966bd3727bf14b5c4445281b51df448e2b9e8424f6a4a705e0668de19aa1f17a

Analysis

max time kernel
168s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a396e03d71076f107eef467bb20718e8_JaffaCakes118.apk
Size

30.9MB
MD5

a396e03d71076f107eef467bb20718e8
SHA1

f4f84cd8dd9cb330a626a29d2ccaafce426bfe96
SHA256

966bd3727bf14b5c4445281b51df448e2b9e8424f6a4a705e0668de19aa1f17a
SHA512

27aae9285cfaa52e4c64e006b284243a22cf0336fb70a9bb9ba87f52c51f6d208b5d21bf99f08f097328609787b7b9cb41fddc6301d0ee5701b505a29d46fa94
SSDEEP

786432:GaScLj+1jY+r/O2AvsN+U8dt5rNB1ZTJ7XW8YQv5Calrma8VLggRQS:IcLatLLt8T5rzTJTlB7lKa8jRQS

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.xiaozhutv.pigtv

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.xiaozhutv.pigtv
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.xiaozhutv.pigtv

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xiaozhutv.pigtv
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

21 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.xiaozhutv.pigtv

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xiaozhutv.pigtv
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xiaozhutv.pigtv

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xiaozhutv.pigtv
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.xiaozhutv.pigtv

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xiaozhutv.pigtv

flow	ioc
21	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xiaozhutv.pigtv

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xiaozhutv.pigtv

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.xiaozhutv.pigtvcom.xiaozhutv.pigtv:romote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xiaozhutv.pigtv
Framework service call	android.app.IActivityManager.registerReceiver	com.xiaozhutv.pigtv:romote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.xiaozhutv.pigtv

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xiaozhutv.pigtv
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.xiaozhutv.pigtv

description ioc process

File opened for read /proc/cpuinfo com.xiaozhutv.pigtv

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xiaozhutv.pigtv

description	ioc	process
File opened for read	/proc/cpuinfo	com.xiaozhutv.pigtv

com.xiaozhutv.pigtv
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4177

com.xiaozhutv.pigtv:romote
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4219

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db
Filesize
32KB

MD5
dfa742fddce558e29eb869ea5ebc7e65

SHA1
6daded8176ba9253737d41490108332f9f64fff0

SHA256
430aeaf5267965d52da2320255ef1e7569773ce2eac9f9db3ffba3738a98493a

SHA512
7072a0e412065b34f00276ea2f14dd1992e50cf93d031e105db5e5797d558582e19e25f2700f32e84246f6758fc0849706b979dbb4c6b63bc717ec01c45b900a

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db
Filesize
16KB

MD5
c38ebc0bb438e94054bafbed202081b0

SHA1
cfb88c966710fb981e368ab2a493518aa6d07cbd

SHA256
263dca744e18915fbfc01499e24005269384d9f770116680f1b0b8ac75304981

SHA512
a6ea2a27f3b53d232c5f0f3efdc1fd295658b96147f8138cf91b517906bbbd69d1b7d16d7f8f11c33c2d49f72830d26d125e88a8c3540ff57a573c634bbbfdb9

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-journal
Filesize
512B

MD5
069e047a9114fc2516b4fbeb55740bf1

SHA1
82191cac883d4d92ba3d15edfec86cae66e979c6

SHA256
86b6487f5e32c3d6a6ec04b46b044be461481edbcee4534efb9a550547131d56

SHA512
1c6d83de8e61059683593557b738e09cc5945cd110eb967b4854a321a3b7b4d23f4e696f5a4f9090dcb177fb7408a9aa7d6e20d130f190a64cfe1c246601979e

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-wal
Filesize
56KB

MD5
9469f19c8b7acdb876a544cc89574f39

SHA1
0a94cd48f82195f85d9a4f787e694b006d23de87

SHA256
d143c3b22b05cd6a4c40ed3d9b279d034f3c022efc154b12f05b0673bb58bae0

SHA512
2b5d0150d666f763b4ea07ca1bf3b48dea04326de19b09ad2208ae788802b0d800b40d22d4b1ebb89a5318a99670dd3ae3b6b9be73597b160d5797ec0034334f

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-wal
Filesize
12KB

MD5
b7272ee3408090bf76298ba6bee08247

SHA1
0c6d7ff9ce13a84ab9066abe317b5e76fc84e3d1

SHA256
35706b85afab721b4ad4d7a951244a91654deafb6f5fa50116cb74bbc3ccd5c6

SHA512
b93627ae6087e85922f0581e5eeec00ab43ead8e6758e6d1d55b0d6af861c09741cb03d6e66d698d47adf09041e3a6c3f5f5e4e5c1b612c369745aff32019d8d

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-wal
Filesize
8KB

MD5
b9e8f80101311259aa371ceccc463b59

SHA1
a02ee40d5f907dc111c317f61784b3c5d8b4e0a1

SHA256
5cdd344e8c47692b7027f1e5527904ec00a84ba8b887fbe87e5e96bedcdef69a

SHA512
58c3958616c9aa0f5f66151486e7d46d52d143e5620aad1f5c19c3e969653d96f84ed5a921d38001340ca8708559a57fe5b8a091541ea1737dd75738180d4708

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-journal
Filesize
512B

MD5
7c4687652d00fb607fe9c076240cd08f

SHA1
b3aec71af67c73fe23a8658aa6d6648497203430

SHA256
765a46c29cb8e797b1013ed78d0ff0d4ef7b8791db80eb36269c44a201ba9672

SHA512
59e9ee4d456792a79d524957443030656afe4a4e6d7235006b22f1715f963c10c2ae80e6b0f4547f2685716e86803dab42c05b43deb30450652459b60a180a4e

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-wal
Filesize
16KB

MD5
0754bf046c49856d0242350ba3e73bd9

SHA1
c2b2a0a0103c703a34ecb37a31d420bdb3e42fd4

SHA256
12f1441aedfdcf95a2c792cdfac080197b85f8f01253a8cdf2a4298dff25a683

SHA512
215730d5400e652ced792e702d312eaeccb20efc1fa3dae39740c700119bd5b7e4df80ad4ab5009e71d670a228f048d13ac1194f103c0f0c996d8adf114bbbfd

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-wal
Filesize
48KB

MD5
43a4b4a3bf930d5a406abef004ee423b

SHA1
60ae43bf994fd6ae36e91ab51a8a8f00a168b45f

SHA256
d594093c2ec3e13929778c2ad07c368afe8c9ff74acabe60cbd7cabd1e8c21d7

SHA512
177ce38069b37010fcd3e3e9d289a23e52730aa75f4d4dd3ec85a221a70ba776785e1becbd810a473f8e861bcb9e7c8b286b942316b27b59263f92f894127c18

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/hmdb
Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/hmdb-journal
Filesize
512B

MD5
08b9c14328968b76b81b2f31c1dfcb60

SHA1
0b496b1ac8b4733626c7b9b8b92935561b2aefd4

SHA256
6b259e1e211fc61de8cb4bab17e72e15ec2f9e4d437a4ee8f677d85cc3253fe7

SHA512
1a6cdcf212b93b8b8849c6c302b3913ad37c4e32b9a0d35589b427607a9b5a0b1a873ac392ca550928a264314161512cf077e55184644de7e29f17dad89c61f4

Download Submit
/data/data/com.xiaozhutv.pigtv/databases/hmdb-wal
Filesize
16KB

MD5
b6b82c9fb3c1ac95f4e0302620575b54

SHA1
9e7770d6e01990dc85f14d7ff8c4f3c3fe0666b0

SHA256
1f77634eccbe31e88de548322381cd0552ae3d353ef67076e3e882823407f6f8

SHA512
63f40a21fba94aa913c234a9a96d7a06a695d8e421b87daec0b3666d1b362977ed657bf946dd40200d7167c66696eb4b47d9b44650f2d43d392e0d88ec6d51d8

Download Submit
/data/data/com.xiaozhutv.pigtv/files/.um/um_cache_1718247078792.env
Filesize
1KB

MD5
f0be096855c632e41f38d5e9b5e8809b

SHA1
45214ec12fc7643d9d8b927866c5ff62b58224cf

SHA256
2a339d3b6e403d1ba19fcaa6a00d2a70dfbaddba07cabd0bfabc468c2cb197e4

SHA512
07fae2ca174d7d9a30c1cdc24e8a6650d436a603965bacc9a07677c92c1c1fa0965ffcecd25be5d9ad8111c57c4c8c5c623a19cc8fe76abe1b3fec427882aea9

Download Submit
/data/data/com.xiaozhutv.pigtv/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
75640f7a82922a7a944c2bcd2c6fcc91

SHA1
8fd2001509f712ed504db910831d15d91cd2a6d4

SHA256
5c635b0cce8962b8269a0c988a0e8409da4df338b39e9c3517e29d659f15dcbd

SHA512
abd64b262c9f86f047ec4850cc24482cbb47b7e2e4291d4b0a323475eb51febbb7d85d4270773c027f5374375c9ba639bc6087a3033b4b83cfb2b46b83636fd3

Download Submit
/data/data/com.xiaozhutv.pigtv/files/exid.dat
Filesize
56B

MD5
06b7d8fe0f96ce6e758d03442b42f928

SHA1
b557be80f3ce6500bbe4e4ca687533d0c126bc0f

SHA256
cf10f6b6db3f44e4b4ebedcfcd6e2b75c624f5444f09f52030606f7b31adea36

SHA512
534f72a2f18853c4bd8329001dc27ea47906eb4e2338d9bb5133d2500d47fbee9d1e7c6aab1011455d8032f151e381152940501374fad58707d002ddb6ed78f3

Download Submit
/data/data/com.xiaozhutv.pigtv/files/umeng_it.cache
Filesize
498B

MD5
7466ca916a986eb46345448dc07ff1af

SHA1
d925b733a5558757b909b5fc70d6727db9e0e668

SHA256
5c4b93d2b3f1d006652ed7fa39f95d6239249cdf097750b8630495579cbc29d7

SHA512
db5e650f6c9737a38e07c6d764124c30f367d6e24f49f806789813f2a8b37ca366ebe51e80b66feb34475dc4cf635785c7644154bdee2565169e32fb457879de

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
1acdbcbb51626baf5042bf804c4d44cd

SHA1
995a6ca32f40e43a8afae31f25a339855fc66e8e

SHA256
143bd83e37ddeb599c5ce58012e125825b78b802e1292b7eae506928ca88aaf8

SHA512
592e890756c93378f8ecbab87db0ea91366484b544070a8c944db90a8774b210857813e415984b518aa1f112a54c61677e82ba6558703ad380cb42f1e161edd2

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
167B

MD5
cf12bdf1782f2b4c9df30384516c0250

SHA1
6a8801ebf102516eeb97ff1905489362af91e83c

SHA256
4a2ad2721da0d7ec19135c856b0ccdaadc539219d134f39b1846b2cf4e0b811f

SHA512
c5580d34fd8dea81080f560a7e4ded381070b8eef5dc55ca7faa35ff4010b24a6a7c1ef6665cfcee904bdd55f3200e08a8494bd489cf45b64dbd3d1547690932

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
140KB

MD5
5008fb9bf75c41cd1bb3fcc4f1f0fc53

SHA1
ec1bb1c98c15cc1f7c40c008cc04c11e4df95938

SHA256
0fcae6f2843e37ee2fe4b30676409285fcbff66ca1c0d35e3aa0a6f20e7e7a43

SHA512
2fbee37ffe6fc96249ec6304e5f88e6cb57d7b14244639d76b990d004172288dc8f37bdf11b628f63c1531d9a0efd37c0f4803deb2b546f1be5342d5fd3e3e05

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
5707989a96d4e0bde1d75c04cdf15448

SHA1
18a3ca9d2ed3f8eb135aa24a9d887b8d07af4adf

SHA256
fdc6b8a00aabcccf372171513a9c66074115ac34e4b9d54bad615e9e4ed0f2e4

SHA512
92ae47b610f738652faf16566a5c8d2c03b0c2767b72281097d8f92c698747ca3281e5978d4a9f459ec0cca05f693235980d4b09842c2c726ee6a0a340a6f862

Download Submit