Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04/11/2024, 00:55

General

  • Target

    8e5967bf65de0807e9183fb874f9b371_JaffaCakes118.apk

  • Size

    19.6MB

  • MD5

    8e5967bf65de0807e9183fb874f9b371

  • SHA1

    6d38285eca91c60fd36a47ced78a87e92f1b8ecf

  • SHA256

    99303f5913e039a42cf0ac9e0ebee88cdb84e26c35e4f2080a0ca3887becb330

  • SHA512

    3e1fab3b88db344251df9bc73f53acab6f14f02aa5196b418a005b49881d65a53491518ecc3c3149f254f031c6289b5eb76ef9544ef9f77e5b7fafb71e4b7673

  • SSDEEP

    393216:lfCsUCbXPuAW98tCcrsUuaJdLcWJt+JOXP60r+/ywPil3xX1BUBbazu:iCbXPuAcv3UuaJd4cj/60r+60itN1BUt

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.yonyou.buyer
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4312
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4423
    • com.yonyou.buyer:pushcore
      1⤵
      • Queries information about running processes on the device
      • Queries information about active data network
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4349
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4403

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.yonyou.buyer/databases/cc/cc.db

        Filesize

        36KB

        MD5

        5d7ea1a23af19b4340cc8d90f28297d5

        SHA1

        4cfe95b23a9e98378d69c4290af81b51fbe76aea

        SHA256

        474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

        SHA512

        33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

      • /data/data/com.yonyou.buyer/databases/cc/cc.db

        Filesize

        36KB

        MD5

        ce6135aa1b1fe4f2c2db2a546d2a5558

        SHA1

        79b59582154017aadab783dc266fcb158c252940

        SHA256

        7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

        SHA512

        2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

      • /data/data/com.yonyou.buyer/databases/cc/cc.db-journal

        Filesize

        512B

        MD5

        be0f0bb5f529526aa5987ab5c78ab95d

        SHA1

        96db381eb5ec4c2b90e2a7ff8e7424b8bbfabac8

        SHA256

        0ba0e7ec8bc2ddab33fe79407f0ca12f2eb11257fb8c969272f5389e7e094984

        SHA512

        91a98742bb348477f04cd79d12b9e6e932f15371a7edbff49c17d1c5aef53585efff94abab766052917496193c845f7a89dd4350429ca18f0da59979c8918b58

      • /data/data/com.yonyou.buyer/databases/cc/cc.db-wal

        Filesize

        48KB

        MD5

        44e98977bf67c2b57c3aa8162a41fada

        SHA1

        13ed97c39852f54ed7853c6733846bbf3bcfe04b

        SHA256

        02c1f79773e1f36b9ec3cc63c756cbdbb428bcf919886d3c04613a17c6c481c0

        SHA512

        9aebafb4eae748718b239b2d479466167ff9a3121f8409f2ff32a6c148d1e4df53f82075a9c9c7b3c8369f0c99a5c049776507c03800915798cd3743e334f899

      • /data/data/com.yonyou.buyer/databases/cc/cc.db-wal

        Filesize

        16KB

        MD5

        3e4266e2d64c6b3c5b713db7662219e3

        SHA1

        9aa8626baef4645100bc3dfade259b3ce843f4f4

        SHA256

        72948a03fb7fcae02f14a32d05ca5efc82bbe71a921dac5325ffe0ac779b8216

        SHA512

        69c9cd3fd1195ae7ba851cd01a71a241e67ad6a6ec39d99b2e4c97ad1c01b9546c442d630a004aee19a05bbac4b08feaba22f06047585dde8b216c66de6eefad

      • /data/data/com.yonyou.buyer/databases/hhtdb.db

        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      • /data/data/com.yonyou.buyer/databases/hhtdb.db-journal

        Filesize

        512B

        MD5

        fecc6db466b5cbbb60efd81643487ca4

        SHA1

        f51329900c7dae435930e424ead99e164da6bb16

        SHA256

        8689672b15c5cce8420c3fce5c912a433ffcfb829e3649269cb9c11e9e67ecb9

        SHA512

        cf2e6292fda5eba5703c4ff4be83da05aea4277d5d780b971ed217dec9d0591857180c71a2e2a35659f4bd8dc3e5659bc6acf32955a1681a72e15e1796c8eb73

      • /data/data/com.yonyou.buyer/databases/hhtdb.db-shm

        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      • /data/data/com.yonyou.buyer/databases/hhtdb.db-wal

        Filesize

        132KB

        MD5

        9ee5945cf84a6baef4950226cfa14b3c

        SHA1

        7494f9c782d418fc10e6bf9eed919e8784303c51

        SHA256

        38e9cca419fb79c3485dd984d05025048c52c692e3b3d861a6055154499add44

        SHA512

        1eae7aae824ba5f8274ac6d16e02025034f0f786821bcf921e4e62bc6316027a62dab402226e0a150d753e3e8449ebb3ab97dd5b60ac732d58b4b65261225221

      • /data/data/com.yonyou.buyer/databases/hmdb

        Filesize

        12KB

        MD5

        3fe30614d7e0d11db870b4624f6c50e0

        SHA1

        053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

        SHA256

        67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

        SHA512

        c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

      • /data/data/com.yonyou.buyer/databases/hmdb-journal

        Filesize

        512B

        MD5

        989e6e7f0c1e96d887c97cfdddf3fe7b

        SHA1

        7432c324c186ce121facabbc45e89ea879275fdb

        SHA256

        4328b1747923677502093cd069776628bd98a78974a35c05e6d612927ccc0471

        SHA512

        e403b42fc803f4061cf97f7253651d7d5d9ee1e0dfef134a9f833d2404d3506ec3665a82358df02a5cb397a5e97a337c542818b0fbf44e3149548083874d8eb6

      • /data/data/com.yonyou.buyer/databases/hmdb-wal

        Filesize

        16KB

        MD5

        4eb3d31e021b2197c63a0ce005764019

        SHA1

        6765be4b9d89fd8c1d4df8a9d620f0e3b21852cb

        SHA256

        4ece5df961bbd2938b1b6a9be74f29bdc52285ec17005b0823c88002d0cf9b16

        SHA512

        194eed33443ed05bfd6a96743c62113311718dea36efff318bfd83530fad25769fb1aa742eb1cace30a43f0a34a2d50a1074e3622d12835fa18fa33cc57b53c9

      • /data/data/com.yonyou.buyer/databases/logdb.db

        Filesize

        36KB

        MD5

        a7b5debf648af8527d38065f285c6754

        SHA1

        ad8513c878ca1483a2472c7f8dfc8a416418517e

        SHA256

        0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5

        SHA512

        c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

      • /data/data/com.yonyou.buyer/databases/logdb.db

        Filesize

        20KB

        MD5

        ddd941b86921617e632ffded3c551f52

        SHA1

        e9f3fde85f279a8f6ea0ca02192d1e433cfaec4d

        SHA256

        5643b763de05df0615b433546a3c4d2da206d7589d7bd895f69a06df0e73b7ce

        SHA512

        79fbda1287d1fc7271feed958700dc7ce43a660e5ed6a0dc710e5c108807cc20c9ccd52690b7a6682aa4dcda36a5bf7fcbe6e04572cc12bc13639167f70f4709

      • /data/data/com.yonyou.buyer/databases/logdb.db

        Filesize

        36KB

        MD5

        60e918a66670488ae5e111bdcbcfa95d

        SHA1

        ee81e2f5ad9a7301adfce5999095370e532a43d9

        SHA256

        0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313

        SHA512

        1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

      • /data/data/com.yonyou.buyer/databases/logdb.db-journal

        Filesize

        512B

        MD5

        296790deaab1cf3b7dc2cd4586eb9776

        SHA1

        7d09429c6654e0cec458d63d64bef3edb7dcd2df

        SHA256

        8bfb6cee9467403de4e6c95a14b9fcdc2ffdf15b40628f553cf66403a4c7dfd3

        SHA512

        53ff49bb56465559f78cc84a00b5ff5b44c68fa32090aae4a8a0b36c8f801b945b914e27068d7d7f3b0afdd12a763300f3cde1ff38f6e4a2da471dbf28c3e6e0

      • /data/data/com.yonyou.buyer/databases/logdb.db-wal

        Filesize

        48KB

        MD5

        08577f46c2d522105a7bdf605e58cc3e

        SHA1

        151492d34769fc491e333151c456a0854b0b723c

        SHA256

        d32244f786cf6164006ebc703ca56aa87ae955504dabafed0a21c6bb6921b880

        SHA512

        e59568d0da4491d7166e465080797a1f9b824674236e9befe1f8e602e3b3848ee8730bf356ee0850816e651a38cf4ac40514e31e0cc87ad162b2a3b564e08157

      • /data/data/com.yonyou.buyer/databases/logdb.db-wal

        Filesize

        8KB

        MD5

        838decfc67cd0868958a0fa4a3ab5459

        SHA1

        9e6e1457ac42c74764b5e7ffe6421fd10683663a

        SHA256

        d11ad6adcb4a35ece1502bf9853389e7ee7eabe5389305e4da2335b44a9b3db2

        SHA512

        59156e0732a3ae261b7d48677551212e045fab66582981a0c6c62353d83942cf9b5e9809aa8d55208430a29b06c01e0b3a97ffbe0333fee00bdf1998d3833a3c

      • /data/data/com.yonyou.buyer/databases/logdb.db-wal

        Filesize

        8KB

        MD5

        c04a92e86e53020295a75e2085d1828e

        SHA1

        32b756873c6c09fc6c33320315c73fb1ccaefc30

        SHA256

        eb7d4768f655ccf364d6373400a4a26b2177892abb7c94386f6e967755197592

        SHA512

        44b905fa113634fc79e0c7d35334f4081aeec576484fc58008e44b002e41e8d2c9a61807f4fedfdcbf02e0ab30a2bbd1cc1eea8e29cb82c06fb392f9317bf09e

      • /data/data/com.yonyou.buyer/databases/ua.db

        Filesize

        32KB

        MD5

        d604a3bf1f8d992cc320ea5b1f7609bd

        SHA1

        247f88df0b55c7d523ea5398637711a0e4a483a4

        SHA256

        329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

        SHA512

        67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

      • /data/data/com.yonyou.buyer/databases/ua.db

        Filesize

        16KB

        MD5

        769ccd52cb52690b10e1f5f6a4b41dd4

        SHA1

        fc4bb76921a4325337eb26aa93ba6b2e3df3cbc2

        SHA256

        4bfc1a7b613db6c084976b7891287bf702f04a406f24983715bff6db021b402d

        SHA512

        b29d6a6ad4636f3e8ea4662a351ee49ed1535ca0f2837195ad67bc916974947a7a1c59bf6f468f5bde8396353d85bbc1985784694cb028ab91acd1fbf4c6cc9f

      • /data/data/com.yonyou.buyer/databases/ua.db

        Filesize

        16KB

        MD5

        abd97111658012df26d3d7dd37fb97a2

        SHA1

        29a4f2ebb42d01e9be3497764e1c6d213c017a7e

        SHA256

        9fb1a529fb95cea93bcca54cb00f054a7a76144e5598de4631fb8dc6ba9e92ab

        SHA512

        776e7fcd134e8c6d19aa19489c8510b6a186c0ee6f6989aaa8bba73697565f0a5dcd6f5bd41000257c8eb596e948640b24d0f8011e385cce643e52c83bde43c2

      • /data/data/com.yonyou.buyer/databases/ua.db

        Filesize

        32KB

        MD5

        0533c2cba3358eb087c98192574842de

        SHA1

        c2fa6d12f4b7585d3182a48abed482d1f859c9a8

        SHA256

        dcc3c828a60b1f95ae90e34650651c77f224194f869e215f901673b89ce892b1

        SHA512

        6e5bf71e9b56d72a237680582462e96c87827ec9a3bee97505ef59bf7b3d9e54001643836479f66192d004dce4bbd256ebfcba78d51bc79232935ac0736dbb0d

      • /data/data/com.yonyou.buyer/databases/ua.db-journal

        Filesize

        512B

        MD5

        4e5cee543197cb1b201a5959ec734f94

        SHA1

        e31a7dd7093b205d060741ea5d8a4656050d12b1

        SHA256

        f4aa528f90d341ac59fc7eaffaf876ba7550382e0ecd26010bf84c15333918dc

        SHA512

        1292e94cf52ec5b01f63dd179efea7b3ab09dee6b059f2a39cdf4b9c0259206d2cdd0a608aadd9a559879714f98925ef4f514798ff81d57b814c39a94b4a650e

      • /data/data/com.yonyou.buyer/databases/ua.db-wal

        Filesize

        8KB

        MD5

        a39fdc6c7ff46445812086e52c854295

        SHA1

        0c28d34094ed5a62356bf5dde5ebdd8660704d25

        SHA256

        13d77f4d0901cbef7c11f5caf0ef6a15ce5750d442f7a1abab1b96c1a1ea19af

        SHA512

        0f4e27c3abcb36b85e074b43b4a8272e93cc724875427f44c4d668c38763fac1daa34ac065da407f9c39471d848783801e0e6500e6a105bf098b73a1b242c8ca

      • /data/data/com.yonyou.buyer/databases/ua.db-wal

        Filesize

        4KB

        MD5

        90a9503d65f0c4f285f3b6d2643f40c3

        SHA1

        1b9d73b842b86710d22cb0738d244d4702c0bfc0

        SHA256

        dfe4245de87884c32426227e806c66732d6caa19ce67a9ea096ecf05eb14fc83

        SHA512

        88fbe2d14bad237ba7ca28333b521525ff8930030d4e7bc17fef89ea2fc0a23d0ca05047d2769cb7be0071ac3452f6c5b71eda886fbd185aab21e2491d50e082

      • /data/data/com.yonyou.buyer/databases/ua.db-wal

        Filesize

        4KB

        MD5

        524fe5e947d96d43c7482caeed3e3477

        SHA1

        071399e75d00bedc109f8594a0b474e0739dd2dd

        SHA256

        3ede991605e6a729a63f9be637b286c81d6573624f305c1d6d39b64be6a42f2a

        SHA512

        0a154874c5ff89ac12cf2ca4c386852abbd2f8300eed232c65f4eb3c520e9aba79768b35c2d9e358f0848135d5206cb1f872ab0637310d5f3ff689d2d0c2371a

      • /data/data/com.yonyou.buyer/databases/ua.db-wal

        Filesize

        56KB

        MD5

        4df011d99eeebc3696ef32f7fa9b7c3a

        SHA1

        66044856b2bb2c59eab71715d6ed4ad5f44febd6

        SHA256

        9d127fd70a5e93e6ac19edfd6faa18615ce733ca15c5c54c565bec7d06752440

        SHA512

        14956a44d69a50a2d5a37cf601c919b408e0c0978b393cbdee16af564bd08d57f8588ec6f1661dd2971d6aa5f7d247c9dba835c1bc19c0842da26997830bc612

      • /data/data/com.yonyou.buyer/files/.um/um_cache_1730681845281.env

        Filesize

        1KB

        MD5

        f64d13426a22fbc796b6454e939a00d5

        SHA1

        8628711bd9ae2319f26b575d72d233eed27e2ac8

        SHA256

        b531370d8e91053526087c794a0a9a37081f2a785a4a823a5a063524eaf93b72

        SHA512

        a7aaf9428b59495c721cdb1c3a2c793f1a7755013dcf639c6c72bd5743e4be3f6f8f38f7095d792a659a937f43a2029d6ad09f09d32ba1b9c6c30a7ead8544d7

      • /data/data/com.yonyou.buyer/files/.umeng/exchangeIdentity.json

        Filesize

        162B

        MD5

        3ea4af3d5ff673b8d2f374ebf7015681

        SHA1

        70a8b2bb7569467c001bc771cb1ef5d2147ff719

        SHA256

        020eb5bfc64d86981774023f3e9cc59d5ebe0f21646c3e7e9d3eb95fd004789c

        SHA512

        59f052cc637d20ccf5ef09125816f38880ed44b1b38d77fd61e2e9213566847c2bda1e4e5852cfa78cba6683ee255243779abab7d51a2e0df53b4dc69fd8e6c3

      • /data/data/com.yonyou.buyer/files/exid.dat

        Filesize

        57B

        MD5

        f4494a2b2c7a0abdb046211d5a7da656

        SHA1

        0d03db1b10f04c24aa45ee534915d385fd6b3632

        SHA256

        541c565f2ef1ca6346b2137a288d290f43d63a5501b50c3af8ad78bfc58cd28d

        SHA512

        25cf48f8d08faac39883fc6dbdb0b7c92b203b9a6a78f78bb16d942411ca20c54e1da0eab8c48a9661781afaf2e68cb2c6395e58e2a6a9530ca76436dbd999cd

      • /data/data/com.yonyou.buyer/files/jpush_stat_cache.json

        Filesize

        129B

        MD5

        d2a946078728b0548cab37379cfe09bd

        SHA1

        4d5f37f4cfc06cc1523b4365c142bdbb1d2fab1d

        SHA256

        d9766a6dbae870c02d426c182bf1d064fd03a5af674e35fbcc09b320827f479f

        SHA512

        51d0f026b7cfe2a11e25ce1b0c0827f8986983cb6715884f02d94e6e92f90afa9bbeecf85f66cb716e309148d0ec64e8480590b2b48e553325f71edafb60aedc

      • /data/data/com.yonyou.buyer/files/jpush_stat_cache.json

        Filesize

        171B

        MD5

        159dc45f6b390a0d8fb49ab9e1293517

        SHA1

        6235b2a75c3d11331ddb1922b6adce2b7f36b416

        SHA256

        be091998bb6e7b295b42bbf7271996cb1d703406002d183f77e7f64dde60e7da

        SHA512

        2cbb821c613f3e30ea1ac6cb3f92adb7133309e05f2769adf30133a0639a4cf8e530ad76559a8def06a3486288ada1b4febd97ee0faa4c8c53dc61e7f46305c1

      • /data/data/com.yonyou.buyer/files/umeng_it.cache

        Filesize

        413B

        MD5

        2e5e5e75f5c79aaa13496b9b520d6aa6

        SHA1

        9d1691f404c71a4447a7ffab4c911072c9fb2cc4

        SHA256

        48f32ad93aa2bced6b273ed889cf6705a7a29ed17e29162e67bb30ac1b056708

        SHA512

        10c448c00cab97953bea00d3f200f4fb40b096a74ad739fcc5a178bb969dc49ed856b873a565d33cb6b39ebda6c75ec1cf1705f570a2c3b660531f12e006fd50

      • /data/data/com.yonyou.buyer/tinker_server/60b0daa42f722727_version.info

        Filesize

        192B

        MD5

        392d6d968fe71524bef4cf69e31d9aa8

        SHA1

        2f06eaa71bc0f4271076f69cbda1f6dc4341f65b

        SHA256

        071a63166c1d8baa29d2ff1b57d5a217c641f8a2977e29cdefc12bce0b8b0d0a

        SHA512

        772f4d89bb539d1f0249244fb9f7aae043041f5a30ad584e80fa4e0dd349a9ff73375afe6a86cb3113e80901238027bda00367a38204670a1b783b2b598653b4

      • /storage/emulated/0/data/.push_deviceid

        Filesize

        32B

        MD5

        a21631efdaab82ffca3f4b04499f7c9f

        SHA1

        3cfe0eaf8145c97e2624df69422b987b560d330e

        SHA256

        f3f6a0e1b19860170e25267c756baa125bb9a8d02b9e08e683db655c13657329

        SHA512

        9105b4779ac120ba0df1c254f9d420085892868ae7c925043ec2c93d70133448f28e0f002c0c1600cf3f866508cade1f3b6d54d40ada88dd8cb441d862a22468