Analysis
-
max time kernel
145s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 04:10
Static task
static1
Behavioral task
behavioral1
Sample
89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
UPPayPluginEx.apk
Resource
android-x64-20240910-en
General
-
Target
89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk
-
Size
7.4MB
-
MD5
89926abd46a7ae7058bdb4bc623b343d
-
SHA1
1a3c2cb8459ff777b1f7c5372403f81967cf04a0
-
SHA256
2ec94de06334a2e235964298011d6221b3812aec8b9911dc9c2f815b9155f695
-
SHA512
a5f45cfd04e412231b25c61a01ac35ad510afb16f373730b4568af1a5f2255954fd6ff34498b2fdbe29269b16f8e93f580edb07bd30c05295cbd211407d264ba
-
SSDEEP
196608:pM7XKlMzh1VXkmCP2RRXlfIAwRkid05DwYux:K8GLVwu7ajd050YI
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.threeti.huimapatient -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.threeti.huimapatient -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 7 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.threeti.huimapatient -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.threeti.huimapatient -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.threeti.huimapatient -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.threeti.huimapatient -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.threeti.huimapatient
Processes
-
com.threeti.huimapatient1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4242
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
561B
MD561a4f3f24d56e3c747c998716d587cc4
SHA1b2e460d369c2d1ca863ad6a59aa0d35878455a32
SHA256a8b522f4175a080372242748b1fd13fae233e08a6ac82ab31758c1809c93e3ec
SHA512d0a6d1df30a0e9b7e279e20382f61d8f9b21e89a78440868def0e309939e2d432391917abcaf1463296b853a6ff94ac6b75d97bec2900c5c31f91de4b2c088c6
-
Filesize
211B
MD5f7f741e845901edf777c3a13c1f11b2f
SHA11a86254338e4b1d20cbb08e297ef2d9211b39dc2
SHA2566eee75d1e8bea71b5ec7a2ac43b0fdd9da95a18ff19bada1db1044b13bfbe45c
SHA51227e07bf3c6ac7d50b710f3abbebdc9f5132aae18e138cbb9887875f9242f7df59000e846625376c7b25bea3d7143e3d21fee582c213a4c99685d82156a97fa7b
-
Filesize
905B
MD514e79b0096da611976fed3ee458aabca
SHA1aa9fb4aa992e5653667ce91faad3691f5ebce10b
SHA2567a037f56c30eb27a73907663f6675e5f6cbca5425b6a7ac7a2b435065af06bb7
SHA512d57f36f06e1e2ee8ccf01b1f8c778b9a858559e875cda03ff3b2855b6929cc134988a40ccbe5066d1839b6234c093192b3116f0bc2d2704f2b4a68024c16259a
-
Filesize
172B
MD5728c11923f82be4fe9998c8adfd1d418
SHA15dc90ea2411f5b14feae5948e4fba1789fb27cc8
SHA2568e0395f5a645c5e3718fa52608d6f20d535dae2e230a350cb715c9c885b4617c
SHA51297c887370f7b1301b677246795029eb934f47b6c298cf5b7502b67c8b9e6b6449b919908bc0429536eb28bbcf61c9a6a33fbf4a9d8e216b5724ab58c8549ce00
-
Filesize
85B
MD57ae40b462af9de9e8d186eccf772e60c
SHA17035b3f3a74134b0f30bb7c0d4a5a8137e70b243
SHA256561b6423e71c911edc32afa5d8928f22ad3e4a3628034d7a3a32d374c8856d7e
SHA512b91ee50d52fa115f23f0d27b677adb7744f46f29718ccc06b4556ba38401c9042ac9c27db3979e0e14706eba8e81b28d75eacab0f91c64c8a8b57d8d6bcec63c
-
Filesize
82B
MD505760810454681be54753fadb4057f48
SHA114403f6179cbf26578d67d7e7b037581454efa65
SHA2562d16500aa248342ad5761ac463785d80d0d5ff6a68c09139633a36376830bed4
SHA5121a919ee733749ea9ffec623fbbeaba69323c7e0b1b3e173714a3ae8f83aac61dcc09063845973afdea4ed1b8c5d8eed8a143428bd5b28cb69fe08116220ee169
-
Filesize
113B
MD5ee84ab3995413cdc9dcd3d72dc80e1be
SHA19b23d6d5365849e2ae65df2e47d29ae336b13c4a
SHA256b753099794d920a1dacdde94993316b5fa3b7c4074ecd20cdd1352bdc36e38a5
SHA512fc8492e6fbbea242d9cd18925bf048174ef07d72305c5e432804a0ea147686a047886b59f795357d36dae128a57625e4d5a694811d3dc815469fcaf10bcafd5b
-
Filesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81
-
Filesize
89B
MD5d92f679496497d148b748a3e81156ce8
SHA1abc33a0659fdff30dfca697c173b712184131d43
SHA2566488e08dbbe12860cda633b373c4caf30a5f14fcc190ef0063cece496a23e2c3
SHA512a91aee584128251df27155d09ae94185f153c6a9a3945a7dd2502011d4730080218c1275aac4ac529bd84b076be59837d49b5a62ac7030accfa9c4a6db50b7bf