Analysis
-
max time kernel
166s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 04:27
Static task
static1
Behavioral task
behavioral1
Sample
a3d0f8e6a97db26edd818ac80563d166_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a3d0f8e6a97db26edd818ac80563d166_JaffaCakes118.apk
-
Size
27.3MB
-
MD5
a3d0f8e6a97db26edd818ac80563d166
-
SHA1
c46355bdd1ede0b4ba109e91ade5ee3bfdf47c97
-
SHA256
5bb9d2cf82a514d3d1939a19d5b0a844612806a8bc0fc908a853d49d242738da
-
SHA512
d390c7c350d5d1d10561a2c4c354fe0164a6133cf4878022c9621d3a1fe4767310c78e2674a269ca8c8868af56fa7b377e1cf45453295f4e88c66224261b3240
-
SSDEEP
786432:jRBvjwQTceOHnsFmlP5iE1wQwLmcJOkascpPYLmF2:zL3gHsFmP5iEeycQkhcdY64
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.up591.androidcom.up591.android:pushdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.up591.android Framework service call android.app.IActivityManager.getRunningAppProcesses com.up591.android:push -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 4 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.up591.android:pushcom.up591.androiddescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.up591.android:push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.up591.android -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.up591.androidcom.up591.android:pushdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.up591.android Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.up591.android:push -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.up591.androidcom.up591.android:pushdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.up591.android Framework service call android.app.IActivityManager.registerReceiver com.up591.android:push -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.up591.androiddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.up591.android -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.up591.android1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
com.up591.android:push1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.up591.android/databases/UmengLocalNotificationStore.db-journalFilesize
512B
MD544bf35e034c3e15b498d6a5e5c2a6ae5
SHA18054c8606d66608c0226c5bc09beefe5e10f7ea6
SHA2561fb16b2e762dcc0fd6bcdc85126afd9f128b977c34305055a25f21ee50327bc3
SHA512e80afef1400bcb3601135d70076bee974e3210e42e7c7c17f7fa164f46f6a76752ddd350d4e33bed97d9e48ff32762f66c20a78bcc82ece08b3d06dd97061e5b
-
/data/data/com.up591.android/databases/UmengLocalNotificationStore.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.up591.android/databases/UmengLocalNotificationStore.db-walFilesize
40KB
MD55e5310d3ed52be93ae6ff19d6a864325
SHA15461a33d8f65fb6b888cfe8f8f3f55b07ca97395
SHA2562a99dc06fbf9625470c4f98156209cb85d46d9dfabdb4625ef2ff221f072640c
SHA5129f9083a115756424dc0dd2d5c772cd002d0f7fe1997609e6202df73ef820ac5ee406bb52d7eb9f058ea77c7ea10cc34fff964e58c469cfb6edb96ae4027267fd
-
/data/data/com.up591.android/databases/exercise_new.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.up591.android/databases/exercise_new.db-journalFilesize
512B
MD56602aa9206a2c3ff4e448b37d89366e9
SHA14d43403eb465192e8ff2e16e41f7ef202ff7973f
SHA25621eb8e75b7c72f540692962b52ad2c491d347e135f08081a12b92c53c60b14eb
SHA512b02f8d6ddf23740c6ec4553fe0694187a7a41d3065d0b41ef2fe9c02f3d0538513dea3ac4b152dba5f832df174a4bed581add7ad8faadbeece9057274af40271
-
/data/data/com.up591.android/databases/exercise_new.db-shmFilesize
32KB
MD5adf047e45973033b51c5777eeb09058b
SHA10920e130bd026b08882ba60f22c03bbe49fd6bf8
SHA256e56984bea06dcac5e6f039f3c8baa304f926144fa55f4cf09875a546ba10729e
SHA512805fab29630d20c3ef43b9975989a877c5ae157197e38d91d1f3de75858df1654d8625b6406da5fd2b705cd52c38585b289f8eda8d666c17d6640cc5c3da44ed
-
/data/data/com.up591.android/databases/exercise_new.db-walFilesize
128KB
MD5805842233236f1e007a3a15177da0fc4
SHA1602c1a945756458ee6ead36daf846a89c176b450
SHA256fe701f0d3cdc64f04df02ab7132ba8ffe8c5c193928206f1c09f6f5656b3d30e
SHA5125237f18d8f7b9bbb006d4de3ccbc7671b5ddcb39684090c370d5d7da99d495975cc4520ff0822eadfe9a1f1159ae72e07393f4e62b477a8cbeea825ccdcfa6ea
-
/data/data/com.up591.android/files/.imprintFilesize
909B
MD5ab34c0b835f145fad407ca56873d67d9
SHA1937be4092713a4f895e73dbb59bc3b4011d58ba6
SHA2568ddb51943543c3d3ffe390d619ff92b28a449901432a2d64eebc1823bd080513
SHA51236c857f6e68e13719bab8b1ed8504cfb9b8846517ebef1773f2dce14916c27c723dc53b072a352647bbd47db42c8f92cd1b4f5c05e74aece25bc9170beeca8fb
-
/data/data/com.up591.android/files/umeng_it.cacheFilesize
393B
MD5ef3f6597f8f7c33b6a4b6870c50360ef
SHA1059c5b165c28e81545f7718545544a78d05bb99c
SHA256286e5814150bbfa46f64181f73cda0613fca192e956b25687b6f750b4850f520
SHA5127ff65f7863751bc82bb29a78b8fec857ca432b7f1abcc07c694defd728d771db4c6c7237c232ec486028058187c081f083efe9a098e2f7a478623dc530b5296a
-
/data/data/com.up591.android/files/umeng_it.cacheFilesize
200B
MD5d9a5dd89eb2badc6f5d74c5f4b56aad6
SHA1a48681e33988e1fbc02085f4e8cbbef8eb2d8959
SHA25651112bb04efd2160c99ac76c057fabb30d020a4d8679ce97f2d3f5bcfb2df040
SHA51272de927f45124b51222b95dfdffd03940e6a0a68fd633023dac64aa16c3f9117cc902bd9936f8c3f3026581acc93c24092b977386f561c0719a6c61594673581
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5f8b8ae67fb589367d390a5a9981086be
SHA18aa669c5900978d82f9c444937701a38bcb4b287
SHA2565eed31de90fa4646b25797782c0cc30b7c23d2295112584e3b5f60d2b43ee465
SHA512b7f54983f674d4109dec7862934a55952f2673c20b6191c5886631505e35317c4637ccb6216397367fa67ebefcf6010b8812261db4947542b3c513c9c9ae023e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
222B
MD5eb269fc1ddb423503c0ed112f4dfe341
SHA1eed18188ab710308003b89bd4c12bdcddd6b65cf
SHA2560736212bec83de2ed8ac88b7e30f0e5eb75a97a0f510a6f5fbc5eeb3d759d736
SHA512e5b2d1b0b3b60b20d70666ae3313cfd6ea018dc076c88ac7cb760dd8e839917b775e1421ccf2529fa7b9cb83d1886f59eed7dae81b151f780cd8f96e8773f54b
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD54b9195bdd215998168e1cf7725ae6cff
SHA114c8f09d20664fdc13018de90d4e442e2fc7eb34
SHA256351fac593dba807066006158c296ef3e46aeeb906e22c6e141d15350a2758efd
SHA5120bf69517ca6c2a9ce8992fd154e4fd34e54c50b374664dd8b7b51d62e5eac52923e18f099974794f7b7fa65b6b23704dabffdd7f33f251bc5be532a32f917d4d
-
/storage/emulated/0/Android/data/com.up591.android/cache/uil-images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56