c7048edde292ed877522e3ec6acee486a47d02d0ba9537e511e5e630b66ab3be

Analysis

max time kernel
175s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7aa5de5d736b3319cb842aceaef96c4_JaffaCakes118.apk
Size

13.3MB
MD5

a7aa5de5d736b3319cb842aceaef96c4
SHA1

ba967b820eaae346b0ab964a65df6a3a8ee66018
SHA256

c7048edde292ed877522e3ec6acee486a47d02d0ba9537e511e5e630b66ab3be
SHA512

c0ecdab8ad127eb50e61fc5984bc5101c1474ab38114cbb166829cc3b79350fe38125308e22f7f25149f5b123c7b1828aff90e9b65c934b6e6a7342b9739be36
SSDEEP

196608:iUNyDw2mp33ivE0LNFcdNGmgGUDHJ54SAF2+kQQ+bwmgwxiQI712BC2WmDLDZED1:iFQCM0L0NBEHrnV/QqmgwlIIBHPahNh

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

org.unionapp.jcyy:ipcio.rong.pushorg.unionapp.jcyy

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.jcyy:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.jcyy

Acquires the wake lock 1 IoCs

Processes:

org.unionapp.jcyy

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.unionapp.jcyy
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

12 alog.umeng.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.unionapp.jcyy

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 3 IoCs

discovery

T1421

Processes:

org.unionapp.jcyyorg.unionapp.jcyy:ipcio.rong.push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.jcyy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.jcyy:ipc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

org.unionapp.jcyy

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.unionapp.jcyy
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.unionapp.jcyy

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

T1624.001

Processes:

org.unionapp.jcyyorg.unionapp.jcyy:ipcio.rong.push

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.jcyy
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.jcyy:ipc
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

org.unionapp.jcyy

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.unionapp.jcyy
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

org.unionapp.jcyy

description ioc process

File opened for read /proc/cpuinfo org.unionapp.jcyy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.jcyy

description	ioc	process
File opened for read	/proc/cpuinfo	org.unionapp.jcyy

org.unionapp.jcyy
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4316

org.unionapp.jcyy:ipc
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4357

io.rong.push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4386

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.jcyy/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db
Filesize
32KB

MD5
d026fda9b9b92d0533a0bc1714f33df2

SHA1
42d7df6367cde857fa620f25523dcbd53f5b8d01

SHA256
fbb9e172c528bccd77fb108930b3e20cd15c5aee663673f3db5475b04436888f

SHA512
400988545cf47e7bfefcbbe135b024b9ab9f9857d5b1dd219db25c1c6410e77255e03a085360c09fcba3cd3d93d15d4a6c7c1f8379717b5aa64fd2ebd524b11d

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-journal
Filesize
512B

MD5
0567788afcfe0922086cf24ce8cdcfc1

SHA1
92f8f17acc2ee1152df57bcec4c1d48e83906c3d

SHA256
5c416d3a184ad8a2e8efc0ba02c78bcd7eac133c08ac55740657c293472fb994

SHA512
2fb7149c2c6c8409cd47ab441d6073be98d2b43bca297e3b061f874c2ff7ef67b3ea1fc616e9dbae6a23cc3636026da82127252cefc2dc99748d2b83490e3788

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-wal
Filesize
8KB

MD5
33db7ad6d61701608661ab499fa784f4

SHA1
f951a2010884d5b2f21541626532f597981148c2

SHA256
785f9df80d4882bd5204016b9f5230b7ce7f00184679dee5034af95fda0b9953

SHA512
bbcd9fb55211faa85b6925d0edf3462f93873226bb12eb0ae4d3e0cd8b41c030b33607d85a76a6dc2d6469170d46ad298acd7fc3906d2475772cf9c2b8631f10

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-wal
Filesize
56KB

MD5
95a39336be5fe6b3ae46b1f87b57da34

SHA1
ee8e45177f3f47d5282cbcc8d2e7ef969d35d956

SHA256
81e3588bdd34188bd0435f23ecaf51a4eec95734dce59256621db6986b7da556

SHA512
8b3a41dba24663eec852980938acfeac5b187cc440bdb195883e78b3ae995049d006f5214f3e0ea14a2325e162a09d8482e4d71200d7277f1c50fddaa74eaf5a

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
512B

MD5
6a8b96f35eb39fb365fc8ae2de3de9d5

SHA1
7bac33b9f246002cb382f02143cada5746bef7c0

SHA256
3ec3c5c7d0c21c9795f241c7da51aac0d690fb415e524bb9720a6268a94b0047

SHA512
799f867c81f5aaaff228a2040db77094328747d93f9f323606f4c3cf5b4b2eb56d4ec20240dd3fa4ef705d02652e61d0d82e7b21dd85a9f139f2a85bd96f7fe3

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-wal
Filesize
16KB

MD5
a3f8c83e921a5e5fac4ba6ba3760dfc3

SHA1
a9449445cce85b72633b97e96a00888b5c2e0204

SHA256
6cc773b174e9ed5a90adece1460b44c0c7c0ea0840487bc6048287728625c67c

SHA512
128838351db288045b1bb4fe3364c3c7157fc8901ffba5e2589fe1a610a1323e4aa2d8384ed2f95be8e462302ac8ac70c2d0c50d3a9b6c953f01144a6eb44f95

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-wal
Filesize
48KB

MD5
b88be8add03a7e498c15d0be6f411843

SHA1
de748a369e4c5d50ac154031766fb2a4d779d45d

SHA256
2fd1c4d635bacf3584142e78b32b11e765bcef2627625b07e10977e71d067531

SHA512
7b2b7694192c78e9f3303662ea9de0008a0e44926d130c7c3b20cefb6f9e16d98a6526baa7cd4641cfa9e42cb4250a8788d648a76c5e8fdddbcab90c1bb87a74

Download Submit
/data/data/org.unionapp.jcyy/files/.imprint
Filesize
996B

MD5
cd35232a0dd9a819e953b0d24f9526bb

SHA1
65c94b852ac2819a0d861e4b25aa462ef0463322

SHA256
ef2b4225a382eafbae377b6b1a37575b9b02864f74dd28033451e645bbe3ea93

SHA512
1946067780703471265c8f3d608bf15d4183288c103d797eb6cb46816cc56749f76b6363d08cc3f5645de409d010a435dddd2b6c2a9656d88f57baf57a351c11

Download Submit
/data/data/org.unionapp.jcyy/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
cf78807764f79fcfe1b2842c243b4a59

SHA1
f6514b7054f30fa9feaaa4e364ae19096beb8e49

SHA256
3785059f07c8b9f3773e774d50b338f6c4069eb96fcd056ae157c56c20d36b16

SHA512
e7561b6d9e48ba634e46f5f41af8f24230db4df2171d4d5347f43dec77e5fd9c95b8c7e619a45a9a4f509031292aba390ed753c3b189699fd21eef7e948c16e6

Download Submit
/data/data/org.unionapp.jcyy/files/exid.dat
Filesize
57B

MD5
695f216a9730f9d61d5418f3724b1905

SHA1
e25e02675a22318861bd407ae9af5c1ecf663e2f

SHA256
2d2e19e4a9183d14542ddb9ea06239e88015542f1790df67e30e53ae95c60424

SHA512
2e07c0c87a4df27b82cebf3548496ca6b86c35a36aa3da6903901725d419808a93a938c4f7bafb16c5520ab9c22a6bb81fec71ac7cf479a41917f118ed9bdb74

Download Submit
/data/data/org.unionapp.jcyy/files/umeng_it.cache
Filesize
498B

MD5
6802e0a6d5a6ab3970fce6f12db941d6

SHA1
e60a8dd5430890d8bad2a69590593354b6ca63d1

SHA256
d27a0ec0427d338c93058bb4e598a45e6d0d9997a70ee1f9dd467335765c4790

SHA512
98c4cbdabecec56dc668f58b7a91874e827669e3ba8c7ee1add9568d2b6d658fdb0cd672c3345973e6a6499ba0822125b69c73b7ffcabfa3a7ab43ec7315eba6

Download Submit
/data/data/org.unionapp.jcyy/files/umeng_it.cache
Filesize
253B

MD5
a4389192eaa73e42c2e39e4af639b006

SHA1
1f586f40e6521eae078afb6df88fb1ab072073d1

SHA256
e12b21cbd80babf6c4ec1f24305b5317545afd1d5115c75b842c0fb791f1e6a9

SHA512
b42e25e7b67bd93f99ee12103c2e8f3dc9503e0cd0a2a821e6830724beedb878401989e277918f7ac231a11e110950f7ba767f048002da93aa3f2fba6ee15512

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
afe4653b53a836a5db6c8e411f789a3a

SHA1
483640ed1feaec543051ad2bce0c9c266d7986c1

SHA256
24fe46e14c828c48d0892c656b3787b10389230eda2481f9ce25b95657a79996

SHA512
11b7a6b6e4970b75be4ae86078081fcb9776debbabc16a33e5254d6fab8d6ef994c6a91f2dfec1dacf7ee9ee93c47638fd14bd20f106db1148c941eba4b7e5d4

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
2c61e80beb7e7853948963b6f30de432

SHA1
9d1c0c0538cab4d5f365cee450eb37802848da15

SHA256
418907e878b8ac09475e8994e24871180a3081050b0285635b59e096e13a32bb

SHA512
abebb91f4531669766a3d1b9cebc3551b71794d5be063c967c5b28aaff6cd10f4cadaf55286741ac8b987935a598a1a7c92b70971fdf99a4589fa396c51e5657

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
2b3101b8d41d09efc3b5cd3622c4c0ce

SHA1
8eed922a9008eb9ab574ee3f4b7828e4ebc2b242

SHA256
861e0f02553cb70f206eaa887cfed08ce5ba5c006206f7a6ba9db8c11ffc186b

SHA512
e9d507697f7004eecfa81f38f2bd062f8f3de2559097e1766b9c27353b00eb5053c5b279780eaa9feda2dae617b6fcf502fa145c62eba1706c85600131e51629

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
16ff4ad0f385fe654f1314fc009e310d

SHA1
bc0aad3343a1a4571c5323779b7553d8a1df8233

SHA256
3cad9b891b1e3a2127f187cefbd92500a6d1a5f08a4c2c61e0d056aeadcdfd93

SHA512
20625bca96d459e6aee119a56d330f4844daa0939af0db5075010434b1cd27f148355835fd98c8489cd4ad2a769b4d64f90e8ab89a31165e96c2017c93682a2b

Download Submit
/storage/emulated/0/org.unionapp.jcyy/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit