45f6c87ee826ef1c7c29669fb6c1442dddc77cdb4c6b78ab1f1b952364fffdd8

Analysis

max time kernel
137s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
31-10-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82716f933a2483d49e9a3c086efed099_JaffaCakes118.apk
Size

27.9MB
MD5

82716f933a2483d49e9a3c086efed099
SHA1

97de15fcd39880ca546b7466f41e0d00b388676f
SHA256

45f6c87ee826ef1c7c29669fb6c1442dddc77cdb4c6b78ab1f1b952364fffdd8
SHA512

5865e2683bdfb241849fd28371add4c9fff00c6dc0990c423f7d7c5740c5df3d516627f876ec21dd199b186b9db17a504c17b89f84f54d2d22684dcacec96de0
SSDEEP

786432:uSt/eDktX7KM7lNhw3mu77X+nTP78jbv85:u0eaXdA2u74TPgnE

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.j.hers
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.j.hers:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	cn.j.hers:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	cn.j.hers

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.j.hers
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	cn.j.hers:remote

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
46	alog.umeng.com
15	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.j.hers
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.j.hers:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.j.hers
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.j.hers:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.j.hers

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.j.hers:remote
Framework service call	android.app.IActivityManager.registerReceiver	cn.j.hers

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.j.hers:remote
Framework API call	javax.crypto.Cipher.doFinal	cn.j.hers

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.j.hers

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.j.hers
File opened for read	/proc/meminfo	cn.j.hers:remote

cn.j.hers
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4234

cn.j.hers:remote
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.j.hers/databases/hers.db-shm

Filesize
32KB

MD5
3354c35493cb52291a5507e9e8aa3d41

SHA1
ff86fb165788d665cbd619f1b8f6905207e7fc9b

SHA256
613598c9181429548f534e6ef65ce67a1d8b83ada0ae956ce9e14e7221a5e7a1

SHA512
2879656d35b7bb32394a40218f99de0dd66ab898cc4c08dc7eafa24b49f5e053c366984fb3a755dd0fe580e077cf9d7d49dce1da970e6ff4ec57035868f052ea

Download Submit
/data/data/cn.j.hers/databases/hers.db-wal

Filesize
48KB

MD5
1fe222ec1ed9f92d277646620fc8afec

SHA1
7fa6e716f88d3dd7825ab4ed4eac653a8a3103e7

SHA256
e06318e9525717ed373444edc0a3c43cb72ddad6b95938c9b92be967a806d5ef

SHA512
1b7c1df2895c2942c2f4dc8d703c8f0070450a386d5e104941f216e7b9e56436045ceebfbf1e1abeee5ba4a9d35f10551bb3e20b9623a816299354873e399ebd

Download Submit
/data/data/cn.j.hers/databases/shoujikongDownload.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.j.hers/databases/shoujikongDownload.db-journal

Filesize
512B

MD5
b15d2ae4ed059c7c9433cfcd7564ccbb

SHA1
05bef2ca81ec752fcc1cbe9269d7b1608a94695c

SHA256
a43cc0161fd817e863734df8773f1b98012af35d4116144b2b0c8dceb8ddaf76

SHA512
918bd842d1be5047c984fd360f25fc42d5bb05eb7ee500cb9dcd021a06850996e382f0697bf8d2b0d76ba4cbb9a00e4a17ae7f64fc5955f23d2e7f9d9c150241

Download Submit
/data/data/cn.j.hers/databases/shoujikongDownload.db-shm

Filesize
52KB

MD5
09228397dbfc003018553c37c11cafc8

SHA1
83fbdb4b13512abd0561f91429bb52552b170a5b

SHA256
d0ea7e617fdd956284dd95992f35d1bd0f307cb711d2ad4bcc9949dcf9aa0f7b

SHA512
03c7a2a508d64a9e6128c9da67920ae0c75e956b779552ffa4be1622398271a5899365bdb895057d37e043ce736af760657fdbb4de551363fa31928149c9ca65

Download Submit
/data/data/cn.j.hers/databases/shoujikongDownload.db-wal

Filesize
36KB

MD5
c583068fde7aae07effc28e63074b11d

SHA1
f7b9c8d4e7819a1644e747d664bdd61111d38aee

SHA256
c98d293017635effeaca289b90b969a39e09ea2d9934bccf714610e3c40b356d

SHA512
95e7440b921f8129e185bfa2d8cecaa5701727aad5c9840acffcc7d0e0fa9a18968c7847cbbf408502ee67b54e141060abeadcd9e7094a26c90ae3f992222610

Download Submit
/data/data/cn.j.hers/databases/shoujikongDownload.db-wal

Filesize
32KB

MD5
3d16dc340f8de4884c64ebbbe6525b49

SHA1
a2e2f31db3e576c059705ab61fadbd127ad8bac4

SHA256
f990e5f488823e733ee774c5a0e84439705e60f6bfc1eaeb677a5d8d0ba4d615

SHA512
e1a496cfb5b1f1aa9bae3d11fa6ec2a3ea15cd89669dd91b63a34b188ca3062393ba0f448c09d69231d51645375b6a660abb03043f73307194255f38c01f1a66

Download Submit
/data/data/cn.j.hers/files/haarcascade_frontalface_alt2.xml

Filesize
817KB

MD5
1fd6ac2fada1e42dafb129232c708447

SHA1
b2dd53a633c2681a68798ed5a125ea986a181526

SHA256
e356605b9a9dbddb31c1d0f9806bca278f1ade9a73b0fcbc0e946680c9ad1009

SHA512
80ad6c9aa4baadd5bdd221a510c73ffe73976fdefc5bba49e2796e2b19cc065487cf941f8097f937e11e8dc47722f666b680fe0d51ab0e16f97882f11c25daf5

Download Submit
/data/data/cn.j.hers/files/haarcascade_mcs_eyepair_big.xml

Filesize
349KB

MD5
caf280a6e8d4b530315232583040cfa1

SHA1
76254527a89002e0b8a3d9be5b9d88df45544e95

SHA256
a86118c39ad728f89792b4936b001e32005c8740cfcb2376a3f0d3f3559a78fd

SHA512
3d3c225a53135889013ac5b8f67aef0a627db6a3c53f52fafb28fc1c79f6e3973075d920147917b7cfb174471663367dea1992b782e734fd82b63381e31fb50d

Download Submit
/data/data/cn.j.hers/files/haarcascade_mcs_lefteye.xml

Filesize
782KB

MD5
e6d1eeda8a6f8ba73f9852f449f7a79a

SHA1
c7e4f5b66167cb92d3ea9e6f98fe82c3d272f956

SHA256
b87446640b8720554b3e49901dd905aa61649124fd55eeb5bd6bca45e9c01d61

SHA512
19795b52457d862ca98ea77261187e275e3a450a4d888c38072375922f2e0d2245f089e951b9bf31d62569d0f323a8f15ee458e339df032fd753b28c0a7d53d5

Download Submit
/data/data/cn.j.hers/files/haarcascade_mcs_righteye.xml

Filesize
1.4MB

MD5
9e06e0902d555821d40260eb48528d88

SHA1
6a9c00a8998c285165dc09e3dfeaf8fa25166e17

SHA256
b309fbca2e2ac5eb21caf54b666682178544cd99b2e15f556c951992b8e00c9f

SHA512
eced804e0797738508fa1df5bad529502b6307580cdaa99469a265efbe46400f764c1cdee9f6e62a78342e812c0ab365ef65e1b142955810ae2a44589d6f9b77

Download Submit
/data/data/cn.j.hers/files/libsecuritysdkx-3.1.27.so.tmp

Filesize
383KB

MD5
921ba3c1060058f9bc17075456d03305

SHA1
5404db66b8273d987660425818d1000b362977dd

SHA256
774f34991cd31cf164ed9ac6d4de5160ad253fc35c978d5d10570279a15cc1cf

SHA512
0aa041687bce3d66891c2b5bc458dc9b1969bf9d7060971a86e43a912130f985728640c05b1703d099982737d4ceb5809b8b9467bd57e282b9248deefa822d16

Download Submit
/data/data/cn.j.hers/files/lldt/firll.dat

Filesize
76B

MD5
fc5ebe2133e94bc66af951ebd2a81829

SHA1
8ccc78fe2e27f85584d9ab02d6595ebb24dd7a26

SHA256
338c5ff7ae4135b185c4c15c4d5f6dd7861e2b768e36b611dd8dd4cdf67c89af

SHA512
da4f530a3e75cdf6305a62adf948b29f409361c25d536b3ab95e4ab0e3394f121654f5b2316a60f88f86295d4e5751a607136d4083b57d5c72968ce63883586f

Download Submit
/data/data/cn.j.hers/files/ofld/ofl_location.db

Filesize
4KB

MD5
f80b9bf353c636e81ddc88c37d7c3a2a

SHA1
08aa1d1b1930b0406da725693e5cfbe971b515b5

SHA256
1401c9953fdb8ccf4d6bf5856910f7480e55e4c24c8874cadc34fe9302b362d9

SHA512
62fb9fa8509c99c09995c602e248848d163acfe97d7a1107e25d0e0c478704a6442445910dbefff34a216b5db76c2963a2f2a5b3570a593b89b398ce9dd5de2a

Download Submit
/data/data/cn.j.hers/files/ofld/ofl_location.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.j.hers/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
2f7b562fc57d6f2f6b054a8cc7b50fb8

SHA1
1a70d5eb4f33c5952d429fe302172aeaa3b47034

SHA256
b15b9c1a2625aa3f5dc8225d3c0c159d4657189bbee6e8dc1d040a79179284d3

SHA512
d50a711c1ab7fe71b7a28d301bbbf60256d987a61cb343abb163dbe0646bf20fcf8b9f7a476c336d08a09ad072e4d1c26f4c3ddbe01a46d5a9522f8458ec1f89

Download Submit
/data/data/cn.j.hers/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
e537b132519a24cb8e0002b63cf2712a

SHA1
27a75881a49fa850492c1b51787e705fccb5cf30

SHA256
0a9f9aacee4819e2dcb7dcff6bb7ce0e0ba52da651b636099e82aaef1209a80d

SHA512
18309df5b0287bcddec855966b60687b349730eae0bdcf40499c9b1efb74af4abceb15b78be5ffda9bc84b452da7b71065111468b3d25adfd31415f4ceb9afa3

Download Submit
/data/data/cn.j.hers/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
d5558fcb2683bbf60e3f64229c6abe43

SHA1
77994b13633161f2c9273e09841cc9579ef3efd6

SHA256
21863289097ec947f439bcfe00507cefdd6b4cfb7e16f98dcd9c1baea7778955

SHA512
5a3c81178548beb4c3cf0edbe1196ebb71859805364467b9373b595139fef3f4b389b7d941543cc5597c2f0c7e106d73756034b5b573fbd52e9791ea7ec5ff27

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
383KB

MD5
4b97df244d8027c60fee624355e1c59c

SHA1
565d81dccc3c53ad6ec3a63abcbd57b63beb4248

SHA256
e428013ebd9d991a22b459c4900e59856f713b09119c68d9d0a1428ed66ec44c

SHA512
b193a46ec6a0d2184b6bffeff2c5e01e86d0e9ec201ce8da9f3fdb716e9330f084e9dddf583282d4bfafac3e058619eb748dc891f52dd6f3750a5c5cec50e27b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
a96974cc78c675ce6f460fcadbcbe191

SHA1
6b38ba8cd0380f3977fbfdd02dacbfe6a671b89c

SHA256
a75446522b80103cf4e521aa68e5de151f2b131fa4320c9cc4915084ee8af452

SHA512
405826afeeb12ca2eb65cee94b5156b304f52b76ada84d6eaab4a048d1f6d31368cda01122f61b753f8c35be7d0228b0d1b0d3380c5a9dfe35df32dbe298f689

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
1d01e0dcf7ec171dcbf2a43d9a25d16f

SHA1
574e584e57c66b6c93fd2782a71c9afd1490d59d

SHA256
d14cce6f7e801c33ffd2136ff6111fbcdd381a27f021b82f91c54413aa049bb2

SHA512
34a1efad5f25cbc8aa288fccf7dba34b4268df6faae1e393ae97afbd01f5aac71d6b23ce7446f52fd3a6c8dd27c74439a2c4e987d9b980d3ecf5634e837e1caf

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
05610e9215e6299d8878713503714644

SHA1
c2b0406346834425f5f0826cc3260d6a728509c4

SHA256
f45ff7f5e26eacfd2d800fa41659ab8f5b26fcdaf299e5b7f077ee99a53c81a1

SHA512
f0f496796dcb2893f90cd0ea14a86ba5abaab49efefe503ea70bdf92bf7827dcf2b1242ff9318d39da82f7d1dd8a33dcf7a0baace3eeb4b6e953546b109a4c65

Download Submit
/storage/emulated/0/Android/data/cn.j.hers/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/cn.j.hers/files/baidu/tempdata/llg.dat

Filesize
137B

MD5
8199b75e895e303d5276523669a28612

SHA1
c81379b9b219b7f6b79e69dc034490257f64bad7

SHA256
e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a

SHA512
abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
512B

MD5
5f58531c42c1f67238ee1c344e9ac2b0

SHA1
a543f3bf2f17fc179152fe3bb06668b577aa27f7

SHA256
831708fe233301bf6d269b575514d86997ca92933931c91276e009a90f621b50

SHA512
0f81cb90effa61eaa4edb44d514c1affaa0f6c01fe57f3987067395b7b7f3eed277b1f02e8faa4e5bdd533ad656517d5e7849f6dc764e6190d737ec471c083f5

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
32KB

MD5
7502a79dbf3de2cf5c3d8f0aafe71e42

SHA1
34083c18f2438dd3d3c86f7fb2d1e02d06dc835f

SHA256
2ebf0aa38c6292d772d53f263d2418b25875e91dbb999cc5ca524eddb5714774

SHA512
4887465ec30fb9bfda75013be86a4137dc112d993875c07b5d6b1250f0be0b539f13c3362e54f7979e890dacff6549f282f0fc022c950a98f73520e76fd5b4c9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads