2B

              MD5

              99914b932bd37a50b983c5e7c90ae93b

              SHA1

              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

              SHA256

              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

              SHA512

              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

            • /data/data/com.application.sven.huinews/files/Mob/share_sdk_1

              Filesize

              23B

              MD5

              8e24e79baab91c4d0604eaa9006a0cb3

              SHA1

              e427afc94a4b957a7096f73e395a10ea404c076b

              SHA256

              65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

              SHA512

              45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

            • /data/data/com.application.sven.huinews/files/agoo.pid

              Filesize

              4B

              MD5

              000871c1fc726f0b52dc86a4eeb027de

              SHA1

              0f34ebc843b59f1a3c744d7d5acaa87fad49dc0a

              SHA256

              b4ff2b19753f126767e446acac628f07165d8852d9296e95cacda9b8aa00c641

              SHA512

              cb31a32d4f4278d90307912b8d8331280ee9f0e66f3185dfe271bc7ddb8e8ac0a590a2685d02078243c6dd74ebefa723bb90a15ac759debd828fefa5df2aa2b6

            • /data/data/com.application.sven.huinews/mix.dex

              Filesize

              3KB

              MD5

              2d3e42ec1fc7e5d1f5428b268308478f

              SHA1

              18ce85a1ddbd9a971106e25ce0df2de8ade100e7

              SHA256

              80c8ee744dff0623a06c3423edcd9421ec675b0cdf373e19719da4369a633aa1

              SHA512

              431d4ded579b3d4db7dbce4d0b6728ea6bb3de1be92d1dc62e0602157c9b9f85398df5d51c67a4ff82ba6f099cb3518646fcff3873f0f80cd601cd5a4503392c

            • /data/data/com.application.sven.huinews/mix.dex

              Filesize

              292B

              MD5

              63f77f99bd2c2b772a479923bde11974

              SHA1

              c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

              SHA256

              4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

              SHA512

              3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

            • /storage/emulated/0/.DataStorage/ContextData.xml

              Filesize

              111B

              MD5

              f63b7bac1d4a643d5102e535684d0172

              SHA1

              0efbac24e8e33fd642c7cccd64e873d6c49caa75

              SHA256

              822db8eb3c2f0eda0e24bf21c4084b864491f6beb1ffa7c3185c601c64c80cc6

              SHA512

              99c2514d245d1d977e172c53152c8601e4eb689b4d81b84f4de6d0f368b12762aeea105977fd189e137da30dd13b2401b956f49b3dc2a7985813c461b157a2b1

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

              Filesize

              65B

              MD5

              9781ca003f10f8d0c9c1945b63fdca7f

              SHA1

              4156cf5dc8d71dbab734d25e5e1598b37a5456f4

              SHA256

              3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

              SHA512

              25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

              Filesize

              111B

              MD5

              812678674ee827687c6440eef86527e6

              SHA1

              c839f82208b47e45ce0d58d79b8bbc49a1e7a3ff

              SHA256

              3ee38a14e1225eba41b69b6f39d1d98449c43f8c47c4a23d0d0c7dcee1fc926d

              SHA512

              09e9e81653e30083ee8bc99a7856d266829d38db6d18f5c59dd009cf23aab6c4558b318ea6d2bb95dc49d40297b69b3134d03dfeee15fde943126c72d6f2cd60

            • /storage/emulated/0/Mob/comm/.di

              Filesize

              57B

              MD5

              70a42cba408700f9a6c01c7941a8829e

              SHA1

              eab01cc2c0671538795fb0b1146017dc099d0984

              SHA256

              499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

              SHA512

              8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c