3ca8596dd737d2adfd8c496e8116d11ad19028808b457562dee968b84b0c3b44

Analysis

max time kernel
179s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e4f832a0b7c5532a260961112db6ea1_JaffaCakes118.apk
Size

12.7MB
MD5

6e4f832a0b7c5532a260961112db6ea1
SHA1

4072de39aec1461a7dbf72531898f77d06d5773b
SHA256

3ca8596dd737d2adfd8c496e8116d11ad19028808b457562dee968b84b0c3b44
SHA512

751cc64b138e944a4b7c17ba36fc6d5e2e0c2d192fbb499f04c48b300aa79fab74e8408f0bfdfb0db4104092d97f451d21f655b31f61657ef447adf0b4b7ff78
SSDEEP

393216:lK+0nJUuzhmH/f+IO5nEEfS8YgfxZqIHuS:lK1FsHH+I/+vxZqIHuS

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.gao.da

description ioc process

File opened for read /proc/cpuinfo com.gao.da
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.gao.da

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.gao.da
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.gao.da

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gao.da
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.gao.da

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gao.da
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

31 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.gao.da

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.gao.da

description	ioc	process
File opened for read	/proc/cpuinfo	com.gao.da

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gao.da

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gao.da

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gao.da

flow	ioc
31	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gao.da

com.gao.da
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4597

com.cyjh.gundam:download_server
1⤵
PID:4653

com.cyjh.gundam.service.ScriptService.p
1⤵
PID:5309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db
Filesize
28KB

MD5
10f8ef8c6cd206127ddc67b48854a613

SHA1
8624b3791b3a4129f33cb5990d343b40c8a3c32c

SHA256
dedc5a592efd506995d3d076f80943561b24d5657ac1563ac78206137a25de84

SHA512
e0a74999bab1c92110af7ee84733c620679fe55c2dc8bd0d154f28886221b3c64bef1a5738f29bea3f07ac163dc3c7133037a0ab1252efd7155788c3b0dda143

Download Submit
/data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db-journal
Filesize
512B

MD5
544c22e248115b8df15d6bce12ece622

SHA1
cc98f2f9aa76ecb5110d50c400cd858414f82954

SHA256
12235aba559e797fce607bce9ff54e892c215b24cbe0e423516b31fe5c1f2a7a

SHA512
f6e363cbaba7e77503c3762d50615a919f27591752dabfad80f39b6db330ec25bc779b95bbf3b07f09550629f5f28b5b4c7d09c21740ef49480e9c5ecb7645df

Download Submit
/data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db-journal
Filesize
8KB

MD5
e4b1f4183dab38d5f2f62880adcc857a

SHA1
fb3ab06aeca9e642cc79ce8b0441ed40dd057c38

SHA256
67c9ddc46be5658236aa7f262be7b48a9d6d692b9b250e171a34e5ab547ceae0

SHA512
1c855398d43939dd42e12b58c378188f4bcae3599ec55bb8dac3c53085551ec187ae67dacaf3b6777f9bd2f3507df5abc404d54d702970b2a3b784a8dfe8d2ca

Download Submit
/data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db-journal
Filesize
8KB

MD5
1d125ee85987ca8a85b135bfa0bd2636

SHA1
84e5d7493f7896018832c848947509eab481954f

SHA256
1152598e83235a65e68c9f9c6ba0ce1e805a6d5a75397956b5f05aebbb28bbcf

SHA512
b7cf364c3a51b7d5cf094cc8e261efa64de132e260ec1c5a4f67e615a56d87d4152805cec2337d84b7a73f6ef8129f3ead58c384c0b771d5af993261b210f99e

Download Submit
/data/user/0/com.cyjh.gundam/files/.um/um_cache_1716549273374.env
Filesize
649B

MD5
ccd4b007b6274e8c1de303e35679ab9b

SHA1
cb5d93196fbef567a82ac3c92a6246317e82ad88

SHA256
62de3373da627ea9c4d704e7884f31e75d8f56d4198b718c4355977305b274ce

SHA512
84aa77366c824660d9e454df8633eb1dfec90c91913cea998043f4717fa34c3c441d1b413846b8e27b7c0a43c214ffbb1d6536aad398b4dbbe680ef364b09a57

Download Submit
/data/user/0/com.cyjh.gundam/files/umeng_it.cache
Filesize
328B

MD5
b83cb2af94bc3884517eeb38fc6d0440

SHA1
06632e2c2330db78c71add46cbf8b6924513e948

SHA256
491ab0d1c0cb896256ccbf29f65a3dc81b41035f978ea051caddf063be43f987

SHA512
e0330bc1d7b11a70c58cc51795aec082a4a3e3584ef22e537d26d442004783bcf621389249a5ad6253eed5c94d374654c75c39827060350b9827649ff90b98eb

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
2bd3d4936cfe4c11f3e2692e3523d061

SHA1
56ce39c3928168b359d1f367e7bd5bcdb56e1485

SHA256
7270c993e13ca849d1cf1a04d66a737314c5af702046e12e581467fd5108ef08

SHA512
db79ba3c82b8443c2dc52f6fbc8249da1067c390d455bb812a673f3d0d2fdecb67706f6d67f1df5188b197a2fd5dd361ba5583ab95ef75c84bba8f70dff2a628

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
cbf27d0cb8521f854bb4a20d19732b04

SHA1
b92d5990fcba7f7ada3979a0c3facf33d648af83

SHA256
afedbe1033ba1fb20be7bd1bf93bb4b4157e14d0b7e3578b842f9bb84c92263d

SHA512
11bc59c3b2e3e2bcf2ef2e98d03bca06c7e6d4a36c1d54a0574b1c6ae7f80e7aba06085bd174cf9b1bc65e18cc8cf275b315d37ad9e883c9b4376f0ca566fd5e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
408B

MD5
fdbbee1ad2e3f0fae993ec0b7b660f26

SHA1
72b1445c1203f55d23403fef88a04309dae1529d

SHA256
ba8aa80485301e50b3ac03aa672cb057c1b2a43dedee3f1cac797ad9933b9c17

SHA512
f187da3694ff44883d10704475bbe9e26552da1f68ce7b7217b699a045e2d5e93b39ef6afc45ec3722a3775c7ec3dbf3ec3778031bfe218e16f24726050eb32b

Download Submit