Analysis
-
max time kernel
146s -
max time network
158s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
03/11/2024, 04:10
Static task
static1
Behavioral task
behavioral1
Sample
89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
UPPayPluginEx.apk
Resource
android-x64-20240910-en
General
-
Target
89926abd46a7ae7058bdb4bc623b343d_JaffaCakes118.apk
-
Size
7.4MB
-
MD5
89926abd46a7ae7058bdb4bc623b343d
-
SHA1
1a3c2cb8459ff777b1f7c5372403f81967cf04a0
-
SHA256
2ec94de06334a2e235964298011d6221b3812aec8b9911dc9c2f815b9155f695
-
SHA512
a5f45cfd04e412231b25c61a01ac35ad510afb16f373730b4568af1a5f2255954fd6ff34498b2fdbe29269b16f8e93f580edb07bd30c05295cbd211407d264ba
-
SSDEEP
196608:pM7XKlMzh1VXkmCP2RRXlfIAwRkid05DwYux:K8GLVwu7ajd050YI
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.threeti.huimapatient -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.threeti.huimapatient -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 27 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.threeti.huimapatient -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.threeti.huimapatient -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.threeti.huimapatient -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.threeti.huimapatient
Processes
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
531B
MD5bc83618c7b19531d30973c0b57615e68
SHA18b7fdb48ff41d09e561a8681f8ec3e9c9e26942a
SHA25695ee02152bc52ceb94c14a38cd03712216da237092d93c3b7aefb561becd807b
SHA51266f569a611f9ac1ac76c892c011c757ae8d753e6023cdd83e9374a143c11f736a68449254c2593bb903106b47a3429103cf042ecfa3325ecafc0de94fd340028
-
Filesize
148B
MD5989a2fbc08c64b99bb40000b0c3deb08
SHA1228192a26f4d668ecadd91eab65b440968a64c34
SHA25651506d453ebb352da3eb74498c201ccb597b6faf159fe6b0a2758105d62ff36a
SHA512b622b52b59a259da486b8e222b663d9254e224468f546fc5dcc8f400b24d98a5435ef2669dd6c0a60245e1f8ee6dd8a6a7db54c1c83fef65d68998495c674cea
-
Filesize
107B
MD5893bb9930a6efdd3211826f4114b5a29
SHA157b8895adcc3bbfec87268d5f004cdaa6caee8cd
SHA25645e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21
SHA51278f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010