c7048edde292ed877522e3ec6acee486a47d02d0ba9537e511e5e630b66ab3be

Analysis

max time kernel
179s
max time network
191s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7aa5de5d736b3319cb842aceaef96c4_JaffaCakes118.apk
Size

13.3MB
MD5

a7aa5de5d736b3319cb842aceaef96c4
SHA1

ba967b820eaae346b0ab964a65df6a3a8ee66018
SHA256

c7048edde292ed877522e3ec6acee486a47d02d0ba9537e511e5e630b66ab3be
SHA512

c0ecdab8ad127eb50e61fc5984bc5101c1474ab38114cbb166829cc3b79350fe38125308e22f7f25149f5b123c7b1828aff90e9b65c934b6e6a7342b9739be36
SSDEEP

196608:iUNyDw2mp33ivE0LNFcdNGmgGUDHJ54SAF2+kQQ+bwmgwxiQI712BC2WmDLDZED1:iFQCM0L0NBEHrnV/QqmgwlIIBHPahNh

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

org.unionapp.jcyyio.rong.pushorg.unionapp.jcyy:ipcorg.unionapp.jcyy:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.jcyy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.jcyy:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.jcyy:ipc

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

19 alog.umeng.com

flow	ioc
19	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

org.unionapp.jcyyio.rong.push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.jcyy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

org.unionapp.jcyy

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.unionapp.jcyy
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.unionapp.jcyy

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

T1624.001

Processes:

org.unionapp.jcyyio.rong.pushorg.unionapp.jcyy:ipcorg.unionapp.jcyy:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.jcyy
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.jcyy:ipc
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.jcyy:ipc

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

org.unionapp.jcyy

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.unionapp.jcyy
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

org.unionapp.jcyy

description ioc process

File opened for read /proc/cpuinfo org.unionapp.jcyy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.jcyy

description	ioc	process
File opened for read	/proc/cpuinfo	org.unionapp.jcyy

org.unionapp.jcyy
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5091

io.rong.push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5189

org.unionapp.jcyy:ipc
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5154

org.unionapp.jcyy:ipc
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5269

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.jcyy/databases/.ua/ua.db
Filesize
32KB

MD5
38564ad4c73e5619bc2264b0c44997a5

SHA1
e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

SHA256
1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

SHA512
30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db
Filesize
32KB

MD5
fd38ce79ea5db2bfd5202e4cd6433553

SHA1
cf4d980d2a6450d0e3fe6441b7bb364f1207c901

SHA256
cfb8a1770be5b11ddf84992a52dcfb6d6a5311265654af00f79914489ff9f29d

SHA512
9849d750b1a3823df0b2838ed1882cd00be7e760853a3bc09fac1d5dbd5724ec239ee251067f70aaf43d9fb37920b132bf7effe9e0d5f28228e972be19ac62f9

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-journal
Filesize
8KB

MD5
3d29546de58b495b90688d3fbb88538c

SHA1
bb9aedcb38eaa24d17ce807c5ef201f4463486fd

SHA256
a7d90ea4a9ef897d9eb959ee0d3114ebf5c8d7db8b3d63bbfd4cb899b8be4cde

SHA512
ad3b2dfd319c94005380e3393c6e53cc7d58205375e99f70c9bf7467bcb3d9f97f94817cb68586e2cb5bc68a993ece2e91af559f9d8d4c201e82467af3205ac6

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-journal
Filesize
16KB

MD5
1ee97130fb2018760a3cfd6eb549b180

SHA1
d1c55736b6a84ab5ac6ea26cb567c3d41bc52222

SHA256
1426ae4c76eca45d3da18c7de46448dff85d31a7e396f3cf98accafdc90b81d7

SHA512
0fe2c4822f57609fb00f36c6fe3f9af1a4a7c465248a3b5faa5e60db5a2ea87a62094ba671481021b95bb0b01b5e61537db9951f07f2dd8ee8dc0d595caaaf98

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-journal
Filesize
12KB

MD5
591b99788c706151bbf33032fa684521

SHA1
07221619f46d0a57af254448f1e4ec314f71bf9d

SHA256
ba8d9354ac5bad563ca7a9911986b7d147cbd98dd5ec2316631056f85eb3ba99

SHA512
ecd8aed7c05bcd34784fed6ed699b0b66442a4b9e2b1d51748e3650c46682f9584d29828ee82d9a8f5f54bc7eb1305cf9e25502cd50bfa305d9bf2d2244bcfbf

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-journal
Filesize
512B

MD5
fc3e9507efc3427de2d782588c2e9048

SHA1
c0e3ea2cc4eb37b7bb9dc094181f171e2bcb9805

SHA256
9be748022c39da11362f13fe5eb3ed150e425c2902eed2155576e24f327bebf8

SHA512
3623ccd2f5f56539aff669f07845fec18228b7375dcc0be8363dc6b7ae7eb788e5db0b2a573a0ff6cd0ac321c5b372c34343e5dfcfd5c20bd398635cbe4bb3fc

Download Submit
/data/data/org.unionapp.jcyy/databases/.ua/ua.db-journal
Filesize
8KB

MD5
26cea2996cd462546289807d77cead73

SHA1
812a17b6e153587357f1a4b84187c159ccd101c4

SHA256
7bffeb5dd6446f074555c329fd9d52547f96e522be8399da29beaf67eb22b6c4

SHA512
3e588831b537bdb5eed3a7d172eb86b9c410f99438f3b1bb9dbf4cf1888b1797be98ce41f87a172cecee9c290aac0702a1dc9074150b9f89214c53a3ab7cc5c9

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db
Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db
Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
8KB

MD5
ca9d0f984282c8891d529317ecd7a0f7

SHA1
aa4726ebc29b46b3ad2f7e4c38a60be9303c3b1f

SHA256
5a197ea95ab6c91586781b7e60f43798ea6aa58174111bf2a3b2272c398938bb

SHA512
96cbddd824f39aae4426af9978eda09aadc58dddb40e6a1e79d39e4ff0aa752f39c9ca02b1be8194bbd321d085355c90e05e62aa9b21694ddf3e65b6f7a8551f

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
8KB

MD5
5918b91889d2271e0d57d55cbee82f69

SHA1
71a1ff90e503a8f570cf894bc6321916f82d4f24

SHA256
ce95acc5311c022cc64928fa307afea16fb98c446e99f6477873662ae74e8e38

SHA512
09feb686be44ad26f624db514ce86f775b3f0ea87a4c0f9e1dcfb3cf3c89fbb411dfb8a2bc36723146b7af37f0b563697629fe1a689fa826b894dc6f4d097481

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
12KB

MD5
6dae23ba05be902789181e8e4a425c68

SHA1
a9fce9e6fc65d3986400e93d7211f3ff19c88ac2

SHA256
752beb0e49be8719fa10897efa0fae46c857e3e2e66e2154409de91c7262940d

SHA512
54ebb312e3a55f2d2975e6816e8abab4e67c262da0826307f2ad28d386e59ad124d923733c9ea10dabb0659a8184cfde06a4f4774d2e79830f32047bfe69ee00

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
512B

MD5
d25fa2de15918002b43b914ecac7c498

SHA1
1bc053c41a335c7ee980dc6b8ae947c5abea1b3f

SHA256
49c0174cfa9ffe50e1a3e1dba538dfe1faf1dbe5862e76c8aaf68c3e4cf38ed9

SHA512
33faebe3a7fc571524113d7af53b3f2b14ef1f3129b36574fa48028ed2de7a06532f23081e673270c1c0134b7407b1eb24e4df328873442e977bb3eeeb58be63

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
8KB

MD5
319eb9d29d90f86097320d7e0a7d22f0

SHA1
971b4ea79e76d49146d842af02bc3f9a08599fc0

SHA256
26ddce4f5a2d52a8dfec9f08ed6b776af8dde7a80de086f561bccfe2bce04797

SHA512
bc4f1d486978a500f023388a50b6c789408bb47d29a06d27b915559ed06b4c039762d9daba7d4da91accdde41a9474e439129f89e40b69362bc7d044a97e409c

Download Submit
/data/data/org.unionapp.jcyy/databases/cc/cc.db-journal
Filesize
8KB

MD5
d7a2ac46242b4aae4b4572f208303885

SHA1
75805ae9beb14ec6b3bd72ece5ed8ece8a4383e9

SHA256
c7ce87aab9750733f73114f2091e8a2169d4ef445fa1d00a6da46756f6fc91ae

SHA512
2aad2a631cca1dcd5180d8c6b25c5b0569a414c63c8627b467a65548b316a8cdeebf5d0811119da7566663252b227207972f76bfe1f84d2714840c8d4da05785

Download Submit
/data/data/org.unionapp.jcyy/files/.um/um_cache_1718330691041.env
Filesize
1KB

MD5
6e3e91bf90cde5e3a2dabd0ebb7351c7

SHA1
aad17dec20f1b0dc1d239017b9cfa885793d7fcb

SHA256
4486a22eca5891c2bc623d210cb0d21b95ebe34f7e9aa6c479f18120f78035ad

SHA512
39d075aaf3577960fb30b35fa3690380ac8b953bdfe490d0dff8a89d66a5c7c3ce55b3572400b669506e7cbaa6e6bbc0ec481ee16de3e5e970c4e59ca8ee52c5

Download Submit
/data/data/org.unionapp.jcyy/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
72d73405aa29e4644f8e776fd903a583

SHA1
b8449c27932e0b08b595b5166a494df9e502677d

SHA256
d628e5ae79bd462945bfad9af0ffaf98ae466a3c571011895407507c019bd0b4

SHA512
77eaa197f0e35599b4890f28e508885391880d83f36b3c76c75e9508c5501177e59e5fe19e10fdd67a76040802257a1aeeb7da9922e08132dffd09d5768492e2

Download Submit
/data/data/org.unionapp.jcyy/files/exid.dat
Filesize
57B

MD5
695f216a9730f9d61d5418f3724b1905

SHA1
e25e02675a22318861bd407ae9af5c1ecf663e2f

SHA256
2d2e19e4a9183d14542ddb9ea06239e88015542f1790df67e30e53ae95c60424

SHA512
2e07c0c87a4df27b82cebf3548496ca6b86c35a36aa3da6903901725d419808a93a938c4f7bafb16c5520ab9c22a6bb81fec71ac7cf479a41917f118ed9bdb74

Download Submit
/data/data/org.unionapp.jcyy/files/umeng_it.cache
Filesize
433B

MD5
1a40d617fc5c428bc8b9d1c5bec41a59

SHA1
35d2ba0558bdc118f9d33b875f45c4c2b7912fe8

SHA256
bff4bb57b574e7db425bc89025dd3df2e74964bd822cd297436e2c7079b700dc

SHA512
cbf7e3b225c6dea35f154461b51a7b85a5342804730660868b9ec2df8b4372be8260e3de328c327fa2b9d43b28d5fdea98e1a5dfcee773047e4c1851de199960

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
34706d470d33ce62f4b1d61c16e66b24

SHA1
e41f40bb3d569482e79cc3945c745bf2caf7e94d

SHA256
1e1a4b5b587d374286a5668951e6a84a551054de6c5b5d441aa7b63f2d61546c

SHA512
e1e8e6ee68410fe52c1daa205f543dfa27302731b25ce72f61cdb3838f88b13cf1b60822dd56ebf7a79a14468cc54a2488f483737f4ceee4529405d541c68984

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
c53ce3e488309da7a9d029ac9332d0bf

SHA1
f3bf9e25838cb3ad3743f34a81aecef673260e69

SHA256
a168e57ab474a938ec59360ac2f7755082786bcb030444801280051bf1f0ec82

SHA512
8266893b673496e4c527999d1b980738511e6c09614cb2bb3488916df0a1b97245789ddc914e77822ba722b498b2f3be7fa02389036c601fb089bacc73c70aed

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
575b6d95abca5485b36a637fa9697bfd

SHA1
38ded78affd6a2f9c07f71566dc73616aad5c380

SHA256
141adcb7c15d92f74c22abaa19e946739760ba16a99f531f1147c2d04a12cf19

SHA512
797980eb0f43e10be76757edc6203050a62eaecc82c6fd84ce701ed4cf1988ecfc5fa05ff150d0c2cc996663ae3669f0728514ad6b41e58943bba45fde77ab44

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
049a1e93d87244a17262d06f94ac7265

SHA1
be839b89c3a5856a6cba1e25d7afd4eafaffddc7

SHA256
83b59ec5d5750106cce5055982c8aa194a58c853bff96764d5e08bfcd1914096

SHA512
32d233960b2210e818ca88dc3162368f1a37b6105bcbb84f6c52873d8c1b12f05acadcf108552d5718b2d709a1355f3ffaefceec9cf058cfb16e3b46c55f934b

Download Submit
/storage/emulated/0/org.unionapp.jcyy/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit