Analysis

  • max time kernel
    166s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 04:27

General

  • Target

    a3d0f8e6a97db26edd818ac80563d166_JaffaCakes118.apk

  • Size

    27.3MB

  • MD5

    a3d0f8e6a97db26edd818ac80563d166

  • SHA1

    c46355bdd1ede0b4ba109e91ade5ee3bfdf47c97

  • SHA256

    5bb9d2cf82a514d3d1939a19d5b0a844612806a8bc0fc908a853d49d242738da

  • SHA512

    d390c7c350d5d1d10561a2c4c354fe0164a6133cf4878022c9621d3a1fe4767310c78e2674a269ca8c8868af56fa7b377e1cf45453295f4e88c66224261b3240

  • SSDEEP

    786432:jRBvjwQTceOHnsFmlP5iE1wQwLmcJOkascpPYLmF2:zL3gHsFmP5iEeycQkhcdY64

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.up591.android
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4176
  • com.up591.android:push
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4229

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.up591.android/databases/UmengLocalNotificationStore.db-journal
    Filesize

    512B

    MD5

    44bf35e034c3e15b498d6a5e5c2a6ae5

    SHA1

    8054c8606d66608c0226c5bc09beefe5e10f7ea6

    SHA256

    1fb16b2e762dcc0fd6bcdc85126afd9f128b977c34305055a25f21ee50327bc3

    SHA512

    e80afef1400bcb3601135d70076bee974e3210e42e7c7c17f7fa164f46f6a76752ddd350d4e33bed97d9e48ff32762f66c20a78bcc82ece08b3d06dd97061e5b

  • /data/data/com.up591.android/databases/UmengLocalNotificationStore.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.up591.android/databases/UmengLocalNotificationStore.db-wal
    Filesize

    40KB

    MD5

    5e5310d3ed52be93ae6ff19d6a864325

    SHA1

    5461a33d8f65fb6b888cfe8f8f3f55b07ca97395

    SHA256

    2a99dc06fbf9625470c4f98156209cb85d46d9dfabdb4625ef2ff221f072640c

    SHA512

    9f9083a115756424dc0dd2d5c772cd002d0f7fe1997609e6202df73ef820ac5ee406bb52d7eb9f058ea77c7ea10cc34fff964e58c469cfb6edb96ae4027267fd

  • /data/data/com.up591.android/databases/exercise_new.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.up591.android/databases/exercise_new.db-journal
    Filesize

    512B

    MD5

    6602aa9206a2c3ff4e448b37d89366e9

    SHA1

    4d43403eb465192e8ff2e16e41f7ef202ff7973f

    SHA256

    21eb8e75b7c72f540692962b52ad2c491d347e135f08081a12b92c53c60b14eb

    SHA512

    b02f8d6ddf23740c6ec4553fe0694187a7a41d3065d0b41ef2fe9c02f3d0538513dea3ac4b152dba5f832df174a4bed581add7ad8faadbeece9057274af40271

  • /data/data/com.up591.android/databases/exercise_new.db-shm
    Filesize

    32KB

    MD5

    adf047e45973033b51c5777eeb09058b

    SHA1

    0920e130bd026b08882ba60f22c03bbe49fd6bf8

    SHA256

    e56984bea06dcac5e6f039f3c8baa304f926144fa55f4cf09875a546ba10729e

    SHA512

    805fab29630d20c3ef43b9975989a877c5ae157197e38d91d1f3de75858df1654d8625b6406da5fd2b705cd52c38585b289f8eda8d666c17d6640cc5c3da44ed

  • /data/data/com.up591.android/databases/exercise_new.db-wal
    Filesize

    128KB

    MD5

    805842233236f1e007a3a15177da0fc4

    SHA1

    602c1a945756458ee6ead36daf846a89c176b450

    SHA256

    fe701f0d3cdc64f04df02ab7132ba8ffe8c5c193928206f1c09f6f5656b3d30e

    SHA512

    5237f18d8f7b9bbb006d4de3ccbc7671b5ddcb39684090c370d5d7da99d495975cc4520ff0822eadfe9a1f1159ae72e07393f4e62b477a8cbeea825ccdcfa6ea

  • /data/data/com.up591.android/files/.imprint
    Filesize

    909B

    MD5

    ab34c0b835f145fad407ca56873d67d9

    SHA1

    937be4092713a4f895e73dbb59bc3b4011d58ba6

    SHA256

    8ddb51943543c3d3ffe390d619ff92b28a449901432a2d64eebc1823bd080513

    SHA512

    36c857f6e68e13719bab8b1ed8504cfb9b8846517ebef1773f2dce14916c27c723dc53b072a352647bbd47db42c8f92cd1b4f5c05e74aece25bc9170beeca8fb

  • /data/data/com.up591.android/files/umeng_it.cache
    Filesize

    393B

    MD5

    ef3f6597f8f7c33b6a4b6870c50360ef

    SHA1

    059c5b165c28e81545f7718545544a78d05bb99c

    SHA256

    286e5814150bbfa46f64181f73cda0613fca192e956b25687b6f750b4850f520

    SHA512

    7ff65f7863751bc82bb29a78b8fec857ca432b7f1abcc07c694defd728d771db4c6c7237c232ec486028058187c081f083efe9a098e2f7a478623dc530b5296a

  • /data/data/com.up591.android/files/umeng_it.cache
    Filesize

    200B

    MD5

    d9a5dd89eb2badc6f5d74c5f4b56aad6

    SHA1

    a48681e33988e1fbc02085f4e8cbbef8eb2d8959

    SHA256

    51112bb04efd2160c99ac76c057fabb30d020a4d8679ce97f2d3f5bcfb2df040

    SHA512

    72de927f45124b51222b95dfdffd03940e6a0a68fd633023dac64aa16c3f9117cc902bd9936f8c3f3026581acc93c24092b977386f561c0719a6c61594673581

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    f8b8ae67fb589367d390a5a9981086be

    SHA1

    8aa669c5900978d82f9c444937701a38bcb4b287

    SHA256

    5eed31de90fa4646b25797782c0cc30b7c23d2295112584e3b5f60d2b43ee465

    SHA512

    b7f54983f674d4109dec7862934a55952f2673c20b6191c5886631505e35317c4637ccb6216397367fa67ebefcf6010b8812261db4947542b3c513c9c9ae023e

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    222B

    MD5

    eb269fc1ddb423503c0ed112f4dfe341

    SHA1

    eed18188ab710308003b89bd4c12bdcddd6b65cf

    SHA256

    0736212bec83de2ed8ac88b7e30f0e5eb75a97a0f510a6f5fbc5eeb3d759d736

    SHA512

    e5b2d1b0b3b60b20d70666ae3313cfd6ea018dc076c88ac7cb760dd8e839917b775e1421ccf2529fa7b9cb83d1886f59eed7dae81b151f780cd8f96e8773f54b

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    4b9195bdd215998168e1cf7725ae6cff

    SHA1

    14c8f09d20664fdc13018de90d4e442e2fc7eb34

    SHA256

    351fac593dba807066006158c296ef3e46aeeb906e22c6e141d15350a2758efd

    SHA512

    0bf69517ca6c2a9ce8992fd154e4fd34e54c50b374664dd8b7b51d62e5eac52923e18f099974794f7b7fa65b6b23704dabffdd7f33f251bc5be532a32f917d4d

  • /storage/emulated/0/Android/data/com.up591.android/cache/uil-images/journal.tmp
    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56