Analysis
-
max time kernel
140s -
max time network
147s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16/10/2024, 23:54
Static task
static1
Behavioral task
behavioral1
Sample
4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk
-
Size
17.1MB
-
MD5
4fb6927b3601ac7a98ec2cceaa115474
-
SHA1
398f29ee0bd5e96e9e618c73c25a72ab01075172
-
SHA256
d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1
-
SHA512
d86975828a245de4ca4ad54ad5c8215816a3315c1e70c4f1dcc37a39d776e3994eb87c4a3446299c7ef2933176f52c930a472f1a217fbfd857ae28b705a5827d
-
SSDEEP
196608:aMAUyIsdATjO8eBjxpfwdk8pi04Y0O8eEO8epu0ENY8go7Kds2A/C0iMKbInAbB2:C9dWjO3Iji04Y0OiOIYlgn/CNlT1Hhbo
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.feibo.yizhong -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.feibo.yizhong Framework service call android.net.wifi.IWifiManager.getScanResults com.feibo.yizhong:remote -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.feibo.yizhong Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.feibo.yizhong:remote -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.feibo.yizhong:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 5 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feibo.yizhong Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feibo.yizhong:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feibo.yizhong:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.feibo.yizhong:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.feibo.yizhong -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.feibo.yizhong Framework service call android.app.IActivityManager.registerReceiver com.feibo.yizhong:pushservice Framework service call android.app.IActivityManager.registerReceiver com.feibo.yizhong:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.feibo.yizhong -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.feibo.yizhong
Processes
-
com.feibo.yizhong1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4241
-
com.feibo.yizhong:pushservice1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4273
-
com.feibo.yizhong:remote1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4341
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD58a4e797ba5f277be243fe050a5bd8b6e
SHA1389b8199cff7f2953931ab2b65456c290227968c
SHA25663c26cee8f626350c2083ea52ae9b8a2cd5162885e64498fd8a9292031f59d1f
SHA512c846f526f98f69ff8793382d99b09f008472b6d962fab3a64b2c8206820ed8784bea93f10f6b4ae64e1a4d5b49af089f3ddcdcdaaa744eb3487b9d86db046db1
-
Filesize
88KB
MD552f40bcad55e0eca45703db59d2bc4b9
SHA18cf4f7710470ab788dd0a58c9823daa4f55e9f7b
SHA25667c85052d5d91d67afbfd2335c583b660425435ee7a18576b6a990a1139baae2
SHA512b39cf02c48130c0976926ec8d2548073f51badec8969fe9d4975e034bbb902f5b242935437f819e6b14d8c0d2892b679be90ab5905cc8e43b553f08b1b98a16a
-
Filesize
525KB
MD57e9c5c8da4a5477c0410bc2b0d2a9865
SHA1322fc0bc448964411d39d4593f95544bc53a5e44
SHA256886169e003e1ef9427177d6bab2a3755a854b307e39c5f8d2aa08f12c23b6ff5
SHA512d2c934aae969b9e63c1e695a9358ac7360e976f644031590505e9fa7e73bf80c3e32b3b2666d18405da8e8fc9a88f92201fa4e8fec5de5be5445ceff8adf51bc
-
Filesize
248KB
MD546a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2
-
Filesize
166KB
MD53f1348cd6165c9a66a9892565c917ca1
SHA196f0c939438c494cf3fd89246d458e92c0c7203b
SHA2565fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023
-
Filesize
4KB
MD5ffe83f044c9ce66fe9bb874b15d2c859
SHA13a30050762fb62707faa857afb95bde08913ac6a
SHA2568d88186b5094de3b8e7deb86038e991005097aadea668aea2d5d4c6e72d2c114
SHA512902a739b86d90cc187fa7866f508c036dcc61b36419cd9578ff6345c2516f02f3dbdf68ed49e5402feeedcec45abf430997a2cbc8985c42e8354c40bb500fe78
-
Filesize
69KB
MD54e9eab735928758b860e48b2f9befd7b
SHA17223dfdd00f8059d3b83c28c6f7d78d2dcaa0569
SHA2561a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4
SHA512c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599
-
Filesize
28KB
MD5f7d59341cecca192173e14bc74e073f1
SHA17828feb29267982a0393f640d1e7c13c9df57f42
SHA256bfccf4f9b263e599b6a92e612fcb86315e89409bce5b36b24a510d1aad180e65
SHA512d9fa97df1bb4d0e824486d2c9d70041f61e89ad0546078fa417fac6ce434af588263f2b3e732548969cce52b81ae26388192e79d9b2fba3b91cf428775c24934
-
Filesize
1KB
MD5883c30365d5d377966125dd0c079debd
SHA1d296ec1e3f4badb6e3e6166c1473fb55d4265761
SHA25650112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa
SHA51200b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f
-
Filesize
86B
MD5298924848d2517a508f43ff0cc51bd3b
SHA1b9fcde7b86653ead6deb57280a6049cf87745710
SHA2560b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b
SHA51263b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342
-
Filesize
156KB
MD526e4a838fadb348ec9e1cad5e5292169
SHA1881666dfa6feb2efeaf625508f984c8065855e03
SHA2561f54edde65dfed5af8b8a464ab000cf5df615dcc105172fe90bf5fa182642996
SHA512cc055d3d9fd66fab768c33193e9d1c57c99cdf450c35b65bcd1b6cd19a876c2577d931ece596ca7fd81b24f7d92c4e55f5fcb0569fcd329edfd3aa715f924ad6
-
Filesize
10KB
MD555f5e170f8e068c879cca9f453b9a247
SHA18808604b72dd5843b0bb3967f92a3c0a0a6cc032
SHA2565ce49cea34c7aa6a57a4d632faafc7874acbe378e5da0c0c268ceb3daa0fe229
SHA512f7ebd58d48d3daddad8c9628a97864aba14cf54d29655fdbe93240ef09ba888e0a45504aba90bbcb5bc1c1a68b9e1d3e1edad1be4cc667eb1ec9bf401ccf117f
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
127B
MD5d54b7b380a5ff46c78283013a07d8e0f
SHA1f697c5f7028ba2679a96d6bc5291c38ff96d7982
SHA256c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c
SHA512ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4
-
Filesize
76B
MD5879101d51556de41cb85d17759084118
SHA17ed033923b5e28ef6ed107eb2c1b19a98c68df2f
SHA256db8d96af9a72645d7edb0aa44b674b8abf0b991f1ed1c55f662564b3cc289bec
SHA512f7c93e25d8b9aef683687499b8d2714989ccee82f285314f9d71687cc0bdee3126ec32c40347dc016cf8f03e9304560c0e98f37643f44d2ee2837515d7aee9c0
-
Filesize
235B
MD5bd867ac812f8b47566c7e5261791a707
SHA1667db86d22754a3eb86e5626963856ea74b6c62b
SHA2560893921f9bdbcb7acedbf1dc3f500d644ef8aa8e11dd75792133dec3305e6688
SHA51272444bbcc901dc1ffdc55b6210d571292f8ecdfd376b5da8f8df49388fed838a43655a78583978d5c7eb233bea7b2800d394f0c525c68673a8cb0b15aceb2917
-
Filesize
512B
MD55edb18a609a5fa64e1c04b88a57916de
SHA13840370ea2bc4343aea8b0955e8322cc342ec74f
SHA2560ce38f05706054924a28e091c88916411dfe09fc5c9a25d0f9702e3638b6b000
SHA5123a90547b573421fdd836026ea0c1860f0cb9063381a80b49995315c794839e959e79d2514a3fbf2dad7cc1f7723a390555de86dc6313f0d8f0eb643c06270f9f
-
Filesize
48KB
MD5719c3fc84a059b3766d267a3a275161b
SHA185234b52c7e4b80589604b2fe86b0db63195a06f
SHA256cf7afa5c804f482ed334be3d81e389138357e78fe4330b5fca6b059317faa64b
SHA5121310548f8e8cd7635fd15d6cef97d97fa42601f345de23cca70780776a15f095a1895367e496fa450dc85f5ad569e2bf083c32bf444e952177a2bb447f7dbf82
-
Filesize
211B
MD5761db243348ce480c261867d20d28610
SHA1dd7677052f628f0daea5f8441daa153bc4ba7b82
SHA256839aeabac3f830cbd6617fbdef8dc4b4755a43f748d53b218099ae8f5d0d3df8
SHA5125dff99aa808104eabc24cf0a64cc86b9703a70f4f25340a0bbab3061fd5a54a81df0e1ff4f99435e7c033ac4e9447db723ba2d112a08aabc825060af4ab36dc5
-
Filesize
512B
MD54445c88dcaf8e79be1894a4d4f1cb617
SHA18e12761547c8d234b6026c871a7d6dfebd8571bc
SHA256236dc8b2fd03445a7817c416a7e724965bd051e28093d39f04af1c7f512de347
SHA51281af35b4dfa55c6506fa6ddd674cfdae5104a8423f8b9bd1acd6d573dffa46c957c411e55eede90e12e9c513daca39cbff1875c75fe9de4b96762086d8e36220
-
Filesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
Filesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
546B
MD53ffdea726a5aba48a6e6f19e75229c8a
SHA1509de773beccf9604d915ba6928f7644717cfda4
SHA2563912ae7b891631198ec817bcdab0a663e3e6986e5d692956c033fd83fdf3d2b1
SHA512df78391f5e2ebd17da827e6a20048b876ec8f781ead2b1431f16e21b9fb019f0c57dd9a087f15318a68f00cbcb558347db3a77ca7df16b5f8a9c027f1564c022
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
438B
MD56057076d2f3fb05235b7514540ca276c
SHA1d6d26d7585ca439b45ccbe5faa0d29353b5a2c05
SHA256087e60ce534d679c48e85c317d690507f68b89efa1caff396c64d3a9d75c9f5c
SHA512d6a2542cbb295e652e09c5ccb71ab9e2f6e15e9366e81d20677ab93c7d2c0b9d6de72570bc3cf8026b73a6428ed8e989835c7cf723ecaf5fa1f4e924d0814c2b
-
Filesize
96B
MD58350d83d0a9caf4e67b8291ddf8199dc
SHA1b66fd251744afdb56560d0d352dbb2bb9a7c0ee0
SHA2564c86a67c7df5c5f6bd6a8d9c0df69ad2eed78426f2411a2d381885fda81d5906
SHA5129373465c05c291c6fd26609b16787dbae1446ba73a8728e1235ebf742ad8d9d11a504ed271d89f407c86f0347b96323baa8a204c450be9b50d50748c059b49c8
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
36B
MD5eb62d86fec4d82e18c875e869ebb8842
SHA17528d1a9126d1fb4fc07d8fe54aea4b6da6d1f6f
SHA256849f0e9a8881ec3e0a6b83cdc4928d7448ef8ef20708c3a88f40bf61b1cbd670
SHA512b4a6262b5a5af722ea81baf8c21333fb78f3321c4a9bb6e13423752fa6a130c89f9e0c2411e34363844d92534e9fc02bbdaa35a12af4fb2bd188ab2fe8459690