60a371d20f33dd557cf8029398164ef453d91ebc42a505a691e5995f0c02cb44

Analysis

max time kernel
132s
max time network
165s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27/06/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15a58141677c130ff8959d9f4d5ee827_JaffaCakes118.apk
Size

14.4MB
MD5

15a58141677c130ff8959d9f4d5ee827
SHA1

c20745a062dbaa3285e23ef1037d32b43edfca78
SHA256

60a371d20f33dd557cf8029398164ef453d91ebc42a505a691e5995f0c02cb44
SHA512

bd84dbad9cf09698b310ec6d1d631c89784752de3ac21171d7da9e99848446e6edb170107f0620a5c253791546fb6ab8896b0a3f463f97ebc3e4fdec28c72dfa
SSDEEP

393216:uMeiGMWhZllce3fVjfb1uARO2omsIttMWott8OT+fYLL:uLingogfR1uA82omTLMBb8OT5/

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xcf45a000-0xcf78426c	4249	cn.com.dy.mm
Anonymous-DexFile@0xd0292000-0xd02be633	4249	cn.com.dy.mm

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
25	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.com.dy.mm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.com.dy.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.com.dy.mm

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	cn.com.dy.mm

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.com.dy.mm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.com.dy.mm

cn.com.dy.mm
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.com.dy.mm/.1/.config

Filesize
129B

MD5
53ae7967a3196d632caf532696685ae7

SHA1
cf85eb87a9a348a8973469048301b165f1e116fe

SHA256
e2b83ec87d436f1d7d52e0f530d8bb2678ef996199cfe919d3ae5a1c7b08a9a0

SHA512
86ea6d149b2d6238a068c7f4d0ec603af06cfc491968439b1a8662113da4ef17b6a7e28eb4cc5e0b689dc552c2a7ed059a78466edae2c0f152affec74628e649

Download Submit
/data/data/cn.com.dy.mm/.1/.suuid

Filesize
72B

MD5
dc2f3ab40d62750401aa60e66afb1ed4

SHA1
5ed917d4f5f883aed3f8612879d45c28526f9708

SHA256
8e459c22a30fa1f42748b7475d6940ef341f1f261da43b6ea57697aed4b1ebeb

SHA512
42127a327d48cdcb8135a14b6b334f0a645c00dea31ff0e152aa9fd662fa563e49be059b6d28228e96323e6f0815f38f864e2c8273aed8c6b158f161f03b4be6

Download Submit
/data/data/cn.com.dy.mm/.1/.suuid

Filesize
72B

MD5
54391ffef4bf1404915a0c4f5d6ee263

SHA1
8dd8744d284e2a6018f0319f941175c2178a346a

SHA256
ffaa2c12bb0d5fa165652c60f6be86796d974ebcf8ab1ddf313d1c031f373ffe

SHA512
b260feef9aca89e8742170f81d8adae246c9ae7fa7edcc5344c17b2e4a1c3419132081b8aa5b0f8567122be6b453186883018dc207913597ec9a197af08de2ee

Download Submit
/data/data/cn.com.dy.mm/.1/1.jar

Filesize
1.3MB

MD5
f310131b0cddcfa31467a49c0348ef1a

SHA1
c98db45b6155d097081568363a2996803f8686f0

SHA256
dbecc83b9239dc287f43dff7596792216f4b398008bd140341c3576d2bdf2f4f

SHA512
eec0271b0b692e08ff2c62a89bc352ace27a10e94c7ada9a5e34f403f4f84911cb5c229d76ab56e12f9a4f60a39ef8983d42b2684152fdbe01dd4826cb06a732

Download Submit
/data/data/cn.com.dy.mm/.1/classes.jar

Filesize
120B

MD5
63033848437fb00ae65419d8a25e5827

SHA1
aa444c485ca5e95cc15ad635dd52d678dbb98b85

SHA256
be5750f154e0e52ecdd6cb201d73daeff2178c6e524e4e9c2a50aa0d46a83e65

SHA512
981634a916f1527fe57fd840360aaf3ad9a4a26399085f889187c9af3c33672c100900ea750bf3c063cf504a66b3f3dc62b76297e6e311afda92d945612bacef

Download Submit
/data/data/cn.com.dy.mm/.2/1.jar

Filesize
83KB

MD5
58718409980ed8f39a66955a4014688a

SHA1
9342bda7fcc63bb17bcdf559fcddfc749fb04680

SHA256
c0ea190e164e79c7e51aad6ea2c6fa678f178f4c0ffbd758658eccd126a2774e

SHA512
4b5a3b7cb50ff4c4d971428c8ed6941003841a5048e4796e8751f6578e35e13ac5a2e9872f330362dfc847a2d82585b768431a563b3384019dd3b511b997b2d2

Download Submit
/data/data/cn.com.dy.mm/.x86lib/libbaiduprotect_x86

Filesize
745KB

MD5
23483bd7ade974d8cc1bdfd1d7d0673b

SHA1
bee6ae6fcdb8b2a376beb7cef74523c9a0637ce3

SHA256
19cbf6daf12c90a89a5bde664362f2f4891c90ce8705cc2530a49c65feb9f3e7

SHA512
8a747f305e7bcdc31d35f3b7a466d70c27241c99d6b6552c1e611656fdda36165a31f448358c5498f07170b44c5c0b4a382b8ee213289af963c3c82dbc7bdbc3

Download Submit
/data/data/cn.com.dy.mm/databases/.ua/ua.db

Filesize
32KB

MD5
9b44b0cfd94ddd0acb37c32b52116160

SHA1
27c9b898123970089c1db074ce0b3934bb518c17

SHA256
8e0ac79b5ad6f3642bb67a612f4c9ee2026f9995b95e289b10d77f06d2c02e4e

SHA512
2bab1704d3520812dc1f80d65a5ceae868fd0eaeaeaa89f0c12bebe736c5839a1aa164c4baecad072306c22f3e6c10e2efc6cab91b6a7f3edb405494100f0a63

Download Submit
/data/data/cn.com.dy.mm/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/cn.com.dy.mm/databases/.ua/ua.db-journal

Filesize
512B

MD5
d221b58e600e479f1bab0794f6acac70

SHA1
d431fea633a445b066ac34b16f56ddd2ed67a01c

SHA256
ec4fe276b0b75627c14cbf07f68c717a6cfd9ba52341564869632da2184b2780

SHA512
157f1b28ec673ba7328faedfcbefcb929783d8abbda6da4cac8d80ecf8f4d40b291df69db0f3b229380a0d080a948ebf7382bdc6f955698a467f36ad67ef1330

Download Submit
/data/data/cn.com.dy.mm/databases/.ua/ua.db-wal

Filesize
56KB

MD5
e2c6bd23c29b3b5d03dd7f3b31a70517

SHA1
d98d58cf62c05d0926567cc684075e2d53c9740b

SHA256
67c849eabe8dd67d50615aab768adf2028114426997382269b10b640f5578f4a

SHA512
2090e97926038c3803c15c286aaa9926d1a6762b4f92225c34e9016f87a9da47e653cb7bd2e88157a822bf4c6dd98c3b3ad8b1f2496d3dfcece43ff4592adde5

Download Submit
/data/data/cn.com.dy.mm/databases/.ua/ua.db-wal

Filesize
8KB

MD5
242a486d6900038c9f63c5c1e1bf5f9f

SHA1
e276609d57589d19ad3abe8953fc7ebb52b1e9f2

SHA256
41704b13654f40b47bbdead079a66bf40a54a272c92c4259ba8fcd72c43a2bf7

SHA512
d917edc8593fb9b90fac4f37c54f9748ba015d22ae5564e7029aca4242de527560e4f2000f0a2b4e2eec7ec6f8322eb9335dd7704503009358540a2ec5a6d9e2

Download Submit
/data/data/cn.com.dy.mm/databases/Player34-journal

Filesize
512B

MD5
dbe3464f823b7cf63db169c70d2cae05

SHA1
f470849c2143329156291401b4dc3c37e8913086

SHA256
b7b8463f3afe3618e9fedb214079a3230c9278104ce09efd13cbf5a49c5c1fbd

SHA512
a6fc04dc95b97664048c8b1e61c08127f8c14bff1d5981ec9b7fe43cb4dd46a9aeb2bf7810aa4dd1381b0a3fefefc0026140795161762613c7bf037fa2c9b746

Download Submit
/data/data/cn.com.dy.mm/databases/Player34-wal

Filesize
52KB

MD5
30abb26a7f772c29d9a305353a064cc9

SHA1
fd33264e0fd338f3b89199042911543b28cac6c9

SHA256
3c0e9a70f6a8e97eb3a33df61c578b955ddd4fa1ef3bac8fe8adfb928814b3ac

SHA512
31e0390bc4d0ce8d747cf719d5ad9be8a7f3ab2b9c22593c605dd6b1b1905b0fd933463f62d031be9b3f165fabcc811bd48dd649ae86b1a4f5936bef5816b7e9

Download Submit
/data/data/cn.com.dy.mm/databases/bxshieldh.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.com.dy.mm/databases/bxshieldh.db-journal

Filesize
512B

MD5
08a8e8492b92e428c0cb3c8e5aa65bf0

SHA1
f5a42212b5953c342b331b51a45306f0566d6806

SHA256
5d5b12fa39231632e24ce3068e81784caa039abe61d55ab8c29c9cfcf41d7206

SHA512
c1364418b42ee7c91972cbb7396db6081367e1afd9838463afd49801b46a0fe980062fc037e473529fb64a8bcd6628aa6b24e2884fb60178e3d32d12eadf1684

Download Submit
/data/data/cn.com.dy.mm/databases/bxshieldh.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.com.dy.mm/databases/bxshieldh.db-wal

Filesize
32KB

MD5
c4f92eef62a8e5c397e03d8f30e01b98

SHA1
fece414b5218546ed612453c646bad328ee742b8

SHA256
974377ec132c34eb5cad988b5ac22ff769b6dddea312d4af8f766fa96f88d604

SHA512
9b34b7b8161cbe13b73a079ceb6e79fe9b5b7bacc0d043acafd3ed9201ce66d40abe7dcd5c6ad6dd86c807c822122437a1e2c15447eee8c3c7472a455be4bf07

Download Submit
/data/data/cn.com.dy.mm/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/cn.com.dy.mm/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/cn.com.dy.mm/databases/cc/cc.db-journal

Filesize
512B

MD5
97d147b8b443a1da18d83fbc3c7184c2

SHA1
ad20be780759114dd82485b7e5bb336214a54114

SHA256
ad54babed9d36c8f9d1413af22721d1ebdbde8733a1afe4bf430b36f44b6486e

SHA512
9c1e075cffed60c2685872b2696d02c3b54d7317dcd782eda2cf5020822e0c7382306f0dcb1789d776d7760ad79873517bb4a584b06591f1be787c41aba230d9

Download Submit
/data/data/cn.com.dy.mm/databases/cc/cc.db-wal

Filesize
48KB

MD5
131455a1a2ff5bdaa711fc204d013f33

SHA1
27b71fd420dab62209e74fa5d2531786dea5d841

SHA256
cef4a31378faa23a9901ff2d217b63ffd2a902c24b2d9c1c33655854ca68504e

SHA512
4069f08612524b9efe8d12620793e116d53601ae45412b32faf1710602d40534733108426f419fe8a4dd491dd0a00fe9f2ecaa9df4c3196ea8e6a6cc9da5b303

Download Submit
/data/data/cn.com.dy.mm/databases/cc/cc.db-wal

Filesize
16KB

MD5
528d6fb11b05827288037e2dab7de8e1

SHA1
01e7e03ffd31a55b05be2b93cfa3357565b4ddcf

SHA256
6c7c3b4dc4c6511ece72145c5b177f6953cddc9d6cbfb3131424e505d6822f1b

SHA512
620be6215a7a569bf01fc22b32ba93e272ef997d6c4f98df052e964e5375b329eec3095486a5c55ff29862640976904c3d2d1507d2399344a1b31b17138b067c

Download Submit
/data/data/cn.com.dy.mm/databases/xshield_d.db-journal

Filesize
512B

MD5
b00c8ebf2bc3493c03499ea4d60442a0

SHA1
1cb21f861c0f5e004646232d7e812a0838e846aa

SHA256
f1bf77d62a80db22751d3adb1beb0fc988171efc3a3430e5a65a1de0a2429910

SHA512
dcc43c20b845d9e3755b2d89dbce8eb8821f39ac094e5f7251838cccc65c243ab3ea7100268384efccf9ba13223fb7a5eeacf8561f689acad731898fe8d08d93

Download Submit
/data/data/cn.com.dy.mm/databases/xshield_d.db-wal

Filesize
68KB

MD5
69b1e9a860009b1ae30be57c18e8f6d6

SHA1
dca68a6f15e8f3cd105feba7f0f246121871b274

SHA256
7b05f9308a6786554e77d74027b8008ddacc3b5c9dfbb04b1333144f25f86274

SHA512
8ed679fe3f69fbad7f4eb21fb56f53e2c36d1aec1300b284b3f7555eac91ebcc248eccef0f92232e71a5d66673222ae39da11024daddf1fc63fe509f4c66ee66

Download Submit
/data/data/cn.com.dy.mm/files/.imprint

Filesize
1008B

MD5
81319eea3ffe4e7888f486ae6e3e1bd1

SHA1
9961ec847cbc390863e5e627414f19db42ed3e24

SHA256
a00b40f6fadbba1b28ed974a00e1cce0959fd70008dc3aee3c9d290dd4a551ff

SHA512
b038a9c885e3a7febfe687ba44a8e6c2383912ec9c10aa242f8eb1c40484d0c28e1663fbc4993a614cf86257eba5a73a078c5282108f974c74d98fccf042fb78

Download Submit
/data/data/cn.com.dy.mm/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e9462f54c675b1bac96f371fa7c127c3

SHA1
b19c0013dfbfb50449c04e9c2a49d621e78153a7

SHA256
393d39552a827473f54806c93ef8fde406b3d41207496a22c8a454a4236a485e

SHA512
99e346f14c75528d1ddf3f2d4e8515c98e041b733c2b07680fc4a8bcacf49a5ebd190e9ea199c6fdeb42df6db3befbea0aa567ce763a12c076aa05b8e2013f1d

Download Submit
/data/data/cn.com.dy.mm/files/exid.dat

Filesize
61B

MD5
89a6260458e33fde0b85445609bbc08a

SHA1
05440d2dc2d09c7d534d0a029579fade4fb7c6e9

SHA256
f2fdf46da4a3e546643727fa8885d0216a4c3c0ca896740c9ed6546ff17b1a93

SHA512
4b981e7cea40b2ff439b714355c1bf404666b053ef7765818cca19dfd451c0d96d651802620413d17ced7f5ac782a649f39d3091ae30f08e9c4dd0dba0faa782

Download Submit
/data/data/cn.com.dy.mm/files/umeng_it.cache

Filesize
415B

MD5
a0f1f3a01e92ce3d69a661e4a278b97f

SHA1
78e9568a97571081f9613727c7bc63b79344a2e9

SHA256
ca088ec10cfb1f25e88158d285a5eab0b028956202fad6d86163756757539197

SHA512
e7afd8acaa82290efb1895859eda7edefe2a0ef60c21be6c4060a0ee44d74d0ebc42a67374253fd414855ce7f48243fbe1e87fc10edcb25bea5da1ed49f180fc

Download Submit
/data/data/cn.com.dy.mm/files/umeng_it.cache

Filesize
211B

MD5
4227e6f3ab8227f790aacdee8d41ef65

SHA1
ba1f2dbae1c79485603426943798155096f50d9a

SHA256
86524f1d0b0bd04970eff7c9d11e1d9ba77534ad48df9f4703728ab064dca21f

SHA512
36c6c35ee40b4f681e8fad796d7c2f00a27f83eec4e25395c8ec800cc79ccbe2127fad24fe55596689c0af0b0c02541092f23c65496c91bd5f378b141325d579

Download Submit
Anonymous-DexFile@0xcf45a000-0xcf78426c

Filesize
3.2MB

MD5
7b7b41449890838d81d2113f43dcd8fa

SHA1
31eef646e7670abd91d10703ee96734b06f5f4b3

SHA256
3d159137c3cf18a66e91b6db8bdb5a0961cb50eeaf8b02052976e3b479e1a74a

SHA512
a27450ea9af3f7abc55629e307958b8a329a9b5f62e134cb2d3466a97f6ed07bf21238f81f72b7ff0e5a18723cdc8c132ef9d83fa43c46cb1decbf1a4ef5d023

Download Submit
Anonymous-DexFile@0xd0292000-0xd02be633

Filesize
177KB

MD5
afdf51a8cfa844b11bc08cbd1e3b4897

SHA1
822a63f8576afe3f9041d94e19848c5b44d83041

SHA256
b75789012854c304c1335abb52b8b57043c1730ec525f314d8e132015d01b002

SHA512
5d237f00709ddba3c34d6be1f1ea5dca3c28499c4ab3e768c32298743eb005f4695f1f971ae9e0c49265dd4de3262dc2685e7f83bd4666194f62b1ccafea0ead

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads