78d83ba2ceb7e074d12c5540505d85306ab0dc8655709a812af1ce90ecc1baec

Analysis

max time kernel
174s
max time network
182s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e63eee5ea40b49a8585f5857d023e43_JaffaCakes118.apk
Size

4.6MB
MD5

6e63eee5ea40b49a8585f5857d023e43
SHA1

24327ac5cc4e92da8030fe6b4bdd3a687154e178
SHA256

78d83ba2ceb7e074d12c5540505d85306ab0dc8655709a812af1ce90ecc1baec
SHA512

7c41f9b8f31bd846bb27ca237fd9aeb1d8e17e791a2149173efeccabfbc5fe4d4584950ba0c6344e7f1a84465548efbc8accb929bfc33852ba5d2dc972b06043
SSDEEP

98304:h7RUiof/zkcsolU4g6C85ixZrgrhJ24eejVE9cP0R1Li5TlYnXYK:XpubRlUF4eW5P0RE5Ti

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

me.chunyu.Pedometer

ioc process

/system/bin/su me.chunyu.Pedometer
/system/xbin/su me.chunyu.Pedometer
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

me.chunyu.Pedometer

description ioc process

File opened for read /proc/cpuinfo me.chunyu.Pedometer
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

me.chunyu.Pedometer

description ioc process

File opened for read /proc/meminfo me.chunyu.Pedometer
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

me.chunyu.Pedometer

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses me.chunyu.Pedometer

ioc	process
/system/bin/su	me.chunyu.Pedometer
/system/xbin/su	me.chunyu.Pedometer

description	ioc	process
File opened for read	/proc/cpuinfo	me.chunyu.Pedometer

description	ioc	process
File opened for read	/proc/meminfo	me.chunyu.Pedometer

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	me.chunyu.Pedometer

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

me.chunyu.Pedometerme.chunyu.Pedometer:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	me.chunyu.Pedometer
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	me.chunyu.Pedometer:pushservice

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

me.chunyu.Pedometerme.chunyu.Pedometer:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	me.chunyu.Pedometer
Framework service call	android.app.IActivityManager.registerReceiver	me.chunyu.Pedometer:pushservice

Acquires the wake lock 2 IoCs

Processes:

me.chunyu.Pedometerme.chunyu.Pedometer:pushservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	me.chunyu.Pedometer
Framework service call	android.os.IPowerManager.acquireWakeLock	me.chunyu.Pedometer:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

me.chunyu.Pedometer:pushserviceme.chunyu.Pedometer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	me.chunyu.Pedometer:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	me.chunyu.Pedometer

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

16 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

me.chunyu.Pedometer

description ioc process

Framework API call android.hardware.SensorManager.registerListener me.chunyu.Pedometer

flow	ioc
16	alog.umeng.com

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	me.chunyu.Pedometer

me.chunyu.Pedometer
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4251

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4338

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4371

me.chunyu.Pedometer:pushservice
1⤵
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4297

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/me.chunyu.Pedometer/cache/journal.tmp
Filesize
33B

MD5
57b86c3122ae9a82ecaba9b1b180565f

SHA1
d185281cfc6d1b594c64b6ea77f46c61427997cc

SHA256
53f9615d355baa0ed1cd9a60d255c1330fa86a1285f03330de29a38c3abb08e6

SHA512
d90eee873339fb7200d6a17d7624c628d771e4f1971a3d6035a04d3dc306a97c04ca64a8a27e77be91f8bdc1a8e3b544b043c8c03a2b5a9ef3f7fb0ac0755856

Download Submit
/data/data/me.chunyu.Pedometer/databases/tencent_analysis.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/me.chunyu.Pedometer/databases/tencent_analysis.db-journal
Filesize
512B

MD5
0235dc22325d89560d4d4e3ca5e5777c

SHA1
a41224793a2f557b7b4228c2029e789531f7d420

SHA256
b179580be7b46747e67ae73d6baf6a7b7c7cc79e30ab1075c5053db00ff6d255

SHA512
71f3aec9eb718b89eaa93d341455219de10f167273ad194ba0baede6894744f535217d0c14a27718212e15c165d7fd8a0e0aaa62b019304b69193514b240a871

Download Submit
/data/data/me.chunyu.Pedometer/databases/tencent_analysis.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/me.chunyu.Pedometer/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
16aa54ec52035a3a85a495f2ef277bfd

SHA1
777673835c6787f816f690a760d9b7e6c9b0f4cd

SHA256
3c67f82af48c2a6ef13c8f4dd8e6a692337cf9596d028f0e0becb81b5d38cefc

SHA512
e4431116c27635913bcdfddb1f1ff32cb222b7dde1e893714509f528e68532c01b3cdb144eed7d0ce130639e7c2e7f567ee41cb43bb5ce00488aafe096457a8e

Download Submit
/data/data/me.chunyu.Pedometer/files/.FlurrySenderIndex.info.AnalyticsData_7RXBZZFT7HKS5V23Q3GX_156
Filesize
42B

MD5
c309be15af8f6ea905dac11e2a9c1df5

SHA1
cf1c7686226c771edf07f0910beff3624eebcf92

SHA256
78015db435df3e6aa476e6be6ab0dc8697de095bc1dee6ef7853c40d762c64d0

SHA512
65eaba5471658575060ff6ceaa0975399965f655bb837ced91b4f4a5ea731d23a6ea1f09be11525cd56090e53a5acd8c13c9a80cede66b8517c3a4a9e090a6a5

Download Submit
/data/data/me.chunyu.Pedometer/files/.FlurrySenderIndex.info.AnalyticsMain
Filesize
44B

MD5
276062c19adc0f42b0126b5c82205aed

SHA1
fb72a4f000fb9b31587ec14bc417e07e985aed81

SHA256
ace7b022075550774a92fd2236a961c684b8fe6238e7f2ecba4f9430168ba878

SHA512
91cfc2ba97fc9e4b56f9ef1f95365695ac8d0b40639194ec5e3832828a9c5dfa184d22dc8fbaaebeec87f6c6a9a1472ae0d49a3f88d2f0e765bd1896d12d05e1

Download Submit
/data/data/me.chunyu.Pedometer/files/.flurryagent.-493a527f
Filesize
58B

MD5
6b39e3c02e78a015ff8ed7d846726f30

SHA1
2b57316f2d19dcff5ca3b489cf601d9a17afb37a

SHA256
327d29c72db5b9602214bb4d5e5751edcc9178aad85bfb52244ac6b00f95e791

SHA512
3f7f36179f30eeea7cb271cf5a20b0cab09399eca47b56ed02ddf5439bf7b6663ccc927f78a6393b1d3cad5bf3d05e7e59330c35a37c3f961176a412d5b596fd

Download Submit
/data/data/me.chunyu.Pedometer/files/.flurryagent.-493a527f
Filesize
304B

MD5
3e253c29e57aafc8310618f4ccbe40e3

SHA1
5faea37b1ee8491250428cbf5669764dc1897e18

SHA256
cf68f07a20f1ba0447f11709d9de442dcc2ca49ac3fb5e4fdf3e5e2a2c6582a0

SHA512
1e4d421299bee27860f69bfe1728ad01e51a19240cc83794ee479352acf45e8c64b236a1764e35cf6853af0ebb55871a352789864102b2e71f9b823b8489e115

Download Submit
/data/data/me.chunyu.Pedometer/files/.flurrydatasenderblock.07bf2545-fc24-4b72-919a-e4dbbac06d72
Filesize
277B

MD5
c7850d70d03e18a65e6e86a837cd1b7d

SHA1
63641f57e1ae7151c734f6b7f49f0379618b1ec6

SHA256
ec002bc795f0deeb2d66ddcf206afb9806a6c43b56057dcc2a0046e33bbe4c7b

SHA512
1e2dc79af072e958a26de6e314a1492e13f71fc7918a4ad54398fc1fd9492cdde7b365eaae44bcd115c3e91ae15183ab53baa75516b00c0b974c2f793cf0c9c3

Download Submit
/data/data/me.chunyu.Pedometer/files/com.tencent.open.config.json.1101774620
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/me.chunyu.Pedometer/files/mobclick_agent_sealed_me.chunyu.Pedometer
Filesize
575B

MD5
7be2cf365f7de5d189f613ffec9e5be5

SHA1
e18f29c9d009d69804c42fb0deeaf8048cdbe5c8

SHA256
d2bc7b243aa3e2be832deaaa4aee2fc9fd4bdf136d6c85132d05c5fe6841f6cb

SHA512
74b88bc74d07b196955ae79d2914ab53f7e1f61db92ec4483863bf85824e2272c8e3fd5b43477df902e4ab17b565fc8be1c9bf971f5d259530818f1472f63a53

Download Submit
/data/data/me.chunyu.Pedometer/files/umeng_it.cache
Filesize
211B

MD5
3a3ed4c5c1463c0bd45ddede6d4a0496

SHA1
b6207ea12f5870e023f9984f6746f5f21289583d

SHA256
34286d6c913e409592a9f46216a85f35112c9a00c27eda4f0effa2f46162a78c

SHA512
8742e5a0333e603f5e6f4a840f83989e159a0de30c95a6d37a437a7ee2fb40df2c41b7184537bb150aae8990fef0f061b581b643221581e2751aa068fe02649f

Download Submit
/storage/emulated/0/.Pedometer/.cypedometer/.step/2024-05-24
Filesize
80KB

MD5
0b0c37badd34282a921b91ad080a9cd5

SHA1
2ab7be064dd5901872ee5a542b9be9974abf0921

SHA256
f9091108856ccacb18cf040ba618215ac288df877e189ffb515bdba64fdbcb07

SHA512
75dc0a7f0800d2708f977aae754702cc0327b122c148ebc6b92191792188a7d974bfeee2ae24b06e1ae4e6dc552358da583e5b62ab2a8dfa96dffb39a3f1b72a

Download Submit
/storage/emulated/0/.Pedometer/.data/.backup
Filesize
512B

MD5
5b2924cdf2a75bb91fe985e39c179ee4

SHA1
bbe0ddc581c8426d037ebf1f372a2311f7178e2a

SHA256
0035fdc277ab7c0cbc0104b0377b25022c4959cfee57ebdb1bfe8a5a4dac1889

SHA512
fcccea424ba6cf986e7de171f8fd147bee918e357dec4b5eac68dec9a2e84396cf72d4db66d92a6942e7822f3fc0c1f304add592bfa3a5e42aacc38551448438

Download Submit