Analysis

  • max time kernel
    160s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 09:40

General

  • Target

    bb4468daf2835386a333a10c85ee3aaa_JaffaCakes118.apk

  • Size

    15.5MB

  • MD5

    bb4468daf2835386a333a10c85ee3aaa

  • SHA1

    1fe0aaf1a56c49df543d029489ad58bc4324e487

  • SHA256

    aa6cb27d6f4f7f510fc0a9713686f601ba6aae467b0eb8898b3dddc411213010

  • SHA512

    27c8c2d676e53630ab82d66bc55f507ddd8a23b23bf3bc53a216561881658282eabd91f9df8a5fb9994eee19fa5b749dddadeecfa99b56cb96cbc3daca8c4413

  • SSDEEP

    393216:bVi3rv4Qksw48z2BCe7dM+q3DWxWkyapD1ZOCjY6M+XC/:be3FlAeC5tzcW3IDTpxMX/

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 5 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 2 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 5 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.gualala.me
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4299
  • io.rong.push
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    PID:4359
  • com.gualala.me:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4336
  • com.gualala.me:push
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4426
  • com.gualala.me:remote
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4456

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-journal

    Filesize

    512B

    MD5

    8da5821d4f0fe0cdbd404fd3b0156f59

    SHA1

    b330b5a1548f68513112075cc7920b172a5db850

    SHA256

    306f61d9d8ee986bf6d183a9a0bed0ce299ccfeef3832b3c79b254bacaabf581

    SHA512

    20f82fddaa03949e9e390d174880091253f0e43dc5c1af5ccb74ba50fee4068c2b65804a04cbd34b035df5fbea257d3c10ae05d989f2eb0795caa6e03510536a

  • /data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.gualala.me/databases/UmengLocalNotificationStore.db-wal

    Filesize

    40KB

    MD5

    ee2c481b4aefd28c940319bad12995ad

    SHA1

    f93cbd378eef61c3c27cdab7b6803d2f61032f58

    SHA256

    30cd0ddbaa331abb58e9eb0b539eabf08e7a385aa3ca6a8eb08ae5f7f9aa87a7

    SHA512

    f9e83ae13da711233c3f0e996965e2561a88cc1d27aed4ba61ae87d9735bc0a4e2b4d66cafdf6a55009867175e3e5c2f745967b3e4a3aaa2e3e059e61b11ef1d

  • /data/data/com.gualala.me/databases/aby_data.db

    Filesize

    24KB

    MD5

    60acc5ed9b5201fe1e0738321b505844

    SHA1

    de2f131311f01a1fb65ce49071c96530d8b95806

    SHA256

    d1ce374282bcd9b5ea29019580b65fe4bdf4a682699bf7febe338aa33334e6e5

    SHA512

    befd4c08a3c383ea4edcba58d3587ad3871ee903518e45ff4dc773e142442a74049224c67da0a31825fee770002586ce46e0be77bfd6cf5e279e1a60970165f7

  • /data/data/com.gualala.me/databases/aby_data.db-journal

    Filesize

    512B

    MD5

    d9478933509284cfa0bf5d8d0e733050

    SHA1

    2c50f83e03185cebb3c6fdb88d1eef56b6db92f2

    SHA256

    6944dfc0046c9eb22fd0743089e21b87ee133964a1bd909a075648faf1c6d344

    SHA512

    8dcf18e75d0b8bc26f9bb9ee5ec6f113b8eb0847f6784c086454553e376625e0cc22757656a0d16269df0b3ea43db5ab12613d74b2d938bef16c0d7c8c45049f

  • /data/data/com.gualala.me/databases/aby_data.db-wal

    Filesize

    36KB

    MD5

    59b7d1d17b0f637e2826cbe2c3362c8f

    SHA1

    363f1789ea2616d0b9df6e6aa234ffd2cb3b07ea

    SHA256

    1f7465f8505148c2cfeb0c0f988e8a44ea7f65c3b78df4423c40854f41464c52

    SHA512

    d3a7bf3f894bfc0afd6611b933066d5255300ebacbe39c6c4dc1873d42341492d4d34cdc97a93eeaa05f5002ebc2e85fc4a8be6e4ee289ee0e088d24b4e64d4f

  • /data/data/com.gualala.me/databases/rong_version-journal

    Filesize

    512B

    MD5

    99c92de405216c966b952acedf074388

    SHA1

    6b2b3d0d347ed70807e578afa9425c3907cdf24c

    SHA256

    4bcd8c52a24f657652e1fc75d3859a386d5f340993e3909fd88b09732114584e

    SHA512

    e5996ad6796af1ac31e591eaa5bb900b59361d55bbb6981e082999697bde430b5a9fe7f6cc9043c131a1f33009a5f6e5eaa60d9c222a381b47146a9f6273f098

  • /data/data/com.gualala.me/databases/rong_version-wal

    Filesize

    56KB

    MD5

    58f5791d25488655463b64cb79314723

    SHA1

    4785e1868f463589c89aa1f80e58c8acf5f8b2b1

    SHA256

    2959bf4f4bcea9349089360e12d33064dccacc690fea7b63ff924d1ffa446455

    SHA512

    2da4f2d3eb356de1405accadada8756f704d2f37f7a584556db18bd73df35a3bf7ebddc98340af734a9fa4036e3e2df0e9e93b3a3c7c2ca52e87e873b8ffb907

  • /data/data/com.gualala.me/files/.imprint

    Filesize

    897B

    MD5

    d1ee67cba7a0f10f6ff5c9e032b239f2

    SHA1

    5adea2de0249d23452cbbbca4795c17b559a4500

    SHA256

    5aba1bfa19e07316f5dc99dd8b808cd4f5daaf3129f1999e7aceea3ead67926f

    SHA512

    4b5ea959be0db893a8a40a4963b653d5a8f8314ecef9aca30cf8b898651290a2bfab35eb6983199b2f45e8753cd9631bd4bc919ffd8c2dbfd561b13e2d8f7754

  • /data/data/com.gualala.me/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    db2cce3a91cc738a539f42201a9f49c8

    SHA1

    7a6a216f11b29841fbe8631fac7b4749f4ce1b75

    SHA256

    05d13d62c92eccbee58e5320c610d58e9a0ac597920b770d8b6b9745930a8a49

    SHA512

    be23eb06d5be6e22f3eb476342d32df505d242542a1073f6c4d253750e17719072cd4e2d1f42b7a23a7f70d3e29ae7d360c00c2c39af9684734842b2cd00f424

  • /data/data/com.gualala.me/files/cfg/a/ResPack.rs

    Filesize

    525KB

    MD5

    0357e8edde36315c0e0a4f5385de625f

    SHA1

    2e6c6f15010e88dac5078f34e31a8ddf5e032f2f

    SHA256

    44764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d

    SHA512

    497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93

  • /data/data/com.gualala.me/files/cfg/a/mapstyle.sty

    Filesize

    248KB

    MD5

    35c037ded99b38e48421119e88d783b0

    SHA1

    4eb140ebb74eb1b9ae15439b4b94e2bdb0996107

    SHA256

    d0a5a3c6549ea81de24863d14edc2331ddd27a6d7e1a17c500a7db9ae7904796

    SHA512

    2606068291d5a7f8e434fbdabd28ce447e4e435bbbcc700cb16c182667cf29d76c18042f0ea018dc4ef11dd4a769977093ce291fbe11164cb1f1098b41120bbf

  • /data/data/com.gualala.me/files/cfg/a/satellitestyle.sty

    Filesize

    166KB

    MD5

    3f1348cd6165c9a66a9892565c917ca1

    SHA1

    96f0c939438c494cf3fd89246d458e92c0c7203b

    SHA256

    5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a

    SHA512

    405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

  • /data/data/com.gualala.me/files/cfg/a/trafficstyle.sty

    Filesize

    4KB

    MD5

    6a86f30539dfc9332cd235fc48fcb62c

    SHA1

    5c202003f6346edb85175b8df7c460793f5512c6

    SHA256

    34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f

    SHA512

    f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

  • /data/data/com.gualala.me/files/cfg/h/DVDirectory.cfg

    Filesize

    69KB

    MD5

    4e9eab735928758b860e48b2f9befd7b

    SHA1

    7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569

    SHA256

    1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4

    SHA512

    c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

  • /data/data/com.gualala.me/files/cfg/h/DVHotMap.cfg

    Filesize

    10KB

    MD5

    c16f5ca1517683c46e02a6b71aab3c00

    SHA1

    2d09a048d1b8d556d89d4d723947e9e234b5e59b

    SHA256

    13d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9

    SHA512

    a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b

  • /data/data/com.gualala.me/files/cfg/h/DVHotcity.cfg

    Filesize

    1KB

    MD5

    883c30365d5d377966125dd0c079debd

    SHA1

    d296ec1e3f4badb6e3e6166c1473fb55d4265761

    SHA256

    50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa

    SHA512

    00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

  • /data/data/com.gualala.me/files/cfg/h/DVVersion.cfg

    Filesize

    86B

    MD5

    e473f2520893b5788c515d49ff4bd48c

    SHA1

    2d596a2a34ecd35b91c16cd5734e497ef7111fa5

    SHA256

    aa33cbb479d7ec9d8ed3fd57b82bea4ec1b70a99bf1984ff08f6c6663fc79aa6

    SHA512

    400bd3557a88857552d80fb0c9437d4352ad9adba06d7cb1666402b3861aec4d1f35d9c5339bd69064867b65af7706461ae4c412b3986c39179e346718b27d97

  • /data/data/com.gualala.me/files/cfg/l/DVDirectory.cfg

    Filesize

    156KB

    MD5

    8a2c79efb207a11c881711c482131b0c

    SHA1

    5ec4483a92792ea82e5ab6d7e79623f5dbf342c6

    SHA256

    ed97f0e94d639722484d7deab4a57465af5b346e8ddc942684b48999e5fa4808

    SHA512

    4e38d752fd5b45259f7555953e7d5fa8bb6013f328f0dcaca863d4f6e8fe8f28519bea19ab0c6980e13222f0fb85859f021bc2ca52592ee001ba60697bee52a1

  • /data/data/com.gualala.me/files/cfg/l/DVHotMap.cfg

    Filesize

    10KB

    MD5

    89a7429dac6030d016f75b8766bb4209

    SHA1

    af7cd6e93bed8cc2cc7147a58cdf46177a963fd7

    SHA256

    82acb0fa13cf41b516bd5536519f8122f463247fd2aa3138a44cc71181b0eded

    SHA512

    fd167d38070572f310af90f43f4e849078b36c633d78ca93cd5194660d5ebdedf432eb454f9894888f4d00688675a4dc7e7935534362a20e69d2ded5c4748250

  • /data/data/com.gualala.me/files/cfg/l/DVHotcity.cfg

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.gualala.me/files/cfg/l/DVVersion.cfg

    Filesize

    127B

    MD5

    d54b7b380a5ff46c78283013a07d8e0f

    SHA1

    f697c5f7028ba2679a96d6bc5291c38ff96d7982

    SHA256

    c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c

    SHA512

    ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

  • /data/data/com.gualala.me/files/lldt/firll.dat

    Filesize

    76B

    MD5

    b6dc59027da5acb97826a82a3691ec07

    SHA1

    7973051f15940595469f5c0f84a740307c9d338e

    SHA256

    08202d2a4815a0a737e832bd35468d897c5962b75d2bda30da414b1e259c1c23

    SHA512

    f4f07484ab1cb47a4f53c80461c9599af0b76205ba9d41dfbcfa65182d87751d5a7a1ef91844332b195ec850794c4e6955d87be68f1e9484c98f96e97cd01a87

  • /data/data/com.gualala.me/files/ofld/ofl_location.db-journal

    Filesize

    512B

    MD5

    d26a173e0a2bfe41dd225a9c6e7f3d09

    SHA1

    c3efeb02d80fc8441798418884bb6f336e7dcdfe

    SHA256

    edad14a6f7754bf4cb41398c8dc0fb37d5e74475682609be09ffaeeaffbf724e

    SHA512

    3abc97e558a22b06c85b878a18d32ccba0a1f3c02c1f5316abe1dbbc24261be1c300fabe940694225a8242db2b7c840089c665c9e799104bd726d21a75181d2a

  • /data/data/com.gualala.me/files/ofld/ofl_location.db-wal

    Filesize

    48KB

    MD5

    2e8f0b570190bb97d6ec9f7677017721

    SHA1

    5034ada56715a1b8efae7608b70f0eda3ba12e69

    SHA256

    aabcd455fb21f840323d0f804a11f20c57b0d8093efb78162181a9bf33e5dcd8

    SHA512

    334bd96308f484f46a9715fc93c15181083314d99e27f036f1b6a7f1d1c2ffd7f4f06b536c946161f76eff4996341f4dac1d7708623dce3b136c9860c6d1e810

  • /data/data/com.gualala.me/files/umeng_it.cache

    Filesize

    310B

    MD5

    029b4505583bf9af52748c320f9bbad0

    SHA1

    c0e4c2299d9d266c5781477d247dfada41c7dbc5

    SHA256

    b36b83f28e1cc8af0b0a9bce60b95a5309dac5f09eaf53566f6b49a639843846

    SHA512

    767045b3194d07ba57844019938f1c993421e99eca6a849fd92c72cc3235a7130918b3cb4f7019fde74db3c5cbff184c9304bb88caa134150b240728cda9d9d0

  • /data/data/com.gualala.me/files/umeng_it.cache

    Filesize

    158B

    MD5

    3d5abc43c89f6723cc27a92f1dfd9a46

    SHA1

    acf50d1bb0b59e78bacf9e1ac143b072df3e2f46

    SHA256

    fa67d30f6ffe35849bd8daf177231a93e1812d8ea20341e02f24fc561b9458d5

    SHA512

    9bac95de2cd3e574c813ff00b3a9c187bfe7a6911540c773723107d91263b3423f4daa5690104469b34ba44153ed2736f31ba32613bb8e83c7b6cbb27905d9e0

  • /data/data/com.gualala.me/files/ver.dat

    Filesize

    52KB

    MD5

    55ab1d1e436e073bd6f7b21db35eaa36

    SHA1

    e39c9baa0d41520426a9b2e71eb112ff7e6cd989

    SHA256

    6cbca130459b4c245c9a54be226a1013ded1fe4f2f82eb495cfe6df0163ff041

    SHA512

    67228b2977fd344e1a69d99acde9170c365540795215b3c168106f7ec2d02a46894011cb9487970f34a3a6bcfe1fff6927505fb72701cad453ce37b4c5992fc8

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    28KB

    MD5

    66478214ef89f0170b4d4f2bef235d77

    SHA1

    0ffd9cab8bd652e814134ef7bba609af71aa7515

    SHA256

    a65ced3d8b15832eeb80fbc702f1d9705fe3f35df0ac76da6bd0e828bee79902

    SHA512

    44cad934e3077473340c9e25b3554ab51a9230d512a3660c5b35e3bb471b1fcd4fa86d4c2af17847d4d586071ba139bd72902d4c0a68e3f897ecdd137106c2a2

  • /storage/emulated/0/Android/data/com.gualala.me/cache/kit/journal.tmp

    Filesize

    4KB

    MD5

    f5ae32aa1d107b065c2b758b7d8cc54e

    SHA1

    6f4c6201365aab1b4d6c1a1669213db716eaa1c1

    SHA256

    d96bd17a72f054221436b1e049350c1a11ad752a4e2dda89019394efd248979a

    SHA512

    35f7148afc30d4766733709af5daafe22c32039f358d2ef24cb9a1462e960141153ae95905b0516a15eb04c6f380445a52c381a0883e8f591f0711f3b7c6a6ea

  • /storage/emulated/0/Android/data/com.gualala.me/files/baidu/tempdata/yoh.dat

    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

  • /storage/emulated/0/Android/data/com.gualala.me/files/baidu/tempdata/yom.dat

    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

  • /storage/emulated/0/baidu/.cuid

    Filesize

    89B

    MD5

    7b8296176f8f75cf0f8617692e090558

    SHA1

    53f448776a9d2571fd946939a404677e9a394468

    SHA256

    c6654736cfe071a4e8e22b3abda4a88edcaf756d27cb38c36954aea5f1bacb4d

    SHA512

    38661b6d87f3ba30b0f028bec8b0a4a6360318021a1a854c0e103707cb7ee6aa83b958c0bcc0773fe2c9d7057c20987a9190235f222724ca2e61cfdf313c672d

  • /storage/emulated/0/baidu/tempdata/lcvif.dat

    Filesize

    96B

    MD5

    c90ea076cbe57807bb54e971d1647f6f

    SHA1

    3f376bf2a9dafe96bae2a2a960b3606e0bde6de2

    SHA256

    2ab3f17f3eef6e061d9e9fd672ddbb8247e8630057037aaaefc8d81aed1e2e5e

    SHA512

    2b47f168aef128294a66f8a18fa65d24e46dd881b8c0bebc1563edbe8b5bfac67e146d33f27e38bd812ac946f3a6379b91509f97f2ed5bb729cd7a8e10524472