96bd074e7419397c0380bc861993332a13d2247c42f10386c4315164c2e7a59f

Analysis

max time kernel
125s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21/08/2024, 01:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b1b3aea561993b34b0d7a60f6a53a29d_JaffaCakes118.apk
Size

12.3MB
MD5

b1b3aea561993b34b0d7a60f6a53a29d
SHA1

c14ffad9228714388a1b9f05b846d6bda8817b0c
SHA256

96bd074e7419397c0380bc861993332a13d2247c42f10386c4315164c2e7a59f
SHA512

1f3188e45d3bf9ace8066e8673b09fa0a854cc38e3f70365fd10a4b76c3ea601885456463b65a93242cb2b7a76f8f5049969b9bffaa3f85f092245c7fe8d9698
SSDEEP

196608:twCrcGaDWeGSQ44iGMLq44ZMEBVl7mpwmAEWB61yy75qR4WdjyWCQxfZ3FFpwN+T:xrcGnD3ywmAh6bA4ujHhbaK

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hsdzsc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.hsdzsc:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.unionapp.hsdzsc

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
10	alog.umeng.com

Queries information about active data network 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.hsdzsc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.hsdzsc:ipc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.unionapp.hsdzsc

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hsdzsc
Framework service call	android.app.IActivityManager.registerReceiver	org.unionapp.hsdzsc:ipc

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.hsdzsc

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	org.unionapp.hsdzsc

org.unionapp.hsdzsc
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4246

org.unionapp.hsdzsc:ipc
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4279

io.rong.push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.hsdzsc/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/org.unionapp.hsdzsc/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/org.unionapp.hsdzsc/databases/cc/cc.db-journal

Filesize
512B

MD5
bc1c0b59434a1006f2c6b7ed11c244af

SHA1
61c48837d195291c758318b9579dff36cd9446af

SHA256
f0bf1de118e42e33a78acd77e51171885a6f42a7d54750e4143bfbe170c0be99

SHA512
216d7e5310c4d6e27932fc6a8374ee9c84548ecafed1f14d5ed8c79a20d1f17e25d81040da3bd65108f7d1b35392e0017abf1b0f223de45ac426817a0d1fe414

Download Submit
/data/data/org.unionapp.hsdzsc/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.unionapp.hsdzsc/databases/cc/cc.db-wal

Filesize
16KB

MD5
256a851fdf13ef1a194e3dd34c316ab4

SHA1
4614f15c276449ba92bd477ae431319ba08ec4d4

SHA256
032e998a03fc60a833d5d08b298e5477ef2297ceb32a02db8e3e3a27f385d035

SHA512
edaed52054ec52d279e52094175529cbe7436cd62360694a7e7fea57889db8a444c3caf0fe8430424aecd7a23c5fc333beec83beabba55639ca1b9f9fd5a68f4

Download Submit
/data/data/org.unionapp.hsdzsc/databases/cc/cc.db-wal

Filesize
48KB

MD5
f1382dfb219b20aaf5eb4d899bd9f603

SHA1
b8d0bcc8427dec99239e9f3dc7594a15d660ed0e

SHA256
ff4c3ab268aaa6b06b972aeb43d41bb1389ac19da8601b3d786f9d2c7d2f47f0

SHA512
75da6e834f35d17cc6c7a4e78a8ad8803fd6068fc5236f02398cfe3aed80c5844076661cd32927e3f9ab1099d8096ee600a1152984fa0981c2e10162ff7fa38b

Download Submit
/data/data/org.unionapp.hsdzsc/files/.um/um_cache_1724205447171.env

Filesize
1KB

MD5
1779f415d000d27d1794d84a83d138e6

SHA1
62ddf4f82ed28cb9a45db50d5bae514f084e19e5

SHA256
b7a475f284f86b30244298a2be5cbedef9e96293fe9d5a0e5862e32ce6e6aec7

SHA512
9ed29950f4b41e32ee8da35e6c0e4d6a4cd736f7decce3c2ddb1cfda8e06d4e4f8a6d0fa44aae073ea97697740766837d00294704d379c8554b22087d47786a7

Download Submit
/data/data/org.unionapp.hsdzsc/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
487610f6ddf80cf40ca2a18be0667421

SHA1
7a574ceb05b9226b0fab948b826ed026b966afac

SHA256
c5e6a40917a4d981e8f8cebe382ff28ac3f131dc04bf8e9d5bb6fdc6871a5e5b

SHA512
bf5381c34dd3485edd34c8a457a84a8ced950447c7d929c421bd66955f933de70b7f57b642de088a450c7f635a4b5555ead989eb8849b95a44722bae368a87d7

Download Submit
/data/data/org.unionapp.hsdzsc/files/exid.dat

Filesize
57B

MD5
a298dc01bfa27abb337289c0d64fa5b8

SHA1
8c9ecc4aa99246494223fe859378eb08476f7abe

SHA256
ca6697607c76fd0f6d6a106bd7ff63db739c99fa474ca1a6ce6da6e8329cc01d

SHA512
f243cafbb051a6b94f122d35ca3e8309ba570cbb1124921a723b0c66fd6d2b7322aadb038badad261e3715c71a45c4888d79329a5946470217f7ab495549ea89

Download Submit
/data/data/org.unionapp.hsdzsc/files/umeng_it.cache

Filesize
498B

MD5
f7b339a601cebe53aa15db772be34b9c

SHA1
d062decd1ec4654c8925f513efc91188b6c3712e

SHA256
ae95a6fa3f3d799f5e81cf6314499ec420d3794eacbc86cdfe631a4a4574426c

SHA512
9250396eedf716062fa8d47e997bb12ff3645382afb04b9245c50e34c50357ab2fe4b7cca05327150b55d9936cce922d22a771b0a001c9d7ad9efc662915c117

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
817f0456d3fa877372b40bbf6701dd13

SHA1
2d475a7e228586c3b52ce7da581e503d778eb149

SHA256
fe27b7606aeaf31f4bb27942de55cdd81ac1306048e3fc388a3e732c0f773a58

SHA512
6c88bf4f406bff89bfb29c3ca3a0232255776447a8c2c941fd4908e87989e112ca966b902caab2dbf866d0978046f31ec2e48779df6fd7065b798eb2dc8b29f2

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
b0c0f89ad30b46d12f5db8b8196fc440

SHA1
7008c87d9409dc63848a57e62a061e421a1cdf71

SHA256
47d953774f972651089fb24fae34be9aeb40f835d1d8150c8a6d726267a7ec79

SHA512
1af439c1e5b293881522f7eaf95adf125a17118e3900254b550d1adad173c52a9bc801484abcb4d182056ce00c28b61777d25d9ae3014323c75dce4f2646d2f5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
a775c9080dd71575951df5edf51ed4f8

SHA1
ddababe530a21709661949f58e78607443099fb8

SHA256
6bb0ebea43232566266f4e7f8655c1fa7ff4e07227dd443641290e130a8220bc

SHA512
0346662452953034af795b9e3f133627587f2f66e34cf42e8b9b172d93c4e6dc849bef17d0acb9f5694f446ae0b7402f275c53ac3b6e7a1fd6e5af39095d2557

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
b7279734c23922310d88f6aefa024cd3

SHA1
e2d40cad704bbc166cb10712c50335edc4f05c5c

SHA256
6ded288303aaacfc17e69c2690dcc07918e7c96b5f1014bfc34b93f1b2dacde2

SHA512
6bbce924963fc6cb759d50fe60129f12938bc16a8d88e4faa5ee6da5861b32f735fbce8cf09d83958ec5955ef4b15cacddeffb1ab9d268e78b92695b9485d466

Download Submit
/storage/emulated/0/org.unionapp.hsdzsc/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads