Analysis
-
max time kernel
121s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 10:13
Static task
static1
Behavioral task
behavioral1
Sample
bb65ec0b08cb4b018309c13ff33fa52a_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
bb65ec0b08cb4b018309c13ff33fa52a_JaffaCakes118.apk
-
Size
18.1MB
-
MD5
bb65ec0b08cb4b018309c13ff33fa52a
-
SHA1
e85673ff1719e21232b2f1ab6bb34c91497cc964
-
SHA256
8c60bca36e47d470936bb5a245f93ddc3a5130a4f39e59340ef007d4ed63dd01
-
SHA512
4722b9d558e2721a8034af7245faaea61f48e7f8110d406bdd215a96fdbb95667f20049c29275759a8040c81014dd0dbff7ff6838e883ae76058d331c6dbc508
-
SSDEEP
393216:xgidZndnDI/KgHjqGKRdEuxg+A+cos16/1BA:x/NVk/KgHXK3Tqh1+W
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ruanyuyin.main:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.ruanyuyin.main:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ruanyuyin.main -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.ruanyuyin.main Framework service call android.net.wifi.IWifiManager.getScanResults com.ruanyuyin.main:remote -
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ruanyuyin.main:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ruanyuyin.main -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 10 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.ruanyuyin.main -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ruanyuyin.main Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ruanyuyin.main:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ruanyuyin.main:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ruanyuyin.main Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ruanyuyin.main:remote -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.ruanyuyin.main:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ruanyuyin.main Framework service call android.app.IActivityManager.registerReceiver com.ruanyuyin.main:pushservice Framework service call android.app.IActivityManager.registerReceiver com.ruanyuyin.main:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.ruanyuyin.main Framework API call javax.crypto.Cipher.doFinal com.ruanyuyin.main:pushservice Framework API call javax.crypto.Cipher.doFinal com.ruanyuyin.main:remote -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.ruanyuyin.main
Processes
-
com.ruanyuyin.main1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4182
-
com.ruanyuyin.main:pushservice1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4241
-
com.ruanyuyin.main:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
36KB
MD5fd348517c53cc0123970ce8e62ef4e7c
SHA18bc6f0795a1760379c4798f7ba42dc205e5d7268
SHA256228f6e9064a054413346021406992e4b7986c0ba194e0d8e05952073de5b811d
SHA512424dbb895a064bec378dcbc99227166721c51cf416ac2d5edc522725d281895977af66b530fbf4e142f41ec30422748c5a239ebd859dba34143447b6fc67a94a
-
Filesize
173KB
MD53e6691a26a1076520c3a52dc6881fb77
SHA115beee4548e3550513bbd950a7d0d4eb51cec32c
SHA2564ce7a652bf0f093a87e66f8edbec5616ffa988956443e8ab53ec6a693e38509d
SHA5128771e8680751ac54da77024f74acdf3d7c3295b87c32675245b5e44ff56805e5c9b7c41fab7b2a9b7af6cffdad0d1288b7f486e2fb667e39c5a9e646bea2e9c0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5a2421974626e7bf6b981f29502c1fe7b
SHA1f1423cc0004ff1dd4e0b16a2745eae4a0cc476ab
SHA256f15a052d7fd5aed22a5318b03768e30c69465ed6d75e1df2baee2716fb468b0a
SHA512c38451f280a43fa8d3987611d95cef60653f64b876985066826ea72627077ebdead92e87ec84600ff1590ff23dc9c899997ea2d6f7cab22d911aa924430bfd77
-
Filesize
48KB
MD5738ae1c2d8acee07cc14753e7702e52e
SHA1bb365b941233aadfb699257ca0ab76f16161f2c4
SHA25685029e29df27f1545f085a2e4c04ba978d22b376b12a50addd6b4d5500004dd3
SHA512a305131b97f41c880d8d722f12cfcff04d210b1c3553d4466c05ccfaaf056755220e290eae64ba3898c9af260d4fc1386a9f7c6d025d10892104ae0f0f6a7ad7
-
Filesize
24KB
MD509f96b7c746820d1eb30ca37c1eb40ab
SHA1244caddb7562d43da1d286d7660cf6512004bf79
SHA2561de9f1d969afef044e86288f6960cdd9ebdaa00317583d6d62e1d5c9e63647fe
SHA512b745961309e2cff7a1392faee120e042f6e589e045e085899bb97d889beeae45dede92c4807cd232796e9244699b4c72a529ef10b0a7e098ed26e74ddc6af720
-
Filesize
512B
MD5b5c3c86b32649e85cab37fef576146ee
SHA193125a00150143de76eae9f4c1f2bd51ba99e8b0
SHA256bd91c64172b0d6a68d85035018444a4ef9bc94e39c4946b16bbfda5d3385fea3
SHA512dc3e44f3a56f36e82fb8aaeb4d7be07d44fc3e4b6a49adf7850829f943e383a1fabbed1ab40dabeab0578dc91ce5d8d4dd0941834e5f5ad037763f186b26c26c
-
Filesize
32KB
MD5acb82c6e8767489538da2a0fb1140582
SHA162debe510f2d672adfb21fc4a0d357d1cb854472
SHA2569f49e73df6ee4961279880914ba4b1f92d673a3d74703ac98e065bc069b1fe12
SHA512bf1853f7d720c0d8fb68ebba522dfe8534fb89154dd09e41e1f3269e92214932c363e258a9a7685502cee1329208b512e89854f1c7eb98281a49aa92533899a0
-
Filesize
36KB
MD5260cd12614f1b95a31e9701cb1bef7e9
SHA1f325c76239e771b18bb9e438553afe7a9b2bb8a8
SHA256e997e8c9c54e7e9f7d129df9975f8f8e1174c6ef33901dcbc2ccf55a090c174f
SHA512fca10397a6d485c41c0b910225810fae9e6912bc5821ae6e2395ecb909f80fc62b90370844efb2d3b47c0ca8f6ed9180c28a8f253694db72e70259dc033774c9
-
Filesize
32KB
MD59ed0ae915e4d5658273eb58bce01c23b
SHA1ba1bb4ea79d1a1ace32895c21bac8d4ddf81fcff
SHA2565450325cd6195d7e2181f6cfcbcb42f89a70cc2a1fd4b1516ec6ace29a6c1971
SHA512df989056a603c9e23901a61f22865f80621393b7af13bd7686d99543e215892d986af016acdbc69a021833ea90320bc7507be127c0ba264cb97c2828256a1bbe
-
Filesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
Filesize
512B
MD5776d85341b55c116ace8fb38c4f4cd05
SHA114206238d756537f4ae6b1bad077ca0ae08e7d4a
SHA256498c61666ec7b0168ec34fe65c6b036541a9de5fd0f232abbc85cd9438b7322a
SHA5120f840b59b68033385853ce8a2dcb043d118793d994544ceb31acd937fcc2b1317977a1ff0533c0662bb4a4791c00f548af1eb920c927e04cda1efeb477a65d1f
-
Filesize
32KB
MD5120d5e5e082e13a8ff4efcf7911cbf39
SHA195d6c99abef4852b3cd932474e1b680b6d9c72b9
SHA256dfa05cf3aeda884822ac09ec2db519de0a36a75a24af5a930ac11297d97a008b
SHA5127e9956931fba988f8bd5a4a70b35203119539053fd49af934906cb381ac4c115e1bfd75d53e47227d35596944a682d3d2b44b2ee41332810c5bcabcec52d6b43
-
Filesize
56KB
MD5924bf0f2e4cd60e0bc2935a1c2b38559
SHA1a67a30daa1d31008fef0b257a4d7baae4e2ebb62
SHA256c3ba3042a1df3b7fc411cd07190e41aaf63d80518f1d8654beb53ef4de38f121
SHA5120d8e9a76e1c2a6f8d92c63beb43a1c3b467dadf26c5089947b6dc2fc51943604a06117421e12cfa5f23e4db23796c9886f735ce59368412bd0f46cd696231ee6
-
Filesize
8KB
MD50ac5e96ddf9febe83c9cc8711a089ac1
SHA13cf55a23e1cb6e298dcc5bac50e7b940ee11ea16
SHA256ba66d338a8830411db0fb3d11ae1dbb57283d7443eb37bb9fa9c35b38e8ac924
SHA512b2cbc6063b540ef12f828cc701cf045f05625739a9ae9d45890036d02b677294377d2dd81e8afe40f80d83c0ecf11d0b3fe54527f03cc8e1022a0f25d6a3d10b
-
Filesize
1020B
MD5fba2d71a821c82d99e1ca1cf19ac9857
SHA1aed6a66d0de0da5058486705acdf2d5341bb9631
SHA2565252225492edb28110427c528c87f21bf8ea5352a15893cea7ca47b12ac21ec1
SHA512615f7c912d6494c0623a5885a315048e4d82fe95ce892f5e20ceb27477d76bd94d0fe434edde624bdfbbc1d48d6fbeb646f90e2a3605c0dfd29bb98534c73131
-
Filesize
162B
MD53846f10997c74ee4acad6c32d9f2cfc0
SHA1518445ab5f6ab1531c4f29d7e6fcfcb8e2eb12ac
SHA256ba3bc5f69deac9e01445514fdc53cd9223d95f52710bc923e0ee41c41c895ed3
SHA5123329dbfded07697bf9198015ab401e3a19d3dfb04ffa6de22fe130703a481af043e76098bd0e62583a9a63bb3bca529641544f4bee92c63e8103751963e95e96
-
Filesize
67B
MD5057d40b8dfd71dfdffa73a181023daf6
SHA19fa0e297ddbdded0166ea5c05d2af35d8d3c56fb
SHA2563c330bcf924993c1b482ec5bfe4e176c912542cc78df336be1c6cf7741b24c5c
SHA512782bad128f8ed714b60148d00e61c91d270f24a5dbdbfe6917c3b483f053b00473186bf10b22c2113b400a72b36cd1836a98d2c31b730635a800e483e63bb68d
-
Filesize
129B
MD5994575e44d5fd138d8894867e47c46e5
SHA101a185cc884b79c3aed43d88b41b97d9cc35dae7
SHA256be2daf19c8e9b23b30c04c46d86ea6df212878a7bd4defb9abbc86372b6cce6d
SHA5128ac1cde56c5f950f51284c449debfb073d0202402681cae2e56cbda47641edb80a5e7a347979d92e22bcc4b44e2bc08bf1c948ca84c2b1f66cc3308363ca71cc
-
Filesize
206B
MD54a1db69fbb187cecac55d43794ac466f
SHA10489ace46c3f3b369fe84ed638e40ba5d3cbcafa
SHA2560d190841258bc9ee544350812847d18a20b79041ff68ff0801d0c95b01306e5f
SHA512adffa9fc1c2fd9e284a56c45fb45f8463a32e02c6925e56ada39c8308507f357599c7220a809467a9b0b798abd16ade51fdf50f8738e986f1d7797e75ea2623e
-
Filesize
415B
MD5b0d4c0f5da3e955ed3aa5dcc69bcd5ca
SHA123f54c1e6b7570504613317dd96c234f029085ab
SHA256e04e75a4c49e7371e88234311f1eff07faa2027936ca55087957773aed8d98e6
SHA5126688cbb48ec6e55d572594e4c4b49056e972a902ddce1b5e37868e6a62dc88a7a4233ccd13bb8f036b671e7fba9657748ed382a1105f4b5462399714f045cf68
-
Filesize
211B
MD50784d22f736f761c23a78c098dc4f298
SHA1450f319aa1684dbfd8dda6aa2afb2777f800d5a6
SHA256a38df318c26c2b6e8c2a0e48adc321eeb449dc828c2b6dd587cc1e70190e9942
SHA512ced19911f77aec9743104d7529bec4d0b02ddc348f6a2b9aa79723b4935cb54b3db0d7c1dee982f6b2361e7b9c63d166e0d091d1f79eb7dab043737fd376a79a
-
/storage/emulated/0/Android/data/com.ruanyuyin.main/1109171220115678#niwoyuewan/core_log/easemob.log
Filesize4KB
MD5366826530a07ef7a4556b567c219bf92
SHA1de4126295e8fe794bcd10e506e1f6fb57fad7497
SHA25656ae4e9700b4e84adc1a44185923a223605c13d23089a8c14b5bfb935c8fc88f
SHA5127aa1e987ebf501a1d580b27e642fb976cd036c3921328b9228bfcae3c57543640e005789f8a8caf38b9588fa7c340481b93e589710041b80cb81dc3c82798f38
-
Filesize
49B
MD589df24197017d6f039a592f85391a772
SHA1e9887aee6ab8b98bd358b1ea682e8db56bb46ab1
SHA2560c0f76ca138384cc0e425118c3b683d439789e9f60a78e049ee68baccbb38b4f
SHA51267c1d0d3dac09100dcbbeefcdca272534427cc1c287710ff688e272caecbf7537b35fcd976d6ebc5d52c43318cb0257ade98c8a70432de813d435e431b20c217