caa1fdd052ba6cacb4fe8acf161f8bf2ec0a7d5848f5c40950a7697722cdb4c5

Analysis

max time kernel
49s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c7913f1940204a08daef5dc7ba09447_JaffaCakes118.apk
Size

6.7MB
MD5

6c7913f1940204a08daef5dc7ba09447
SHA1

f1f3d6325ee5a2299daa3f6aa946632496f46876
SHA256

caa1fdd052ba6cacb4fe8acf161f8bf2ec0a7d5848f5c40950a7697722cdb4c5
SHA512

6f003e85b841f3644d96c2fc4cb4a511daedbdc85c1ee54b8f67c259e7f7b9144205431f60fc3b556f4059f5de6f0b39bb1e7c345a8ff514ac75a30e2ea5c325
SSDEEP

98304:CK63Z9vqoz8UHdksRwN70rCh0quLw+CJqhUUICMt6bMib1e+uJQ0C:CKKZ9v1HOsaIrwQHsqhUUgkVb1IHC

Score

7^/10

collection discovery evasion persistence ransomware

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

home.solo.launcher.free

description ioc process

File opened for read /proc/cpuinfo home.solo.launcher.free
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts home.solo.launcher.free
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo home.solo.launcher.free
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

home.solo.launcher.free

description ioc process

URI accessed for read content://call_log/calls home.solo.launcher.free
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.app.IActivityManager.registerReceiver home.solo.launcher.free
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo home.solo.launcher.free
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

16 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Changes the wallpaper (common with ransomware activity) 1 IoCs
ransomware

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.app.IWallpaperManager.setWallpaper home.solo.launcher.free

description	ioc	process
File opened for read	/proc/cpuinfo	home.solo.launcher.free

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	home.solo.launcher.free

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	home.solo.launcher.free

description	ioc	process
URI accessed for read	content://call_log/calls	home.solo.launcher.free

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	home.solo.launcher.free

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	home.solo.launcher.free

flow	ioc
16	alog.umeng.com

description	ioc	process
Framework service call	android.app.IWallpaperManager.setWallpaper	home.solo.launcher.free

home.solo.launcher.free
1⤵
- Checks CPU information
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Changes the wallpaper (common with ransomware activity)
PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/home.solo.launcher.free/databases/soloLauncher.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/home.solo.launcher.free/databases/soloLauncher.db-journal
Filesize
512B

MD5
820a6f676072ad5cf55e424950f54b5e

SHA1
0677e0a6666b74d75d51b5ef43f87e3244ce526f

SHA256
e7c84c8330e49c45ba449dfe897e54866983f76244a12ed00bdb3115c91773cb

SHA512
e9306f0da55d908db22948299394aff3a852456ad435dd09e6e2e67faed8098c1a9c13b2a3aaed28cfd81276b37108fac67a5fcd0261ed247261e6dcd254d91f

Download Submit
/data/data/home.solo.launcher.free/databases/soloLauncher.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/home.solo.launcher.free/databases/soloLauncher.db-wal
Filesize
56KB

MD5
d395104d653beb19bf76f23c9ce2ea8a

SHA1
d077ca294f23adff65bc4071502ebd9d3e71b5ea

SHA256
1f12338b2b2ad48286fd659ddcde38c61b51d01e93ee13a81cf829feaf5c0f80

SHA512
0e74e2ed5ece25851c6600bd7c363519adcf8fa610da29285d5778dfe0fbcc9c6b25dba0e82fed84205d4274ef37a4f895188c6b4e9421f56d42259dc79c5cfb

Download Submit
/data/data/home.solo.launcher.free/files/gaClientId
Filesize
36B

MD5
b86eb32372b46decc5f33215646a00ce

SHA1
c0913122eb6906576131939322aaf00ecba40932

SHA256
8110141ad82c4dc9bcec63926de9d1aac3f4359d71ed0c36f6ffeb4dd1792d1b

SHA512
3a568083d04eea32d96f93f836d573cd2dea4dda1df8bfbd011ee4545dc38fa5e043efc9ca7572b8c9a667071739f02e6cb435c35cf859c38a7e8fdf1574d834

Download Submit
/data/data/home.solo.launcher.free/files/launcher.preferences
Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/data/home.solo.launcher.free/files/mobclick_agent_cached_home.solo.launcher.free
Filesize
197B

MD5
7d2e54a9439183a78e1a06bae3aa7bd6

SHA1
ba11baabf2fe741ddfd4c395899deb3c16c97b52

SHA256
f64f5f5f966a330dfeb9506793448a4d5727dac2dfc66150b9877e331434734e

SHA512
9b0b89c8a2afb6fe612d1814be4c9c099232b57cdeaaa2772a31918e9b65fa5156bfa03897ac801be9ade1fcb9a0b0341b8ae16b7bfb926f515bed5d03924649

Download Submit
/data/system/users/0/wallpaper_orig
Filesize
278KB

MD5
dea583808b935ef42b66c48d0101bd0d

SHA1
dc3765aac996f4d7e7135e72a002271208e61635

SHA256
71dde9f3a7aad21d4b4876f7d044eaa7b6db245238cf8e6dc86794f27001fe77

SHA512
686e1bdc3fc663e43ee378da5e3e9fe077f7649e78d3b83b29ec954db40b9cbc4ddbf48244b825a7a05be307d34f3cc13a141eeae9edce9339d019a3c0b3c5e5

Download Submit
/storage/emulated/0/SoloLauncher/share.jpg
Filesize
70KB

MD5
1ca1ea11af21cbfba2e970355802f4b6

SHA1
eac864afa61b8699f729b37c34698727392346c4

SHA256
42c3235ee003ad9bf44067b2641565af384e34415a61a3e7caa7a6db0f82cea0

SHA512
d68b2e129ab2c5e1933469bbe7126cf3005c98a3ebd30378284148d7a6377e38b8457db1ff082c3cb523158c18f09402341130de9d399ff7df75451f12d6d1d7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads