Analysis
-
max time kernel
141s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
04/11/2024, 00:44
Static task
static1
Behavioral task
behavioral1
Sample
8e4f0417b800a1b40aa28f0ce75a0f96_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8e4f0417b800a1b40aa28f0ce75a0f96_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
8e4f0417b800a1b40aa28f0ce75a0f96_JaffaCakes118.apk
-
Size
9.4MB
-
MD5
8e4f0417b800a1b40aa28f0ce75a0f96
-
SHA1
96056e376caca098fa0962b6ec2b3a33c1ec1abf
-
SHA256
1b9fa7f8894a0bcb86d013827af6981fce558d8f835fd6d99508c4a3f1366275
-
SHA512
b4dc35ce44a4e3653f895b426e12146fc327cef0b50461e3ebaa67f0e015f95bdf1e3098802b3c342f22c22029b0d338b55b8464ac01448d2136f5199ea26c42
-
SSDEEP
196608:Byk8rZcpxLzC4SnBrXdCFiMQPJrwd/d9VA1C8l0r/JyC2Fpe/:Bt8ipzC4aBrXsFlQPJ0n9VA1Cu0SFY/
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /system/bin/su cn.kuwo.tingshu /system/xbin/su cn.kuwo.tingshu /sbin/su cn.kuwo.tingshu /system/app/Superuser.apk cn.kuwo.tingshu -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
ioc Process /dev/socket/qemud cn.kuwo.tingshu /dev/qemu_pipe cn.kuwo.tingshu -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.kuwo.tingshu -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 9 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground cn.kuwo.tingshu -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.kuwo.tingshu -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.kuwo.tingshu -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver cn.kuwo.tingshu -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal cn.kuwo.tingshu -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo cn.kuwo.tingshu -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo cn.kuwo.tingshu
Processes
-
cn.kuwo.tingshu1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4997
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5000875e1a2106f82b0f0ead4e052747e
SHA15cf90b842489c3e12c9faef7ddbdf20d009a4291
SHA256f338cd34759dc56064be9758b8f028b0013f70bb2e14baa81de9b1085842062c
SHA5121dfdd9f99426e7592ba7958b5f37cd95c2cecd45bbcfd8823506718e5a48b73f691f5f5755618994d8fbe7118caf6c45fadecdac26763530b405be6fc39d4eba
-
Filesize
512B
MD584cf1e1de8c58eab7fd80ba0eba8e667
SHA17d945b4aece55bf55933638434205b9d7221ca7c
SHA256ba9786ee92ae954ba1d4e0e54ae8f770eb9a188c68c848ff19bbf2c4a7ee1edc
SHA512187eab591f1588d9ce45ad5fbf5fc8f7eaf91807cb302d91cecc286ac2a23241f2f3833c8f2fb88181f01c458a31d17dcb07d8698e2be0ee5e3aca8746da59f9
-
Filesize
8KB
MD52155eb9c7a6da0a24b421ca5feb399c8
SHA18d738561360ab2f292253b0f1ad93534bf255850
SHA2566bc7d40d02f3590c5cc91afb0bfa8fa5efd36dba39650a0977167d58a3480581
SHA512c9cb6e42f2c7c64317741729735652e80210030dd662a97347303ceed1422b66b1b2e160e3ee885ac3e2b9c6d0eb1e1220b189f0abfa87e9e10b1b6d8a8b9342
-
Filesize
8KB
MD5b50df369612123346a3169b83c88c2df
SHA167e4fdfbeb0cd0aca67879c1ad25ae44da8b4033
SHA256a11fe8619119556c255d86c65563fde6f4918c8c3020e351a4d9d706ca1c46ec
SHA51293c498520565e8548f54627456d7819400748ad48e87fd7fec36b974367011b1684745cb3827396cce373abaec1a58b31994ab4f0195e2a52cc68dee15c12eea
-
Filesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
Filesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
Filesize
512B
MD587e039f74ba60af93a1e1b163e5c1cda
SHA18ef472ddf30bbab9690e017ef50062caa92428bd
SHA25676058b9d3e693af022096b0aaac78910af5387b1623074707af0bb7dcbd6d7ae
SHA512d2dee428e4ef65049a7b6092e30192e824c74aa273880850bc42eaa25b8178609c61c5b27d42d395ecc5f83d698f45ed8d5cd33255c2d26b7510a9f4efb52dcc
-
Filesize
8KB
MD57d882ee2e82e92508e3b1526c9d65f29
SHA107c2f0176f7ea7a643e976364fcc873488e38b6f
SHA256e2ce16857eb73f1390201d3627e51a330d221d064e5a20cf7dbde03efa766175
SHA512f588d78a61e4c3b2ab0d483dc724e453f71af46dbcd79a03efc9466b3c4ccd790a425818c7d50a02ed51d3dddb83d744d0af4b138e131802f290cec8a26848c7
-
Filesize
8KB
MD5af62b1a6885180beccacfaa4e371bb74
SHA1ebc9a655f1f0c3943b1df872a9161e5639188905
SHA256c9addb34d75e0e66f485b1703780fabf499017d04fb1452b73c123f11023e4ea
SHA51275cdf8514f606815b863e17dd9d698dfbed069afa82653108b9c46640350428e6d3062d52114f29182a773b1d7968e2da0035da2943c95f4b95d3736c6c16a92
-
Filesize
8KB
MD50c942d34c3298c75d68694df42dad882
SHA1fa51e1f8fa3c98123c0621c1d52c1bacbc21689f
SHA256bac056b726da2aaf4ad7d32ea7b796cec127617417c5e232a25c666194399700
SHA5126fcd47284036beb83dc27ae66175b5a18ecb38b1cf7b9cc10ba23daba2ece6023fbf8cfe236acf413c134b667c1f3e4948cc4d72f92309fff3ed6db0dfd6667c
-
Filesize
8KB
MD5c94767564436fbf508947d3bd609173e
SHA18b3f9010f42c8d06e2753a00f02f977cc873e04c
SHA256ae4be84a0275e8605d8ff8497c73f77576078d7cce156d3024adac07ced0d263
SHA51297792f8fbd0baf05204990605f025d80e9da1b5091d7ba7ca485bca38f61daf742dd37be62eb32b7e37345ba3ad0ab0caadb88782770e302c8ea3d9d06b03ba3
-
Filesize
12KB
MD56131389d6e99120eefb2dc8ad53d6536
SHA115102051bc641316416a3c798bf0ecae876003cc
SHA256108ac538eaaa795ce4e78cab71c772789d6d80d251616721bf692110816af18a
SHA5123cefffb1f6ce4b070c6dfbc88a9f68e3c1894d6dd0d81a99a39a03ec2d4ece19e266ba32edad665939d8dc5030e11492a9b64e5e7b14a22f95fc1f295b1832ff
-
Filesize
104KB
MD52d8ae20436e2e0d7f8ffbe4ac2b9401d
SHA1df122e0daa81dab5df5a1be04bc1595894ec35d7
SHA2563fa762e7a5e8742bda4b552608f4aecfa97e4b06d2e7d2b949f29f48f6819fc7
SHA512e37c88d760fa9629d5606c88af4c0838909d4f9bf9f2c47423eb8366bf8fb64e3a5df862b5ce4c77dcf31d2b1be686d9d7c0a472660431f11d792f7c3959678a
-
Filesize
512B
MD59f1d129a45e2ffb57e798a4a043ed83f
SHA1414bb8ec19be887c0f38ca37d3de545efe39bb08
SHA2563e82a1aefc3efecdc95f19f69ca1ef6833c1fc3b5a0002341ac072960937f2d5
SHA5129fd309387dfc2ee997049b1a555b21026f0382510c3557f815fdd8386119e880d534a336a34022e13c68c081909ba9f6325fef37d98bcd7b16675727953199e3
-
Filesize
8KB
MD54caa84b225944248a6b04e2995e5db79
SHA1c57cb67d2349ad3734c39e83c6368a52d2c69465
SHA25662a62b9cc87b5a90e28a4387df055b31336626c72186191e139f76f913e2ad80
SHA5126414199dbf6a2ffe9533e078ca071a9832844c7a22005fbd5f5659fe18220539d91d347e17fe07c1d788c5d49af3ef30f90fb57a214a1bbd9e10bfaa873108f2
-
Filesize
8KB
MD5beeea616a3ea61160954fc371acc2c2c
SHA146eb878b9d419c8ae77fa81106d10a84e6cf21f1
SHA2561e3869e71b2b235c845e202ac27e1bdec9c876e13d1442ad8429c72a3ba18425
SHA51298315164023bbd584c73203d89e86c9151523b2d490456344e3965e405e435e0cc5afe2efa4221a8c60433e4b6f01959c9b153415ad9af760b915f064e60ba70
-
Filesize
1KB
MD50e24cdcb3369a5c3256fa5f16873398d
SHA15621d815108a781161fac2ebe4c72296c8f037e6
SHA25612353c03715c787468c4c2a444d4549bde7abdb5533cc3a74d5c34019f3ef092
SHA5121c79138b0ed23e9a192f2e708be51765e0cd8226c49dd7619d3f2b5770105c29ff7934408f9334d55e41e741ddf916ffe5df00865ccdfef93dd0ea477ad38b54
-
Filesize
162B
MD582db9661740b2bc4e198a3e5d328763d
SHA157f3798e4263bc9e7fa6170f2fe0f41d1061bcab
SHA2565e1ddfe14ba3b9d465485f715abf8ba8e9525b811498d3bb54db289e3c4749f4
SHA512263f769b45750766dfc6c1b66ad09643f0537a0fb6912d0c01f4da3b036ec50e0df929e3c417dccf74ffd3f829e5fd15a5d1e695c5fb31e279e5196f10ae42b7
-
Filesize
55B
MD54adc8920459f83f2cbb4d03e9634fbb5
SHA12f14d50623b67fa2e79d439dcc526c2dfac39a0f
SHA2562fa7ae5e0195f3e5086fa5f2911759677166f88fa164ddc05a644509c4633e8b
SHA512750f309f40ed8cb3b00ae3f401b276f4859b478eb00faaec8543d170ee7eadfbcd6d740f4aa19c267d0d30544a295c3ed377419cfc1cbbf635033ad9e6d9dd16
-
Filesize
435B
MD539dc7abe13566ae368af39d371261a41
SHA193e3b0c80663ea3a1145c779fb053908273011bd
SHA256556c5ecb51b87db392b7b17c8cc1d6fb3bef6aac3c07582730037f13b9dd725c
SHA512970b0df5d37a5f4312b1227a78e9f5af14886e64ea93b86929ec5c57aca9ff34cdaaad92a1c180f9924f8aa5ed3549975066071c3623635eadee0d170538e757
-
Filesize
111B
MD55864abd9604dea4bd6d2c19313b81b3a
SHA1bc58cf68d874e1efb8d63fd1f1c36c48d886293d
SHA256fbbfaf104ce15399a980e11f8b8f211b5f5399c15fea5650131a3fcddcb639a1
SHA5122059e00bca3b84a70086bea842b223c968e32c17e6755870712cf304a6f6827e18dd1687777b39bd4a9673b4b4262625d715f8f75122522185f6b7f33dc2dd13
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD55fc75582f54fcb5dce5412a1346eaba7
SHA1a64b018cbe96050c390e5d3c6d725d1413252780
SHA256e632c5a98286f0fa60da3f56eafdedb941464ecfd8f3ea6ffca90276be317b87
SHA512bb45d4c15093131cd635e3c9bd718841d409eee96f00d3f8ea17185a452fe3dffd08d6944d383891e5edb22b893f5162a6f998bc36a6e5878fad5f89457aac49
-
Filesize
408B
MD5ae707d2819f70ec92a953f91fbd8e1fd
SHA11ae22be191c473b5737495d709afc4a8247745cb
SHA25605686161c22caacb47e9ed2a232d12d49500cd99d0b180eb39c4400bc84099bf
SHA51265d375be0faccf78a90b83bfd913ad794b0fe2acd85b9259a434260d15290344cdd21d0b4beb3e9fdcee5215a4e133e43eff9c50b11d3d6eed990cd94a410d19
-
Filesize
61B
MD501df832c7825e8c53f365aaaf7518aec
SHA11fb9ec65239019896f77e7d0612f2b75b631e18f
SHA2566e37901044c022009a51ac828335ab2b138a68ec47a7b52ebddc5cbbcaa42787
SHA512a0acc9a3c680dafa426f9ada46b83e1410ff41da3c99a5ec0a259b89d6e985aa4ae6ce853abd04f2fb794118ebd12494c03beb8942542a3e5fcf482279992d97
-
Filesize
104B
MD56317af345175fcae1b69ef6d34735800
SHA118a09e7033d68cc1c14308000525e22698d149ae
SHA2568fcbc22f3d4f39d451ddf1ace099c51d4fd909a8d36d93255bff8074943b023e
SHA5124aeccbcbad0d3537373228b24bd563d4f2052026d392b072dba38715379b5b9ccb1eb2efe7ad9cc00d40422a5a08c067f005936fba0cce6fe0479e93b51a30e8
-
Filesize
137B
MD57687adade03ab4a43b0e7cd46eeb0dff
SHA14f2f52ddbbb15032eddb17e40f6ff031cc01cb18
SHA256acd451d8f297e2e3087169e3f530b685548e388a4a267f65a0c3d010eb1a351f
SHA512b1d81ca9f0c22c2e15241bdaf1958328b3c851e380454eb2829b712676c622ffb4507730ce0e6d779d213e333a7a514911cf8c3e69709a5c6cd73975b3a0699a
-
Filesize
197B
MD568bcc6771f635882d3d219ea0100bc92
SHA1f59ab25281c37ca5d0c3c3a99c586c6cd280835a
SHA25658ee18be452ec507e3b55816b778994d7391d179e72a9b7e7ef06d4bafd084eb
SHA512614b7bc574d54e835ac7e8f27f9fb780409a29ba240ec1d896521c942e2fa2055dac7b0fe98c77d6ab1487d6c6c05e94e5d73ec74b602b06deeba8081966e98c
-
Filesize
230B
MD5200c52ef49edc3bd4aeb42ab3e7fd201
SHA15ed6b4b8e3c81025142e8311a6dac0a587d3d858
SHA2565fbbc0a10f9fb3e2d80e6fd430689b2bbf59e03ac757833f3cfd1e4f08d93a72
SHA512bfc23d13057b784cb3f3170dd3f4949c72f7eaeccf2b1728b8a4bdb622be7b4a90e6981b7b8ed6ff1a4792c82160707464e1897fc16441e95262a8c0edc3627c
-
Filesize
11B
MD507a43a5269b10cab7c33fdf11a2d760d
SHA160064af5fb699de20ffdb5a6ec242a8b55038936
SHA256333f017201c02b770ec195e65bbb39aac60611729361b67c8099aedece8577d6
SHA51266aa58c875a3c8c48c5758f6199b4fc5308f2aa7dd263b133b363c3f6403b66fa1c2a80cc674fb5a5227b1ac1b5c6d67e175bd540806b9aeaa90bec4131ab2c2
-
Filesize
14KB
MD55bc9d569cb424f60ca236e2238f8dc16
SHA198ee40a9f4c5fabe8afee6a9c0025e81050de615
SHA256a2b09fe3ea5ccc8f7d4c9a564395718cb1e0e9b993997a7d9a58f861acbe6347
SHA512960ed83e7ddd4c9fb595600c8565a4dc8439874efde26465a4ffe81e6e0168e2db90f490b31930d5945acff29e9e5044c830537d67bd6241d6d0d3822258e9ba