Analysis

  • max time kernel
    6s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 06:36

General

  • Target

    a85bd42e53a9eb891b1740c0551aa34f_JaffaCakes118.apk

  • Size

    30.7MB

  • MD5

    a85bd42e53a9eb891b1740c0551aa34f

  • SHA1

    daddcaa1a9b5b1f6b1947e880b573924d8c60ec4

  • SHA256

    c4649c2082f3bc51fa4be167ba2c154dcb464b4bab347ab27c3916f0981f744f

  • SHA512

    69d06013d2e4e858bb6a9e44c5d1d78a70c36cdb32a63661596c6ea75229a1edc45a00a67b50e1f4fca684db645d2575da341b51edf649f7e3f13cd12a2de661

  • SSDEEP

    786432:m2Hsw1On1CqTRR98+GggaSXeteggXb+dc7esdzv4kn:mgRsnLTRMDRQeUiLvt

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.czy.store
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4326

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.czy.store/app_crashrecord/1002
    Filesize

    223B

    MD5

    0fa7dcaf4d94642e900ee3be9a9144a7

    SHA1

    4404ba253e03b1bb29439e3ee12c49e532482554

    SHA256

    faba53f299a14a846e6e638f0dc0fc60c64b5208c59c1be87dac1d5f09e917a1

    SHA512

    0e9d809bdabe96092c215d3fe2094864bf152256bd99967a09228cb2c5abb054bda58614a4e95fa6084d5a3eb740e3f49b22dc81fca67f733f4e28830fdc3794

  • /data/data/com.czy.store/app_crashrecord/1004
    Filesize

    223B

    MD5

    9d7e65130b1b5d60cdbb8cdb9f4b3d04

    SHA1

    61f7ac2734729062a70cc3784d99ae545efa722c

    SHA256

    c2356bf66c889f860dad889538be9f15ba6496eb7ae195b18b07dd558e94e292

    SHA512

    180d4cf4bd0606f496d69de20f074ccd49b84a91b5698d4e5843a586127bd5d208934b010c4ab8b7abbd1b8019de2c13d37e6934a8a251b2700d332b779a5e85

  • /data/data/com.czy.store/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.czy.store/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.czy.store/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    e3c02ea0942bfa274c44dac12543fb7c

    SHA1

    1be1c9b5d3ba7b598aeefbd3a783863c14fd8432

    SHA256

    0eddf4d22fc570d8b8528b3f82afbe94ef49ddcadbba9dd7b54fc2abe45d6dbc

    SHA512

    250ad2050d4e394ab0f4d43c126fb501e420e8f751b440ae1d554246c04eef1a4d47a22dd45fb95560814d11b78341212f935794dd290879f1dc0d6f9c20c0d2

  • /data/data/com.czy.store/databases/bugly_db_-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/com.czy.store/databases/bugly_db_-wal
    Filesize

    72KB

    MD5

    a58aee38d822ced3839dca75f5066180

    SHA1

    7dc3a6d8c245588d56eb8a42fffabcf521511a96

    SHA256

    f2f347388d6e79ebbd5407abc30c39e66e55e40c5f7d7e16321e2387ba572279

    SHA512

    0a49e516bed3b6715c67ff7e3e6be15041a81f727aa297f36689db9245de27f2fd9879de22dc13ae86689bca836b3a95de9e25cb9466b5af0fe405f29f2d7dd1

  • /data/data/com.czy.store/databases/cc/cc.db
    Filesize

    36KB

    MD5

    5d7ea1a23af19b4340cc8d90f28297d5

    SHA1

    4cfe95b23a9e98378d69c4290af81b51fbe76aea

    SHA256

    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

    SHA512

    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

  • /data/data/com.czy.store/databases/cc/cc.db-journal
    Filesize

    512B

    MD5

    a444a31246d7957bb35076b412912972

    SHA1

    638099b926670b49d4ad48d6c489c3ce8485c8b9

    SHA256

    dc5a23bea5ff4243680d9dfd1b61311361a11a907580bc78dbf528f21749c6fa

    SHA512

    8e44fe11e3c92c218ee06ccdf7df4780db40e86513421a8761349cecbb42bf83aeaff1e58ee88f0917f95079afb9d8392c1e3ab448f2cc0e8a666f1f4992a9b5

  • /data/data/com.czy.store/databases/cc/cc.db-wal
    Filesize

    48KB

    MD5

    b436bc0bdece6c1b282175953878ffb5

    SHA1

    72743e44a62bd200392161e16302c881e1db0d90

    SHA256

    a232b63198d4a9472c5731ff74a3eb530dbd84566df3699d18a4068a5ebfb4fd

    SHA512

    2bc0820afb7517499c0aa51f1ca05744d39d447d7313bfbb94dc47650abc41934b5e8de6a6ea1e2ffd668aba97c6269afa3aafdf52705153fe4668d67de40821

  • /data/data/com.czy.store/databases/ua.db-journal
    Filesize

    512B

    MD5

    1bfffc036d9db6861988a9ff334dd094

    SHA1

    6c179d24dfc320ac7334d41bae5768c386aa1aa4

    SHA256

    41aa09eedf82fe47254c7839ef0aa400d6070f4920203526337a0fcebf714fef

    SHA512

    c1797dab0cf1144e88c2860a87de831782b4a9f3fc5396246a0b61a68b4dcd81e07d6569881205900c311ed37d1d4f352771c4cabc954ae343890afe813f0ab5

  • /data/data/com.czy.store/databases/ua.db-wal
    Filesize

    32KB

    MD5

    a11b6576a1ad9648bfd46142561fcf4b

    SHA1

    a412ca49f815674b25a20fbf3659bd65aaab8de8

    SHA256

    36a217bf084d467d57e99362859e0db83459d998a16e770c79eceab55e75d816

    SHA512

    17f42711b1a79f38734023cdcbda6ecee5dc144d07c6cecf4b3ee514af1bdb1e7ca9efac73930073d49a5cfbbe43de85fc667eb5aa0552a7cfad10d7355daf85

  • /data/data/com.czy.store/databases/xUtils_http_cookie.db
    Filesize

    12KB

    MD5

    3fe30614d7e0d11db870b4624f6c50e0

    SHA1

    053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

    SHA256

    67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

    SHA512

    c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

  • /data/data/com.czy.store/databases/xUtils_http_cookie.db-journal
    Filesize

    512B

    MD5

    c177a0005630cd71326175f4fb3692b8

    SHA1

    512f4b6e53a66b19502bb2f74aa6062729ba3b96

    SHA256

    dc75978520c2e7cee25cac4647a93316d6c5247c458374fd82a0059a4d9fe3b5

    SHA512

    2cf5d5fc4469eca6e2111f4dfde781d44722c18c43f5335567f1d2b31b682570987d1663551370712818f72a5b032267cca768d55610ef50edec172fc81a3f64

  • /data/data/com.czy.store/databases/xUtils_http_cookie.db-wal
    Filesize

    16KB

    MD5

    63c3ae5cd59e54e0275348cb59a8a4ac

    SHA1

    0cac595083aca4b6f6b0654ffff29212b2a7b99b

    SHA256

    482f8c73e6c02744c88a9e4d7f23a5222c05f4eaa2fc66b5e1e0c37d57b9df4e

    SHA512

    744545536ad17fbdf54d6f8e7d05390818da7ee3c12bd657b27b26254b7c1529ac191a9bbdfc6b8e03a47acaa8771d0b6b7d836a8751983e2e6ca73581921593

  • /data/data/com.czy.store/databases/xUtils_http_cookie.db-wal
    Filesize

    4KB

    MD5

    6d6c6b22f8c939041a4c23448dc47e09

    SHA1

    ae28b2d59642a882de82800c7be5c4b2f0127049

    SHA256

    b37b4d6c62680629b33b3b6807d87e28ea73f8c186836c5f0de8da7863a396d0

    SHA512

    9be429e446bb0805c29901420b1fb01914bdb8850f6e8a90774a422eefd3c01ce0da3cf119152bfff0561ec3c35ae12914a104b5917d0715e128bf73d7858108

  • /data/data/com.czy.store/files/config.json
    Filesize

    34B

    MD5

    f5f1b3b2881eeaed40bd709723a2b547

    SHA1

    0f3b761f0af5b8f9cef72bcf40a7d93a3a5c0c68

    SHA256

    8d28058c34d5bf80ce0ad0e6bd6378fec59e2e5df0cf660780da220eaef861c7

    SHA512

    9ae3c84b8233aafa3045d4097dccf54fa3ce2275059a85de581067aa047cab31076d1353341c32b4e8dee15103a4cba327cd651c3369354c9bc784d4698270c2

  • /storage/emulated/0/Android/data/com.czy.store/cache/diskCache/journal.tmp
    Filesize

    32B

    MD5

    d8cbadc488082d94b53ba2e1ee65c299

    SHA1

    48f72821143551146958f76576ba3856515189c7

    SHA256

    9bdea3d7488b8b31906c426b71efc57e2cfdb1086638d5dc885adc513da5d945

    SHA512

    97a936d747b7ab54774012ec81fd95699df873e178496f97ab71ceb10da27ee533760a3d094051e4340bb4b0696e22fa2eec3c4cf91145f2fd440a62e19c9365

  • /storage/emulated/0/Android/data/com.czy.store/czyttyc#dsgj/core_log/easemob.log
    Filesize

    771B

    MD5

    859275912e43715eabfe16ea4c5511a5

    SHA1

    cf8d8adbcce5f22358316be05a179714cdf260da

    SHA256

    be63e52027c816c3d5bde06e409c857b15bb8a60a52da1a3729e90f3cb1e7c92

    SHA512

    fe7337d2f373e55a385fafe307ee2a73ecfe5ea44355633a0dd13f8846a9800482b3b61bce428f4788d2df8c8d9a970913f760cbad171ecd99c1ac20692f5fbd