Analysis
-
max time kernel
174s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:44
Static task
static1
Behavioral task
behavioral1
Sample
a8940b31d9dfe1a827a633cff3e1f7e2_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a8940b31d9dfe1a827a633cff3e1f7e2_JaffaCakes118.apk
-
Size
5.5MB
-
MD5
a8940b31d9dfe1a827a633cff3e1f7e2
-
SHA1
06ba0cdee52c35032ae9eb4cf653539d29b6cce7
-
SHA256
c1e42f226ddd55b8096893f911faa71578fedd5812c79d556d82736b6db4592d
-
SHA512
754e5a855e329ec309b33fd459448dade117c00fffa256fa834786c2566b4ae9931533963bdee4a11be3c93d81d23ee227c2d10e55cb1e3068d1b88fc681c571
-
SSDEEP
98304:9tgdZjY5CThyIj+tyceNSwVGV6jPzNGjA/id16at8ySoXmcO3Vsb/J:9tgdZjuKLayceRGsjLNzidQCXDXlb/J
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
com.wta.YdbDev.jiuwei129276:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.wta.YdbDev.jiuwei129276:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 20 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.wta.YdbDev.jiuwei129276com.wta.YdbDev.jiuwei129276:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wta.YdbDev.jiuwei129276 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wta.YdbDev.jiuwei129276:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wta.YdbDev.jiuwei129276com.wta.YdbDev.jiuwei129276:pushservicedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wta.YdbDev.jiuwei129276 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wta.YdbDev.jiuwei129276:pushservice -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.wta.YdbDev.jiuwei129276description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wta.YdbDev.jiuwei129276 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.wta.YdbDev.jiuwei129276com.wta.YdbDev.jiuwei129276:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.wta.YdbDev.jiuwei129276 Framework service call android.app.IActivityManager.registerReceiver com.wta.YdbDev.jiuwei129276:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.wta.YdbDev.jiuwei129276description ioc process Framework API call javax.crypto.Cipher.doFinal com.wta.YdbDev.jiuwei129276 -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.wta.YdbDev.jiuwei1292761⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
cat /sys/class/net/wlan0/address2⤵
-
getprop ro.product.cpu.abi2⤵
-
com.wta.YdbDev.jiuwei129276:pushservice1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wta.YdbDev.jiuwei129276/app_tbs/core_private/debug.confFilesize
101B
MD5f418f4932b9c478a59c81cad1e9a3579
SHA1e3bee620e3d120d9e23acd623e00434a7d8a2cb7
SHA2560196c278a54795f13ca9bb36f2fa141812185e38724614e1761eb7d37a61d5b2
SHA5125abb90d57db23ea19e882deaaed9c284b91dccf7d850c2f1c39cf6e61e59cd4a44ba972aef7ca50d4c08fc05cae6da0d84940223779d54aef453640c8434770f
-
/data/data/com.wta.YdbDev.jiuwei129276/databases/ThrowalbeLog.db-journalFilesize
512B
MD5fbaabda2cd881e010611b99aa590da89
SHA17ec87fa047b85a8ac4b56e69c32f5948df770377
SHA2568c598273d991835507fd2d63f09234fbfda34011cd2950c105df79467d812a4e
SHA512140b0ecf7cba45f8bd70f62aeaad546e5345f9b1b9662d9f410e3d43c2da9b1ed4d1115b412a478c2dba286b878d96ec0ad814d6126179136009f019a0f128ec
-
/data/data/com.wta.YdbDev.jiuwei129276/databases/ThrowalbeLog.db-walFilesize
64KB
MD5ba408895dd16c931689666bd1b9b0f04
SHA1b55c86caa14205ae27787dfdf19e6c1218e0948a
SHA2560d385cc752352b045b778a1dc08b3c3571502b8960b1485d118a49ff41acd7fc
SHA512c63fd5f48f9e9c503c1fd67e5a44c94cf4e2a413b131dbfc3f1868eeaad016b619e6b5edbf82af89f60d5a6055979dfccf53a6f367d29c1f0e461518463d410f
-
/data/data/com.wta.YdbDev.jiuwei129276/databases/pushsdk.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.wta.YdbDev.jiuwei129276/databases/pushsdk.db-journalFilesize
512B
MD55090ddabaeee0a81019387a11bad18ee
SHA1d8453c254136f080e10faf0a4003c6eab98e2709
SHA2564c5b78c39032a9d743e4c792aa54304a08b4c0ed20eb8acfe0bf82b9544b4f38
SHA51289d17dac243a65d1b134bf09ae20549570abd5a2c51580175be8affe84e44da79cf265df8986dc6b36352dee45490d66d41dae50fb9c4c294b922412fffd546e
-
/data/data/com.wta.YdbDev.jiuwei129276/databases/pushsdk.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.wta.YdbDev.jiuwei129276/files/.um/um_cache_1718351151784.envFilesize
607B
MD58ead3de247836a40dbb0cbbd06511bb1
SHA105c328dc912d4aba2a3bc5449e8f637dc59cf964
SHA25608960f4cfa69785849c1e1529d200ee080dbaa17c1fe2dbb5633dd1b834ea91c
SHA512d2e8694a688affdbc544c64521a5c717c4defdebbc955d34105b630488d8ee3c772505dd022c850c5e2cb6db4649e6c5e45efc20d2f7dc7ba181db2adaaea305
-
/data/data/com.wta.YdbDev.jiuwei129276/files/umeng_it.cacheFilesize
310B
MD56f3063dd099595edaf5c3484aac9fca0
SHA12b1b1db7926f41c27d0e36e9e8d9161d76eff458
SHA256fd3038303dd5998837792ea28d408c56be889f72f2c8a5e54e21b210bfa39e71
SHA512c7532557d0d7e9fe26e4784f60aba2cf23e55bb68b5aa10646d17f972d80ee89eae22c8072ad36852457d9168a35dce0929ae211963aa4258ecb25eab2f3b684
-
/storage/emulated/0/Android/data/com.wta.YdbDev.jiuwei129276/files/tbslog/tbslog.txtFilesize
80KB
MD5921166956a7184839674d3862088f7e8
SHA11114bc8839dffcd5590d6590a49efd702e595620
SHA256df7cbe72d732f2b74705ef09116b7c2f97d40f3b13c9afd2b59faf0eb5c950e7
SHA5123dbc61be717e23d6a8fae3ac819750bd09eb676ac21422070bed40d8acd20b77d75fd9bff88205139223806604593f28b10bba1d7fd3f1dd665b1c811f694b9b