caa1fdd052ba6cacb4fe8acf161f8bf2ec0a7d5848f5c40950a7697722cdb4c5

Analysis

max time kernel
65s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c7913f1940204a08daef5dc7ba09447_JaffaCakes118.apk
Size

6.7MB
MD5

6c7913f1940204a08daef5dc7ba09447
SHA1

f1f3d6325ee5a2299daa3f6aa946632496f46876
SHA256

caa1fdd052ba6cacb4fe8acf161f8bf2ec0a7d5848f5c40950a7697722cdb4c5
SHA512

6f003e85b841f3644d96c2fc4cb4a511daedbdc85c1ee54b8f67c259e7f7b9144205431f60fc3b556f4059f5de6f0b39bb1e7c345a8ff514ac75a30e2ea5c325
SSDEEP

98304:CK63Z9vqoz8UHdksRwN70rCh0quLw+CJqhUUICMt6bMib1e+uJQ0C:CKKZ9v1HOsaIrwQHsqhUUgkVb1IHC

Score

7^/10

collection discovery evasion ransomware

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

home.solo.launcher.free

description ioc process

File opened for read /proc/cpuinfo home.solo.launcher.free
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser home.solo.launcher.free
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo home.solo.launcher.free
Reads the content of the call log. 1 TTPs 1 IoCs
collection

T1636.002

Processes:

home.solo.launcher.free

description ioc process

URI accessed for read content://call_log/calls home.solo.launcher.free
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo home.solo.launcher.free
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

29 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Changes the wallpaper (common with ransomware activity) 1 IoCs
ransomware

Processes:

home.solo.launcher.free

description ioc process

Framework service call android.app.IWallpaperManager.setWallpaper home.solo.launcher.free

description	ioc	process
File opened for read	/proc/cpuinfo	home.solo.launcher.free

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	home.solo.launcher.free

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	home.solo.launcher.free

description	ioc	process
URI accessed for read	content://call_log/calls	home.solo.launcher.free

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	home.solo.launcher.free

flow	ioc
29	alog.umeng.com

description	ioc	process
Framework service call	android.app.IWallpaperManager.setWallpaper	home.solo.launcher.free

home.solo.launcher.free
1⤵
- Checks CPU information
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Reads the content of the call log.
- Checks if the internet connection is available
- Changes the wallpaper (common with ransomware activity)
PID:4621

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/system/users/0/wallpaper_orig
Filesize
278KB

MD5
dea583808b935ef42b66c48d0101bd0d

SHA1
dc3765aac996f4d7e7135e72a002271208e61635

SHA256
71dde9f3a7aad21d4b4876f7d044eaa7b6db245238cf8e6dc86794f27001fe77

SHA512
686e1bdc3fc663e43ee378da5e3e9fe077f7649e78d3b83b29ec954db40b9cbc4ddbf48244b825a7a05be307d34f3cc13a141eeae9edce9339d019a3c0b3c5e5

Download Submit
/data/user/0/home.solo.launcher.free/databases/soloLauncher.db
Filesize
44KB

MD5
38fe53651484d9001d3af7d8803a47d7

SHA1
f423e251770b4973474f1bc5d88b7f1ea11685e9

SHA256
f68448df72d1394d4a509cc9c94aca432879c7b97c1bb49c10f041d16462405d

SHA512
3687223d6c113eb9f13a7b8598a5bd04c4b26a98ac2b2c7675d939c4865981e9533c3bd3864a4e9aa29e90a1f1ed9ba227d00e9758cc767d0fdaee65c89c70eb

Download Submit
/data/user/0/home.solo.launcher.free/databases/soloLauncher.db-journal
Filesize
512B

MD5
6f59197a93717ff025fd03b0022fd1e1

SHA1
2fdfd7560fe56e9d8021a109c27594a620e74689

SHA256
4f16bf8677e03b33f50f2e04f33d5386df1a19642e9993c99f9cd935724c4fa9

SHA512
952366a5f06952e56406298c76b1049406fb3514ace18ad6da1464dbe4709532ba604777e0fae1383ed8e30d8ea5a2aa237a361092063de64759e025e0985e51

Download Submit
/data/user/0/home.solo.launcher.free/databases/soloLauncher.db-journal
Filesize
8KB

MD5
e3d9acd4ad1fe2a9909e78c890617594

SHA1
2b4c6e25c8d8af3a94197602a45f0507052db213

SHA256
a0b9139febc3cc4a9e4be72e8a5417ac49a0d829a939cd4ffa842b5dcb1dbd15

SHA512
f5b1406626a8910d30b08dd95e02c634d777d6e58185c5ae59254a4c319cdd313d51e968ae663495c65fccbea92ea97ab79bebf040ef7edfa7db612582200325

Download Submit
/data/user/0/home.solo.launcher.free/databases/soloLauncher.db-journal
Filesize
8KB

MD5
4887a7c9f390d0919a9d519b05fb7307

SHA1
765e9a7e9c69f237cef8dc2931a3c40bdd4425d5

SHA256
33c4e2fc5f1de6851b92fd9c5e0817047b0cc586cded2ec72d830ec7d9f1e96e

SHA512
f74ba5e60d7891ad0d8e42f398de052cbfef216ae3c1eb329f56d478e9bad44ae9e9ff61f2683dc17c66c9622fe8983b3ebda5cdd1678fcecde637eef3973ca7

Download Submit
/data/user/0/home.solo.launcher.free/files/gaClientId
Filesize
36B

MD5
dfc146df402eab7aaa6c2918505fa018

SHA1
40b7a1af2ecdeb972103aaad9cbcf68627983783

SHA256
2b5d3be028a27678842ad796240f62b8a30129499c3317ea18509a24294b2f53

SHA512
6c318e4c49d54cca0f9852a91ebfcddd347378554122f6ab143e52fef158fdfa270b3d1f8626faa6b2c072e69a52b4ba8c853bc3ebcc1acb8bfb36637499a417

Download Submit
/data/user/0/home.solo.launcher.free/files/launcher.preferences
Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/user/0/home.solo.launcher.free/files/mobclick_agent_cached_home.solo.launcher.free
Filesize
121B

MD5
3c79bc27f63ec00f017328a4d3d480fa

SHA1
62c88d2ff2943bb096219a74d54645d0a425f885

SHA256
02035ae90e53f0a01e269c91e05c836fd4eb6e2b9502536a312e7ab915d257bb

SHA512
191734d5cda9adadb845149fe43ff12ce443f394ef75d729324b937ab1bca804538c1b103810f7fee6709141177c30f75c2a5416ffd384330aab83d9504ec5ff

Download Submit
/storage/emulated/0/SoloLauncher/share.jpg
Filesize
70KB

MD5
1ca1ea11af21cbfba2e970355802f4b6

SHA1
eac864afa61b8699f729b37c34698727392346c4

SHA256
42c3235ee003ad9bf44067b2641565af384e34415a61a3e7caa7a6db0f82cea0

SHA512
d68b2e129ab2c5e1933469bbe7126cf3005c98a3ebd30378284148d7a6377e38b8457db1ff082c3cb523158c18f09402341130de9d399ff7df75451f12d6d1d7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads