Analysis
-
max time kernel
124s -
max time network
142s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
23-10-2024 16:33
Static task
static1
Behavioral task
behavioral1
Sample
6fe2b92defcb570de6b937014cabcc05_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
6fe2b92defcb570de6b937014cabcc05_JaffaCakes118.apk
-
Size
4.7MB
-
MD5
6fe2b92defcb570de6b937014cabcc05
-
SHA1
63912f76869f39f43af2b5fea2b6e9274e81c254
-
SHA256
c26bfe2baa1c5e585583e38ff3017709b6f677aa2be3b65bce0dbde2a6c7e65e
-
SHA512
3c337248084bf37cd7ce7b241fc504161935226794ba0b630136abdc16b38a5ee57de5659913633cc5f3a93c95b5404ea36621e763368ebabfdfd95c6de6c6db
-
SSDEEP
98304:3IIWB8QMpkdHxQfas+AY33FBINqp1pD5U0/s6hMa8D43rQC/jZPe/Dg2BCUnN5kK:YyJpgmfoB31i81r5VPMhkorkNg
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.yingyonghui.marketioc process /system/bin/su com.yingyonghui.market /system/xbin/su com.yingyonghui.market -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yingyonghui.marketdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yingyonghui.market -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
Processes:
flow ioc 9 alog.umeng.com 34 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.yingyonghui.marketdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yingyonghui.market -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yingyonghui.marketdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yingyonghui.market -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yingyonghui.marketdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yingyonghui.market -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yingyonghui.marketdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yingyonghui.market -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.yingyonghui.marketdescription ioc process File opened for read /proc/cpuinfo com.yingyonghui.market
Processes
-
com.yingyonghui.market1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4251
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5b0b95f30fbf8b007a10773c0f2e61692
SHA119b63242a1a45098c53f207aa7c2ad3caafcfc65
SHA256ec1b04e6bfcc000cdf140650c976d765808c6a6e93aea886edd0a053747a1e7f
SHA512df8197186a2dd3b0e028edf9c67c1cf20e61ed406c0ddaed8559105e81eb695e25f0beb5509116b5457659437cf8bc0dcfa8e091baa9905c44fff04217f15b43
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD53f7f3d628a7cb6f49ad1b8a69ade02e5
SHA1de0d8889e41f12bb090349e2aa0d384ad4105789
SHA2567dd7beb6acd2603f89b96f2133e96fde9ebd6756b9b837f9a64e612f90de1c55
SHA512276808a9ab903d18ee03453991cea5f424e859106f7082d2cb8a878c93d8ae1907c46a1f1e02533f3c3997b79ba3a7a185473c9bd876000c77cff5a2180bd569
-
Filesize
512B
MD534e1ce34f5672a5a778ec379cdad1e46
SHA1ddc37310ff5bfac9504a057e5aa5c2ab1f7efe51
SHA256b77feaf0cd17b50cf30734199dc8c855d065220570d8fb30200841fb46333ec3
SHA51287ed5c02377a1a4dbc79586af18767e2960991d1f2fbadbc5eded9e6a54df0f56521b62c59782975e74aba4d21cf52bd70b0273bb52a8a02b066796878a8f4aa
-
Filesize
28KB
MD5d0822fa7bdb29ca16f8d32efb02f16e8
SHA175ca4d62b40401cef2c9f7625377d205bfb42c0f
SHA2560dd7723c43fead43514a5ef31b5056d0b5b7f4b38a3e16e7b29de6d6047e7fad
SHA512b5c086864c4e6f01bef95c31a7a5e5c415723cbb1e4bf593294c6c04631da5b68251fdbbaf4c77c6cb01abb7646762c7c837494605695aeea26d6f660fc235e7
-
Filesize
40KB
MD5057027bae8747dde649771f79251cb79
SHA12f9dea65ab7fc3e5eb8adda89bcdbf901fbb59ee
SHA256ef79b87afa74b1ccf128265d9b1c450ae4c3df9e160dfb5a609fb1e81b1531d2
SHA512a76547b6ea3070235e06896fc1e6f6f3019bff7bc5d749c3d9700352c7f26154abe871f5598866162523b584ac54dfffd5a24b53ce41d34228087864057bfc0d
-
Filesize
512B
MD5f921a6be67ced2a21439e72d92be9e17
SHA1128392c5c465172c88ee070c69496aa4c17ffd59
SHA256cf6e6da08380aa3b994a5250c9aff673683daaf3ab9c0fafba2f87c2e8e21e61
SHA512ae1b340d30cf6ca77749b92487eb2d3c25ba4b77decb0811747583a8ae86ab282e77d1ec73a84b12a4189512f302ef5f49248ad8927476086a9b98bceaf99d16
-
Filesize
422KB
MD5e31b555b452618e72a67de7755e81aad
SHA1278da7df18887bc3cc7e732951498e17f7932b76
SHA256e576ba96885e708a0cb32ca0121fbdcafb17688c42fc1382f70fbf8a5f4babd6
SHA512c9d728c19a213b91f7ed15fd109d0247350b369544990a7d679a75d3b9b1499547740a9f39307697ac1b30627c404a44bb1f41172a81352c1313bf5a4e24cabe
-
Filesize
112B
MD50ee426ca3d1d065544738f4a7d049789
SHA1e422ddec657061442a89c3f634e67a8763e760cd
SHA256eada2c88fedc49d5e0096ac5694591ca7666885d0f20f53d69817b9b77d56253
SHA5123241a5daeb47f750f3e4d17e8c6ffdc4657695d041ef6bdcc2fd56454d79a3c9ae75f159dfc8244eb32240bf05e386e75dc37fba0528ccdb071e031c9f40e987
-
Filesize
465B
MD5f81fdf3fa80890c6f37e5331133a891d
SHA1e6d85afb102b3d96da09f63d429fb551d9fe9587
SHA256202db324025474e3f7744d51e7b14a5bf3efb1e5c6390fac22a362112091c646
SHA512359b28ddab6561209f877f5718d2f196cff25b5362134ac1b6be40dc739c90a25d4e5160392768748cf6ef7c5bfe18f2ed1831aec7a8e002e66aecb193859aac
-
Filesize
131B
MD548155452efe61b4717a03a7f2e2425e4
SHA120ae30da3e3cf63450c3daddce2783c55e094615
SHA256b4c15918a21232f19d7e3962d1db81f5bfb235e7cda07ae78ff898ee72f65a5a
SHA512f2283adce015eddaaa51e6389a49fc4e686385815e11518bdb3d4ab7439bda2cf464ce3ec3723805b8189392a3949590ed1e05e2ec9d0dd636d26288129ca410
-
Filesize
150B
MD587fec76a4c49aa3030e29c103361bb70
SHA14159656eb240f82e25e24444d130ae782f59e2f4
SHA2562c975626274d00f231db5ca2a779bf0c399a8a4dbfe1d9d07b00f7c8090535f5
SHA51238a38eb8b8a27a9ca2edc8dfa2bb5cb84909545cc6c5c4f5c784d194ba8636743f59d428087cd9aeea2cf2f3e4766916deffc5ca22608932a31311ad375ca045
-
Filesize
162B
MD53d76d2d4bd5dfb30dce2128872762c5a
SHA1ccb81c7acf56bfb8ba2289640d1fe8d942f4e7e1
SHA25658d8152adb88a569fe1f67fce4b4dbf34b00b7438da4bc58a6fcfdd3effc4ae2
SHA512f3e70b0981db177b1d7bc7298e27f27476dccd49b3e86b6bfa88a81aa76377b34f6fc026b6aae9afddb17436801f2314e18d0d15b55bae6bc1820ec7e2e1b1c2
-
Filesize
643B
MD54b5184abf0c189dbaeb41fc2abea58ad
SHA16e3bfbafbfbfd69c41113817a7f64c9f0223a272
SHA256da65568c29fc91c15e1eb59d7e074a3ffad0fef4a2466d388e6c754c44a6ac16
SHA51256e4a57cd45acb483af6fac95412ac00eacf9f7d07ae8b735f30c1741db33529d14afc06f17c55c1bdc5a64e0f2c41df536712e60fe99c06345cf6fda7504446
-
Filesize
211B
MD5873e35fa51e8d291931dd0c068e0f18d
SHA1462212c5c2d97ae70536a788aabb118d91380767
SHA256d03894fc7b4eea6398014b6c5752d2b443269cbd99e9fba3a7878988c5977607
SHA512d9ffff7b9ad205f1d036ea4d2ff956483a5032591af0f3e3dee2792c362190c685985740942f0ce2a87bc3dae770596e6003312d677e4ea6edd06cfeb0a2e5c9