Analysis

  • max time kernel
    125s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    03/11/2024, 02:20

General

  • Target

    892896e8c9e68db8535e0a16b97341c1_JaffaCakes118.apk

  • Size

    4.8MB

  • MD5

    892896e8c9e68db8535e0a16b97341c1

  • SHA1

    53c770fa64b4f2c6f0924f9b763bddc3dd9893cb

  • SHA256

    dafd260c362bc72f1aaaa4abb627cabe86a0f0729fb5a23da3edc484539c88ab

  • SHA512

    9f7aeddc6cc875068cbb5e97cb1b9f972c35a6f05ebde40edccc76c704941d3c8c7c4c0a557a04f846b8cf6758c9369b0c400a3ad306cd6525dc18b71e063b06

  • SSDEEP

    98304:b/PK7QVubkpHx/40M0w/zNJ80bBC5wEzR5mcAjFjrT+zRh93sPEfa8D4JF9otY4s:rjobQ58npJ8ysWcAxAeXo+4DwmZWO19M

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.yingyonghui.market
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4370

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.yingyonghui.market/databases/downloads.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.yingyonghui.market/databases/downloads.db-journal

          Filesize

          512B

          MD5

          a977037de0e2945bdc83861eb3f80636

          SHA1

          e95b35979c75962e5842185fef03e6fd4640b158

          SHA256

          38379cd43818c518cd6e26fdfcca88c868fc0348ce59ff1b0ed7503fcca38ea6

          SHA512

          03923796710c8be147959050a9a20efc0edd2e2b7731c7a35040a41645b9f1e2a3a3960affa2b898fccb22d3de92242f220aedf3b5f30fa5d00ca1064d8316a2

        • /data/data/com.yingyonghui.market/databases/downloads.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.yingyonghui.market/databases/downloads.db-wal

          Filesize

          36KB

          MD5

          62cd6946ea8d199b3e016cea404776fa

          SHA1

          6cead91a41260436b40abf3c3e27aa4e003867ed

          SHA256

          86a07f40ae19e453fd3a4876391ddfa2f395638aae784a6e6dad2dd6f8129e15

          SHA512

          ff353b9f4568c50dfd55ccf81ecfbe1edc1ca4dffc19bb6966b44d5b3bf6f2bdce24382cb664cfdf15e028862e55e19b92d8cd1991a3facf680d9d7efa498afe

        • /data/data/com.yingyonghui.market/databases/msg.db-journal

          Filesize

          512B

          MD5

          a9e52c014e451f4b55199fc1d5db7bde

          SHA1

          e3364951f3fb053f9820d57152b3eb13dfa755ec

          SHA256

          b6b124630b5ef36ae2a1bc078bb06bafe203c1d535003bb02c29cce8983336a7

          SHA512

          db7d1caf8728bd0be801b0065690854718f71079c105f64ada80e2bf2fb307be86af6cb693a370c3409b7031e06f5ba26b041b7235640400584a82690ed16f47

        • /data/data/com.yingyonghui.market/databases/msg.db-wal

          Filesize

          28KB

          MD5

          b247d72d3fbfdc518987008e6e1928e8

          SHA1

          e27de525940614603810549a1e5cd87a853ecf7f

          SHA256

          28fcd315ff02e9f755058b39cc6c46235968d3603c4714a30a3e97769c547ce2

          SHA512

          50f190656c6f19edcecccef6ee2507f4be7c96a3e65c47e59a1feb77688f887ffff14dc1fd5e959d87d0497f36411301b8939238f2ce0f8b06c0bb11e702459d

        • /data/data/com.yingyonghui.market/databases/packages.db

          Filesize

          40KB

          MD5

          bfdc071f669fee4a1132865d30ad2bb2

          SHA1

          c787fe481e56e45dc8a73f897f4452f9eed4ac3e

          SHA256

          b83d2444d2fcac9b696026a020381869449d232f8349ee14bc7d8e62dd8326ea

          SHA512

          d6e192eb31a5b812e5631516bf95e3d732af9b0121b5db3f25274aafafeb55c441d2bce6e5f4b4b685f4aadbc4a3e36491a4b810074d8fad85eadf3369c7d6e4

        • /data/data/com.yingyonghui.market/databases/packages.db-journal

          Filesize

          512B

          MD5

          9ed96be8871ab1a392a014f1ddbcaa1d

          SHA1

          0568619035ed1be717b73ead2491907b9e37fdd2

          SHA256

          88f619c02a8b6083881a8e35bb9b0e370292b08b3ebd12a07bbdb6e975bf0710

          SHA512

          44ee594f546afff0b9d4ae7d62723ff8a2fb0fe22a8b0edea2ae0de79831a5e405112f5bc48ea7dab29864dd38cfa941462eb0b67d78a0e0f2b2c461cdae7868

        • /data/data/com.yingyonghui.market/databases/packages.db-wal

          Filesize

          422KB

          MD5

          5f57200f52345bfe410ca1c0b27bf52c

          SHA1

          8b7ea318352a02c875cc9fee33f874afa6bf8586

          SHA256

          913b73ee5085bfd8cf8266604711a05b4dfdf15daf6256b0d2f2a8439c00706a

          SHA512

          8ffdde1806f9e0a1f24e8a549f1531845bbb840b900af001c24698f94d3490a8bbde8ad34b1951d03a2a09e85cc6f7708cbb0487e8650318f4fa75ca4a777e9e

        • /data/data/com.yingyonghui.market/files/log.1730600427486

          Filesize

          444B

          MD5

          5e8b98f4f6830995d60171be6028c03d

          SHA1

          a596a9cea5bba92de4c4fcdedbf81c6da24b35e6

          SHA256

          c39fd40106889be143b5e89110ee30bcc2fb43b12673ee15d7ad1d72b0840a40

          SHA512

          ba71248226f2f745ffe8163808f0adb5cd0ca1f1259ffdf5378ed534c44e77952b97378c3aa4b741b57bbbeefff72446fa7950e7912dcee5c3efd6d3837f2496

        • /data/data/com.yingyonghui.market/files/log.1730600427486

          Filesize

          110B

          MD5

          3a6fb356e0c92a4fd38058807294105f

          SHA1

          0797dc35ada769d5fe7d1cc63c656be53eca50f3

          SHA256

          6a8216cd4bce97bf6618e84ca986ddb196cb37dabec4ca00681449553e5c2ded

          SHA512

          9d4248b09cf4ccbcd5b3b4917c89a56bab696e6e13c6238195d17a8bf4667e0fabbe31da3162b2d3c7f6581d0b75732730553c5392c45064722fbfa8dedd5b86

        • /data/data/com.yingyonghui.market/files/log.1730600427486

          Filesize

          129B

          MD5

          a444765032ab2891846659246144a555

          SHA1

          cac279ab1983f57c58a7f47cd6bc947c7be523a2

          SHA256

          7a3e89b93d43a372956d26d157e361383157fe120316434021547b0288fad8a6

          SHA512

          f345aa004fd6fed24c36762a6a5c665be3727893a32db5b21b006cd2ad8d21e28b701c669cfab5b4bb565a86f3f854655388a9a775103a22165e73509a9de90d

        • /data/data/com.yingyonghui.market/files/log.1730600427486

          Filesize

          148B

          MD5

          c249e77941214fb9f6de85dd42d571de

          SHA1

          4b49a70d4ae13623bb63a8a3159841969ff0d050

          SHA256

          3b74e5790b05fa870dd21d4e0632f5204e25067621983d431c1f30ac2b004abe

          SHA512

          be61c95cbc55e51a4c183b275c034a549746480d291c8038aa41a2fea2808e0c2358d69afd65d4022af911ba23971e5c714001b7a17cf9a147d56aa96971fe4d

        • /data/data/com.yingyonghui.market/files/log.1730600427486

          Filesize

          160B

          MD5

          008dac543f20e3bbd3f336c0d91e4918

          SHA1

          01df34d6bed159e935d2c443feb7822288f3a9c6

          SHA256

          cb38f1f1d57be2c6f2b25b44602a47e6a3bf204a16c22aa426d84467b0f48885

          SHA512

          9f3a180f4e460d13fe75be92c2752c4c43e0a911761172b7c390e3b71ba15497296b608a3a0825857d189bf65a2e41a0b61cef1e2849ef903e9a15929e563918

        • /data/data/com.yingyonghui.market/files/mobclick_agent_sealed_com.yingyonghui.market

          Filesize

          640B

          MD5

          d494713c187f0395c794fd8ca3325071

          SHA1

          9193fad4c3acd379f1402870bc884bc710d9eb40

          SHA256

          68c895ec794b0e450b2e458cf9993d2e1f0c2037c7a34963e7fc07f99838ba6c

          SHA512

          fe34fd9fc8233e9ee0dd8e5183dc0cb17563c8146c036e99a4a34306e3c02655eb677aa916c17696b482af5575489147cd99ec6e76759a027cf2d3dbc296d369

        • /data/data/com.yingyonghui.market/files/umeng_it.cache

          Filesize

          211B

          MD5

          2fab98f06a24d0f207ffe8a841554f5b

          SHA1

          656c8a79a32e8290096202cff7229bf6c18bfb27

          SHA256

          16b61d9d1f278789186a48666fd8eb6d67fdc9f29ca669ff56ff8a0df2fb9ac6

          SHA512

          1e5fbe48e3ed58704a235f002fc99cb30421258d38ab1b326da8652f948ffe4a29b4edad3571731f681cc7aa747e90c6a7cdc03cb277bd08d835e97e6e4f75dd