d2510f1e716c596dc74c9916f7054ed185fffea956b40faac0ba3ccb960f7afe

Analysis

max time kernel
145s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21-09-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efc04ade17b84a4bc1f48e548ca58e3c_JaffaCakes118.apk
Size

31.8MB
MD5

efc04ade17b84a4bc1f48e548ca58e3c
SHA1

aaee98274a1b62e345d12d383f5a82d795f3725f
SHA256

d2510f1e716c596dc74c9916f7054ed185fffea956b40faac0ba3ccb960f7afe
SHA512

729d256fa9dd76753009c5f066317a73dece23a905ad9bd184291de9faabd03a8fd541f4ec3b98709e8b3b6cc1994b54afd1029bb2eb5b8deeafcde141a5ceb2
SSDEEP

786432:Ui/yvZ3ERQTw9mYMDqf1UXDKeWPQye0x8muybkTP:Ui/yvZnw9mYgTKNP3qP

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xingjiabi.shengsheng:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xingjiabi.shengsheng
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xingjiabi.shengsheng:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.xingjiabi.shengsheng

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
17	alog.umeng.com

Queries information about active data network 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xingjiabi.shengsheng:ipc
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xingjiabi.shengsheng:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xingjiabi.shengsheng

Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.rong.push
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xingjiabi.shengsheng:pushservice
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xingjiabi.shengsheng
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xingjiabi.shengsheng:ipc

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xingjiabi.shengsheng
Framework service call	android.app.IActivityManager.registerReceiver	com.xingjiabi.shengsheng:ipc
Framework service call	android.app.IActivityManager.registerReceiver	io.rong.push
Framework service call	android.app.IActivityManager.registerReceiver	com.xingjiabi.shengsheng:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xingjiabi.shengsheng:pushservice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xingjiabi.shengsheng

com.xingjiabi.shengsheng
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4253

io.rong.push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4318

com.xingjiabi.shengsheng:ipc
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4291

com.xingjiabi.shengsheng:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4341

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xingjiabi.shengsheng/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/cc/cc.db-journal

Filesize
512B

MD5
79111f33c95837d75c1d2751d8837f59

SHA1
4c4966570f02d2564f68c20f4f190d1ecc807e78

SHA256
32ebf99917ef654b59dc73feb169b32a6cd20be42586bbce620a2cd7e8b392f3

SHA512
1d4c27d428b4053098bb62e940bc34475b6a944acfca5e97230203d05616246dd0fa47a248100f4084650d39659dcb6fce910f2a211d3013805ec81eccea9efb

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/cc/cc.db-wal

Filesize
48KB

MD5
3f238204d6ad43f5167c98285b14de84

SHA1
8fb22b9d6b0a014c0b1becd89d43e9415e3de23b

SHA256
ebc56b40dcde4b1fb2cb94335b422021c342a5934581dd006e543eed39242365

SHA512
14f22b57487c887c0833d6b7e534983f009fd27d7819cd05d848eefd791cc4ae410ca93fe9c7aa3f6978b20c65c0a86ebb05a1b515429efe2b683c40c21511f4

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/cc/cc.db-wal

Filesize
16KB

MD5
60860aa497712cc7c34ce1b0c016cd89

SHA1
2ce246fbc200d5a01198e38eb0bc3ee432edf92f

SHA256
a4e028b619264300e768225da364b5ffebbda0dbb39512fc52e9fd33d5756c9b

SHA512
9ba4bf5cc3c6d32a1a90e67547a5613d9a816089eeb3897aedf9b5193dc1a66402b599f3882e0b25170c99713a96b52dd6a066ceec221070ac4096ddd663c3cf

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/touchActive.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/touchActive.db-journal

Filesize
512B

MD5
de765ab5b66eb30dba070c181bded41b

SHA1
9868e26ee0103ac59be502d40040ce5a8bf13d43

SHA256
a7401d1c0e8815c7c9da3a9e16b35fbcdcf0aa7e9f9f0366e53a9d70ddbf48f3

SHA512
6813a52fdf0f8eea8c60c0ef3010a4b01a7c6854b58ef20c092337ecc8a3595f5141e301e6e022e61e87cc25fe50287e7373e4b95c9ee372e0d4c77232bf4006

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/touchActive.db-shm

Filesize
32KB

MD5
ba9a11828c318c281858c70db4c7fd49

SHA1
63255bb3c2631b3d84cef278a9b99098eac51b62

SHA256
2f2659e45f226e1be37344a91143a27bc93a5f5c5225b58a04cfeaad5baed054

SHA512
f76242d69d5301e99e53a00d537bdfb46b3aa75477184abef59f8aa3aced6e157ec86610e8189d087ecc476f4403ffbb2d18294aca0531f650546f4300279781

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/touchActive.db-wal

Filesize
32KB

MD5
76b0f059dc4cf28d0f7a12324e63a479

SHA1
99531f6ba3ecf2459bd9af2d80d153d10af41a5f

SHA256
55d15f91980a14f03f2aa4049f64ebea5b0ddf450952ed7beef871d49dc44cd3

SHA512
38dd413301028408bc3b588ad9502abf54944862ee1d1affa9d5a825a5e1f096f679c05c28b913a6139ed6159fe9d3b4e7fe68d3a03f6eb26bc03a337d22ba43

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbregion.db

Filesize
5KB

MD5
ee79970bf83cede9c9cf292900c37f00

SHA1
6b0fee8c6af05ca1a536d52585fb5a838631a1e0

SHA256
66f95733583d7217b48d4f6af31a11adf0a62e0d3c820d870fce5cad930268f1

SHA512
c6d28202f1e8758e0d148f77d63e0e6d526ae2621a2c4bd96e943c4ec0ce625aba8e027a8726ce5c3cc46f0790111217128768c334d6991217ed7aa76470063d

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbregion.db

Filesize
144KB

MD5
46fc221a609be4abd28da554c9461eb2

SHA1
d01ad4f37255fb335645fb47019b3627dea97eaf

SHA256
d1420097dfbb71c7afcdd9f37a9f96cf2683527a466e94f4d26678600cf07dd5

SHA512
edad3d6c8857b1ebb295ebf3f6af36cec63840db1c192d511fc362d7abfb1e21f4d447c20dc5d5350d9f7ddd1b56a697153bafe1c5e9da8d19c51b61b815f225

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbregion.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbregion.db-wal

Filesize
173KB

MD5
6b6b4e6c49aa70d9e2720842fbce3587

SHA1
3014236c9c7ba0b2d8eb2534b96792e1adf092b6

SHA256
efa90f71128ff05984823661b95d0235f33808143e67f36a51806e50ea4af2e2

SHA512
9fbad296a9986e124339e83580a765eb4981517f5b2477dbe747b446883383a298c34436606878f6e2628b49e94d74f5c64242712866d0a39a166b0d0f78381d

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstartad.db-journal

Filesize
512B

MD5
48c37fbb8ef4c30cd03d96cf4929eee9

SHA1
9096cb86e724e9a72bf42eec2fa84f1ab9b377c7

SHA256
bbb16e92b7e215c6132d2321971d3a6ce0a1c9322488560728d55d344a56f0eb

SHA512
7e47cd8cd135ea25f9fe93e65ac1ca1cdf35db13e81d784b40397931a699d770980c1bdc6e0bd7d8c55c4725034991c3b82c142b9c1181593128f6db91e5a6d9

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstartad.db-shm

Filesize
32KB

MD5
ba57d7bf381e7abbb6a77e6efbed70d6

SHA1
5b415c8fec26c1df9fc6623fb6a9274902334df8

SHA256
7d51d26da7cc1c606cf444bac2b3b0b51f5f364ee5643de1abfd5578dbf0cb53

SHA512
9777bcba66d3e0e375f78d4bbdcf8f9c9356f7be86ea8ad2047175ecb132f39021ca8545fa4eb2da639628be1972c3d2e5a9e74e4c3ef86a34bfc8af21e160fd

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstartad.db-wal

Filesize
32KB

MD5
352b8f436d817c8e5accd4214fde37b3

SHA1
a672ca75bcdf3d5d182f1b96f18105d6601174c0

SHA256
2406908072013504d80dc585835cbb14d0a6e8b07744fd719c9f1fcf50e8a9ee

SHA512
c22ddc12546f6c33b884747e0fb234085cc1f096301afbd62458f2c69261fa710ea27fbf1df2510e1b97ef7c1cd1f9b9889f2144f07bb91433167794bf018fde

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstatcube.db

Filesize
4KB

MD5
e82f3c5acb0a829983c45a11b4fceb65

SHA1
066653ba58ac959376037b95f0997f733668cbbe

SHA256
f387e2d5173a920a167d433f36c53f76017a4df81f6b97daa4d63197622aa72e

SHA512
743be978fe0c9d24c2db0529a6949e8fa6cf66f68d8c3042ab1d8fcaa18f0cc007e8d24b27bf28f52307caa95f7d7111498caa7f04f7886834987aa565aaec28

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstatcube.db-journal

Filesize
512B

MD5
1e5021f257a3dad0b10591bd2199de07

SHA1
08e25a7a0ab423127864d49d3dfe2516391247d4

SHA256
353d6789923806251cefa14b866e770e9149c767c521350c74e92ffa5cad97b3

SHA512
a771feee53c8cbd9484f444b95b55827459d37100e7fb6474a3ccbc000c65f0f8e3930495dead574ccd22e11c3ac72adc383decc307751fc72863a977d01dd8c

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstatcube.db-shm

Filesize
32KB

MD5
288f7c57c5a83f1ec03038abcf4c17a6

SHA1
ce2bbc94477484983818b0ada20ac4b717589871

SHA256
9772df809dfeeaf85a20a66a1e5aa3679ccf5b241e2d249244b6db04292ff4e7

SHA512
86a3fd2d6719268024c4cacb9aa1ad837f831a4a3dd937b297084474e7df9023dfdb1126c8a01c43fcb00163ac8cc8d9e0ad24e8de7691cd3bbb52f0b0443178

Download Submit
/data/data/com.xingjiabi.shengsheng/databases/xjbstatcube.db-wal

Filesize
120KB

MD5
6055ae17845eb9e4845951159c438973

SHA1
3a451262c1ccadaa70816b5f82bb399df76e0225

SHA256
e13c19ae8027f52f0346fecf69bcda7cf89a666342bbcfdeb612e3abeec23904

SHA512
b00acc0d3fd17579c8130149cd6f2018817fda3066bb27a0141731e07f6de62028d04dd3ab28951a8a0f2143ddfa427d4c1155b71b2c8e149befa8525c633c35

Download Submit
/data/data/com.xingjiabi.shengsheng/files/.um/um_cache_1726920340144.env

Filesize
1KB

MD5
b3cb4144f1755b647adc60c1de1ed808

SHA1
5a2c71862abbba60725ad8930964ccf4c5617def

SHA256
c388568cb8ad03fc3fee2efe4487591dfb6170a3b20efa94e70d5540ecf34071

SHA512
b452ed8f91bd9d6fcd67be9f2fab85c050149c25c1ffdf83f94ec88fe627afabd2348712fe990bab01e5da5250dca8154c5e0000875395acb28f1acb50d0969a

Download Submit
/data/data/com.xingjiabi.shengsheng/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
7b095aabd0119c8aece752fb2ec2238c

SHA1
2d64b49a61c7f95accd07a2e389ed55e3e475489

SHA256
c457f7539728b0238186be1c9239bf36de7a88a6ffea2e2e949299c389209c4b

SHA512
e1e0152bfa210928571bcef59bb0ff27a4e9bf216a108cdd73ded18d21da85d972e3377d9b22425ab8ea9b6d44d8dabe26f544872efa6be57fc27880a4b65db6

Download Submit
/data/data/com.xingjiabi.shengsheng/files/exid.dat

Filesize
59B

MD5
1909939c663685d06401e8b12ec00d5b

SHA1
72c1634f1367241937a121ef795b7688302445e3

SHA256
a03de1d792d2673c049a0961e293bd3c30ed14a87bd1961d0782282e546fab50

SHA512
af34676be2f5fd5c71049597bc035d68d2343a669760e978b83d8a2eb943627032de93cea804aa90223bfbd5f71ac8144096d49965065300a8cb9e9dedb2dd77

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_index.json

Filesize
91B

MD5
cdf0ef713c83c12cf4073dafdaa9d500

SHA1
61dc878123cb517b78d42cd89dbf93ebc203ffc1

SHA256
d86dbe65c25fdc343987ba9e757a87af805ddaf350abe165337fe017f27fe19b

SHA512
93b8da5c34e9c6974b59fab4aab70cc38e5a62c735030149781eaf2e81292154581a04e7d0211ae205df364d1918b3ea6158fde40e5d1cccd6c996c2fe4c4274

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_index.json

Filesize
91B

MD5
296e88a9bc6644aa3dcf5d2e8616d3d8

SHA1
253094f1978d2a6f3c273a0e28544efc76d277f5

SHA256
da017d956a7f4810c21821a0caabf0bfdf94376907e3b75ad3a6afaadc9d4158

SHA512
83d45f02b245fea9e6b0631a69f0e021f6306f9671a5fab5e862e054c1aa87f69f1786ae0ce84a2a463c63d5acd9af617eedd6db22316cb91e609f5c2230b936

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_index.json

Filesize
94B

MD5
2a3564e846b4f9bc1962f3686ab5ea25

SHA1
32db12158e2b9e5e799b1fdb03962ab204a70952

SHA256
870eaec41ab0c0d04d0ef38daeda849e6ab0170e1368c92929615340d36487f3

SHA512
4cf21f3aebb7029951fd7180c550096571369f1e5e26bc48f469a56f2ff8e22b2da446b6fa815fc68dde81e9333a0422eefcecad76ac0dbfcf80ea4fdd1abd0e

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_index.json

Filesize
91B

MD5
03e31dc1224db51c5268453fac39d0ec

SHA1
077736b4436ed583fb4f618c1cf518090faada27

SHA256
87af377cbe1ef1b55cc4497cd759e2c6392054e96feb5671a5c4c491990a1a63

SHA512
a6783f85c61e807634ca75263101c3ef3ccd78dbbe37b78b7d9210c70874a679e1aea96d7159bf3f954c0ef81c877bc007c90340fc373bf9d9e4ba1f5a408f02

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_log.0

Filesize
55B

MD5
be93e37e88fa9f67f5d2dcc049bc722d

SHA1
88061837e45ab4dd2074a387076c61eff95df201

SHA256
addcc8ae02c39bb19df73c48406a7a3688f18805ef495f47775ac7b87c782ee9

SHA512
d29fe88a529a683d015bf3b802cc14bb87eef06bfd4cbea26885cf0cd4a4b581418cd0235c4fffb6e229e688765c6694918bc756afa4db42835005ce24e451ce

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_log.0

Filesize
76B

MD5
c0edb6acd43b4d25dc989f4117b0af61

SHA1
48352f92659bc93621ba850577fd4c4f15af4036

SHA256
f970a32b639d9a2d60e90ca236d9c1ff736e2c9d3460dcc1b3eff516d017fd48

SHA512
7b3780efb2129a96dbe44d65416480b639519a51015ebfa7b78254873a60bab95b1bf3061b42e01b10855b1403cf0729ec7166e862ef1582094a4b07971aa7f1

Download Submit
/data/data/com.xingjiabi.shengsheng/files/pili_qos_log.0

Filesize
171B

MD5
4553cf905bbc3b9ccf10b08446244c05

SHA1
965681af1194ddcfa5f2ea6e70e58fdc1cfc7c18

SHA256
5382c748f3fa7aba4f4f83bff08cc7f10b8a307547c6f2a7ea6b6137540c3025

SHA512
442e676e58d7fc14cf5f115426c5f6c967a66505ebb87d207fb63745b8f75f0ef5b9adfb1d3a86a85036a9e2aea5b051bf27f35c1fab408c223d42824b040272

Download Submit
/data/data/com.xingjiabi.shengsheng/files/umeng_it.cache

Filesize
415B

MD5
5fee63cea79b3aceddd81a9069540bcb

SHA1
2286e8baa83b3d65125c868869db93326bce0b10

SHA256
de9344b259ac0d591c3fdc63274a69c2b824371a47936a38f00b9e8ff6efbe5d

SHA512
62248492f9c073a62bc0381f68f38d74ccda982670b7dca5ba087b7ae0ab92a07d4210ec59901ca4eb7e3a794002c2b3a387fc275a6e6e5f7837fc06cd2456bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads