4061f447dcf2f600f9c7403e99bb8b0b674cace4ceec14948bb70e4701a25488

Analysis

max time kernel
64s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09/10/2024, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27c2a4ea1cf21f193df078f58a74c7fd_JaffaCakes118.apk
Size

21.5MB
MD5

27c2a4ea1cf21f193df078f58a74c7fd
SHA1

8718275e5e5f9272f0816f5e114bdcedb6517bbf
SHA256

4061f447dcf2f600f9c7403e99bb8b0b674cace4ceec14948bb70e4701a25488
SHA512

72d34335a240cd3f74721961a25a74443288ea0caf72b63e10d72f2ddc7b18b9c3ad9b5b3476177b2377fb90a54e3b6b9281861ae51af38d564fdbe8d0bc74f7
SSDEEP

393216:RRmYKyTniawndd4cxZAsowGLOrbksjaLZwFHcbhD0D6GEKdl8bdaMah:RjKy7ivndfxZAsowGLOvjCZwOeh8bd32

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar	4339	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/com.yunstv.yhmedia.pad/app_plugin/oat/x86/live_plugin_classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar	4256	com.yunstv.yhmedia.pad

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yunstv.yhmedia.pad

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yunstv.yhmedia.pad

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
9	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunstv.yhmedia.pad

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yunstv.yhmedia.pad

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunstv.yhmedia.pad

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yunstv.yhmedia.pad

com.yunstv.yhmedia.pad
1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4256
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/com.yunstv.yhmedia.pad/app_plugin/oat/x86/live_plugin_classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4339
- sh
  2⤵
  PID:4364

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar

Filesize
407KB

MD5
8e994c2526a53eeea48e129148a7a64e

SHA1
eb9f6bff3b152a1e248cc02816f29ecd86181fb8

SHA256
e7e4fbdbccbf6cfcad1c819c42302e131598083c439ec04df17708997e3c85f6

SHA512
7e12fa6f22f2aa073f5373d16cfaae7dda2411905992177df052b4d1a485fb999e2faf3e5356897cf67dab0580d2020a4861d16a1a1de19095acfac6b2f4a871

Download Submit
/data/data/com.yunstv.yhmedia.pad/app_plugin/oat/live_plugin_classes.jar.cur.prof

Filesize
249B

MD5
7de7797044baf60104a66d06bb01c468

SHA1
0231b1cc9d971e069e4b04e12d39e8072ab14f16

SHA256
b2b770066e5df272a82703894b35a080dbe741b0efa5b515c5f8bc33613d7510

SHA512
8e9392c792c6c4c3389624dc619e5d5a18eb6b9d1e66a65a3b253a043f9e1dc49ed001a0bda3f905b41de2aaa32007fe1202a74427b1f97638bba0cb8caf609d

Download Submit
/data/data/com.yunstv.yhmedia.pad/app_plugin/tv.tmp

Filesize
470KB

MD5
7617db79cfba6b5f91194000add83106

SHA1
ec90f6912abfdb71b853c260fbd10a6f380656cd

SHA256
bfc7f20fcda57622dc1cdc627404e154590c119b4574cf59ff8545bb72937ac3

SHA512
81075a5b7634698b867a42515b16bd2e9226ab8b5d736bb5175d4798e256f451baef67d57a69620dfd9c463a743f27d051aa998119ca84b232059d3d1f238139

Download Submit
/data/data/com.yunstv.yhmedia.pad/files/libyuhelivev2.so

Filesize
2.5MB

MD5
cdb1af02b1d13973e17917d67bb780ab

SHA1
46c31544bb7040577c4606e16cd47ac978eb5900

SHA256
7f0df9d73e0385c972aed200515df04cf85a3f15a8aec0e27ebbc6bd882cd379

SHA512
894d438ccbb344d8884360185b1da027195f43fb5b68413bab81293919dccf10366d0bb903b72114cf41b495b6e134b6c0c59b521e5b9f2f129990b2346dcba6

Download Submit
/data/data/com.yunstv.yhmedia.pad/files/mobclick_agent_sealed_com.yunstv.yhmedia.pad

Filesize
587B

MD5
6f432dfca300189a7ca9ffe70df21081

SHA1
d3997c5db289da272832b619700d67029ae3b210

SHA256
b6f1f650ef3d6dd350276aed4836180245c2daa01e052acb4e248b5df5b8cebe

SHA512
8719e182c64a2abdaca88d7384141f7747324e12876dbe5973e02ce89d0c5840e694abb683b2075d1679ffa05a950d07e73875f9d25cb30a5fcc1f125db81df5

Download Submit
/data/data/com.yunstv.yhmedia.pad/files/umeng_it.cache

Filesize
211B

MD5
4cdefbf4978d78ec61e601d24bd1b274

SHA1
47643def1d34afdbaed40498960d3ce1931c6287

SHA256
73233e3b60decbea608e445effcce498ff791cb2403d52aa14d3323d6421b613

SHA512
b33ede51d6c5ba3873e249def2cac2004781e1cf9f479b860eea0104df5185fcada31e5baf79e9ae90e94ef535f8ed729f611d4243bea7ac6e86fd9830b65f62

Download Submit
/data/data/com.yunstv.yhmedia.pad/files/update.xml

Filesize
490B

MD5
90f4eed9380bcd83031ecd29d9458dbb

SHA1
bf851b7492550fb4f011ca5747850a5b1d5e3317

SHA256
ff1f52313f15df7391783e68ee1599ceb7d9ad5ada8e14d8228453a3ed81b9cf

SHA512
f1ad3f3f8d3440ee5f5a0ec6f6cc263820c537342ef29bf83ec5bd4439a00ef9dccc01afc1ae2cc39c4be43f0677d61542ea83a0bfea63b1bc4369a9ee9928cf

Download Submit
/data/user/0/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar

Filesize
959KB

MD5
4ce740b710ed7f7a2935b31a3ab3f968

SHA1
d1e531fbee2897434125e5246398c73ba6e35ecb

SHA256
b05d0267cf8baa7e859077bc7f2dc241ef3dd37c7e87241d9c461c52ac192228

SHA512
d10f9df2a0f741756eff7b7f866c99005fed57238b80e0b34449baf16bddbf737dfd10d8c235987d2246be49c7b252b96c72a66ea87106274e6b937ebaff1d6e

Download Submit
/data/user/0/com.yunstv.yhmedia.pad/app_plugin/live_plugin_classes.jar

Filesize
959KB

MD5
2c473a323ba2e2534ebc1535fed018b5

SHA1
442eae29e1f705da16907c9dfd12909351c3e507

SHA256
295aa6c350af47eddf9fe389d034020c829484cab04a87fe9ad5c8f9b1e39232

SHA512
6e763f62c1475ca380a31b4be540d28d1c26aafe6838ba10d503cc705b7a38c46e1dfbf73c7e4356702c34a27360a8ec3127541caf946833aecf86bc12b4a790

Download Submit
/storage/emulated/0/Android/data/com.yunstv.yhmedia.pad/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads