Analysis
-
max time kernel
6s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 06:36
Static task
static1
Behavioral task
behavioral1
Sample
a85bd42e53a9eb891b1740c0551aa34f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a85bd42e53a9eb891b1740c0551aa34f_JaffaCakes118.apk
-
Size
30.7MB
-
MD5
a85bd42e53a9eb891b1740c0551aa34f
-
SHA1
daddcaa1a9b5b1f6b1947e880b573924d8c60ec4
-
SHA256
c4649c2082f3bc51fa4be167ba2c154dcb464b4bab347ab27c3916f0981f744f
-
SHA512
69d06013d2e4e858bb6a9e44c5d1d78a70c36cdb32a63661596c6ea75229a1edc45a00a67b50e1f4fca684db645d2575da341b51edf649f7e3f13cd12a2de661
-
SSDEEP
786432:m2Hsw1On1CqTRR98+GggaSXeteggXb+dc7esdzv4kn:mgRsnLTRMDRQeUiLvt
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.czy.storedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.czy.store -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 9 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.czy.storedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.czy.store -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.czy.storedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.czy.store -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.czy.storedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.czy.store -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.czy.storedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.czy.store
Processes
-
com.czy.store1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.czy.store/app_crashrecord/1002Filesize
223B
MD50fa7dcaf4d94642e900ee3be9a9144a7
SHA14404ba253e03b1bb29439e3ee12c49e532482554
SHA256faba53f299a14a846e6e638f0dc0fc60c64b5208c59c1be87dac1d5f09e917a1
SHA5120e9d809bdabe96092c215d3fe2094864bf152256bd99967a09228cb2c5abb054bda58614a4e95fa6084d5a3eb740e3f49b22dc81fca67f733f4e28830fdc3794
-
/data/data/com.czy.store/app_crashrecord/1004Filesize
223B
MD59d7e65130b1b5d60cdbb8cdb9f4b3d04
SHA161f7ac2734729062a70cc3784d99ae545efa722c
SHA256c2356bf66c889f860dad889538be9f15ba6496eb7ae195b18b07dd558e94e292
SHA512180d4cf4bd0606f496d69de20f074ccd49b84a91b5698d4e5843a586127bd5d208934b010c4ab8b7abbd1b8019de2c13d37e6934a8a251b2700d332b779a5e85
-
/data/data/com.czy.store/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.czy.store/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.czy.store/databases/bugly_db_-journalFilesize
512B
MD5e3c02ea0942bfa274c44dac12543fb7c
SHA11be1c9b5d3ba7b598aeefbd3a783863c14fd8432
SHA2560eddf4d22fc570d8b8528b3f82afbe94ef49ddcadbba9dd7b54fc2abe45d6dbc
SHA512250ad2050d4e394ab0f4d43c126fb501e420e8f751b440ae1d554246c04eef1a4d47a22dd45fb95560814d11b78341212f935794dd290879f1dc0d6f9c20c0d2
-
/data/data/com.czy.store/databases/bugly_db_-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.czy.store/databases/bugly_db_-walFilesize
72KB
MD5a58aee38d822ced3839dca75f5066180
SHA17dc3a6d8c245588d56eb8a42fffabcf521511a96
SHA256f2f347388d6e79ebbd5407abc30c39e66e55e40c5f7d7e16321e2387ba572279
SHA5120a49e516bed3b6715c67ff7e3e6be15041a81f727aa297f36689db9245de27f2fd9879de22dc13ae86689bca836b3a95de9e25cb9466b5af0fe405f29f2d7dd1
-
/data/data/com.czy.store/databases/cc/cc.dbFilesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
/data/data/com.czy.store/databases/cc/cc.db-journalFilesize
512B
MD5a444a31246d7957bb35076b412912972
SHA1638099b926670b49d4ad48d6c489c3ce8485c8b9
SHA256dc5a23bea5ff4243680d9dfd1b61311361a11a907580bc78dbf528f21749c6fa
SHA5128e44fe11e3c92c218ee06ccdf7df4780db40e86513421a8761349cecbb42bf83aeaff1e58ee88f0917f95079afb9d8392c1e3ab448f2cc0e8a666f1f4992a9b5
-
/data/data/com.czy.store/databases/cc/cc.db-walFilesize
48KB
MD5b436bc0bdece6c1b282175953878ffb5
SHA172743e44a62bd200392161e16302c881e1db0d90
SHA256a232b63198d4a9472c5731ff74a3eb530dbd84566df3699d18a4068a5ebfb4fd
SHA5122bc0820afb7517499c0aa51f1ca05744d39d447d7313bfbb94dc47650abc41934b5e8de6a6ea1e2ffd668aba97c6269afa3aafdf52705153fe4668d67de40821
-
/data/data/com.czy.store/databases/ua.db-journalFilesize
512B
MD51bfffc036d9db6861988a9ff334dd094
SHA16c179d24dfc320ac7334d41bae5768c386aa1aa4
SHA25641aa09eedf82fe47254c7839ef0aa400d6070f4920203526337a0fcebf714fef
SHA512c1797dab0cf1144e88c2860a87de831782b4a9f3fc5396246a0b61a68b4dcd81e07d6569881205900c311ed37d1d4f352771c4cabc954ae343890afe813f0ab5
-
/data/data/com.czy.store/databases/ua.db-walFilesize
32KB
MD5a11b6576a1ad9648bfd46142561fcf4b
SHA1a412ca49f815674b25a20fbf3659bd65aaab8de8
SHA25636a217bf084d467d57e99362859e0db83459d998a16e770c79eceab55e75d816
SHA51217f42711b1a79f38734023cdcbda6ecee5dc144d07c6cecf4b3ee514af1bdb1e7ca9efac73930073d49a5cfbbe43de85fc667eb5aa0552a7cfad10d7355daf85
-
/data/data/com.czy.store/databases/xUtils_http_cookie.dbFilesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
/data/data/com.czy.store/databases/xUtils_http_cookie.db-journalFilesize
512B
MD5c177a0005630cd71326175f4fb3692b8
SHA1512f4b6e53a66b19502bb2f74aa6062729ba3b96
SHA256dc75978520c2e7cee25cac4647a93316d6c5247c458374fd82a0059a4d9fe3b5
SHA5122cf5d5fc4469eca6e2111f4dfde781d44722c18c43f5335567f1d2b31b682570987d1663551370712818f72a5b032267cca768d55610ef50edec172fc81a3f64
-
/data/data/com.czy.store/databases/xUtils_http_cookie.db-walFilesize
16KB
MD563c3ae5cd59e54e0275348cb59a8a4ac
SHA10cac595083aca4b6f6b0654ffff29212b2a7b99b
SHA256482f8c73e6c02744c88a9e4d7f23a5222c05f4eaa2fc66b5e1e0c37d57b9df4e
SHA512744545536ad17fbdf54d6f8e7d05390818da7ee3c12bd657b27b26254b7c1529ac191a9bbdfc6b8e03a47acaa8771d0b6b7d836a8751983e2e6ca73581921593
-
/data/data/com.czy.store/databases/xUtils_http_cookie.db-walFilesize
4KB
MD56d6c6b22f8c939041a4c23448dc47e09
SHA1ae28b2d59642a882de82800c7be5c4b2f0127049
SHA256b37b4d6c62680629b33b3b6807d87e28ea73f8c186836c5f0de8da7863a396d0
SHA5129be429e446bb0805c29901420b1fb01914bdb8850f6e8a90774a422eefd3c01ce0da3cf119152bfff0561ec3c35ae12914a104b5917d0715e128bf73d7858108
-
/data/data/com.czy.store/files/config.jsonFilesize
34B
MD5f5f1b3b2881eeaed40bd709723a2b547
SHA10f3b761f0af5b8f9cef72bcf40a7d93a3a5c0c68
SHA2568d28058c34d5bf80ce0ad0e6bd6378fec59e2e5df0cf660780da220eaef861c7
SHA5129ae3c84b8233aafa3045d4097dccf54fa3ce2275059a85de581067aa047cab31076d1353341c32b4e8dee15103a4cba327cd651c3369354c9bc784d4698270c2
-
/storage/emulated/0/Android/data/com.czy.store/cache/diskCache/journal.tmpFilesize
32B
MD5d8cbadc488082d94b53ba2e1ee65c299
SHA148f72821143551146958f76576ba3856515189c7
SHA2569bdea3d7488b8b31906c426b71efc57e2cfdb1086638d5dc885adc513da5d945
SHA51297a936d747b7ab54774012ec81fd95699df873e178496f97ab71ceb10da27ee533760a3d094051e4340bb4b0696e22fa2eec3c4cf91145f2fd440a62e19c9365
-
/storage/emulated/0/Android/data/com.czy.store/czyttyc#dsgj/core_log/easemob.logFilesize
771B
MD5859275912e43715eabfe16ea4c5511a5
SHA1cf8d8adbcce5f22358316be05a179714cdf260da
SHA256be63e52027c816c3d5bde06e409c857b15bb8a60a52da1a3729e90f3cb1e7c92
SHA512fe7337d2f373e55a385fafe307ee2a73ecfe5ea44355633a0dd13f8846a9800482b3b61bce428f4788d2df8c8d9a970913f760cbad171ecd99c1ac20692f5fbd