Analysis
-
max time kernel
65s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 10:02
Static task
static1
Behavioral task
behavioral1
Sample
a919ff8ca9f92ba629ea03c9e65af2fe_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
20130609131204AlipayMSP_V3.5.4.0609.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a919ff8ca9f92ba629ea03c9e65af2fe_JaffaCakes118.apk
-
Size
4.3MB
-
MD5
a919ff8ca9f92ba629ea03c9e65af2fe
-
SHA1
66d9f44263da270806d3b6e5aeb15a5b3525358a
-
SHA256
239e402f006a6c90eba982e141d08d000cc0b9cb95c192ff7d99fc8a0d6ca32a
-
SHA512
bf38129a73978d2a285f03040f396344caa488b96709f82122044081d00854a226c7628ace47c1e159a45b9e0bccc8acc2c74b66777ccc940ea05c0278377077
-
SSDEEP
98304:+P6yxeakwvY6FAeFROpdZT3pXb2Fn26oizP+W:Py7fFopdZ7ZbKB5
Malware Config
Signatures
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 7 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.wyt.freedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wyt.free -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wyt.freedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wyt.free -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wyt.free/databases/place.sqliteFilesize
20KB
MD5bca53c4dbf9dd9ec47e5355b43ad5ee0
SHA1ec0b00613fb5f925bdca246c763e5cce991211da
SHA256f42edf80ca01c12539633ff757225204e79ff33d8e7505eb2696be28b4c94952
SHA512fe8b953ee52482ebcb9884418d3c97414d763e9e69865987f741092800e880d3454f43c218e402426c2552f0c31bcc0da2e36c737b341daf8df690be6a4635e1
-
/data/data/com.wyt.free/databases/place.sqliteFilesize
13.3MB
MD57b16791114ed97e132c3868d684145e3
SHA1015d40bc70d2f281bf826cadaa55640d1046ddb6
SHA25619ebdb7e69f81bcc02bfbb04a4530adc4234a5a06f24c31ce3cc794b043fb058
SHA512c3d38b44c5c4faef008eaf702ee6df6fc20ac183bce8eba7f632c4b6cb3ee82b9084b58c9fc5d431658063e2ebdd7d1df10879d6040300c37c65c6e3ea082d8f
-
/data/data/com.wyt.free/databases/place.sqliteFilesize
20KB
MD5f36f2f219c2e742862ef0a65917b37f1
SHA19c1156bf268e3646583c64f2c90b632d4a413219
SHA2563b7a5a16ad9b55385b3ecfc68d393d53ead5cdd0e2de2a634d97a7d6fde79244
SHA512fa099161d96b34015d67aa84ea3c73d37a052ece7f7cc6a9700d29dd63bef9a024ea7c1fd9ebdadde5428b8a97ed8b9f4d3aa6bd9da3082e8b6ac6bdbffcdc89
-
/data/data/com.wyt.free/databases/place.sqlite-journalFilesize
512B
MD55f6ebe75841663400b3c77083d08c48d
SHA1582f931f4c994cc5d96d5fcf35cb18f9b845bf5e
SHA2564a7bc664869f74f1ad2bf8fb651c81a8e87e1824d8af50553fc6427e674b4fc3
SHA5125e8345fb0fa8cfffc366e4420f7eccef309d9ec2e9308c463fd7521cdb25cd6cf2ee9f7d445758fa12aef1a9abdc21a3f3f02c62f2bb84e011e5e0de31419809
-
/data/data/com.wyt.free/databases/place.sqlite-walFilesize
8KB
MD514d70b263c629b90a8a8f1f43a515b95
SHA1c518f40bacc3fa459616934eb9b42703ca559300
SHA256d7cda1e36693658432bc37dffc40ca5a9a905802c21adea38bd7113787be43ea
SHA5120958722ba549da5e850968b4e940edabe1808611e6ccf77fcd4b5333412b3a49311df7cd939388d2b2a50aeb68ec0f84ed610c52b01fbb8c7d9752328ca7ec67
-
/data/data/com.wyt.free/databases/place.sqlite-walFilesize
13.4MB
MD5a0476b36a8e829c7ee2b4d9be48af780
SHA189ee68586614e73b8b9e86b67664e93dac362056
SHA2565882d61d287fa1fa28c7a11856cbd6f35827ac54d40491be61a2d01640806a11
SHA512a4343a48effe998913fad5cd64eb5881e573adae7b830800a066d1a1f1ed1a68e2ecd04d1334dcd24d596019f3477c0d1d816743f704b534c7d5860b6a1d3a05
-
/data/data/com.wyt.free/databases/place.sqlite-walFilesize
32KB
MD515db6ac7c497f64352432522ee99e280
SHA1b9c911f41b4c5a813db32838d852fc64ebeb2d20
SHA256e6269b9ea0e262b8c73afac8cad7059b1fda4f53e0f6ce63485fc2994d124b6f
SHA5128ae85f10d015f5669c1d9c9391670c06fc477d01a0acb7399fc52dfbb5174d7e5e5a26d32414b74855210f91f434d14a0987865f2148b1cbe126657bdd276ef0
-
/data/data/com.wyt.free/files/__MACOSX/._place.txtFilesize
120B
MD58235397afb86b003540b5210c60300d3
SHA10e75bddb4cdc0e97b89b94650a7f8a186dec6344
SHA256466a28d2ded488d6606cf34cce69adb747cc45b01f6bd733e4af09f03bd0bb51
SHA512f711ae1e3d2a90f192f02d582587f8b694b5695e5ed6194010ddc105b66c5ee77270a29d23088e1504fca806d1e0ebdc08ae42294047ab0a94c1402da033ad55
-
/data/data/com.wyt.free/files/dm.sqliteFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.wyt.free/files/dm.sqlite-journalFilesize
512B
MD5eaa207c2311d43c8263ee0e053042361
SHA1a76e85329429d411519a41c15295b1dd6501d4c2
SHA2560897067ff6db2be00647126e93035cae56c3e445711d24cceb4a2e206dc4e5d5
SHA5120b546c34e0fb0774662b8df3081dd3d84cbb81882acbc3deddc8746192d30f05f3a966ea02536fcdc85fb47fbaa8f0499956a119330e201ad7b094b68fafd9eb
-
/data/data/com.wyt.free/files/dm.sqlite-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.wyt.free/files/dm.sqlite-walFilesize
28KB
MD59c527e646f1f27e82572378e37c24038
SHA15abfa1b4f603669323d663a4ec915a5938dbffa4
SHA256bb1faffedc5b0caa225c69d318ab6b302f7a913e6bb4160f8afa99170f2a13c1
SHA512e03e1dc51a21e850d074229eb95b32765906cb37880cb412685eae22a9184ab27cd70124e987d4179b1622b4139010f1298fe096e89ebce7e047f63e0d0420aa
-
/data/data/com.wyt.free/files/mobclick_agent_sealed_com.wyt.freeFilesize
575B
MD5f36d650bcb3fc45a6d8e80aa374b6be9
SHA1aa64851250823fc9db8a8d7c598b240c90792eeb
SHA256e6ba814c43c715a89dfc4f9f4c806b8976381cdb66b14577e60792c509f5a6a6
SHA51254b110ca08d800a8fb6c0bb37c900379b78497379b2f5a0f715c0f8b8d43eefa4a07cde26cd2c85c1d7bdf57bccdb47b8e4bb905541f5fb7a59f6bccc2bb1577
-
/data/data/com.wyt.free/files/place.txtFilesize
6.3MB
MD50ffdf491f1730adc6713bbb89780f1ce
SHA1a6522d1d5ec2f4610af01292be179ce2ec90929c
SHA2563371684b075274bdad51dc1fe006a5fdb85318a83d38b89e0fc6b6cecd58c641
SHA5122ffcc47dd0165f80cc92d60bac84dff24fd7991d32335273f1ad5396c7f9fe6dbc7d343f57c883b7db2fc156a2ab21a0dfd9ecc3f22cbacfc5e7d98e927438d5
-
/data/data/com.wyt.free/files/umeng_it.cacheFilesize
211B
MD57e7d2a3905532065717adbecff56816b
SHA130a8559cab5d86ac00627bbe106f700f7cc73016
SHA25645e00833eb4aab40fd5d5bc57f777ba09fb9939f745d67551925153e298c3d93
SHA512f7d1ef7c235fc17fa9717160a9a8fb38171141ded15254943057fe928c4ce72605e2a87104e87c10c64f40cfad854215700e2eae2a9dc15a8ba0f0f9b460c53a