829004d7d70cb16bfb92bdfbab78f651bf2b90973c01c53773c0b354ff500a81

Analysis

max time kernel
86s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Size

4.9MB
MD5

6fa299074016487e3feeb2804121ec3e
SHA1

50b70e9da8b972a2a5a7dc1cdae0c668213cc79f
SHA256

829004d7d70cb16bfb92bdfbab78f651bf2b90973c01c53773c0b354ff500a81
SHA512

6b1dab8a1eb8dffaac3473ad7241dea60028786a9471e32c5b6fa95ca3b362c62c408616df66a2cb8503657bd42555cc171bf8329e77ab80c3d542d1596681df
SSDEEP

98304:p0TzuBB7HJNBYWBRgVzsNWMLeMgLTycAVDTMDepDP9wK1OerDnWQwOkKlg8pJ/:p0TzurBYWBRqz1lMiMkKeK1triQwylbf

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.fengcheqb.fcqb

description ioc process

File opened for read /proc/cpuinfo com.fengcheqb.fcqb
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.fengcheqb.fcqb

description ioc process

File opened for read /proc/meminfo com.fengcheqb.fcqb
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.fengcheqb.fcqb

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.fengcheqb.fcqb
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.fengcheqb.fcqb

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fengcheqb.fcqb
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.fengcheqb.fcqb

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.fengcheqb.fcqb
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.fengcheqb.fcqb

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.fengcheqb.fcqb
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.fengcheqb.fcqb

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fengcheqb.fcqb
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

9 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.fengcheqb.fcqb

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.fengcheqb.fcqb

description	ioc	process
File opened for read	/proc/cpuinfo	com.fengcheqb.fcqb

description	ioc	process
File opened for read	/proc/meminfo	com.fengcheqb.fcqb

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.fengcheqb.fcqb

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fengcheqb.fcqb

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fengcheqb.fcqb

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.fengcheqb.fcqb

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fengcheqb.fcqb

flow	ioc
9	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.fengcheqb.fcqb

com.fengcheqb.fcqb
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4277

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fengcheqb.fcqb/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fengcheqb.fcqb/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
0be08d885a2530fed0f244adab089cd0

SHA1
d009ed46b73f42b98ec553bc0211cba292a74d1d

SHA256
02079faa6d10e0b48761ba5107e7ede656f169383d195d55ee61731365a3ca4f

SHA512
e698817d75c35dde844ae63fd6af60c24e62f5ee6a8211bf0735ae877c10e0f7c2f41b7d17143f5f5f80a41f7759a821d21f471a298cb782014628a7f3c3fdcc

Download Submit
/data/data/com.fengcheqb.fcqb/databases/ThrowalbeLog.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fengcheqb.fcqb/databases/ThrowalbeLog.db-wal

Filesize
144KB

MD5
9c255615ea904ac0e487c83f68452df8

SHA1
01c7ab91766c0c84d75c6a578436f13d336fb3ec

SHA256
2b467cffb17a0b88d041949b66ad50daa610a6d3e0a2ea35d6d4c5d27abadf9e

SHA512
1a63ee92c6041906363f377d5f2a5bf395c13ac60321655620969bad15687ae1de8e07a3236db0ce822e7f2fcf29c0fb031b4a41bbde93939f9745838906386c

Download Submit
/data/data/com.fengcheqb.fcqb/databases/sharesdk.db-journal

Filesize
512B

MD5
117d24180309408c05713483e05f5341

SHA1
806517775bffbbf6465f9b4a52525d13c31efb61

SHA256
f3265d24dc91cb0d6a43e4cf4da7be41cb47e852858f947792a42e2580c91a31

SHA512
9d60a84c262a79a2941c8981a2fa0fd56b7e58ed655068f4237a7e12aa015878453173c28a4d7cc30cb4a9d8a58575b4abed34acbcbbb00076b281b21aceb30b

Download Submit
/data/data/com.fengcheqb.fcqb/databases/sharesdk.db-wal

Filesize
32KB

MD5
51ba2c198700f92a5bf6d612c8dae522

SHA1
34495af18463b63b17c6593ea2fe0ee9e0bba328

SHA256
716b197c0ea5b0762408c8a839c5e1efef44431fdc41c9c0a5842d757ac962c6

SHA512
6d1f9576faf0dc6d5b3a9368a827ecdbe6683b3b7a7790955febe9972bca005c6f62dce25c3d6a5eff816658d14ceb1009e6a2054dcac01a30add412d6664b30

Download Submit
/data/data/com.fengcheqb.fcqb/files/.um/um_cache_1716579947930.env

Filesize
582B

MD5
56a40ccec97d1d0c6a69df656600c998

SHA1
7b10de6b282b57578fef7ff8e9bfe8addcdbc90f

SHA256
b0bc1168e339464de5a09ade1ce4668ceec7ec64ccfe8c960e80fa659ebb16f9

SHA512
7da6896de31ffa9ef774ab1d96455a349dad35eab6a99136c8a28d1c41c1696f78e25701b6f75eac163b5835f6e9e3f1add25631283f25dbf3e1b95ea9895834

Download Submit
/data/data/com.fengcheqb.fcqb/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e47b12e27ae07c178b122a241c7ae843

SHA1
63f8a8f165b5edf3cc7cc20bf7fa06fa89666a85

SHA256
8080c217c24cf558172b3ddf9590f844820d83e5db2146a720bf1880f424125e

SHA512
5a7b4e44bd5ee73c7195adcefd59a4f6768abbfcbdeeeefb451be89dfe2bbc41ff7dfee2432019e5a0a86d0b3ca1a8c6a724b2316301eeb0b6d84ce21eefc75d

Download Submit
/data/data/com.fengcheqb.fcqb/files/umeng_it.cache

Filesize
310B

MD5
bbfe4208a47510a3abcc88c6057e5af1

SHA1
3f71e170809e6006d9f6734369c77a59dd971707

SHA256
3bde1b2d440f2a229385a4077be7e92a6de3f72974020f845eee23e0620a8af2

SHA512
8388cd54539f80821b0195e458b95ed718b3b65321907f27b81c1a2c01a50aa5604b020c2f3f44dd78b0f7ad21590615870be3341c505ca17a8e410b6730dac8

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
107B

MD5
c9383021bd97affc44be4db7018c4d7b

SHA1
7e680409d1c86e35149bebc22f2cf8c484f0d23e

SHA256
b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

SHA512
7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

Download Submit