Analysis

  • max time kernel
    125s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 02:56

General

  • Target

    a39a5581150e155695044c77f19b3bd4_JaffaCakes118.apk

  • Size

    31.6MB

  • MD5

    a39a5581150e155695044c77f19b3bd4

  • SHA1

    31afd701a870ef938bef1b54bbbfe7656bb9bd4d

  • SHA256

    f9d3921ed94b8445ac78fa208f84566350e191d98c7ac786a401a5512a337e7e

  • SHA512

    d6e170e05ff1a54daca2985f6a34735fca4cabed66411f9adedb32d392a024606280aff05380ad5309f23045c3e2571435be8b81d85677daca63662a4b8caf23

  • SSDEEP

    786432:2G7G+KQvQsTblRTc6W3JX17a3JX1+rsmlP5iE1wQwQ:u+KQ4wlLW3Jl7a3Jl+4mP5iEeI

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.up591.android
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4208
    • /system/bin/sh -c getprop ro.board.platform
      2⤵
        PID:4308
      • getprop ro.board.platform
        2⤵
          PID:4308
      • com.up591.android:push
        1⤵
        • Checks if the Android device is rooted.
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks memory information
        PID:4269

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.up591.android/databases/UmengLocalNotificationStore.db-journal
        Filesize

        512B

        MD5

        2b65c7a522cd766d3416cd9460931350

        SHA1

        b7d08ff173310ff604a3f61c6ffce93e15ca1de3

        SHA256

        48955d931ca7fd799807c2c18cb979f4ca47da4b9073d5480d442ba14fd54fe7

        SHA512

        e3b492df7d97a2d11527bfaaeebf4ac391bea8b4ac234d6629627212a2a61772927b085b1e49b9283ffa174698381223eda7ada50d99056222eb41354df1d306

      • /data/data/com.up591.android/databases/UmengLocalNotificationStore.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      • /data/data/com.up591.android/databases/UmengLocalNotificationStore.db-wal
        Filesize

        40KB

        MD5

        caf8ece951612a3aa4eeed5cf9900297

        SHA1

        1bb26b50be92aae2030b4087b018c5b2f5c306e1

        SHA256

        6cfc229235b61a3f1573d9f662103136c3fb6a3d9875fdfe27b36355a5e3628b

        SHA512

        8c858845a98e165812bd93f87ad2a09fa832220497803a788e509a910f4191b3e4c19f4ca0e70c0a351a06c874651406b976a238f364379123cbc8d51a79455a

      • /data/data/com.up591.android/databases/bugly_db_-journal
        Filesize

        512B

        MD5

        5cccb2423fd1fa4049e73022106f8f17

        SHA1

        51205e0f0f3dcc7d15cb6410a3ab3f9d9aa1f572

        SHA256

        7cd32ef6d47cb124b476d2ca5ee84158d515574474eed4f53005069eda30f420

        SHA512

        021c0b798773d1e07991ded13e5a89b9f5e45f22b78a47c051b607e832b8ed77a791204f42215259365a2441bf8123c546532f809ae5493e54d8e81d7a43f08a

      • /data/data/com.up591.android/databases/bugly_db_-wal
        Filesize

        112KB

        MD5

        545d3bd2809c337d60dc48d0797b5061

        SHA1

        b0aedee938ee8e0d7b144b8bbc72610bbecb7b6a

        SHA256

        d1524ad1de3f9aa440f2c8e667094695fffb314427a88bd11f1c73db98a35c9e

        SHA512

        421c14d18767209eecc1563f6307359f91c626179c68a178130218d6b249e4340a895ebd90f515a5733f8b1a613fd11e3f83284b5f4f8f931a13efd6d9016082

      • /data/data/com.up591.android/databases/exercise_new.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      • /data/data/com.up591.android/databases/exercise_new.db-journal
        Filesize

        512B

        MD5

        82090ac68be3d8b69b0f38b2b7834e72

        SHA1

        f2cfd6f89597739e48428b270af118cd7824b684

        SHA256

        2d5c7fb3ef089b5691421b1ce390148ac39140347a361d99288507a6069bab6a

        SHA512

        577d6eda778732d67ab916dc56b71d0ef6f0f132c563288b19cc73bd49bf65bd309fbcb4eb12b23b6bd119d3be832f63971112e880cd39acc55c3f2d7eb00556

      • /data/data/com.up591.android/databases/exercise_new.db-shm
        Filesize

        32KB

        MD5

        20ab5dba2cba984f1536d86977cb5f33

        SHA1

        3a6b5982e3c7989f6b737dca97b4f11c7b3c49db

        SHA256

        e36aeca675eb6ce6d44881061f613f8476007f0b9cc896eac362b825c8f7247b

        SHA512

        4feb89dad41755ea59126a3edcfa11c00d6648cf2eb61b43e7f5bb709a26172d594a6c8e7bf012800ec9d67eeeec60e58e7b407971ec5986ed8e2eeeb8ec0042

      • /data/data/com.up591.android/databases/exercise_new.db-wal
        Filesize

        193KB

        MD5

        b1c4657f7bb4ff6c5945fe13e018e2e5

        SHA1

        f292318bffdfde4df397a2feb83d2959f66a5244

        SHA256

        342f43a4ac1141f4962c7a1c93d8a1c5132e5608cb37f448ac860ac6e38782f2

        SHA512

        b103feaf8c0c2e81e2d169afc85210f5f3475af29d2938975a8eecba4a8bf1c57830239bf6b729217c6cbd72b1e3d0d9bab62a22727ce2def6ac4dd28413cb7f

      • /data/data/com.up591.android/files/.imprint
        Filesize

        908B

        MD5

        69981d09c06d86a028593626aa348612

        SHA1

        c9cfc42e14d66c6d50ee509e7477a17654efb892

        SHA256

        265a39f70d7d1c7917696fbe7c0972b6d2cb2ec4340897f012345b4b6939eac5

        SHA512

        b25dfeee45ca873bc50a1d5e47c04577949000cdbb5a384a3351cb2ae4faaeee11681fe11560b6f8d07525891ebd5ba2fcf6cc0815bbe617ecda2253d4e623cf

      • /data/data/com.up591.android/files/umeng_it.cache
        Filesize

        310B

        MD5

        a2794a3e5f1d123262eece29295906fc

        SHA1

        03d0b6eb6fd16045cf3980a32c7199952f3cbc11

        SHA256

        8548158cd67653beb6335c4729cfdd18a0fc68120a2137baab427850cac13168

        SHA512

        23cbcd18216c205b2f3136c8dd64a127b1a576c3d74520d85190b3d97b233e1ffb3105cc5a6d4ef9129e1e7573acf71c4c079aabf915402a3149cb6ed4c062c5

      • /data/data/com.up591.android/files/umeng_it.cache
        Filesize

        158B

        MD5

        e4d9d3b4676e0f965966e59eecda0fd6

        SHA1

        8bb4c5e7db48f1eb0cc1d35037a6bdd885a1a216

        SHA256

        98029eeed62032f6836786a28b6fdc969fbc65f60c37fb1c766a94ee401e30b0

        SHA512

        8e3b53d011e5b27013796250edb5c278db4318efa62cb440af33e54d79a8aa1c8a890333aa3c6eeae14e3ed2ca8063a15c07c1beada35911efc8ec1f173085fb

      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        111B

        MD5

        871eda3f29e7af9a465b8a4e7120604f

        SHA1

        0c5082a6dc2ae4be09f9b4f95cb304582fa36000

        SHA256

        412fab1f75d90dde59f4d2a9cc7f2dfdd4919ca5c75d5083f47e3f1393c4350a

        SHA512

        64ac0f56edcc8662fa1ea569d06e3ccb20b8da3ab7f2ccb1272d3e4ee4dd290ccb24f0085abba48c2de1b6bf754246ad43db1b4049cfdd368d75e9cfa9d95a83

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        167B

        MD5

        c77e08a627162b719c1328e5edbc2c74

        SHA1

        151c2bf788ffde51876248d84f2a7e787a2776f0

        SHA256

        11d6c70dc0952d04a745aaee3dc367543caff6dd0fbffb0b05af43a25be2183f

        SHA512

        b7e34fb2cabce2e987917b63a8e984de0882e0c735091aea9edf4b1b0e4bbba898288e3edcb12aa9609fd5a1cbd20a90a8681971d30a44158aad65d3bb9c0362

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        65B

        MD5

        9781ca003f10f8d0c9c1945b63fdca7f

        SHA1

        4156cf5dc8d71dbab734d25e5e1598b37a5456f4

        SHA256

        3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

        SHA512

        25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        136KB

        MD5

        442ebd3889038f91f70d89656f390f31

        SHA1

        1de1184de5648ecc2dc814e6b21cee9d242b8b4e

        SHA256

        95de46feae9889b9d761d5717b7884f76577d1b2123f9892c56c0aea83db3f87

        SHA512

        7646ad0b28cc76a77c49edfc3b9ffb4b511ffa581e653df3d90889089d64159797f2f20989496a76f9f407afdb80a7dfe9c557480c489630d1a3b41a7a15b736

      • /storage/emulated/0/Android/data/com.up591.android/cache/uil-images/journal.tmp
        Filesize

        31B

        MD5

        8c92de9ce46d41a22f3b20f77404cc1d

        SHA1

        8671a6dca00edb72be47363a7071be65cf270373

        SHA256

        68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

        SHA512

        30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56