Analysis
-
max time kernel
125s -
max time network
141s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 02:56
Static task
static1
Behavioral task
behavioral1
Sample
a39a5581150e155695044c77f19b3bd4_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a39a5581150e155695044c77f19b3bd4_JaffaCakes118.apk
-
Size
31.6MB
-
MD5
a39a5581150e155695044c77f19b3bd4
-
SHA1
31afd701a870ef938bef1b54bbbfe7656bb9bd4d
-
SHA256
f9d3921ed94b8445ac78fa208f84566350e191d98c7ac786a401a5512a337e7e
-
SHA512
d6e170e05ff1a54daca2985f6a34735fca4cabed66411f9adedb32d392a024606280aff05380ad5309f23045c3e2571435be8b81d85677daca63662a4b8caf23
-
SSDEEP
786432:2G7G+KQvQsTblRTc6W3JX17a3JX1+rsmlP5iE1wQwQ:u+KQ4wlLW3Jl7a3Jl+4mP5iEeI
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.up591.androidcom.up591.android:pushioc process /system/app/Superuser.apk com.up591.android /system/app/Superuser.apk com.up591.android:push -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.up591.androiddescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.up591.android -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 5 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.up591.androidcom.up591.android:pushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.up591.android Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.up591.android:push -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.up591.androidcom.up591.android:pushdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.up591.android Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.up591.android:push -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.up591.androidcom.up591.android:pushdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.up591.android Framework service call android.app.IActivityManager.registerReceiver com.up591.android:push -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.up591.androiddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.up591.android -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.up591.android1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
com.up591.android:push1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.up591.android/databases/UmengLocalNotificationStore.db-journalFilesize
512B
MD52b65c7a522cd766d3416cd9460931350
SHA1b7d08ff173310ff604a3f61c6ffce93e15ca1de3
SHA25648955d931ca7fd799807c2c18cb979f4ca47da4b9073d5480d442ba14fd54fe7
SHA512e3b492df7d97a2d11527bfaaeebf4ac391bea8b4ac234d6629627212a2a61772927b085b1e49b9283ffa174698381223eda7ada50d99056222eb41354df1d306
-
/data/data/com.up591.android/databases/UmengLocalNotificationStore.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.up591.android/databases/UmengLocalNotificationStore.db-walFilesize
40KB
MD5caf8ece951612a3aa4eeed5cf9900297
SHA11bb26b50be92aae2030b4087b018c5b2f5c306e1
SHA2566cfc229235b61a3f1573d9f662103136c3fb6a3d9875fdfe27b36355a5e3628b
SHA5128c858845a98e165812bd93f87ad2a09fa832220497803a788e509a910f4191b3e4c19f4ca0e70c0a351a06c874651406b976a238f364379123cbc8d51a79455a
-
/data/data/com.up591.android/databases/bugly_db_-journalFilesize
512B
MD55cccb2423fd1fa4049e73022106f8f17
SHA151205e0f0f3dcc7d15cb6410a3ab3f9d9aa1f572
SHA2567cd32ef6d47cb124b476d2ca5ee84158d515574474eed4f53005069eda30f420
SHA512021c0b798773d1e07991ded13e5a89b9f5e45f22b78a47c051b607e832b8ed77a791204f42215259365a2441bf8123c546532f809ae5493e54d8e81d7a43f08a
-
/data/data/com.up591.android/databases/bugly_db_-walFilesize
112KB
MD5545d3bd2809c337d60dc48d0797b5061
SHA1b0aedee938ee8e0d7b144b8bbc72610bbecb7b6a
SHA256d1524ad1de3f9aa440f2c8e667094695fffb314427a88bd11f1c73db98a35c9e
SHA512421c14d18767209eecc1563f6307359f91c626179c68a178130218d6b249e4340a895ebd90f515a5733f8b1a613fd11e3f83284b5f4f8f931a13efd6d9016082
-
/data/data/com.up591.android/databases/exercise_new.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.up591.android/databases/exercise_new.db-journalFilesize
512B
MD582090ac68be3d8b69b0f38b2b7834e72
SHA1f2cfd6f89597739e48428b270af118cd7824b684
SHA2562d5c7fb3ef089b5691421b1ce390148ac39140347a361d99288507a6069bab6a
SHA512577d6eda778732d67ab916dc56b71d0ef6f0f132c563288b19cc73bd49bf65bd309fbcb4eb12b23b6bd119d3be832f63971112e880cd39acc55c3f2d7eb00556
-
/data/data/com.up591.android/databases/exercise_new.db-shmFilesize
32KB
MD520ab5dba2cba984f1536d86977cb5f33
SHA13a6b5982e3c7989f6b737dca97b4f11c7b3c49db
SHA256e36aeca675eb6ce6d44881061f613f8476007f0b9cc896eac362b825c8f7247b
SHA5124feb89dad41755ea59126a3edcfa11c00d6648cf2eb61b43e7f5bb709a26172d594a6c8e7bf012800ec9d67eeeec60e58e7b407971ec5986ed8e2eeeb8ec0042
-
/data/data/com.up591.android/databases/exercise_new.db-walFilesize
193KB
MD5b1c4657f7bb4ff6c5945fe13e018e2e5
SHA1f292318bffdfde4df397a2feb83d2959f66a5244
SHA256342f43a4ac1141f4962c7a1c93d8a1c5132e5608cb37f448ac860ac6e38782f2
SHA512b103feaf8c0c2e81e2d169afc85210f5f3475af29d2938975a8eecba4a8bf1c57830239bf6b729217c6cbd72b1e3d0d9bab62a22727ce2def6ac4dd28413cb7f
-
/data/data/com.up591.android/files/.imprintFilesize
908B
MD569981d09c06d86a028593626aa348612
SHA1c9cfc42e14d66c6d50ee509e7477a17654efb892
SHA256265a39f70d7d1c7917696fbe7c0972b6d2cb2ec4340897f012345b4b6939eac5
SHA512b25dfeee45ca873bc50a1d5e47c04577949000cdbb5a384a3351cb2ae4faaeee11681fe11560b6f8d07525891ebd5ba2fcf6cc0815bbe617ecda2253d4e623cf
-
/data/data/com.up591.android/files/umeng_it.cacheFilesize
310B
MD5a2794a3e5f1d123262eece29295906fc
SHA103d0b6eb6fd16045cf3980a32c7199952f3cbc11
SHA2568548158cd67653beb6335c4729cfdd18a0fc68120a2137baab427850cac13168
SHA51223cbcd18216c205b2f3136c8dd64a127b1a576c3d74520d85190b3d97b233e1ffb3105cc5a6d4ef9129e1e7573acf71c4c079aabf915402a3149cb6ed4c062c5
-
/data/data/com.up591.android/files/umeng_it.cacheFilesize
158B
MD5e4d9d3b4676e0f965966e59eecda0fd6
SHA18bb4c5e7db48f1eb0cc1d35037a6bdd885a1a216
SHA25698029eeed62032f6836786a28b6fdc969fbc65f60c37fb1c766a94ee401e30b0
SHA5128e3b53d011e5b27013796250edb5c278db4318efa62cb440af33e54d79a8aa1c8a890333aa3c6eeae14e3ed2ca8063a15c07c1beada35911efc8ec1f173085fb
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5871eda3f29e7af9a465b8a4e7120604f
SHA10c5082a6dc2ae4be09f9b4f95cb304582fa36000
SHA256412fab1f75d90dde59f4d2a9cc7f2dfdd4919ca5c75d5083f47e3f1393c4350a
SHA51264ac0f56edcc8662fa1ea569d06e3ccb20b8da3ab7f2ccb1272d3e4ee4dd290ccb24f0085abba48c2de1b6bf754246ad43db1b4049cfdd368d75e9cfa9d95a83
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5c77e08a627162b719c1328e5edbc2c74
SHA1151c2bf788ffde51876248d84f2a7e787a2776f0
SHA25611d6c70dc0952d04a745aaee3dc367543caff6dd0fbffb0b05af43a25be2183f
SHA512b7e34fb2cabce2e987917b63a8e984de0882e0c735091aea9edf4b1b0e4bbba898288e3edcb12aa9609fd5a1cbd20a90a8681971d30a44158aad65d3bb9c0362
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
136KB
MD5442ebd3889038f91f70d89656f390f31
SHA11de1184de5648ecc2dc814e6b21cee9d242b8b4e
SHA25695de46feae9889b9d761d5717b7884f76577d1b2123f9892c56c0aea83db3f87
SHA5127646ad0b28cc76a77c49edfc3b9ffb4b511ffa581e653df3d90889089d64159797f2f20989496a76f9f407afdb80a7dfe9c557480c489630d1a3b41a7a15b736
-
/storage/emulated/0/Android/data/com.up591.android/cache/uil-images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56