Analysis

  • max time kernel
    179s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 10:20

General

  • Target

    a92b8e5990d7e16b5f9d857f5bdd790e_JaffaCakes118.apk

  • Size

    5.0MB

  • MD5

    a92b8e5990d7e16b5f9d857f5bdd790e

  • SHA1

    66f74b9d48ddd127c631bf0cd6510d68690f27fa

  • SHA256

    f051921f2a4ca76b694edeaec2a9962fbe0c2ea33a54c855499091580a3e3307

  • SHA512

    8f11ab610665146e4400f8c78fd2366a85fb5ced2071e747d0f64338d2dc42602cbace92b19b194d85fef7459a5c92269030d49e290c68dd40d57e591dd34a8a

  • SSDEEP

    98304:9M5Kk+e6muLsbjOdgcaNNur+ux9HIJ+ryall6WOxwycRsG+mdE/nMUr:G5KZUuofOhPr+unHc+ryaeWOqhdE/nMa

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.shengda.daijia
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4293
  • com.shengda.daijia:remote
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4441

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.shengda.daijia/files/.imprint
    Filesize

    28KB

    MD5

    0d3e99204c6401ea499fe9e6d9855497

    SHA1

    09829f00ca458eab7374d5079393a2cd69a2348a

    SHA256

    63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

    SHA512

    8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

  • /data/data/com.shengda.daijia/files/.umeng/exchangeIdentity.json
    Filesize

    512B

    MD5

    34748032a428c52e04bd2ed7706b9d4c

    SHA1

    6c8abaf777ec8f3054e9780b3024edfd7652a980

    SHA256

    7c8aa2ed50fc0ad137d801981a5c53a8137e8c4a08c699e3c4bfbcafe8be0659

    SHA512

    dcaf1f885a57ae40e0d258b5ed519d2289bd69f54712c60604579cd10c1d63799c81c13fc5db26dd6743d719af377d8d81ccbb7cbb3d6d98030d19069f25717d

  • /data/data/com.shengda.daijia/files/cfg/a/ResPack.rs
    Filesize

    493KB

    MD5

    b910dd3542d71f57b5dca67af18cfa7f

    SHA1

    edafd8bb96b1eac5f3db87216842c7c232c77d62

    SHA256

    815a18dac2b9b8bc62c0b424e1abb530a14f35f3b69b1ef432a98d0f69d93a6d

    SHA512

    d7ca17b63002ae87dbcdfee033ce735e9cb6966de65ac9e1201d0d2a2c029f024f76f5c785724433473579d9779503133fe1a4c661163af27bd47cac27d04fd5

  • /data/data/com.shengda.daijia/files/cfg/a/mapstyle.sty
    Filesize

    386KB

    MD5

    fcc53e066e7595fa11e83564b37f08d0

    SHA1

    2843fd5b7c30fbc46997bb0dd1e400aedbe476ef

    SHA256

    bc8eb3d73bd9f983450188a685701ab92a50a7c4c9b676227023a823be760431

    SHA512

    1c1cb536eee19c4e0912635df45e6f2708c24997d033fa3eca1e96cbb8444b9e41dcae8a3fc211f802f29ea65c057546fa54980dcf0e5e5a7905a21d4fee2d2b

  • /data/data/com.shengda.daijia/files/cfg/a/satellitestyle.sty
    Filesize

    285KB

    MD5

    bba21dd97b026eae5e4861afa5fdf348

    SHA1

    fbd27efb712ab1a21a8dd72e1382f973ba0b097a

    SHA256

    ea6380d20028444deef9e46e8ca0029b46baa46b2bd03cf011ed717fc331917f

    SHA512

    0ebec5171ff5d76da8a46bf0df924aa43372eadbac3b0b6b37f4e58c1931efcf4acf9c49dc612a671259cd22779ee7ee1a689268ab9258e2078a9647f7d79e29

  • /data/data/com.shengda.daijia/files/cfg/a/trafficstyle.sty
    Filesize

    7KB

    MD5

    0d84dbc7e7f008e90d6e0f0482dd3dcf

    SHA1

    560e84f67301c102d489db6c17819f77c090ee6d

    SHA256

    f12e378f4c1dbf71cfea3ead3697bf196e2691701f8c07c074bae6057a89a705

    SHA512

    8b3e8638b27d545b155ff2a60812c901d0d6690e2570c1923aa91729755efb6e354a907c121a38b00901af94aad73383a13561b010a818426dcd6efada1d1589

  • /data/data/com.shengda.daijia/files/cfg/h/DVDirectory.cfg
    Filesize

    68KB

    MD5

    8c46176bbac1c8202915d18e93fce7da

    SHA1

    4da21b7bccd29f70519cf08b6a089be95f04d490

    SHA256

    7b2cccc88775aa08232202d0084b4dc493d58aab80e51008b1ea35153ce062b4

    SHA512

    5448b1a693a171497c0b179bc0a6d37ff1de942b8b9d77b62a2602d774e2743efe111211ca351be1ce24ace0651a83df35aac8469775db9c366acceaaa3c6d19

  • /data/data/com.shengda.daijia/files/cfg/h/DVHotMap.cfg
    Filesize

    32KB

    MD5

    f50032390be3fa9097cb122e999a5fef

    SHA1

    946c69bcad787c1c3faefd0646c07f6edce7eb1c

    SHA256

    4f122c0080c74e1d8fed52eeaf5d3946a05c0fee7f89cf8cc9a605c28e7fe60b

    SHA512

    8f50c5d5ea3750f502e9598a202caf0e1c84d049f2154b6eb2c79e43fa40b9126a25b568906454568bc3255370948e16eac4a690a711901092a583a20358e4ca

  • /data/data/com.shengda.daijia/files/cfg/h/DVHotcity.cfg
    Filesize

    1KB

    MD5

    883c30365d5d377966125dd0c079debd

    SHA1

    d296ec1e3f4badb6e3e6166c1473fb55d4265761

    SHA256

    50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa

    SHA512

    00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

  • /data/data/com.shengda.daijia/files/cfg/h/DVVersion.cfg
    Filesize

    339B

    MD5

    8261cdade070643bf5338cb86f8a8e12

    SHA1

    a2efa735a1850ffce170c9afdd5766d00150d3c6

    SHA256

    419c6d6ec62882a558975b35ce565eea2921203b869a7c84e94542c30d067b4a

    SHA512

    9329f5803cd58d8117e9c76f14234d58461c5958ff27b613db3fb37acad9fbdd32319ed0f23105ae1371203406ba075ee05dfb51d2c8c36147911236e9144387

  • /data/data/com.shengda.daijia/files/cfg/l/DVDirectory.cfg
    Filesize

    68KB

    MD5

    9b4be1eba81c78c290dca5cc4f215efe

    SHA1

    5f4232f73f82a1f9523f87dce954668d88b0a0f6

    SHA256

    00e9d5f7e574d610ee6630bcc3ebcf5cb5da97859cee0657dd4d5736eaffc60c

    SHA512

    c8a70df6af352c6b533d482485cf7d69051da76c9cfedff9fa0cda7a5c26d8a48c6f9e0120e76b72ac0898625eed2c01b9e3ed41df9dbb508c762574339fed3c

  • /data/data/com.shengda.daijia/files/cfg/l/DVHotMap.cfg
    Filesize

    10KB

    MD5

    7574d43d9c732d736c892f4b4cc52018

    SHA1

    9e31d173e8036ef3247f4d2c67b2a7469d40a899

    SHA256

    42a7b2b0c24553df0af78f0d0da28b74d8e9de45d372bfb9151df1c536c41945

    SHA512

    74f7797cdf1b3b3164ae128caac722059bd474c37608c0dd60bb43de913e0dd245f2022b3efba622a66c6a0b88a31662834df6b04724dd70621e4b3c7ffc4ef0

  • /data/data/com.shengda.daijia/files/cfg/l/DVHotcity.cfg
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.shengda.daijia/files/cfg/l/DVVersion.cfg
    Filesize

    127B

    MD5

    d54b7b380a5ff46c78283013a07d8e0f

    SHA1

    f697c5f7028ba2679a96d6bc5291c38ff96d7982

    SHA256

    c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c

    SHA512

    ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

  • /data/data/com.shengda.daijia/files/ofld/ofl.config
    Filesize

    235B

    MD5

    127703d48a7fe86dda132cfb4c03deb4

    SHA1

    7ee40f2b32a7b10208a5abc202f709209c6842db

    SHA256

    ce36e2feb9bde61afb9d2fb10b448ecbe1f914a7b552ba5c99aac9c96d97bdf9

    SHA512

    e4992059ff7a9ce187955d86411416f48fd1e56b88f8cb0fed1573ae9d66f8dacace705ac27370c7e70e29085dbb2000f221f2edaa60fc5008c8d3bc5f0ecaf9

  • /data/data/com.shengda.daijia/files/ofld/ofl_location.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.shengda.daijia/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    ee1a955176dc1cee8b2f4a33ed9db3df

    SHA1

    f05b539ddb3054c4fb2822517f208f3c4a3760d5

    SHA256

    38f9de35edfede5e41337799164e9cbdccf5668b3fc6864aa875276d62464d4a

    SHA512

    b77987b16ea0d89e53819273012b2f3a5fcc3798240318eed117039752ebb6044433e4bad2231b75b2c416897fd9c9bf341a91e8708183568d07126701228e36

  • /data/data/com.shengda.daijia/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    c0f9a2eeadaff5fc8a1c2d5d562f79fd

    SHA1

    d4f8f0db7e9096daa5f109bdb502154402123350

    SHA256

    c3254bd321cd1ba64423ac7efd312f3716390163c37457bfe657de41ad9eff7f

    SHA512

    49a432133008a7395e8328e1125f53c3563fc0a27c3af4edb2d979c37f99ac9b181e1ce7d1629f61dadf96244106df13d6fd7a2de892074a0999567cc40026bc

  • /data/data/com.shengda.daijia/files/umeng_it.cache
    Filesize

    415B

    MD5

    945ab01fd530b2c30259e16ec72a67e0

    SHA1

    2abfe139ae6ca32e0f889cbd7bca935ab8778101

    SHA256

    73506c83077191602e1dbb76385664a195a7d1d2d9097c730e34bbd211d2cf04

    SHA512

    aa285b8a17ad0c5997ddd5f4faeb13c9a76410f2e0088c28390b3692f06657924467b6814340a5e668da0f06c41ccc6b8eb12863663b7627ba15f93b332a8d3f

  • /data/data/com.shengda.daijia/files/umeng_it.cache
    Filesize

    52KB

    MD5

    590786245aec9e9152f60f850ce5d268

    SHA1

    bffc9ef5ba31947b36397f43ba2000b0d035fce1

    SHA256

    318bee4e7f04d66d3665d3b1fab01c8d66f72ba26052671ffb76073915f5c752

    SHA512

    a655b476a17a253c8aa83e42e63226282b23b7ab581a6fd38b49cd550fdb02f1e19f7956c4418da1bd211374341c434312f389d2542158db629881b509582683

  • /data/data/com.shengda.daijia/files/ver.dat
    Filesize

    512B

    MD5

    2e4c154568a172ffd7d09a9ff8a5fe6d

    SHA1

    467b3906466072f09cb2641d08875af6a71bd076

    SHA256

    c2484fcf50256fed00779686d20d431703548b9796ea2cc1351ef497916aa3b5

    SHA512

    01d7bcaa509ec4848b6aaf2ffe4ab08288791a2d8e7047d5abd7075898321e88422b868f19adc43ae53181f34fc988e3f59cd94dbbfb76caf49c54e083d107b3

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/BaiduMapSDKNew/cache/tmp/DTTempdat.dat
    Filesize

    2KB

    MD5

    68d982cb380611131f8bea485bf90c8c

    SHA1

    038e6871880298af0789416dde8e6aa0c93bef51

    SHA256

    3cf008dbc7e1c4826802b54d19d671b517166dca67821430eab0905b0beb751c

    SHA512

    b996fa8ad81d11c31c44b2bcc315c7078032973bf40747b6dc4b3cd31cff2e61b73073f76089950a65c74b7b338384f73edd701e4747b8a784d2c8516ed0cfbd

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/BaiduMapSDKNew/cache/tmp/DTTempdat.idx
    Filesize

    164KB

    MD5

    9821fa9bf06a0d5162dcaa8b76421dcc

    SHA1

    921532f0899bceb3d4573c6c1af5c5781f182db4

    SHA256

    d6441b5f22170d11a2cb15c2b58ab912734740ff3c083e6ebfd83914ea2ca6a7

    SHA512

    54f2fd30be645b1ab1b4ef3a4cf052642ccfb6f7ca461f8f97ad7a6d674f609e2fe3e815b00e2cbf421fd2123eda59faad451767d8e8479fa54d7f8d59ca9664

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/BaiduMapSDKNew/cache/tmp/DTTempdat.idx
    Filesize

    8B

    MD5

    7dea362b3fac8e00956a4952a3d4f474

    SHA1

    05fe405753166f125559e7c9ac558654f107c7e9

    SHA256

    af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

    SHA512

    1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/BaiduMapSDKNew/cache/tmp/HMTempdat.dat
    Filesize

    2KB

    MD5

    bcb392d6a35c91da82ee860a8468f97b

    SHA1

    637e6d1e41da7c8c6a8b5c357c11d9e1cdb3fd37

    SHA256

    36a447dc548d281ebff749e1dc1d93e2581fcb2ea846efa22cbecc97e6932f19

    SHA512

    1caf99121faa89d32177ab46dae05f542f1a69ad07a843dc1b64d52b39aae120aaeefbf44c390b5340306f3cc34ef360aef30186d348af87a8221beef529e5d6

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/BaiduMapSDKNew/cache/tmp/ITTempdat.dat
    Filesize

    2KB

    MD5

    926afcdd3de648ac4d9e7b222c1485ea

    SHA1

    96fc9c942c6bd8806821b1532e25f21d2b8b2a47

    SHA256

    f2411c822a5ebefc972c4bf2030e6ef869e8930b5af81c5c08e79d46f67705cb

    SHA512

    07d326bfdacd97b9510a73e04ff195a6832922f74c593bb64f661f2297ed236643daa9b6c8063f599e9a2300932653708d0b38ccbbfb88746c8f2af1bec9865a

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/baidu/tempdata/llg.dat
    Filesize

    442B

    MD5

    fea51b0943e0077277646b84635b7695

    SHA1

    13691697991454352bc069f67a6879fe4fbb164f

    SHA256

    b61f0f6e583ed68d58fbbb68b45266b9fe2a4e13baefdb035c41c142c1eb5cb6

    SHA512

    a9508ca959a8a3984f63f213b84f646c1cd4263dc275de4014f61c1997a31f2cbe11d005bd14e550526af4417a14e9a16e609852272e0575efc5b0fdf244b47f

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/baidu/tempdata/llg.dat
    Filesize

    1KB

    MD5

    4863a1b1726bb936d0fe51b621c1befa

    SHA1

    f6372ab138a8e236773a555182f18bc213b65681

    SHA256

    e485d82ba3dd563327462c980de64a674571528698e3e3504a86741849ab0e78

    SHA512

    caca61b58d1eaed5b6e91c48f8402d342111a93e02922c36d2fcd87e712ab3c826f01053ac4372567ddcfaf83da25227ea266f36c9d1c20e6e48c63d295d8112

  • /storage/emulated/0/Android/data/com.shengda.daijia/files/baidu/tempdata/llg.dat
    Filesize

    14KB

    MD5

    713191281daaa7e71105b4115d4fe5a3

    SHA1

    db013a630b6bda70eb33e090ace1a0e0fc484621

    SHA256

    3dc570238b5c0c2b348d51d0d83f357fa1ee9a223c7265e9848daab1fcebed52

    SHA512

    fec1759858286897720c5f4ab0cf02ee8d7833513f287f038c48e4768a97e5efa926d6c27728c565be144ffe46a66d12a35f0e5982e4a159c01eb0d006eb9953

  • /storage/emulated/0/baidu/.cuid
    Filesize

    32KB

    MD5

    c748771cb27e1014e446753c79839ba0

    SHA1

    00e53f861e2c7776768b0a4ea39187515469b029

    SHA256

    fda02d02b54905681dff3e56910c641a772a6bd34241be64ff9d134695c13000

    SHA512

    0d3b83dd6d2d341225fa489d5d378a2aaa35298072fad382bb435b4911f21c3a3122cff99b6ef7c801a538d88a54ee315d4b9f520c74f74cd51f940137bd0cb2

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    d6674ddf090176a01db65395f0c46398

    SHA1

    0a26bb2a52046ffceda98f3f7e19a061477d4dd4

    SHA256

    7de6771284e0a54f0229b50c45d576a5fe5f0ca54f1711cf3d9c391502b58b57

    SHA512

    a642b9217291bee364b47fdd87e4afb6de7811a6586c7d2d74d900c11cef8a6f510d12ff9b99bf27dbb01687699cba682db6619e7daea72646a7e7141ed2fa0d