68e813f6861c8e83e201091c0b282962b0029cd7703b30e19f8a1e31567f9c5c

Analysis

max time kernel
168s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13/06/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a32fb8426ea55fd3017270ef36b7a987_JaffaCakes118.apk
Size

13.1MB
MD5

a32fb8426ea55fd3017270ef36b7a987
SHA1

204c28e93363da1a93e47528e69d958b7448bb85
SHA256

68e813f6861c8e83e201091c0b282962b0029cd7703b30e19f8a1e31567f9c5c
SHA512

f495daa2c8a2f51c4261eb3a737c757ce8baca308c7fa7935944ab48696e3d1b943a2b8c8bcfd977c242efa008f486f7d26fd1a69b40054f8689ea3b13edf51b
SSDEEP

393216:i1/AHLYT7wyFByUatGjy//ot1ItRi/4MX:iRAHsT7wyGUatE1UfMX

Score

7^/10

banker collection discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.huluxia.gametools
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.huluxia.gametools:mipushservice

Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://media/external/images/media	com.huluxia.gametools

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
6	alog.umeng.com
120	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.huluxia.gametools
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.huluxia.gametools:mipushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.huluxia.gametools
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.huluxia.gametools:mipushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.huluxia.gametools
Framework service call	android.app.IActivityManager.registerReceiver	com.huluxia.gametools:mipushservice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.huluxia.gametools

com.huluxia.gametools
1⤵
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4322

com.huluxia.gametools:mipushservice
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4427

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.huluxia.gametools/databases/HlxToolDownload.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.huluxia.gametools/databases/HlxToolDownload.db-journal

Filesize
512B

MD5
725db239065eb902eae7ca43e12b4fb1

SHA1
de9eef9eb81773e8829a460404c552dfe63383ca

SHA256
297a20e55db3e6e598d1bc144445ebc7ebfef08df4d8a0ef79e87af410978acf

SHA512
613549cb98465a200b5c403179ec7e278107e5cb8173d1419bb88c57cfef43179f1e147bbeeb66bd95949a4e78897f7091b5077f5239064f2dc79f01829e40ff

Download Submit
/data/data/com.huluxia.gametools/databases/HlxToolDownload.db-wal

Filesize
80KB

MD5
6b1e7e479036513641cdea516ec9a3b8

SHA1
447b62b4111b2151534de6b7bc49fa24645ae323

SHA256
ce496be3ad3c9aad8be85ea22edbe1f691c5476befbe449b7367a7313e194e0f

SHA512
e0b1ea6e7e86eba7689f5f70126d51b316d52478bc1194bb1249914311a3740239ad007a236a04e0e27b767590eb37cfe8a22d41430f6cd71ac856ff7c9e2610

Download Submit
/data/data/com.huluxia.gametools/databases/hlx_wifi.db

Filesize
16KB

MD5
4647ea8f866882475ffec720cecb0918

SHA1
6a341d098ec1effbee28bf63e6e03a71acdcc535

SHA256
84f10f57be046b8862249adfd2bd3743915a23fde995b3c11fcc0ae1a3d5d99e

SHA512
961536484160645550ae77066614387a27927361a855db803d48c91fd4855c9959211260a4e108c845d13064963ca542994fea1286a2d086156ad35f791a7b6e

Download Submit
/data/data/com.huluxia.gametools/databases/hlx_wifi.db-journal

Filesize
512B

MD5
b91de1cfe845e9f6f2ea5352e178cd21

SHA1
d02acbede6099bb37300b696f2d45a5172bb57f1

SHA256
4d85c41e1aaab0b6cb140803c5972ac94398385f5fa6bddf252dc6fcd0296b4d

SHA512
8703260173206534a53ed434d2ba380712a4799c375da2ccc0e528a16e98437a2523f65db9528658a9c3ff5f9f9bc067e1b06dc870bba4508a9ed2efad4f7656

Download Submit
/data/data/com.huluxia.gametools/databases/hlx_wifi.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.huluxia.gametools/databases/hlx_wifi.db-wal

Filesize
28KB

MD5
78f2624cb2be5751f0bc41f8f37f3578

SHA1
3b91da635346eaf5b36689b31ab6c187db471154

SHA256
2069dbb5b099f866152eeb0a069e1f5473e2506c9c832de9553ccf826d47128f

SHA512
661ae0b9ad0b6b3e6c4cee0f865e763bd750582e4ceba00d4b9eb9e38daf5d2df0afbe2ed07447f2956e59d9fd45cd00b8b0499b06458146786788000fdb7914

Download Submit
/data/data/com.huluxia.gametools/files/mobclick_agent_sealed_com.huluxia.gametools

Filesize
562B

MD5
a08e98756f5132b5ed8e4e5f35722fc8

SHA1
6bdd2ace5222a9bc3dfcec88112693226d48dfeb

SHA256
46392f56875383e38e6429dab5c9821a2ebb886969bb982a05a450ca7c4119f0

SHA512
e3b7d37d7958549d4270c66d4612d64da6195b02bd99428cd215c59d1a1bf6b59f7cdeaa8735b228d7438ffe4c001c64d899cc55233f973b457791878f48db94

Download Submit
/data/data/com.huluxia.gametools/files/umeng_it.cache

Filesize
211B

MD5
830ad7a00dd89a9cc1e7456a1a4da817

SHA1
f137f738c3faefe840446e45b08d8d05b803f7d1

SHA256
6c7257266c60130828965577c3a00b2fb74e38748a0c442459811ae508569127

SHA512
7313fda7712c2709e8bbc89a1ee4bac0e9540f5c146c07e6afdc03ea1a2182a56e1cde4d7c7470409f72bcb039c49ff8a5024501acef2b6db746bc88975f2056

Download Submit
/storage/emulated/0/huluxia/tool/http-cache/-5122010221276028997

Filesize
1003B

MD5
5c4de4c57c78b65993cad24f9a520bbf

SHA1
9713f374abc8e7b328790427138f89f123c78f37

SHA256
4d140491ea5d03729dea7d4407dd0424c6a3269750fc6de31375e578dec9574b

SHA512
dcdd4dd065632a39e23976d5d0a695bbbfb3c27c2c98eb9b02bd3e59338cb8801186a916e2821df63d1362822d782b679364c9b0b90bc5eeac0b4d3a3e0eb6b0

Download Submit
/storage/emulated/0/huluxia/tool/http-cache/18309545331276028997

Filesize
888B

MD5
1feebe7514dcc9dbc4a1cb0d28d52c14

SHA1
9d62d6182f2d1d1b4a209b71cde8b2201d6aa5a4

SHA256
b375de40989cd6813df9e92b57e537ff35adde7386bdb17a74f94db6f90e51e5

SHA512
75739cc3a45a3d9b1ba4d77202be83fd751d23c566f63a13be9a9f0be6fc77ae04d935dcd999df34d037ca9d634bd44c887f891fc3fde7de4708b86dd1790b06

Download Submit
/storage/emulated/0/huluxia/tool/http-cache/7222227251276028997

Filesize
978B

MD5
11cdb9695008223218c4581c13b3a27b

SHA1
1e589e693c23540120229c9d5c64f9fa6f0a592f

SHA256
02d7c33ac785a66418b62461507475e9ca9f976eb20b2793819c9d86d27e5971

SHA512
51bdd399f6fcb9417c69406a2a274914007165247a4b786ae10e865e600ca3a846d92123dca3b247a98ce714f5512700d39a28ee89b97a85fa8b2c047f7fe179

Download Submit
/storage/emulated/0/huluxia/tool/http-cache/9091552172127231391

Filesize
100KB

MD5
0167fc5e85c2a7773306ae56b9b59544

SHA1
c291c224c09c47ae98f0a2c6e80b517d4244dab0

SHA256
a61cd96de25ad3de34c3dbbe123c1653be86131dd2e5750f21d48a47b826b5b0

SHA512
9db044195876e4aa609c9e28d3ef1c6799fa2d1704a7c911bb49a2016f6f94a52c9532a49ab2422341bf6c85154dce2bcc1ecbc59570bcc829d5f7ef4294b9fe

Download Submit
/storage/emulated/0/huluxia/tool/http-download-cache/unhpk-history/journal.tmp

Filesize
33B

MD5
043f0824d81f3ed4a7aea42bd527fc5f

SHA1
ffe81ba33f6328535f0c050f4903e0bfedbe1434

SHA256
f4fa725c98009bb8a11351b246463451a16a468dfaad6dedc9e145ba49ff088b

SHA512
18a114f60d0cea743b152936ee2fa2519ada8f2308668f54e651c5134731e000a290ac3a6a6f8c746f1013a6a95c265d10d0bde07a3485d75aff9ac856b35e6f

Download Submit
/storage/emulated/0/huluxia/tool/http-image-cache/images/journal.tmp

Filesize
146B

MD5
15c15aeab972c16e2deca92328c8e1fd

SHA1
f76e192b96ed205623e445ec8397fb45f030706d

SHA256
bc2d8c5edbee755ba3994d174cf50cad22fa30b85fcc3f236d0bcea8adf54c58

SHA512
1a6054ff61212c968a1e9c68bd740f46a825cd3ebb1aae16efb6c691e0e5a82b086232583c4b2473a07a1f12de88792792b4651a2d3e493c0fe0ea743ccf9c39

Download Submit
/storage/emulated/0/huluxia/tool/logs/logs.txt

Filesize
9KB

MD5
780976d2d233258603c994e67914528b

SHA1
b3e5e374d219b03e2cea404f68fd15f3d4d7d04e

SHA256
5d13c9203b1f0426872b728a172956ba29506ad38e627aa92356c6df68295590

SHA512
b23442978190fe2722ba402bd376aeeec3d9ce7472e274b8e003dcf741d3c9d3358c15fbe4142e78cf6eb8f28024ace9fbaf82538be4892892a5bbe63d4a3d26

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads