Analysis
-
max time kernel
125s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 02:20
Static task
static1
Behavioral task
behavioral1
Sample
892896e8c9e68db8535e0a16b97341c1_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
892896e8c9e68db8535e0a16b97341c1_JaffaCakes118.apk
-
Size
4.8MB
-
MD5
892896e8c9e68db8535e0a16b97341c1
-
SHA1
53c770fa64b4f2c6f0924f9b763bddc3dd9893cb
-
SHA256
dafd260c362bc72f1aaaa4abb627cabe86a0f0729fb5a23da3edc484539c88ab
-
SHA512
9f7aeddc6cc875068cbb5e97cb1b9f972c35a6f05ebde40edccc76c704941d3c8c7c4c0a557a04f846b8cf6758c9369b0c400a3ad306cd6525dc18b71e063b06
-
SSDEEP
98304:b/PK7QVubkpHx/40M0w/zNJ80bBC5wEzR5mcAjFjrT+zRh93sPEfa8D4JF9otY4s:rjobQ58npJ8ysWcAxAeXo+4DwmZWO19M
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.yingyonghui.market /system/xbin/su com.yingyonghui.market -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yingyonghui.market -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 23 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yingyonghui.market -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yingyonghui.market -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yingyonghui.market -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.yingyonghui.market
Processes
-
com.yingyonghui.market1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4370
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5a977037de0e2945bdc83861eb3f80636
SHA1e95b35979c75962e5842185fef03e6fd4640b158
SHA25638379cd43818c518cd6e26fdfcca88c868fc0348ce59ff1b0ed7503fcca38ea6
SHA51203923796710c8be147959050a9a20efc0edd2e2b7731c7a35040a41645b9f1e2a3a3960affa2b898fccb22d3de92242f220aedf3b5f30fa5d00ca1064d8316a2
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD562cd6946ea8d199b3e016cea404776fa
SHA16cead91a41260436b40abf3c3e27aa4e003867ed
SHA25686a07f40ae19e453fd3a4876391ddfa2f395638aae784a6e6dad2dd6f8129e15
SHA512ff353b9f4568c50dfd55ccf81ecfbe1edc1ca4dffc19bb6966b44d5b3bf6f2bdce24382cb664cfdf15e028862e55e19b92d8cd1991a3facf680d9d7efa498afe
-
Filesize
512B
MD5a9e52c014e451f4b55199fc1d5db7bde
SHA1e3364951f3fb053f9820d57152b3eb13dfa755ec
SHA256b6b124630b5ef36ae2a1bc078bb06bafe203c1d535003bb02c29cce8983336a7
SHA512db7d1caf8728bd0be801b0065690854718f71079c105f64ada80e2bf2fb307be86af6cb693a370c3409b7031e06f5ba26b041b7235640400584a82690ed16f47
-
Filesize
28KB
MD5b247d72d3fbfdc518987008e6e1928e8
SHA1e27de525940614603810549a1e5cd87a853ecf7f
SHA25628fcd315ff02e9f755058b39cc6c46235968d3603c4714a30a3e97769c547ce2
SHA51250f190656c6f19edcecccef6ee2507f4be7c96a3e65c47e59a1feb77688f887ffff14dc1fd5e959d87d0497f36411301b8939238f2ce0f8b06c0bb11e702459d
-
Filesize
40KB
MD5bfdc071f669fee4a1132865d30ad2bb2
SHA1c787fe481e56e45dc8a73f897f4452f9eed4ac3e
SHA256b83d2444d2fcac9b696026a020381869449d232f8349ee14bc7d8e62dd8326ea
SHA512d6e192eb31a5b812e5631516bf95e3d732af9b0121b5db3f25274aafafeb55c441d2bce6e5f4b4b685f4aadbc4a3e36491a4b810074d8fad85eadf3369c7d6e4
-
Filesize
512B
MD59ed96be8871ab1a392a014f1ddbcaa1d
SHA10568619035ed1be717b73ead2491907b9e37fdd2
SHA25688f619c02a8b6083881a8e35bb9b0e370292b08b3ebd12a07bbdb6e975bf0710
SHA51244ee594f546afff0b9d4ae7d62723ff8a2fb0fe22a8b0edea2ae0de79831a5e405112f5bc48ea7dab29864dd38cfa941462eb0b67d78a0e0f2b2c461cdae7868
-
Filesize
422KB
MD55f57200f52345bfe410ca1c0b27bf52c
SHA18b7ea318352a02c875cc9fee33f874afa6bf8586
SHA256913b73ee5085bfd8cf8266604711a05b4dfdf15daf6256b0d2f2a8439c00706a
SHA5128ffdde1806f9e0a1f24e8a549f1531845bbb840b900af001c24698f94d3490a8bbde8ad34b1951d03a2a09e85cc6f7708cbb0487e8650318f4fa75ca4a777e9e
-
Filesize
444B
MD55e8b98f4f6830995d60171be6028c03d
SHA1a596a9cea5bba92de4c4fcdedbf81c6da24b35e6
SHA256c39fd40106889be143b5e89110ee30bcc2fb43b12673ee15d7ad1d72b0840a40
SHA512ba71248226f2f745ffe8163808f0adb5cd0ca1f1259ffdf5378ed534c44e77952b97378c3aa4b741b57bbbeefff72446fa7950e7912dcee5c3efd6d3837f2496
-
Filesize
110B
MD53a6fb356e0c92a4fd38058807294105f
SHA10797dc35ada769d5fe7d1cc63c656be53eca50f3
SHA2566a8216cd4bce97bf6618e84ca986ddb196cb37dabec4ca00681449553e5c2ded
SHA5129d4248b09cf4ccbcd5b3b4917c89a56bab696e6e13c6238195d17a8bf4667e0fabbe31da3162b2d3c7f6581d0b75732730553c5392c45064722fbfa8dedd5b86
-
Filesize
129B
MD5a444765032ab2891846659246144a555
SHA1cac279ab1983f57c58a7f47cd6bc947c7be523a2
SHA2567a3e89b93d43a372956d26d157e361383157fe120316434021547b0288fad8a6
SHA512f345aa004fd6fed24c36762a6a5c665be3727893a32db5b21b006cd2ad8d21e28b701c669cfab5b4bb565a86f3f854655388a9a775103a22165e73509a9de90d
-
Filesize
148B
MD5c249e77941214fb9f6de85dd42d571de
SHA14b49a70d4ae13623bb63a8a3159841969ff0d050
SHA2563b74e5790b05fa870dd21d4e0632f5204e25067621983d431c1f30ac2b004abe
SHA512be61c95cbc55e51a4c183b275c034a549746480d291c8038aa41a2fea2808e0c2358d69afd65d4022af911ba23971e5c714001b7a17cf9a147d56aa96971fe4d
-
Filesize
160B
MD5008dac543f20e3bbd3f336c0d91e4918
SHA101df34d6bed159e935d2c443feb7822288f3a9c6
SHA256cb38f1f1d57be2c6f2b25b44602a47e6a3bf204a16c22aa426d84467b0f48885
SHA5129f3a180f4e460d13fe75be92c2752c4c43e0a911761172b7c390e3b71ba15497296b608a3a0825857d189bf65a2e41a0b61cef1e2849ef903e9a15929e563918
-
Filesize
640B
MD5d494713c187f0395c794fd8ca3325071
SHA19193fad4c3acd379f1402870bc884bc710d9eb40
SHA25668c895ec794b0e450b2e458cf9993d2e1f0c2037c7a34963e7fc07f99838ba6c
SHA512fe34fd9fc8233e9ee0dd8e5183dc0cb17563c8146c036e99a4a34306e3c02655eb677aa916c17696b482af5575489147cd99ec6e76759a027cf2d3dbc296d369
-
Filesize
211B
MD52fab98f06a24d0f207ffe8a841554f5b
SHA1656c8a79a32e8290096202cff7229bf6c18bfb27
SHA25616b61d9d1f278789186a48666fd8eb6d67fdc9f29ca669ff56ff8a0df2fb9ac6
SHA5121e5fbe48e3ed58704a235f002fc99cb30421258d38ab1b326da8652f948ffe4a29b4edad3571731f681cc7aa747e90c6a7cdc03cb277bd08d835e97e6e4f75dd