Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    16/10/2024, 23:54

General

  • Target

    4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk

  • Size

    17.1MB

  • MD5

    4fb6927b3601ac7a98ec2cceaa115474

  • SHA1

    398f29ee0bd5e96e9e618c73c25a72ab01075172

  • SHA256

    d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1

  • SHA512

    d86975828a245de4ca4ad54ad5c8215816a3315c1e70c4f1dcc37a39d776e3994eb87c4a3446299c7ef2933176f52c930a472f1a217fbfd857ae28b705a5827d

  • SSDEEP

    196608:aMAUyIsdATjO8eBjxpfwdk8pi04Y0O8eEO8epu0ENY8go7Kds2A/C0iMKbInAbB2:C9dWjO3Iji04Y0OiOIYlgn/CNlT1Hhbo

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.feibo.yizhong
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4241
  • com.feibo.yizhong:pushservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4273
  • com.feibo.yizhong:remote
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4341

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.feibo.yizhong/cache/picasso-cache/journal.tmp

          Filesize

          96B

          MD5

          8a4e797ba5f277be243fe050a5bd8b6e

          SHA1

          389b8199cff7f2953931ab2b65456c290227968c

          SHA256

          63c26cee8f626350c2083ea52ae9b8a2cd5162885e64498fd8a9292031f59d1f

          SHA512

          c846f526f98f69ff8793382d99b09f008472b6d962fab3a64b2c8206820ed8784bea93f10f6b4ae64e1a4d5b49af089f3ddcdcdaaa744eb3487b9d86db046db1

        • /data/data/com.feibo.yizhong/databases/pushsdk.db-wal

          Filesize

          88KB

          MD5

          52f40bcad55e0eca45703db59d2bc4b9

          SHA1

          8cf4f7710470ab788dd0a58c9823daa4f55e9f7b

          SHA256

          67c85052d5d91d67afbfd2335c583b660425435ee7a18576b6a990a1139baae2

          SHA512

          b39cf02c48130c0976926ec8d2548073f51badec8969fe9d4975e034bbb902f5b242935437f819e6b14d8c0d2892b679be90ab5905cc8e43b553f08b1b98a16a

        • /data/data/com.feibo.yizhong/files/cfg/a/ResPack.rs

          Filesize

          525KB

          MD5

          7e9c5c8da4a5477c0410bc2b0d2a9865

          SHA1

          322fc0bc448964411d39d4593f95544bc53a5e44

          SHA256

          886169e003e1ef9427177d6bab2a3755a854b307e39c5f8d2aa08f12c23b6ff5

          SHA512

          d2c934aae969b9e63c1e695a9358ac7360e976f644031590505e9fa7e73bf80c3e32b3b2666d18405da8e8fc9a88f92201fa4e8fec5de5be5445ceff8adf51bc

        • /data/data/com.feibo.yizhong/files/cfg/a/mapstyle.sty

          Filesize

          248KB

          MD5

          46a9f9a5221dbe4ff71bfcd2ee045c5c

          SHA1

          915cb3bc2f0096dede38afc1cd7f09c8782360a9

          SHA256

          ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9

          SHA512

          185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

        • /data/data/com.feibo.yizhong/files/cfg/a/satellitestyle.sty

          Filesize

          166KB

          MD5

          3f1348cd6165c9a66a9892565c917ca1

          SHA1

          96f0c939438c494cf3fd89246d458e92c0c7203b

          SHA256

          5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a

          SHA512

          405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

        • /data/data/com.feibo.yizhong/files/cfg/a/trafficstyle.sty

          Filesize

          4KB

          MD5

          ffe83f044c9ce66fe9bb874b15d2c859

          SHA1

          3a30050762fb62707faa857afb95bde08913ac6a

          SHA256

          8d88186b5094de3b8e7deb86038e991005097aadea668aea2d5d4c6e72d2c114

          SHA512

          902a739b86d90cc187fa7866f508c036dcc61b36419cd9578ff6345c2516f02f3dbdf68ed49e5402feeedcec45abf430997a2cbc8985c42e8354c40bb500fe78

        • /data/data/com.feibo.yizhong/files/cfg/h/DVDirectory.cfg

          Filesize

          69KB

          MD5

          4e9eab735928758b860e48b2f9befd7b

          SHA1

          7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569

          SHA256

          1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4

          SHA512

          c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

        • /data/data/com.feibo.yizhong/files/cfg/h/DVHotMap.cfg

          Filesize

          28KB

          MD5

          f7d59341cecca192173e14bc74e073f1

          SHA1

          7828feb29267982a0393f640d1e7c13c9df57f42

          SHA256

          bfccf4f9b263e599b6a92e612fcb86315e89409bce5b36b24a510d1aad180e65

          SHA512

          d9fa97df1bb4d0e824486d2c9d70041f61e89ad0546078fa417fac6ce434af588263f2b3e732548969cce52b81ae26388192e79d9b2fba3b91cf428775c24934

        • /data/data/com.feibo.yizhong/files/cfg/h/DVHotcity.cfg

          Filesize

          1KB

          MD5

          883c30365d5d377966125dd0c079debd

          SHA1

          d296ec1e3f4badb6e3e6166c1473fb55d4265761

          SHA256

          50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa

          SHA512

          00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

        • /data/data/com.feibo.yizhong/files/cfg/h/DVVersion.cfg

          Filesize

          86B

          MD5

          298924848d2517a508f43ff0cc51bd3b

          SHA1

          b9fcde7b86653ead6deb57280a6049cf87745710

          SHA256

          0b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b

          SHA512

          63b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342

        • /data/data/com.feibo.yizhong/files/cfg/l/DVDirectory.cfg

          Filesize

          156KB

          MD5

          26e4a838fadb348ec9e1cad5e5292169

          SHA1

          881666dfa6feb2efeaf625508f984c8065855e03

          SHA256

          1f54edde65dfed5af8b8a464ab000cf5df615dcc105172fe90bf5fa182642996

          SHA512

          cc055d3d9fd66fab768c33193e9d1c57c99cdf450c35b65bcd1b6cd19a876c2577d931ece596ca7fd81b24f7d92c4e55f5fcb0569fcd329edfd3aa715f924ad6

        • /data/data/com.feibo.yizhong/files/cfg/l/DVHotMap.cfg

          Filesize

          10KB

          MD5

          55f5e170f8e068c879cca9f453b9a247

          SHA1

          8808604b72dd5843b0bb3967f92a3c0a0a6cc032

          SHA256

          5ce49cea34c7aa6a57a4d632faafc7874acbe378e5da0c0c268ceb3daa0fe229

          SHA512

          f7ebd58d48d3daddad8c9628a97864aba14cf54d29655fdbe93240ef09ba888e0a45504aba90bbcb5bc1c1a68b9e1d3e1edad1be4cc667eb1ec9bf401ccf117f

        • /data/data/com.feibo.yizhong/files/cfg/l/DVHotcity.cfg

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.feibo.yizhong/files/cfg/l/DVVersion.cfg

          Filesize

          127B

          MD5

          d54b7b380a5ff46c78283013a07d8e0f

          SHA1

          f697c5f7028ba2679a96d6bc5291c38ff96d7982

          SHA256

          c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c

          SHA512

          ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

        • /data/data/com.feibo.yizhong/files/lldt/firll.dat

          Filesize

          76B

          MD5

          879101d51556de41cb85d17759084118

          SHA1

          7ed033923b5e28ef6ed107eb2c1b19a98c68df2f

          SHA256

          db8d96af9a72645d7edb0aa44b674b8abf0b991f1ed1c55f662564b3cc289bec

          SHA512

          f7c93e25d8b9aef683687499b8d2714989ccee82f285314f9d71687cc0bdee3126ec32c40347dc016cf8f03e9304560c0e98f37643f44d2ee2837515d7aee9c0

        • /data/data/com.feibo.yizhong/files/ofld/ofl.config

          Filesize

          235B

          MD5

          bd867ac812f8b47566c7e5261791a707

          SHA1

          667db86d22754a3eb86e5626963856ea74b6c62b

          SHA256

          0893921f9bdbcb7acedbf1dc3f500d644ef8aa8e11dd75792133dec3305e6688

          SHA512

          72444bbcc901dc1ffdc55b6210d571292f8ecdfd376b5da8f8df49388fed838a43655a78583978d5c7eb233bea7b2800d394f0c525c68673a8cb0b15aceb2917

        • /data/data/com.feibo.yizhong/files/ofld/ofl_location.db-journal

          Filesize

          512B

          MD5

          5edb18a609a5fa64e1c04b88a57916de

          SHA1

          3840370ea2bc4343aea8b0955e8322cc342ec74f

          SHA256

          0ce38f05706054924a28e091c88916411dfe09fc5c9a25d0f9702e3638b6b000

          SHA512

          3a90547b573421fdd836026ea0c1860f0cb9063381a80b49995315c794839e959e79d2514a3fbf2dad7cc1f7723a390555de86dc6313f0d8f0eb643c06270f9f

        • /data/data/com.feibo.yizhong/files/ofld/ofl_location.db-wal

          Filesize

          48KB

          MD5

          719c3fc84a059b3766d267a3a275161b

          SHA1

          85234b52c7e4b80589604b2fe86b0db63195a06f

          SHA256

          cf7afa5c804f482ed334be3d81e389138357e78fe4330b5fca6b059317faa64b

          SHA512

          1310548f8e8cd7635fd15d6cef97d97fa42601f345de23cca70780776a15f095a1895367e496fa450dc85f5ad569e2bf083c32bf444e952177a2bb447f7dbf82

        • /data/data/com.feibo.yizhong/files/umeng_it.cache

          Filesize

          211B

          MD5

          761db243348ce480c261867d20d28610

          SHA1

          dd7677052f628f0daea5f8441daa153bc4ba7b82

          SHA256

          839aeabac3f830cbd6617fbdef8dc4b4755a43f748d53b218099ae8f5d0d3df8

          SHA512

          5dff99aa808104eabc24cf0a64cc86b9703a70f4f25340a0bbab3061fd5a54a81df0e1ff4f99435e7c033ac4e9447db723ba2d112a08aabc825060af4ab36dc5

        • /data/data/com.feibo.yizhong/files/ver.dat

          Filesize

          512B

          MD5

          4445c88dcaf8e79be1894a4d4f1cb617

          SHA1

          8e12761547c8d234b6026c871a7d6dfebd8571bc

          SHA256

          236dc8b2fd03445a7817c416a7e724965bd051e28093d39f04af1c7f512de347

          SHA512

          81af35b4dfa55c6506fa6ddd674cfdae5104a8423f8b9bd1acd6d573dffa46c957c411e55eede90e12e9c513daca39cbff1875c75fe9de4b96762086d8e36220

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/conlts.dat

          Filesize

          12B

          MD5

          8d80bc8ea90e9cac010d3ddf97bda5f5

          SHA1

          f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

          SHA256

          f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

          SHA512

          9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/llg.dat

          Filesize

          24B

          MD5

          161557b06b4a4d3ce095528dea370eb7

          SHA1

          8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

          SHA256

          f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

          SHA512

          96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yol.dat

          Filesize

          24B

          MD5

          a936690571e9104e1922dda4a0ba5bd1

          SHA1

          65f49c57edde2f96be2a1dbdfc3f7351f1e66554

          SHA256

          f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

          SHA512

          3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yom.dat

          Filesize

          546B

          MD5

          3ffdea726a5aba48a6e6f19e75229c8a

          SHA1

          509de773beccf9604d915ba6928f7644717cfda4

          SHA256

          3912ae7b891631198ec817bcdab0a663e3e6986e5d692956c033fd83fdf3d2b1

          SHA512

          df78391f5e2ebd17da827e6a20048b876ec8f781ead2b1431f16e21b9fb019f0c57dd9a087f15318a68f00cbcb558347db3a77ca7df16b5f8a9c027f1564c022

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yom.dat

          Filesize

          24B

          MD5

          1681ffc6e046c7af98c9e6c232a3fe0a

          SHA1

          d3399b7262fb56cb9ed053d68db9291c410839c4

          SHA256

          9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

          SHA512

          11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

        • /storage/emulated/0/baidu/.cuid

          Filesize

          438B

          MD5

          6057076d2f3fb05235b7514540ca276c

          SHA1

          d6d26d7585ca439b45ccbe5faa0d29353b5a2c05

          SHA256

          087e60ce534d679c48e85c317d690507f68b89efa1caff396c64d3a9d75c9f5c

          SHA512

          d6a2542cbb295e652e09c5ccb71ab9e2f6e15e9366e81d20677ab93c7d2c0b9d6de72570bc3cf8026b73a6428ed8e989835c7cf723ecaf5fa1f4e924d0814c2b

        • /storage/emulated/0/baidu/tempdata/lcvif.dat

          Filesize

          96B

          MD5

          8350d83d0a9caf4e67b8291ddf8199dc

          SHA1

          b66fd251744afdb56560d0d352dbb2bb9a7c0ee0

          SHA256

          4c86a67c7df5c5f6bd6a8d9c0df69ad2eed78426f2411a2d381885fda81d5906

          SHA512

          9373465c05c291c6fd26609b16787dbae1446ba73a8728e1235ebf742ad8d9d11a504ed271d89f407c86f0347b96323baa8a204c450be9b50d50748c059b49c8

        • /storage/emulated/0/baidu/tempdata/ls.db-shm

          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        • /storage/emulated/0/yizhong/cache/journal.tmp

          Filesize

          36B

          MD5

          eb62d86fec4d82e18c875e869ebb8842

          SHA1

          7528d1a9126d1fb4fc07d8fe54aea4b6da6d1f6f

          SHA256

          849f0e9a8881ec3e0a6b83cdc4928d7448ef8ef20708c3a88f40bf61b1cbd670

          SHA512

          b4a6262b5a5af722ea81baf8c21333fb78f3321c4a9bb6e13423752fa6a130c89f9e0c2411e34363844d92534e9fc02bbdaa35a12af4fb2bd188ab2fe8459690