Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
04/11/2024, 00:55
Static task
static1
Behavioral task
behavioral1
Sample
8e5967bf65de0807e9183fb874f9b371_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
8e5967bf65de0807e9183fb874f9b371_JaffaCakes118.apk
-
Size
19.6MB
-
MD5
8e5967bf65de0807e9183fb874f9b371
-
SHA1
6d38285eca91c60fd36a47ced78a87e92f1b8ecf
-
SHA256
99303f5913e039a42cf0ac9e0ebee88cdb84e26c35e4f2080a0ca3887becb330
-
SHA512
3e1fab3b88db344251df9bc73f53acab6f14f02aa5196b418a005b49881d65a53491518ecc3c3149f254f031c6289b5eb76ef9544ef9f77e5b7fafb71e4b7673
-
SSDEEP
393216:lfCsUCbXPuAW98tCcrsUuaJdLcWJt+JOXP60r+/ywPil3xX1BUBbazu:iCbXPuAcv3UuaJd4cj/60r+60itN1BUt
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yonyou.buyer Framework service call android.app.IActivityManager.getRunningAppProcesses com.yonyou.buyer:pushcore -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.yonyou.buyer -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yonyou.buyer -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.yonyou.buyer -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 11 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yonyou.buyer Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yonyou.buyer:pushcore -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yonyou.buyer Framework service call android.app.IActivityManager.registerReceiver com.yonyou.buyer:pushcore -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.yonyou.buyer Framework API call javax.crypto.Cipher.doFinal com.yonyou.buyer:pushcore -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.yonyou.buyer
Processes
-
com.yonyou.buyer1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4312 -
cat /sys/class/net/wlan0/address2⤵PID:4423
-
-
com.yonyou.buyer:pushcore1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4349 -
cat /sys/class/net/wlan0/address2⤵PID:4403
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD5be0f0bb5f529526aa5987ab5c78ab95d
SHA196db381eb5ec4c2b90e2a7ff8e7424b8bbfabac8
SHA2560ba0e7ec8bc2ddab33fe79407f0ca12f2eb11257fb8c969272f5389e7e094984
SHA51291a98742bb348477f04cd79d12b9e6e932f15371a7edbff49c17d1c5aef53585efff94abab766052917496193c845f7a89dd4350429ca18f0da59979c8918b58
-
Filesize
48KB
MD544e98977bf67c2b57c3aa8162a41fada
SHA113ed97c39852f54ed7853c6733846bbf3bcfe04b
SHA25602c1f79773e1f36b9ec3cc63c756cbdbb428bcf919886d3c04613a17c6c481c0
SHA5129aebafb4eae748718b239b2d479466167ff9a3121f8409f2ff32a6c148d1e4df53f82075a9c9c7b3c8369f0c99a5c049776507c03800915798cd3743e334f899
-
Filesize
16KB
MD53e4266e2d64c6b3c5b713db7662219e3
SHA19aa8626baef4645100bc3dfade259b3ce843f4f4
SHA25672948a03fb7fcae02f14a32d05ca5efc82bbe71a921dac5325ffe0ac779b8216
SHA51269c9cd3fd1195ae7ba851cd01a71a241e67ad6a6ec39d99b2e4c97ad1c01b9546c442d630a004aee19a05bbac4b08feaba22f06047585dde8b216c66de6eefad
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5fecc6db466b5cbbb60efd81643487ca4
SHA1f51329900c7dae435930e424ead99e164da6bb16
SHA2568689672b15c5cce8420c3fce5c912a433ffcfb829e3649269cb9c11e9e67ecb9
SHA512cf2e6292fda5eba5703c4ff4be83da05aea4277d5d780b971ed217dec9d0591857180c71a2e2a35659f4bd8dc3e5659bc6acf32955a1681a72e15e1796c8eb73
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
132KB
MD59ee5945cf84a6baef4950226cfa14b3c
SHA17494f9c782d418fc10e6bf9eed919e8784303c51
SHA25638e9cca419fb79c3485dd984d05025048c52c692e3b3d861a6055154499add44
SHA5121eae7aae824ba5f8274ac6d16e02025034f0f786821bcf921e4e62bc6316027a62dab402226e0a150d753e3e8449ebb3ab97dd5b60ac732d58b4b65261225221
-
Filesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
Filesize
512B
MD5989e6e7f0c1e96d887c97cfdddf3fe7b
SHA17432c324c186ce121facabbc45e89ea879275fdb
SHA2564328b1747923677502093cd069776628bd98a78974a35c05e6d612927ccc0471
SHA512e403b42fc803f4061cf97f7253651d7d5d9ee1e0dfef134a9f833d2404d3506ec3665a82358df02a5cb397a5e97a337c542818b0fbf44e3149548083874d8eb6
-
Filesize
16KB
MD54eb3d31e021b2197c63a0ce005764019
SHA16765be4b9d89fd8c1d4df8a9d620f0e3b21852cb
SHA2564ece5df961bbd2938b1b6a9be74f29bdc52285ec17005b0823c88002d0cf9b16
SHA512194eed33443ed05bfd6a96743c62113311718dea36efff318bfd83530fad25769fb1aa742eb1cace30a43f0a34a2d50a1074e3622d12835fa18fa33cc57b53c9
-
Filesize
36KB
MD5a7b5debf648af8527d38065f285c6754
SHA1ad8513c878ca1483a2472c7f8dfc8a416418517e
SHA2560d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5
SHA512c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4
-
Filesize
20KB
MD5ddd941b86921617e632ffded3c551f52
SHA1e9f3fde85f279a8f6ea0ca02192d1e433cfaec4d
SHA2565643b763de05df0615b433546a3c4d2da206d7589d7bd895f69a06df0e73b7ce
SHA51279fbda1287d1fc7271feed958700dc7ce43a660e5ed6a0dc710e5c108807cc20c9ccd52690b7a6682aa4dcda36a5bf7fcbe6e04572cc12bc13639167f70f4709
-
Filesize
36KB
MD560e918a66670488ae5e111bdcbcfa95d
SHA1ee81e2f5ad9a7301adfce5999095370e532a43d9
SHA2560126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313
SHA5121abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2
-
Filesize
512B
MD5296790deaab1cf3b7dc2cd4586eb9776
SHA17d09429c6654e0cec458d63d64bef3edb7dcd2df
SHA2568bfb6cee9467403de4e6c95a14b9fcdc2ffdf15b40628f553cf66403a4c7dfd3
SHA51253ff49bb56465559f78cc84a00b5ff5b44c68fa32090aae4a8a0b36c8f801b945b914e27068d7d7f3b0afdd12a763300f3cde1ff38f6e4a2da471dbf28c3e6e0
-
Filesize
48KB
MD508577f46c2d522105a7bdf605e58cc3e
SHA1151492d34769fc491e333151c456a0854b0b723c
SHA256d32244f786cf6164006ebc703ca56aa87ae955504dabafed0a21c6bb6921b880
SHA512e59568d0da4491d7166e465080797a1f9b824674236e9befe1f8e602e3b3848ee8730bf356ee0850816e651a38cf4ac40514e31e0cc87ad162b2a3b564e08157
-
Filesize
8KB
MD5838decfc67cd0868958a0fa4a3ab5459
SHA19e6e1457ac42c74764b5e7ffe6421fd10683663a
SHA256d11ad6adcb4a35ece1502bf9853389e7ee7eabe5389305e4da2335b44a9b3db2
SHA51259156e0732a3ae261b7d48677551212e045fab66582981a0c6c62353d83942cf9b5e9809aa8d55208430a29b06c01e0b3a97ffbe0333fee00bdf1998d3833a3c
-
Filesize
8KB
MD5c04a92e86e53020295a75e2085d1828e
SHA132b756873c6c09fc6c33320315c73fb1ccaefc30
SHA256eb7d4768f655ccf364d6373400a4a26b2177892abb7c94386f6e967755197592
SHA51244b905fa113634fc79e0c7d35334f4081aeec576484fc58008e44b002e41e8d2c9a61807f4fedfdcbf02e0ab30a2bbd1cc1eea8e29cb82c06fb392f9317bf09e
-
Filesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
Filesize
16KB
MD5769ccd52cb52690b10e1f5f6a4b41dd4
SHA1fc4bb76921a4325337eb26aa93ba6b2e3df3cbc2
SHA2564bfc1a7b613db6c084976b7891287bf702f04a406f24983715bff6db021b402d
SHA512b29d6a6ad4636f3e8ea4662a351ee49ed1535ca0f2837195ad67bc916974947a7a1c59bf6f468f5bde8396353d85bbc1985784694cb028ab91acd1fbf4c6cc9f
-
Filesize
16KB
MD5abd97111658012df26d3d7dd37fb97a2
SHA129a4f2ebb42d01e9be3497764e1c6d213c017a7e
SHA2569fb1a529fb95cea93bcca54cb00f054a7a76144e5598de4631fb8dc6ba9e92ab
SHA512776e7fcd134e8c6d19aa19489c8510b6a186c0ee6f6989aaa8bba73697565f0a5dcd6f5bd41000257c8eb596e948640b24d0f8011e385cce643e52c83bde43c2
-
Filesize
32KB
MD50533c2cba3358eb087c98192574842de
SHA1c2fa6d12f4b7585d3182a48abed482d1f859c9a8
SHA256dcc3c828a60b1f95ae90e34650651c77f224194f869e215f901673b89ce892b1
SHA5126e5bf71e9b56d72a237680582462e96c87827ec9a3bee97505ef59bf7b3d9e54001643836479f66192d004dce4bbd256ebfcba78d51bc79232935ac0736dbb0d
-
Filesize
512B
MD54e5cee543197cb1b201a5959ec734f94
SHA1e31a7dd7093b205d060741ea5d8a4656050d12b1
SHA256f4aa528f90d341ac59fc7eaffaf876ba7550382e0ecd26010bf84c15333918dc
SHA5121292e94cf52ec5b01f63dd179efea7b3ab09dee6b059f2a39cdf4b9c0259206d2cdd0a608aadd9a559879714f98925ef4f514798ff81d57b814c39a94b4a650e
-
Filesize
8KB
MD5a39fdc6c7ff46445812086e52c854295
SHA10c28d34094ed5a62356bf5dde5ebdd8660704d25
SHA25613d77f4d0901cbef7c11f5caf0ef6a15ce5750d442f7a1abab1b96c1a1ea19af
SHA5120f4e27c3abcb36b85e074b43b4a8272e93cc724875427f44c4d668c38763fac1daa34ac065da407f9c39471d848783801e0e6500e6a105bf098b73a1b242c8ca
-
Filesize
4KB
MD590a9503d65f0c4f285f3b6d2643f40c3
SHA11b9d73b842b86710d22cb0738d244d4702c0bfc0
SHA256dfe4245de87884c32426227e806c66732d6caa19ce67a9ea096ecf05eb14fc83
SHA51288fbe2d14bad237ba7ca28333b521525ff8930030d4e7bc17fef89ea2fc0a23d0ca05047d2769cb7be0071ac3452f6c5b71eda886fbd185aab21e2491d50e082
-
Filesize
4KB
MD5524fe5e947d96d43c7482caeed3e3477
SHA1071399e75d00bedc109f8594a0b474e0739dd2dd
SHA2563ede991605e6a729a63f9be637b286c81d6573624f305c1d6d39b64be6a42f2a
SHA5120a154874c5ff89ac12cf2ca4c386852abbd2f8300eed232c65f4eb3c520e9aba79768b35c2d9e358f0848135d5206cb1f872ab0637310d5f3ff689d2d0c2371a
-
Filesize
56KB
MD54df011d99eeebc3696ef32f7fa9b7c3a
SHA166044856b2bb2c59eab71715d6ed4ad5f44febd6
SHA2569d127fd70a5e93e6ac19edfd6faa18615ce733ca15c5c54c565bec7d06752440
SHA51214956a44d69a50a2d5a37cf601c919b408e0c0978b393cbdee16af564bd08d57f8588ec6f1661dd2971d6aa5f7d247c9dba835c1bc19c0842da26997830bc612
-
Filesize
1KB
MD5f64d13426a22fbc796b6454e939a00d5
SHA18628711bd9ae2319f26b575d72d233eed27e2ac8
SHA256b531370d8e91053526087c794a0a9a37081f2a785a4a823a5a063524eaf93b72
SHA512a7aaf9428b59495c721cdb1c3a2c793f1a7755013dcf639c6c72bd5743e4be3f6f8f38f7095d792a659a937f43a2029d6ad09f09d32ba1b9c6c30a7ead8544d7
-
Filesize
162B
MD53ea4af3d5ff673b8d2f374ebf7015681
SHA170a8b2bb7569467c001bc771cb1ef5d2147ff719
SHA256020eb5bfc64d86981774023f3e9cc59d5ebe0f21646c3e7e9d3eb95fd004789c
SHA51259f052cc637d20ccf5ef09125816f38880ed44b1b38d77fd61e2e9213566847c2bda1e4e5852cfa78cba6683ee255243779abab7d51a2e0df53b4dc69fd8e6c3
-
Filesize
57B
MD5f4494a2b2c7a0abdb046211d5a7da656
SHA10d03db1b10f04c24aa45ee534915d385fd6b3632
SHA256541c565f2ef1ca6346b2137a288d290f43d63a5501b50c3af8ad78bfc58cd28d
SHA51225cf48f8d08faac39883fc6dbdb0b7c92b203b9a6a78f78bb16d942411ca20c54e1da0eab8c48a9661781afaf2e68cb2c6395e58e2a6a9530ca76436dbd999cd
-
Filesize
129B
MD5d2a946078728b0548cab37379cfe09bd
SHA14d5f37f4cfc06cc1523b4365c142bdbb1d2fab1d
SHA256d9766a6dbae870c02d426c182bf1d064fd03a5af674e35fbcc09b320827f479f
SHA51251d0f026b7cfe2a11e25ce1b0c0827f8986983cb6715884f02d94e6e92f90afa9bbeecf85f66cb716e309148d0ec64e8480590b2b48e553325f71edafb60aedc
-
Filesize
171B
MD5159dc45f6b390a0d8fb49ab9e1293517
SHA16235b2a75c3d11331ddb1922b6adce2b7f36b416
SHA256be091998bb6e7b295b42bbf7271996cb1d703406002d183f77e7f64dde60e7da
SHA5122cbb821c613f3e30ea1ac6cb3f92adb7133309e05f2769adf30133a0639a4cf8e530ad76559a8def06a3486288ada1b4febd97ee0faa4c8c53dc61e7f46305c1
-
Filesize
413B
MD52e5e5e75f5c79aaa13496b9b520d6aa6
SHA19d1691f404c71a4447a7ffab4c911072c9fb2cc4
SHA25648f32ad93aa2bced6b273ed889cf6705a7a29ed17e29162e67bb30ac1b056708
SHA51210c448c00cab97953bea00d3f200f4fb40b096a74ad739fcc5a178bb969dc49ed856b873a565d33cb6b39ebda6c75ec1cf1705f570a2c3b660531f12e006fd50
-
Filesize
192B
MD5392d6d968fe71524bef4cf69e31d9aa8
SHA12f06eaa71bc0f4271076f69cbda1f6dc4341f65b
SHA256071a63166c1d8baa29d2ff1b57d5a217c641f8a2977e29cdefc12bce0b8b0d0a
SHA512772f4d89bb539d1f0249244fb9f7aae043041f5a30ad584e80fa4e0dd349a9ff73375afe6a86cb3113e80901238027bda00367a38204670a1b783b2b598653b4
-
Filesize
32B
MD5a21631efdaab82ffca3f4b04499f7c9f
SHA13cfe0eaf8145c97e2624df69422b987b560d330e
SHA256f3f6a0e1b19860170e25267c756baa125bb9a8d02b9e08e683db655c13657329
SHA5129105b4779ac120ba0df1c254f9d420085892868ae7c925043ec2c93d70133448f28e0f002c0c1600cf3f866508cade1f3b6d54d40ada88dd8cb441d862a22468