Analysis

  • max time kernel
    170s
  • max time network
    174s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    10-06-2024 13:13

General

  • Target

    9ac70d71273f95d9432e4fdd5e905b47_JaffaCakes118.apk

  • Size

    13.1MB

  • MD5

    9ac70d71273f95d9432e4fdd5e905b47

  • SHA1

    1ea26edf1089a3f9155afb241ac7f51258e48797

  • SHA256

    05af1c6f0ae98d4c4d3dc613efdc72f3573cef3d8a18217c21053642d396eb02

  • SHA512

    a0e7e289f293462d0344b41f59c21be7d9103cef6c3a1378f1d233e7354c968fd058fe7124085620708a0884dc1bc99d800f6c4c57c1803c2ac33af0d49811e6

  • SSDEEP

    393216:w7BEA9BBy2oysO035fcsmC3iL5QJzi7oBH/:YCYXoyiAAi2iuH/

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 2 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • cn.ledongli.ldl
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4282
  • cn.ledongli.ldl:pushservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4317

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cn.ledongli.ldl/databases/pushsdk.db-journal

    Filesize

    512B

    MD5

    212aad557916d0042f981fc83f14cf98

    SHA1

    c031dfead9a60785d4b16161b3cc4f0bb695f713

    SHA256

    983fa0fe4b57c17577b4665e31a89a94af09b23875c2d84783643fe2d6598813

    SHA512

    466cf07ac3cef2c0a1aedfbf965edfe1676bd9cc19d93b1ad820e60fe932ec2aeff7a69116fa06315dde424a758229f27a0234321616918ab58db780030bcf03

  • /data/data/cn.ledongli.ldl/databases/pushsdk.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/cn.ledongli.ldl/databases/pushsdk.db-wal

    Filesize

    92KB

    MD5

    07aef6b1442f508c38acb1d4c04093bb

    SHA1

    226f1f7cc8cab1480f152194a4707bf5e496fd20

    SHA256

    9794d589058501bd0fd3285c1d55d587ebb4cbc9f93c4ca180bb3f163dfcc90d

    SHA512

    2a33742182f2c687c224fdac37731e2858fa7beb5727a9bfb3ddd96748641c1a6150b6176aa881e68e016c2719a5ab1909f11450a9240b60b5c47b906d89dfb2

  • /data/data/cn.ledongli.ldl/files/.um/um_cache_1718025283937.env

    Filesize

    599B

    MD5

    ae9b1152ea05a7d5db9e6debeb701254

    SHA1

    70262fd677ba993b82870471c7ba5d96e1bc668b

    SHA256

    7ea57a8367789faeef7a8d2041b0178f9467b5e71342722c9133d9c6da73cfab

    SHA512

    d55713f4149391761ce6c5a5d0f2e81161dd40cf250bc87c2181f4f2e3de6a4531a074123a09838be4d3770383a22bbcc7dd7e144e84ae3d20a15dfda83e8751

  • /data/data/cn.ledongli.ldl/files/ledongli/BDS.db/LOG

    Filesize

    53B

    MD5

    f0e9337855f020a9d5697ae1e225d72d

    SHA1

    364d5d3936ad76d77cd809be282ae9dfbd0300d0

    SHA256

    a04d54be44ad31ac4d360ae5bcb2fe099cab4f0e234c716f9f7aa4ae20ca1a83

    SHA512

    5002db848fa0c336492e78aaeb7d4ba8d9c390b819f009a44f3e9cd023f44f96368ffb5b71f57d00bb2aa2b991175f95a869ff2b18652d01368af5dee9ae12dd

  • /data/data/cn.ledongli.ldl/files/ledongli/BODY.db/LOG

    Filesize

    53B

    MD5

    d5375bfe4525ec039b992eff2e563465

    SHA1

    818cf51b1861906c8a4183ad6d593af37c672338

    SHA256

    4a7a0c732e58a77b586cff9242b33a5375ea1dedb93c330b53b325aada780e9e

    SHA512

    62d247cc72a731342e59683c0707d00177b4ec37b91d6e5d9f7ad6f480c651ac6e16fc28342bc48237d050490a02c13e4bec65bf102f183245628953d10bf7ea

  • /data/data/cn.ledongli.ldl/files/ledongli/LPM.db/LOG

    Filesize

    53B

    MD5

    f18dbf593ffdd96518e1f9aa1a380402

    SHA1

    44e97e01c84da867c39dca340b901e5a38691fa1

    SHA256

    20e70ceef6a1d0306ba49acf94887658fa1b7a5369e65d087e2a781475070c39

    SHA512

    8fc3f50a6ee59a6e8de3eac0beee28095e1a264f1a0f7d1d25a67ec6f959b9f8524c1ab69398a290f83f609b064071cbb4d7982409a630c07edd41e7edf95ddd

  • /data/data/cn.ledongli.ldl/files/ledongli/PM2_5.db/LOG

    Filesize

    53B

    MD5

    7a190fd60bc600dac258d4d81b5a6663

    SHA1

    fa0cd013ff621a5a81297628954a0156a00eaf4a

    SHA256

    d26c69a748a4166e317da898824b8077e18f0fbb4658ac8f4969860c5c0da2a5

    SHA512

    cc4ccb22bc686b0808991a96866e202064956df156058fe86952eeb44c06ee08bbaef6fd8fe00917d335166b0156171ce8fca1fc8e86573774e0a5715322414a

  • /data/data/cn.ledongli.ldl/files/ledongli/PR.db/LOG

    Filesize

    53B

    MD5

    31c6f37e368f322b9d873678066a3f81

    SHA1

    0825ce33f86b40f6ca0c7777cd4cf2c5cc84dfa1

    SHA256

    3a81661a5ce1c53ccad05cb267abfdc63c330e36148af837c6942644d64b3c91

    SHA512

    386ab902411bcfc36185e12a1d39ed0ef67237935b1cc36aec92e5451ff5a034b7438bfe3c6a0936c217154da993c8a961ee5e2a641d21a7a6f0ac4b2657acd9

  • /data/data/cn.ledongli.ldl/files/ledongli/am/LOG

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/cn.ledongli.ldl/files/ledongli/bbmam/LOG

    Filesize

    53B

    MD5

    bad40f5da318051285621b2f1217e401

    SHA1

    046d22142d513db5f7a564a282912a1ebd207bc7

    SHA256

    6fd6a98ed8b98cd936d0198229a252a0ec9c7e5e3e94fb344a8a53192859c9c0

    SHA512

    893d7ec2311e1bdf07d02a1eda919f02bc62a5625b84addfd4efb8bd01cabcf3a6208957b5eb030e83b68d39c2d066f2a8eafc7efad1f95d8ae92086425a3d83

  • /data/data/cn.ledongli.ldl/files/ledongli/lm/LOG

    Filesize

    53B

    MD5

    3ce1ad3c1b8829a886fa989dd3cc9e98

    SHA1

    d9aabf162ac77c5d7999228f9fe2e3e07e417e40

    SHA256

    fd87d29fffe0c81ddf07394c99472e07922613139e7d44c3f48d05e2957725f7

    SHA512

    0cec0b9606984a418b2d886cd3350b89971b2223c34e2199f69a0bd432f380703be10b2918ee161e643ee1e4e3b0cc0dbb5d17e49116eb8dfa68bd2af89c04d5

  • /data/data/cn.ledongli.ldl/files/ledongli/mm/LOG

    Filesize

    53B

    MD5

    2942d6531d710e9e2173feb8c3e4fa44

    SHA1

    75fa216fc95750af379f1944c866916588fc19fe

    SHA256

    305962fd1ee8e0627313dc6761229db196827929c39d8275ed72bec09530004e

    SHA512

    bc647f8db30fa0d1ac2ccb469493a14d740d73c552c9ecc0410487e24a7bad0ee5b12af209aa3c211946c68f40df96c2513c8c4100be0110304bb9655a48792e

  • /data/data/cn.ledongli.ldl/files/ledongli/msfm/LOG

    Filesize

    53B

    MD5

    8714539f0459b916e41a74ac9251285c

    SHA1

    20dc15f0ba3ab4c3363347ac491aa086cb9976e0

    SHA256

    4b15cdc06f17b270c53588df786e1e716b3cd9715e2923b136e593af764c1adf

    SHA512

    523da1756edc2a7d0116c80fbe669e60c1795e61fe33f1113abf9ec7858369cd66cc96e797dae25a95bbb3ec2e9848c85b3c9076156de0b42bacbd2419a45b56

  • /data/data/cn.ledongli.ldl/files/ledongli/rgmam/LOG

    Filesize

    53B

    MD5

    0342d7d7d17ef1eb11776ab7ae45c9ba

    SHA1

    b176dac7c446900f77850392058bebba7631d605

    SHA256

    61cee1718d418705829b68d72a4bb2a2bf00ba927e61b95fcf7cfebb7e09289b

    SHA512

    9bcb18264154c76d5f8147a5075ad1e6bbbcbb62402be2ef42262823148e6576dec4a3f5024230b260a8a3ca0d0e0dc28eba23275d6b2639b2ec26257f932d43

  • /data/data/cn.ledongli.ldl/files/ledongli/sm/LOG

    Filesize

    53B

    MD5

    5892fb25a2786f1b6abb561120491d19

    SHA1

    19f396c7d2113c0a4f8d02eb8532518a73a87efc

    SHA256

    6de9ec899a7b4d2495d2a2805dea3cde54ac39152fddc8b77e81c1c3cd8e82b9

    SHA512

    d573e2747d6cc349001e4968f6e47f0c87d214514d974405a2106fdb635e4ff5d549637c2e46965c82758252db33f1c0b4b17fb63a15e5ec597dd373c285b330

  • /data/data/cn.ledongli.ldl/files/umeng_it.cache

    Filesize

    310B

    MD5

    bc9cf3362655882a0b88ae85d9d40ed5

    SHA1

    8b260b50713136acb9e74ad327f1c2a98246a10e

    SHA256

    6164e18e27101b10c49b8b6fe286b9bf6500b6acd95930e893ef4490c0fd530d

    SHA512

    909261de2fae8eaa5ac8b8418888fd6985fbfa81beab0a41d0a8c3f4c8b56353e95b2f25ab0814b45d35e35c6e125fa480d645394e4e4cd36942815185e1e208