Analysis

  • max time kernel
    135s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    16/10/2024, 23:54

General

  • Target

    4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk

  • Size

    17.1MB

  • MD5

    4fb6927b3601ac7a98ec2cceaa115474

  • SHA1

    398f29ee0bd5e96e9e618c73c25a72ab01075172

  • SHA256

    d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1

  • SHA512

    d86975828a245de4ca4ad54ad5c8215816a3315c1e70c4f1dcc37a39d776e3994eb87c4a3446299c7ef2933176f52c930a472f1a217fbfd857ae28b705a5827d

  • SSDEEP

    196608:aMAUyIsdATjO8eBjxpfwdk8pi04Y0O8eEO8epu0ENY8go7Kds2A/C0iMKbInAbB2:C9dWjO3Iji04Y0OiOIYlgn/CNlT1Hhbo

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.feibo.yizhong
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Checks CPU information
    PID:4360
  • com.feibo.yizhong:pushservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    PID:4399
  • com.feibo.yizhong:remote
    1⤵
    • Requests cell location
    • Queries information about active data network
    PID:4498

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.feibo.yizhong/cache/picasso-cache/journal.tmp

          Filesize

          96B

          MD5

          295e29cf91f97caca2fc29f2e75376a3

          SHA1

          a9ca3fa80ac9b2590ed590365b045fdc9e8c98bf

          SHA256

          f2161b4b655008dda0957347ddde1dfac07203d51d1808f2df968773984daf3f

          SHA512

          0010aa369fd8ffd140bef281fedc742af705cd2a99df671e1913a43df6c8c4d344bd51833588dd8d27e505d52f09c2d5245c2fdf8dcdc667bc4a77d1acceb839

        • /data/user/0/com.feibo.yizhong/databases/pushsdk.db

          Filesize

          44KB

          MD5

          d6bf39c0754d2f6200557ef64fa852a9

          SHA1

          43ec3de61f43b703f0875773b5e5c78c16561022

          SHA256

          900b127a967e7f6f349a0f350e622f20abd2b89c8071036f8ebbb2dc4e185340

          SHA512

          fd58989338fe57590a67a39aeb5fd08230e8b87132c88d951b034b21e1196007b591a0c82098e8a94662cb6ad8accf292839d3f8eff5397313de7602d6bded6b

        • /data/user/0/com.feibo.yizhong/databases/pushsdk.db-journal

          Filesize

          28KB

          MD5

          f8df032b186b8daec21b955238836997

          SHA1

          6670b787d78d0391ca067ee9d89c1fc99ab248b8

          SHA256

          0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283

          SHA512

          97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

        • /data/user/0/com.feibo.yizhong/databases/pushsdk.db-journal

          Filesize

          8KB

          MD5

          bf5732f3cc5d0975fd0ed3bb724d86e8

          SHA1

          d970e8b2382ed4bc22a59b129700dfe8505ea6fe

          SHA256

          91f246cd893f498e5b5b3a4a4da653ddb228e660d371a7d434b1cc6da0a646fa

          SHA512

          73c09e0e1fca1936ab84155f07a82809aa913bceabd3f0e4cce526499d8a69072ca8592dff0d8c6edb3b0036e2a169c9e376efa90ef327f7c0c87dd50b4ab854

        • /data/user/0/com.feibo.yizhong/databases/pushsdk.db-journal

          Filesize

          12KB

          MD5

          6cd63654504b86ccc7c7c87dc3bde98e

          SHA1

          007488da78856255d572c4368d14d782e0e2a76d

          SHA256

          c387eba5d6949827389efeb265cec93a48cecb08b706368a107b16a8820dcf36

          SHA512

          f38eab93894a859f0b31388e1ebd8f8ec45182b6d728e9a57f2de5f3f28e56ccb99a81baeb4afb5f74816828cf29a0b8c87f33b059a372eb49476b2e2eb0cc83

        • /data/user/0/com.feibo.yizhong/files/cfg/a/ResPack.rs

          Filesize

          525KB

          MD5

          1286e76d616974e76a3643a3114af65d

          SHA1

          978e3456e210d4629b71d63743392695c47e1cb3

          SHA256

          219d9e84a44aa5fa66da56e153c9b38673e996bfcea69966977208ca6bdfffc0

          SHA512

          d9729c799b36a7312f2fd54178ba3467ab924732e2f2b951ced40fda79a60aeec4d90beb7e7ed218dbf868e9af242865bdec12aa5613d36bfefba242a53e6712

        • /data/user/0/com.feibo.yizhong/files/cfg/a/mapstyle.sty

          Filesize

          248KB

          MD5

          46a9f9a5221dbe4ff71bfcd2ee045c5c

          SHA1

          915cb3bc2f0096dede38afc1cd7f09c8782360a9

          SHA256

          ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9

          SHA512

          185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

        • /data/user/0/com.feibo.yizhong/files/cfg/a/satellitestyle.sty

          Filesize

          166KB

          MD5

          3f1348cd6165c9a66a9892565c917ca1

          SHA1

          96f0c939438c494cf3fd89246d458e92c0c7203b

          SHA256

          5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a

          SHA512

          405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

        • /data/user/0/com.feibo.yizhong/files/cfg/a/trafficstyle.sty

          Filesize

          4KB

          MD5

          6a86f30539dfc9332cd235fc48fcb62c

          SHA1

          5c202003f6346edb85175b8df7c460793f5512c6

          SHA256

          34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f

          SHA512

          f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

        • /data/user/0/com.feibo.yizhong/files/cfg/h/DVDirectory.cfg

          Filesize

          69KB

          MD5

          9e4145050ad63c003ced385ad1fd1e15

          SHA1

          fcb4b897fe91f80fe069d4e2c5afd32745859474

          SHA256

          1a11dd1d90c3cbd74e0f06173b6ad520db0a75f132cfcc56c01b4fdaa1701c28

          SHA512

          89c215b24382882159d97262ba01dc03de6d90cdcce967ced4e33264fb9c16fb8b57b40aac572b1adc4108df07ee8e46f8072f1646aeb5cff4ce0a1a26463247

        • /data/user/0/com.feibo.yizhong/files/cfg/h/DVHotMap.cfg

          Filesize

          28KB

          MD5

          4a5738275ba2210055579a5cb2b8f245

          SHA1

          8684e24b58caa38f49e0e3dc58722d542517020f

          SHA256

          16969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef

          SHA512

          768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488

        • /data/user/0/com.feibo.yizhong/files/cfg/h/DVHotcity.cfg

          Filesize

          8KB

          MD5

          f26f25b3d8f199c763a64445d2fd6a26

          SHA1

          8adfa6d846d455993df459049a547d7ea4138a45

          SHA256

          5e9eadee0da357460553f076414e9ded212deca90c24cc48f1cad2913b15feac

          SHA512

          fd8ecc438cef3f415a5e16c710a27b44f6ab6f567e033949f57a5a280e47ed61d701fc5448d3ba8073816c8054b72352fa12d70765bf28edfd18984cb2e06c66

        • /data/user/0/com.feibo.yizhong/files/cfg/h/DVVersion.cfg

          Filesize

          8KB

          MD5

          dbb3f277995a1569270e6bf107d230b8

          SHA1

          c4adec10b015b5a9298ac50d39f4f82bd5844f07

          SHA256

          5e5d3ff1df5d19a952643c271617ffb18aac10f37a8ef17f22964006bf036d9e

          SHA512

          169aae782be14e09536b9c3a29f1f4fa9e76c374fe3dd42ed3d8ea396f1b41311257b24cfe5e17c99e533af1cea6931c530b87bf30a7b3ae8ba3ea5cd27bb922

        • /data/user/0/com.feibo.yizhong/files/cfg/l/DVDirectory.cfg

          Filesize

          69KB

          MD5

          65685a117c72fe8fbf5a92b07073c99e

          SHA1

          b115b527f74e4c291edcaab19b316a446aca8f5b

          SHA256

          19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8

          SHA512

          e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

        • /data/user/0/com.feibo.yizhong/files/cfg/l/DVHotMap.cfg

          Filesize

          10KB

          MD5

          dec0840e55fea03ec61038fcea390fe0

          SHA1

          faa917ab7c5a55822274e86cd099bc0a8d873057

          SHA256

          ec8af3d61b6c9230a276b381adaa79fe132f77391307d4bdb78b20877518d036

          SHA512

          4246416ffb0dad05e0017d1e2ab0aadcf41daf1697a8964a024f75be07ac16b86083de852bec7146f8dd17090cd918a1c55d35096fdb8d6567634e1b31f74032

        • /data/user/0/com.feibo.yizhong/files/cfg/l/DVHotcity.cfg

          Filesize

          1KB

          MD5

          1c6abcbbd253448057930ad1cc59ac75

          SHA1

          a5845d1c4bc87b8b4785b456d76edcb8309eda4e

          SHA256

          a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136

          SHA512

          71aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631

        • /data/user/0/com.feibo.yizhong/files/cfg/l/DVVersion.cfg

          Filesize

          80KB

          MD5

          cf2cea7e9b08ffeccdad60248f536765

          SHA1

          61f97840aaf57a7d1c9ce994a5176ccfcdd7188c

          SHA256

          b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1

          SHA512

          c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

        • /data/user/0/com.feibo.yizhong/files/lldt/firll.dat

          Filesize

          76B

          MD5

          a49e31ef1f8f98b5b9314f63d8a8bd28

          SHA1

          e5f9fe9db80743d04368d84a49448dfe6028116b

          SHA256

          5e33330cc805b5b87dc0901f77dddf2cba67da0048c5a6a820044c5b139c0e1c

          SHA512

          76fc692681f8f71da66ae0e28ccac67fbc155291680abfdc44253cf1b2418c83dcb38f07ceda84c637d09fc169c97bd384541eba4018fcb25542ca059b84669a

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl.config

          Filesize

          235B

          MD5

          07674fc744e677ee0ff687eb31578fec

          SHA1

          dbdf478b73ac2972fba51b65e97e8c55fcd40e42

          SHA256

          40f17c80c4fd3b5580a8ea1e0bf4dcb77fb70fb56305726b94fb939230c38d89

          SHA512

          74e139ee355e48d108fd18552723ec7ae81283bbdf3d0b51a3e9faaccea7208165a649dcdb23c21cf0a2aee3fa51ef36f8993a9b03e1638427678221a22fc759

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_location.db-journal

          Filesize

          8KB

          MD5

          e5887f7ab0ba3cdea40223dee8e73858

          SHA1

          857c8484c7704ce10f77d3cf354ce81605e3a50d

          SHA256

          85a54d96c5ce69bc7440a2d64bbf568766ec2fbefdecbca72412903ed92183ce

          SHA512

          9002761f848a4e1a97c62334e225943961d315ded29ebd49ba3904f005e14c91d3e6f2a83bffc67c6536395291a897d341448c77fbdaf2220ef8ea4224db4830

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_location.db-journal

          Filesize

          8KB

          MD5

          6deb20d802270ef8f7c3c4e485d9235d

          SHA1

          bc806993b71ce8789c4685ea1bd2c35875ddfcf5

          SHA256

          ac45059b38c8bbe9221497570d58b11091b181b2e967b6a6a62cf823182a94c3

          SHA512

          f05826d359625990f36ed79c1833eb47e881956b3a1e16a347f6de31e92c0b9852fce7a0bf0abefdaa63bbf082abfebbb32cb94d681f3c50c47ca7c80090cd1a

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_location.db-journal

          Filesize

          512B

          MD5

          449832116524c14afa3c50afac5b2a62

          SHA1

          78877d2128f03029a4455cc6fefd0b265b588c22

          SHA256

          91a27495ca0dadd072a156a4028028a54f89054951a8ba2053e5f6524a3295ed

          SHA512

          b2a7e6d204a5a5c473000914fcb81cd032c8bcb225862f6c2ab05acbcd36a30b94fe051bc0a898d245880d5d121267b9d198dba0ca11ab275021b1b1392ef98f

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

          Filesize

          512B

          MD5

          31318983c987856766f9030449e45210

          SHA1

          4c3cd9cd8f53a49e3e5cf97766868bc381fdc00e

          SHA256

          c5f16cf29428d327f40f9cc1ff57af3e0a74cebbeb5acfd177068512dda6fb34

          SHA512

          ac739961dca585024afbe147d561c385ce0a4339652229fc97698dbf91e5bb258ad645ce1929e906673252fdf39bbb49ab9615bed54b41204bebb13c13873ba2

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

          Filesize

          8KB

          MD5

          c341bd0dd9587d71f36aafabe2d1ee09

          SHA1

          39e818a794695b4536311f5b91f657a116e53907

          SHA256

          55fda8ce6cc3a39873822773df8bb5690494d9dea18c9224ec97c1d7f21f6c29

          SHA512

          71ad42528d1cb22402cb56fc8e3b7591714274e9ae3c581613163c4c978c6b7e30c5684d1cfb25e26848615a1bf0122fd6e0ae4e27b662597fd88988d3cc0cdf

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

          Filesize

          8KB

          MD5

          2cc2c15f66650a558f551251c7b8335f

          SHA1

          7238c905e3ab1cbb69e08d227756ab08c3f4e521

          SHA256

          d1a2c4f260095220a6879a963704eb0ecee93c16d474f3778c50d6241753f49b

          SHA512

          97eecc03b9a2247d6f55e22d309da8d1bb29c74f8818bfb3b82c4aeef03ebde28f10e3d9e8e60f7cd798c966267ec1ecf883b9e2d956b70c84289b6fdf105c4a

        • /data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

          Filesize

          8KB

          MD5

          3272259d1d2693b4372176d824d4296b

          SHA1

          d76e768f05871e4da240e74c77a97948ef77f50e

          SHA256

          6448b441d75ebc7d2ed19565e9e687b5eafc30a5aead03dafbfff5b8da3944d1

          SHA512

          2df570e66f190ba3d824ae731ea656aa692ec06261c5e275af35a5bd5dfb4ce16f785d878e92c23326bd3658d37573a57d3d0b035e414ba07959ebe385814000

        • /data/user/0/com.feibo.yizhong/files/umeng_it.cache

          Filesize

          148B

          MD5

          b7e55eaa1f8b788668a6a83efdfcf593

          SHA1

          68314fa05369b4dbe84454165c0f8c5760d169b7

          SHA256

          1a5e5c877353d0264f3e94af859cc4da57b3046c75554ba4709887c54aef786c

          SHA512

          d9921634ed86d1983ee1bcb2573fea1bc81159a20b8801167eb5b513a332bb184dbaddb76928f40468afb64a4cf03a62dad1498c038a7976dc2983da918a72a8

        • /data/user/0/com.feibo.yizhong/files/ver.dat

          Filesize

          512B

          MD5

          3d1b99a108cfbff4713bf1d858a0bc56

          SHA1

          77393649005d5b2e993d85f5fc6480b0a9d7c527

          SHA256

          c547e039908cd5b5527169c160ae26b90a3b1c6795f984ee71d951233bd51385

          SHA512

          1f230b1604f105f61a1ec0f3e18253cc192a864082aa6079236bafd6f30acbc0164e6334068fda513e21377e28fdbfddf2bf6ac14e5a7eee45e6e1b099c598a0

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/llg.dat

          Filesize

          521B

          MD5

          31a94ddcce9d64723a001aa0c72e39f9

          SHA1

          0215e5317ee36a565aae69e7e18062d553806b72

          SHA256

          45df306e688e667b1b92273d73e5fb76ffd31657bed2f8a96ae3e6f23f8b3b10

          SHA512

          a035dd5ba9e7ff5bd8881c05c03aba660e1d7a4eb85ff26c515a762cde4c74891a43e2626a11b67ade89c3e06d5f5ca4d44125106c70a8a9ec281c06a4cc15e4

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/llg.dat

          Filesize

          430B

          MD5

          14a318c1a115d024ca516c7829b4c753

          SHA1

          6fe594e38d5618885887650df27a6a355a3c8b80

          SHA256

          6175586f83035a330a1f66b3635fe3099999161aa1f86b4d0a8dcb8bfe52ba35

          SHA512

          8efef51931fb0ba6cbe7300a9ae6507ae706fb1933622e324938c69cd43c9ec6f1e702335cb77c3df3efbb294edb6a5f64ffe52772f86fb3c1d2eb32773d4ede

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yoh.dat

          Filesize

          24B

          MD5

          a936690571e9104e1922dda4a0ba5bd1

          SHA1

          65f49c57edde2f96be2a1dbdfc3f7351f1e66554

          SHA256

          f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

          SHA512

          3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

        • /storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yoh.dat

          Filesize

          24B

          MD5

          1681ffc6e046c7af98c9e6c232a3fe0a

          SHA1

          d3399b7262fb56cb9ed053d68db9291c410839c4

          SHA256

          9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

          SHA512

          11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

        • /storage/emulated/0/baidu/tempdata/lcvif.dat

          Filesize

          96B

          MD5

          5477187e90008940c015b9bdbad614d0

          SHA1

          bb4ee68a9e9f7d1eb996f46ab3774b6864895924

          SHA256

          1b470687188afa873bb7e6d3dfa15c8637bf2da62fb801c0ce9ce295bd1fbb6c

          SHA512

          c22a37297a23f62cc208bbeab7e493c77416523933624adb1a797e4e1553b58ad80367755c1b6d9701de4be4c804753307f6b5ca6e3c07d947ad9c09c15e0950

        • /storage/emulated/0/yizhong/cache/journal.tmp

          Filesize

          154B

          MD5

          42d2ed65ea3ebdf604ba1b1127e1882f

          SHA1

          2c91b670baca73c8874b3827331731ab57325612

          SHA256

          0ccaec198e8d1b50268ee8f5000b530f932c4eaa61f51694cb1bb4cab5af4958

          SHA512

          da10a92d6325c94b627ada59e7e5cad76647466cdd87b7d98cb83f67dcf8a0208d864bffbd16edc4060739f485e6fc13659685855af58494ff3555a9c88051c7