Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    03/11/2024, 04:10

General

  • Target

    89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk

  • Size

    7.4MB

  • MD5

    89926abd46a7ae7058bdb4bc623b343d

  • SHA1

    1a3c2cb8459ff777b1f7c5372403f81967cf04a0

  • SHA256

    2ec94de06334a2e235964298011d6221b3812aec8b9911dc9c2f815b9155f695

  • SHA512

    a5f45cfd04e412231b25c61a01ac35ad510afb16f373730b4568af1a5f2255954fd6ff34498b2fdbe29269b16f8e93f580edb07bd30c05295cbd211407d264ba

  • SSDEEP

    196608:pM7XKlMzh1VXkmCP2RRXlfIAwRkid05DwYux:K8GLVwu7ajd050YI

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.threeti.huimapatient
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4242

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.threeti.huimapatient/files/__local_ap_info_cache.json

          Filesize

          2B

          MD5

          d751713988987e9331980363e24189ce

          SHA1

          97d170e1550eee4afc0af065b78cda302a97674c

          SHA256

          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

          SHA512

          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

        • /data/data/com.threeti.huimapatient/files/__local_stat_cache.json

          Filesize

          25B

          MD5

          2d805b13f2f28dc3ca9bbcc000f49bb5

          SHA1

          9eac165b4d81258fd3967cde5cc53b53b1dabcb1

          SHA256

          c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

          SHA512

          5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

        • /data/data/com.threeti.huimapatient/files/mobclick_agent_sealed_com.threeti.huimapatient

          Filesize

          561B

          MD5

          61a4f3f24d56e3c747c998716d587cc4

          SHA1

          b2e460d369c2d1ca863ad6a59aa0d35878455a32

          SHA256

          a8b522f4175a080372242748b1fd13fae233e08a6ac82ab31758c1809c93e3ec

          SHA512

          d0a6d1df30a0e9b7e279e20382f61d8f9b21e89a78440868def0e309939e2d432391917abcaf1463296b853a6ff94ac6b75d97bec2900c5c31f91de4b2c088c6

        • /data/data/com.threeti.huimapatient/files/umeng_it.cache

          Filesize

          211B

          MD5

          f7f741e845901edf777c3a13c1f11b2f

          SHA1

          1a86254338e4b1d20cbb08e297ef2d9211b39dc2

          SHA256

          6eee75d1e8bea71b5ec7a2ac43b0fdd9da95a18ff19bada1db1044b13bfbe45c

          SHA512

          27e07bf3c6ac7d50b710f3abbebdc9f5132aae18e138cbb9887875f9242f7df59000e846625376c7b25bea3d7143e3d21fee582c213a4c99685d82156a97fa7b

        • /storage/emulated/0/Android/data/com.threeti.huimapatient/hms#dtyprod/log/20241103/000.html

          Filesize

          905B

          MD5

          14e79b0096da611976fed3ee458aabca

          SHA1

          aa9fb4aa992e5653667ce91faad3691f5ebce10b

          SHA256

          7a037f56c30eb27a73907663f6675e5f6cbca5425b6a7ac7a2b435065af06bb7

          SHA512

          d57f36f06e1e2ee8ccf01b1f8c778b9a858559e875cda03ff3b2855b6929cc134988a40ccbe5066d1839b6234c093192b3116f0bc2d2704f2b4a68024c16259a

        • /storage/emulated/0/Android/data/com.threeti.huimapatient/hms#dtyprod/log/20241103/000.html

          Filesize

          172B

          MD5

          728c11923f82be4fe9998c8adfd1d418

          SHA1

          5dc90ea2411f5b14feae5948e4fba1789fb27cc8

          SHA256

          8e0395f5a645c5e3718fa52608d6f20d535dae2e230a350cb715c9c885b4617c

          SHA512

          97c887370f7b1301b677246795029eb934f47b6c298cf5b7502b67c8b9e6b6449b919908bc0429536eb28bbcf61c9a6a33fbf4a9d8e216b5724ab58c8549ce00

        • /storage/emulated/0/Android/data/com.threeti.huimapatient/hms#dtyprod/log/20241103/000.html

          Filesize

          85B

          MD5

          7ae40b462af9de9e8d186eccf772e60c

          SHA1

          7035b3f3a74134b0f30bb7c0d4a5a8137e70b243

          SHA256

          561b6423e71c911edc32afa5d8928f22ad3e4a3628034d7a3a32d374c8856d7e

          SHA512

          b91ee50d52fa115f23f0d27b677adb7744f46f29718ccc06b4556ba38401c9042ac9c27db3979e0e14706eba8e81b28d75eacab0f91c64c8a8b57d8d6bcec63c

        • /storage/emulated/0/Android/data/com.threeti.huimapatient/hms#dtyprod/log/20241103/000.html

          Filesize

          82B

          MD5

          05760810454681be54753fadb4057f48

          SHA1

          14403f6179cbf26578d67d7e7b037581454efa65

          SHA256

          2d16500aa248342ad5761ac463785d80d0d5ff6a68c09139633a36376830bed4

          SHA512

          1a919ee733749ea9ffec623fbbeaba69323c7e0b1b3e173714a3ae8f83aac61dcc09063845973afdea4ed1b8c5d8eed8a143428bd5b28cb69fe08116220ee169

        • /storage/emulated/0/Android/data/com.threeti.huimapatient/hms#dtyprod/log/20241103/000.html

          Filesize

          113B

          MD5

          ee84ab3995413cdc9dcd3d72dc80e1be

          SHA1

          9b23d6d5365849e2ae65df2e47d29ae336b13c4a

          SHA256

          b753099794d920a1dacdde94993316b5fa3b7c4074ecd20cdd1352bdc36e38a5

          SHA512

          fc8492e6fbbea242d9cd18925bf048174ef07d72305c5e432804a0ea147686a047886b59f795357d36dae128a57625e4d5a694811d3dc815469fcaf10bcafd5b

        • /storage/emulated/0/ShareSDK/.dk

          Filesize

          107B

          MD5

          c9383021bd97affc44be4db7018c4d7b

          SHA1

          7e680409d1c86e35149bebc22f2cf8c484f0d23e

          SHA256

          b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

          SHA512

          7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

        • /storage/emulated/0/baidu/.cuid

          Filesize

          89B

          MD5

          d92f679496497d148b748a3e81156ce8

          SHA1

          abc33a0659fdff30dfca697c173b712184131d43

          SHA256

          6488e08dbbe12860cda633b373c4caf30a5f14fcc190ef0063cece496a23e2c3

          SHA512

          a91aee584128251df27155d09ae94185f153c6a9a3945a7dd2502011d4730080218c1275aac4ac529bd84b076be59837d49b5a62ac7030accfa9c4a6db50b7bf