Overview

overview

7

Static

static

6

0a011a8d73...18.apk

android-9-x86

7

Analysis

  • max time kernel
    126s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-10-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a011a8d7399c6ef7a52a43074100a4a_JaffaCakes118.apk

  • Size

    18.1MB

  • MD5

    0a011a8d7399c6ef7a52a43074100a4a

  • SHA1

    91d3e175337b33581c8b2e4fe2ddd1d51f49275b

  • SHA256

    c65ed784975558310072e028a8f30efeb226306d54b18ea3dd42158506f57606

  • SHA512

    9253c69f8ca3d9f5aa3a576d1df39299dbe927f55df393ed1684dbf08479a7d0f3a0c7b55c87532908dbdf6c29d354cdd0be4fe7087bcbc89080307180695066

  • SSDEEP

    393216:ByZOtOaSzW4VyjQkzbo4ClQckZf+owTQ2CkCr/0AG3eGh:oa4W4VyjQqsdQP9+9TQDC3ea

Score
7/10
collectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.ss.android.article.news
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4267
    • getprop ro.build.version.emui
      2⤵
        PID:4542
    • com.ss.android.article.news:push
      1⤵
      • Queries information about running processes on the device
      • Queries information about active data network
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Schedules tasks to execute at a specified time
      PID:4424
      • /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.ss.android.article.news/lib/libsupervisor.so /data/user/0/com.ss.android.article.news/lib/libsupervisor.so com.ss.android.article.news com.ss.android.message.NotifyService com.ss.android.article.news:push /data/user/0/com.ss.android.article.news 0
        2⤵
          PID:4501

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/36ed23b1a330f8b98e19afc3a8228ba2.0.tmp
        Filesize

        2KB

        MD5

        46d80d93d53307ad62162cdff2d2e568

        SHA1

        9cf363ee58a87a8e643a6f7025627c060c48859e

        SHA256

        0baadf52fd69faae82eda6a940578b08d2a288842bc95a969d214d7bded9eb37

        SHA512

        35be878350bc34425fae0327aff878e8f6728e9978f2e7b74b5d2a11023fbd0e3a422f5674f758088f33f8cca0db3ba3bc2e6a619056a0f7f8e857fa9b37ad24

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/36ed23b1a330f8b98e19afc3a8228ba2.1.tmp
        Filesize

        1KB

        MD5

        3e190c855a3ff0a4ef175dc4a86f3f22

        SHA1

        4a3fefe886b2789ec5e4b97e99b2a009e129d9d1

        SHA256

        48deae80cc37f410ee81bd696e04e4e6f854e3cd679d22fe41cd83f0c20895bd

        SHA512

        7c9559387e4f343318ac31f9a2f5c675c100b3ffa02928d7a573f68115c91f472d4a9305796db8d5dfbf5661a843311ff428da1d9d9b12556b385480e5b65cb4

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/627fdc7670dcbc1bf8b24c9fc3c2b868.0.tmp
        Filesize

        2KB

        MD5

        844b4004b2256e6483bff30e5081adfc

        SHA1

        6dce73904a8ec79feac83ae61cac261f2a8af4fc

        SHA256

        3c8b4e8254c3b0848b23680ecfa708302c39fc331d3793f5db0980e0c4bfe91c

        SHA512

        3b1f19e182758668a85ae01fd50b9160c0642319406377bfb4af73d5669f7f167dcf686ac319d6890d6c0f041fe7cdfc91a5ccc2beea88c3e1043c058d41c348

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/627fdc7670dcbc1bf8b24c9fc3c2b868.1.tmp
        Filesize

        1KB

        MD5

        5a317a6021c82bb73f8cb63bfbfbfbb1

        SHA1

        b7d57bcaac814e24bfe4ffb9a047d7e8d63193b7

        SHA256

        aee03c9e4571d6200396c0625f218dcd177ca45de7d2686fd6716b24f292fd81

        SHA512

        586bc91a97136dac96ab8f6005ce159ebb38241cc82c4b4399838212642d4cfb47cc4e91f12a1dbd330f5a21a7ede42e9f934d9bd009f86b62d8894a78404511

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/8044e62bfd925ec7145fb53f3ce652dd.0.tmp
        Filesize

        7KB

        MD5

        b29d66cfbd7566983f8a7f09f0ec0a54

        SHA1

        6724b96ea4cadfaa7d29119fe3c271b24914937d

        SHA256

        f1dbff24a7707d13a20e19c2aa173d792d778c5197372c1506dcb51e8ea9b392

        SHA512

        f8eba11cce450fc6c003a7a6ee16647742bfc43a06ecf5d20f3ee9e4b422af2c0f83cbdd0905f4420ce483627765d0fd30160addaa50e87ef514112ec047703f

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/8044e62bfd925ec7145fb53f3ce652dd.1.tmp
        Filesize

        1KB

        MD5

        20b9190db7e68107420379a0a0b17299

        SHA1

        d270d72035260d798857d6c8f061cec74a1afdb1

        SHA256

        22979b9f7b5f74e8372249d074291e66501efc4bfea37c8f70b0285650ce2bf2

        SHA512

        7031cf2907bdb56137f665ac275809baca95c9c9dca89c1ed603b6812f3518a33e29bf662fcdf4132df071b2bb9e7601882260681fc62c40c2a809a6a13791fc

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/b658cfc649b4065e6b9e84b4cf5b6915.0.tmp
        Filesize

        2KB

        MD5

        36dab89b7b5ab5282696187aff415dcc

        SHA1

        21439c718d2792836fcb1026befde3b5fdb339ff

        SHA256

        6b38e49883553ab12d69e273e28845a8b2ff6eab6796c18b0c2d65d4b0fadd69

        SHA512

        6c7a63c79845e2d5de1a3abd529206273fd0cbdd4bfc8d28d1fc672b99270933fc7a91acd0f2c197bd69d8d85746ab7b2a6494b76f4771c50a497eaff57f87eb

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/b658cfc649b4065e6b9e84b4cf5b6915.1.tmp
        Filesize

        1KB

        MD5

        6b3b60d5cd99bb1a3c00271620fc2a43

        SHA1

        dc0b105ac239cc3eaaac2c3b109647237d70d154

        SHA256

        24e856b126c2eeec60f85594046cfdc7e9df16a332986f5fb6b58237c8b73ca0

        SHA512

        9c62b4be5a1c3f939e48e66617a967eb3cce9d776c26c5f5e7cd43ada11b588c00fe737410124b39e945a09a1f8ef292dad108bb44c8e3e77322cc44102a67d1

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/journal
        Filesize

        388B

        MD5

        3af2b6bc2c458fb8c042169db7c5d286

        SHA1

        26052bec6c57bb64b0b4e8ccd82cf8f1532924a2

        SHA256

        9afce1f751f51747d30282ccfd6236b3b15a1f666fcd1bf5efe78436c740d618

        SHA512

        18a269b4a6904df2577d950f020f0ed15236d9bfe5f7e836a1ef8935102d055afc8f703b221012e305f7de0ba3a1cbc1f03a922c255841cafde812fc25e6a3ec

        Download Submit

      • /data/data/com.ss.android.article.news/cache/ss-http-cache-v2/journal.tmp
        Filesize

        36B

        MD5

        37e8e716e0e2f4a0b05cd9571d95b84d

        SHA1

        f8d068f6931707bddb8cd69f706f2224ad1fea3c

        SHA256

        7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

        SHA512

        e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

        Download Submit

      • /data/data/com.ss.android.article.news/databases/article.db-journal
        Filesize

        512B

        MD5

        34007d28655e80412fbcec1c23cb2592

        SHA1

        d31c9303398d95443f37d4b9834ffe5e54b648d4

        SHA256

        8743497e69ba46fd6f2170c2f94429131831914ca669b4a97ebfa88c209f473c

        SHA512

        34b0a13d97c31c16236369729359e9a4ceb4b4ce97e89cb3afe2e702dfc8931319effb28fe37d58b08eeae8d9b0a23ec3b48485de3d040d4a6d8b67e83bcc533

        Download Submit

      • /data/data/com.ss.android.article.news/databases/article.db-wal
        Filesize

        362KB

        MD5

        eda509850a991889db597916b7cc827a

        SHA1

        80ec1aaf26608cbd70b1ea8b7f155496ccad5903

        SHA256

        762854d7c102cc9088f9b8a0c437b602d15022a4ca1cab2627fe956dbea10d00

        SHA512

        bc2d80e3a778d3a876b18db99fc622f313a2d4550c09a4789577ce231336a10644caafd392bc6a2905fa298235e120c6f8d3b7697925c8f0fd7f69c8c8d7c933

        Download Submit

      • /data/data/com.ss.android.article.news/databases/core_event.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.ss.android.article.news/databases/core_event.db-journal
        Filesize

        512B

        MD5

        6062c3836ccc8aeca521b548cc3a7454

        SHA1

        71eee52833393cbc1ce1fcf3cd33e3af1b798118

        SHA256

        7009e662d34162260102b2e108a167f6c814e8b5d99880dd2b40e9d8105ebd00

        SHA512

        32f3a92bec01a6ef39bb9d8abc21b807cf3d7641ce77e28e03b92b464c9ca5545cf052f23d77952d3d9d56b50aa452202b2bce58ca7e94925f41c87212036d66

        Download Submit

      • /data/data/com.ss.android.article.news/databases/core_event.db-wal
        Filesize

        36KB

        MD5

        2bea2b9c9873bc25bfca635f850f3246

        SHA1

        a6c982fe1e94cfb03871af4936c59624442a18bf

        SHA256

        e74bc412c0a54d8fc95899928f9b7ec8c5eef0d8c72b2f7ffe812f3aef664e65

        SHA512

        dc4cd485328d6cb9a13c8147f1dcb13d2a1cda413f6410da9932153e736150525cd15a5bf28b1b06e3960bcf85f85e67948fa33743c329393bf166c27135e673

        Download Submit

      • /data/data/com.ss.android.article.news/databases/feedback.db-journal
        Filesize

        512B

        MD5

        1c431edc32e76994471e4e1c46a7b1df

        SHA1

        915233ba6c5b1ce9c07d7e60d49aaea86a057d46

        SHA256

        7cdf6c906629559cb867a06a5b9410a519ceb9bfbbf252862424b6181fa03b43

        SHA512

        9e45e569c76e425407822b9e63fcf404ddf92a87c0957ad7d0799f28bff5804b62f1a3c6c8243a69944a0d6d0fbcdaa74086046a9ebd7176fd604087549990a8

        Download Submit

      • /data/data/com.ss.android.article.news/databases/feedback.db-wal
        Filesize

        32KB

        MD5

        ca7940eed6d7bc61a1f3ba5b41e4138f

        SHA1

        3989eb31c17d4cc9e7437ea68d34e62869be9f17

        SHA256

        d348e9d3bcb644d1fff9ba781d47fa8a9d694078d5df8f71dabb343fc79fb3a6

        SHA512

        df86952a79c5cd8d45983cc67e8ea7ec981afe79f8d1a4ebb3b6a9b6a56f9e8028206068dd7e8943f3198d342b7ce4fb686ddeb1cf3f8ea9f4998a3e53daeac0

        Download Submit

      • /data/data/com.ss.android.article.news/databases/lib_log_queue.db
        Filesize

        20KB

        MD5

        86c4da34008226018bb05f24c539c659

        SHA1

        0629ec9eaaf1baa05ee9869a0665bdce6e13f763

        SHA256

        b938d2b16dc28fec8acc279642ce18565740c7d750e1ec642d03696d099ed39f

        SHA512

        e4a30b3b7d0a12552aa854ac9f3952072b833ee47a2bf076147bccce0298ab3856f0953e0e39367c77f02adbe399a11ccbff82550f1357c2aeea5ad350f575e3

        Download Submit

      • /data/data/com.ss.android.article.news/databases/lib_log_queue.db-journal
        Filesize

        512B

        MD5

        9b4176d8984687795975d9aac28a6109

        SHA1

        3c72f88c3e4d4254c944aba79e2e23769ff7ef15

        SHA256

        09bb755dad1c1540f554af9759f397015450ecb3c51a725dab58e8ea9e6e3e9c

        SHA512

        d436b560c6113384aca65ef8e6e0b9a25d10832790c0633ad1b4b998302eb54d5c101524830e5c8f2f308ad8dc0b12db42165ca0518a93bffa1185602a98b019

        Download Submit

      • /data/data/com.ss.android.article.news/databases/lib_log_queue.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit

      • /data/data/com.ss.android.article.news/databases/lib_log_queue.db-wal
        Filesize

        32KB

        MD5

        a3ee36f3ee5ee2dcf68785c3be008dea

        SHA1

        7dbf0f367a08495f9f2d7011f88f936546976ed8

        SHA256

        a424ab3ae2f50d3f5c5c8769edef0e6609f17605f246ef0706fd98039697c222

        SHA512

        78ecb652000eed2b41a0c2b5515dbc901d93250c9a78fec117526c0f29b50bd18c0ec1d1acf097591aba7468f2f90ea7557b5047f9e7b7268560dc9b829b8ae8

        Download Submit

      • /data/data/com.ss.android.article.news/files/.um/um_cache_1727861511265.env
        Filesize

        681B

        MD5

        98d147f3b5fb715630e5ba1a75d87c8f

        SHA1

        acb29bb6b2a15adaca5c931c1982068311a9d494

        SHA256

        843e816196a7ebe972448d8cf6788a26211d765b941e04bd9bd6f6318e30c3b1

        SHA512

        002d85b2ddbf1de384f46bf235cca2b34a40a1618a05f38a02a86ee4dac4ff6543c564636bc230064e0e83c844d8ca4fb73b14790ce62df5fa71cc322675f18b

        Download Submit

      • /data/data/com.ss.android.article.news/files/umeng_it.cache
        Filesize

        310B

        MD5

        bc93c1a1cfc0711be9c1a4ee0ec7fded

        SHA1

        44d90f2fba06b463974a14a7bbd9e9e1eab02e6a

        SHA256

        2f43a60518b210fe1a83d3e1dc267cd5f9ee7e115d2ea6a3fb7c02a99651cebe

        SHA512

        c3492e2eb44d47b20b124271a169fad84131bbcbdf2d45fa1cd5ed7f90db29b17b9160b786794821a7853dd2762de1eaed8177d991054a66fcef27fbd52856fa

        Download Submit

      • /storage/emulated/0/Android/data/com.ss.android.article.news/cache/locationCache/journal.tmp
        Filesize

        31B

        MD5

        8c92de9ce46d41a22f3b20f77404cc1d

        SHA1

        8671a6dca00edb72be47363a7071be65cf270373

        SHA256

        68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

        SHA512

        30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        Download Submit