caa1fdd052ba6cacb4fe8acf161f8bf2ec0a7d5848f5c40950a7697722cdb4c5

Analysis

max time kernel
49s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c7913f1940204a08daef5dc7ba09447_JaffaCakes118.apk
Size

6.7MB
MD5

6c7913f1940204a08daef5dc7ba09447
SHA1

f1f3d6325ee5a2299daa3f6aa946632496f46876
SHA256

caa1fdd052ba6cacb4fe8acf161f8bf2ec0a7d5848f5c40950a7697722cdb4c5
SHA512

6f003e85b841f3644d96c2fc4cb4a511daedbdc85c1ee54b8f67c259e7f7b9144205431f60fc3b556f4059f5de6f0b39bb1e7c345a8ff514ac75a30e2ea5c325
SSDEEP

98304:CK63Z9vqoz8UHdksRwN70rCh0quLw+CJqhUUICMt6bMib1e+uJQ0C:CKKZ9v1HOsaIrwQHsqhUUgkVb1IHC

Score

7^/10

collection discovery evasion persistence ransomware

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

home.solo.launcher.free

description ioc process

File opened for read /proc/cpuinfo home.solo.launcher.free
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts home.solo.launcher.free
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo home.solo.launcher.free
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

home.solo.launcher.free

description ioc process

URI accessed for read content://call_log/calls home.solo.launcher.free
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.app.IActivityManager.registerReceiver home.solo.launcher.free
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo home.solo.launcher.free
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

16 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Changes the wallpaper (common with ransomware activity) 1 IoCs
ransomware

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.app.IWallpaperManager.setWallpaper home.solo.launcher.free

description	ioc	process
File opened for read	/proc/cpuinfo	home.solo.launcher.free

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	home.solo.launcher.free

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	home.solo.launcher.free

description	ioc	process
URI accessed for read	content://call_log/calls	home.solo.launcher.free

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	home.solo.launcher.free

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	home.solo.launcher.free

flow	ioc
16	alog.umeng.com

description	ioc	process
Framework service call	android.app.IWallpaperManager.setWallpaper	home.solo.launcher.free

home.solo.launcher.free
1⤵
- Checks CPU information
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Changes the wallpaper (common with ransomware activity)
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/home.solo.launcher.free/databases/soloLauncher.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/home.solo.launcher.free/databases/soloLauncher.db-journal

Filesize
512B

MD5
820a6f676072ad5cf55e424950f54b5e

SHA1
0677e0a6666b74d75d51b5ef43f87e3244ce526f

SHA256
e7c84c8330e49c45ba449dfe897e54866983f76244a12ed00bdb3115c91773cb

SHA512
e9306f0da55d908db22948299394aff3a852456ad435dd09e6e2e67faed8098c1a9c13b2a3aaed28cfd81276b37108fac67a5fcd0261ed247261e6dcd254d91f

Download Submit
/data/data/home.solo.launcher.free/databases/soloLauncher.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/home.solo.launcher.free/databases/soloLauncher.db-wal

Filesize
56KB

MD5
d395104d653beb19bf76f23c9ce2ea8a

SHA1
d077ca294f23adff65bc4071502ebd9d3e71b5ea

SHA256
1f12338b2b2ad48286fd659ddcde38c61b51d01e93ee13a81cf829feaf5c0f80

SHA512
0e74e2ed5ece25851c6600bd7c363519adcf8fa610da29285d5778dfe0fbcc9c6b25dba0e82fed84205d4274ef37a4f895188c6b4e9421f56d42259dc79c5cfb

Download Submit
/data/data/home.solo.launcher.free/files/gaClientId

Filesize
36B

MD5
b86eb32372b46decc5f33215646a00ce

SHA1
c0913122eb6906576131939322aaf00ecba40932

SHA256
8110141ad82c4dc9bcec63926de9d1aac3f4359d71ed0c36f6ffeb4dd1792d1b

SHA512
3a568083d04eea32d96f93f836d573cd2dea4dda1df8bfbd011ee4545dc38fa5e043efc9ca7572b8c9a667071739f02e6cb435c35cf859c38a7e8fdf1574d834

Download Submit
/data/data/home.solo.launcher.free/files/launcher.preferences

Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/data/home.solo.launcher.free/files/mobclick_agent_cached_home.solo.launcher.free

Filesize
197B

MD5
7d2e54a9439183a78e1a06bae3aa7bd6

SHA1
ba11baabf2fe741ddfd4c395899deb3c16c97b52

SHA256
f64f5f5f966a330dfeb9506793448a4d5727dac2dfc66150b9877e331434734e

SHA512
9b0b89c8a2afb6fe612d1814be4c9c099232b57cdeaaa2772a31918e9b65fa5156bfa03897ac801be9ade1fcb9a0b0341b8ae16b7bfb926f515bed5d03924649

Download Submit
/data/system/users/0/wallpaper_orig

Filesize
278KB

MD5
dea583808b935ef42b66c48d0101bd0d

SHA1
dc3765aac996f4d7e7135e72a002271208e61635

SHA256
71dde9f3a7aad21d4b4876f7d044eaa7b6db245238cf8e6dc86794f27001fe77

SHA512
686e1bdc3fc663e43ee378da5e3e9fe077f7649e78d3b83b29ec954db40b9cbc4ddbf48244b825a7a05be307d34f3cc13a141eeae9edce9339d019a3c0b3c5e5

Download Submit
/storage/emulated/0/SoloLauncher/share.jpg

Filesize
70KB

MD5
1ca1ea11af21cbfba2e970355802f4b6

SHA1
eac864afa61b8699f729b37c34698727392346c4

SHA256
42c3235ee003ad9bf44067b2641565af384e34415a61a3e7caa7a6db0f82cea0

SHA512
d68b2e129ab2c5e1933469bbe7126cf3005c98a3ebd30378284148d7a6377e38b8457db1ff082c3cb523158c18f09402341130de9d399ff7df75451f12d6d1d7

Download Submit