Analysis

  • max time kernel
    65s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 10:02

General

  • Target

    a919ff8ca9f92ba629ea03c9e65af2fe_JaffaCakes118.apk

  • Size

    4.3MB

  • MD5

    a919ff8ca9f92ba629ea03c9e65af2fe

  • SHA1

    66d9f44263da270806d3b6e5aeb15a5b3525358a

  • SHA256

    239e402f006a6c90eba982e141d08d000cc0b9cb95c192ff7d99fc8a0d6ca32a

  • SHA512

    bf38129a73978d2a285f03040f396344caa488b96709f82122044081d00854a226c7628ace47c1e159a45b9e0bccc8acc2c74b66777ccc940ea05c0278377077

  • SSDEEP

    98304:+P6yxeakwvY6FAeFROpdZT3pXb2Fn26oizP+W:Py7fFopdZ7ZbKB5

Score
6/10

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.wyt.free
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4198

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wyt.free/databases/place.sqlite
    Filesize

    20KB

    MD5

    bca53c4dbf9dd9ec47e5355b43ad5ee0

    SHA1

    ec0b00613fb5f925bdca246c763e5cce991211da

    SHA256

    f42edf80ca01c12539633ff757225204e79ff33d8e7505eb2696be28b4c94952

    SHA512

    fe8b953ee52482ebcb9884418d3c97414d763e9e69865987f741092800e880d3454f43c218e402426c2552f0c31bcc0da2e36c737b341daf8df690be6a4635e1

  • /data/data/com.wyt.free/databases/place.sqlite
    Filesize

    13.3MB

    MD5

    7b16791114ed97e132c3868d684145e3

    SHA1

    015d40bc70d2f281bf826cadaa55640d1046ddb6

    SHA256

    19ebdb7e69f81bcc02bfbb04a4530adc4234a5a06f24c31ce3cc794b043fb058

    SHA512

    c3d38b44c5c4faef008eaf702ee6df6fc20ac183bce8eba7f632c4b6cb3ee82b9084b58c9fc5d431658063e2ebdd7d1df10879d6040300c37c65c6e3ea082d8f

  • /data/data/com.wyt.free/databases/place.sqlite
    Filesize

    20KB

    MD5

    f36f2f219c2e742862ef0a65917b37f1

    SHA1

    9c1156bf268e3646583c64f2c90b632d4a413219

    SHA256

    3b7a5a16ad9b55385b3ecfc68d393d53ead5cdd0e2de2a634d97a7d6fde79244

    SHA512

    fa099161d96b34015d67aa84ea3c73d37a052ece7f7cc6a9700d29dd63bef9a024ea7c1fd9ebdadde5428b8a97ed8b9f4d3aa6bd9da3082e8b6ac6bdbffcdc89

  • /data/data/com.wyt.free/databases/place.sqlite-journal
    Filesize

    512B

    MD5

    5f6ebe75841663400b3c77083d08c48d

    SHA1

    582f931f4c994cc5d96d5fcf35cb18f9b845bf5e

    SHA256

    4a7bc664869f74f1ad2bf8fb651c81a8e87e1824d8af50553fc6427e674b4fc3

    SHA512

    5e8345fb0fa8cfffc366e4420f7eccef309d9ec2e9308c463fd7521cdb25cd6cf2ee9f7d445758fa12aef1a9abdc21a3f3f02c62f2bb84e011e5e0de31419809

  • /data/data/com.wyt.free/databases/place.sqlite-wal
    Filesize

    8KB

    MD5

    14d70b263c629b90a8a8f1f43a515b95

    SHA1

    c518f40bacc3fa459616934eb9b42703ca559300

    SHA256

    d7cda1e36693658432bc37dffc40ca5a9a905802c21adea38bd7113787be43ea

    SHA512

    0958722ba549da5e850968b4e940edabe1808611e6ccf77fcd4b5333412b3a49311df7cd939388d2b2a50aeb68ec0f84ed610c52b01fbb8c7d9752328ca7ec67

  • /data/data/com.wyt.free/databases/place.sqlite-wal
    Filesize

    13.4MB

    MD5

    a0476b36a8e829c7ee2b4d9be48af780

    SHA1

    89ee68586614e73b8b9e86b67664e93dac362056

    SHA256

    5882d61d287fa1fa28c7a11856cbd6f35827ac54d40491be61a2d01640806a11

    SHA512

    a4343a48effe998913fad5cd64eb5881e573adae7b830800a066d1a1f1ed1a68e2ecd04d1334dcd24d596019f3477c0d1d816743f704b534c7d5860b6a1d3a05

  • /data/data/com.wyt.free/databases/place.sqlite-wal
    Filesize

    32KB

    MD5

    15db6ac7c497f64352432522ee99e280

    SHA1

    b9c911f41b4c5a813db32838d852fc64ebeb2d20

    SHA256

    e6269b9ea0e262b8c73afac8cad7059b1fda4f53e0f6ce63485fc2994d124b6f

    SHA512

    8ae85f10d015f5669c1d9c9391670c06fc477d01a0acb7399fc52dfbb5174d7e5e5a26d32414b74855210f91f434d14a0987865f2148b1cbe126657bdd276ef0

  • /data/data/com.wyt.free/files/__MACOSX/._place.txt
    Filesize

    120B

    MD5

    8235397afb86b003540b5210c60300d3

    SHA1

    0e75bddb4cdc0e97b89b94650a7f8a186dec6344

    SHA256

    466a28d2ded488d6606cf34cce69adb747cc45b01f6bd733e4af09f03bd0bb51

    SHA512

    f711ae1e3d2a90f192f02d582587f8b694b5695e5ed6194010ddc105b66c5ee77270a29d23088e1504fca806d1e0ebdc08ae42294047ab0a94c1402da033ad55

  • /data/data/com.wyt.free/files/dm.sqlite
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.wyt.free/files/dm.sqlite-journal
    Filesize

    512B

    MD5

    eaa207c2311d43c8263ee0e053042361

    SHA1

    a76e85329429d411519a41c15295b1dd6501d4c2

    SHA256

    0897067ff6db2be00647126e93035cae56c3e445711d24cceb4a2e206dc4e5d5

    SHA512

    0b546c34e0fb0774662b8df3081dd3d84cbb81882acbc3deddc8746192d30f05f3a966ea02536fcdc85fb47fbaa8f0499956a119330e201ad7b094b68fafd9eb

  • /data/data/com.wyt.free/files/dm.sqlite-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.wyt.free/files/dm.sqlite-wal
    Filesize

    28KB

    MD5

    9c527e646f1f27e82572378e37c24038

    SHA1

    5abfa1b4f603669323d663a4ec915a5938dbffa4

    SHA256

    bb1faffedc5b0caa225c69d318ab6b302f7a913e6bb4160f8afa99170f2a13c1

    SHA512

    e03e1dc51a21e850d074229eb95b32765906cb37880cb412685eae22a9184ab27cd70124e987d4179b1622b4139010f1298fe096e89ebce7e047f63e0d0420aa

  • /data/data/com.wyt.free/files/mobclick_agent_sealed_com.wyt.free
    Filesize

    575B

    MD5

    f36d650bcb3fc45a6d8e80aa374b6be9

    SHA1

    aa64851250823fc9db8a8d7c598b240c90792eeb

    SHA256

    e6ba814c43c715a89dfc4f9f4c806b8976381cdb66b14577e60792c509f5a6a6

    SHA512

    54b110ca08d800a8fb6c0bb37c900379b78497379b2f5a0f715c0f8b8d43eefa4a07cde26cd2c85c1d7bdf57bccdb47b8e4bb905541f5fb7a59f6bccc2bb1577

  • /data/data/com.wyt.free/files/place.txt
    Filesize

    6.3MB

    MD5

    0ffdf491f1730adc6713bbb89780f1ce

    SHA1

    a6522d1d5ec2f4610af01292be179ce2ec90929c

    SHA256

    3371684b075274bdad51dc1fe006a5fdb85318a83d38b89e0fc6b6cecd58c641

    SHA512

    2ffcc47dd0165f80cc92d60bac84dff24fd7991d32335273f1ad5396c7f9fe6dbc7d343f57c883b7db2fc156a2ab21a0dfd9ecc3f22cbacfc5e7d98e927438d5

  • /data/data/com.wyt.free/files/umeng_it.cache
    Filesize

    211B

    MD5

    7e7d2a3905532065717adbecff56816b

    SHA1

    30a8559cab5d86ac00627bbe106f700f7cc73016

    SHA256

    45e00833eb4aab40fd5d5bc57f777ba09fb9939f745d67551925153e298c3d93

    SHA512

    f7d1ef7c235fc17fa9717160a9a8fb38171141ded15254943057fe928c4ce72605e2a87104e87c10c64f40cfad854215700e2eae2a9dc15a8ba0f0f9b460c53a