aef1362117f3c2a2c80b78e852e32b5b7d48568cf65259d1788be6aad9e37a25

Analysis

max time kernel
179s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
25/05/2024, 19:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72f7d6e8ab55d5466e70635209cc0414_JaffaCakes118.apk
Size

30.5MB
MD5

72f7d6e8ab55d5466e70635209cc0414
SHA1

69b5157708c0bc6c915a1223334836e9a59eedaf
SHA256

aef1362117f3c2a2c80b78e852e32b5b7d48568cf65259d1788be6aad9e37a25
SHA512

7a0af31df2005954c9be95e2426f282937d0b6e86b9b42581856390dc5aba50e8e358a7e4a3e4272b0642b13a079bd72cd30c870511f6f209ad7637d48b9202f
SSDEEP

786432:0xEU7RKoAYZJN7/jvzcviN4ze2HAPOFUun4hgRYV:rU9LvvYyuFOV

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.feelingtouch.gnz

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.feelingtouch.gnz

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.feelingtouch.gnz

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.feelingtouch.gnz

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.feelingtouch.gnz

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.feelingtouch.gnz

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.feelingtouch.gnz

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
7	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.feelingtouch.gnz

com.feelingtouch.gnz
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4292

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.feelingtouch.gnz/cache/__chartboost/CBRequestManager/64555857810

Filesize
330B

MD5
632d1519e8873a033873a8e11526153c

SHA1
6072717e5fbc813630f6dcb8fbbb2057efac6e2a

SHA256
d6b3d0d12771350c967dcd01d9b0733c9d36cc2ff3debb90b34bc950f1daacb8

SHA512
cbda3e7bebccffea6823bdd8ece125b555a87493338298dec98b3ff0da4c2fff7c5c89fbbf244bf4aeb5b04a793e68a784dd684218d49681dcdee47f3682e781

Download Submit
/data/data/com.feelingtouch.gnz/cache/__chartboost/CBSessionDirectory/cb_previous_session_info

Filesize
189B

MD5
bb22acacedccccbf46eac8f059ae6e7e

SHA1
76ca4454331e20a7bbb6253b977f808d20b1ca59

SHA256
3e7aa7dc62e06f107e1addd8813f68ebe9b750cfe37b67318ee652aae999e28c

SHA512
0b2f3c514afd01dcfbb1da5e19f72a7c7babae1f4e827ff0dadb685fd89c5f52fb704c91df4223aa389e88ad9ba2d7632ba5244233c80a38a53a4169d6024b92

Download Submit
/data/data/com.feelingtouch.gnz/databases/Apsalar.sqlite_b77b82d6a0df7dccce96fcf67212c50c6ecb552d-journal

Filesize
512B

MD5
c6e44816081955c4aaf62ba75e92f462

SHA1
76ff97db7ed768c9524260c9f975aac232f1e89a

SHA256
1a1ef0143c2612e24e56f73f57efdacb6c5c6b6e708876e5b6c6917a4cfc1f27

SHA512
a02bdcc8c6e247a2a4cb5520cd013a851d18a3beb51220fd617558592be82cbcdb423996afa85298e191a68feca484f1b018073d289fa90791b9e2d599f368ab

Download Submit
/data/data/com.feelingtouch.gnz/databases/Apsalar.sqlite_b77b82d6a0df7dccce96fcf67212c50c6ecb552d-wal

Filesize
32KB

MD5
7575089f40ee1da742f8506c7f23a3ca

SHA1
4ba8e7d13555a63ae7c06660a58e9f1f677f9c79

SHA256
daf0f20d127d064c2c357808fec9305a6fdd8a823b769e90ee3ebb444642867e

SHA512
ea5951a3f5e50fb2385f5e648f39a216a1d3f6542dece38e6e2d0bb9b0c82b461a01ff9dec7bdbbfcc109920bd6db1b8e5cde3cad56f049ac54290e71ddaa424

Download Submit
/data/data/com.feelingtouch.gnz/databases/countly-journal

Filesize
512B

MD5
ab8d5a820fbda535084212bfc40143c9

SHA1
bbebc23393385061fbce7be61782b6b13ab439bb

SHA256
b1da60f2ebe81a9d30160a01e78c2d9cfbff713be18b557f5f13a40b30a3e203

SHA512
640be01f8a22b44f574949a682b4c46b7131716252cf2aea8329b874d2a4b6542223a46e432caf9a0f6415c6fdfecde23945a48240d30c61e3b289e1c6c2622b

Download Submit
/data/data/com.feelingtouch.gnz/databases/countly-wal

Filesize
112KB

MD5
45a347946d95dc23dac024e1ec135a30

SHA1
d60eeab3100f0b6fbefe2b8eab596fb4c53a2391

SHA256
e927d8ab0c8b106844d0a0376298609271acaf0ebec4ad1143d62fe65ee7d1cf

SHA512
55b0cd31682c3d7af82f914023499da498d2c49589d9d7280a59cc7ebead54abad5886211c0cf16272b84cfb1722e2dcad2ec44f4c987d09270df2f79a5d962a

Download Submit
/data/data/com.feelingtouch.gnz/databases/vungle

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.feelingtouch.gnz/databases/vungle-journal

Filesize
512B

MD5
61d3893844e134cd17e41243044bf228

SHA1
d5b0d9adbd12b26656a6a2c7038c55af1c464f27

SHA256
6d050ebf220710a64b03beb18fc8e7e17ae76edcd23d087f25eda4390d72b612

SHA512
23457047994954e6bc27a8df26853c02b450ca70ea82cf8e1905fcf12b06b2a98084ad7865fd69512d38261ee59a66ef991b575674d5d16240c6ac5371f0ed19

Download Submit
/data/data/com.feelingtouch.gnz/databases/vungle-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.feelingtouch.gnz/databases/vungle-wal

Filesize
76KB

MD5
b973d75b597e484729545e2a0a590ee3

SHA1
1d9ffe66d18d435355beb184f4b01fe6f09838c1

SHA256
bc8165cb59029e2f22aea344acd7a8c500af517d51d2201094a2629ecba9e99d

SHA512
89c2a695571133ab1093c42a7e38102ecab41e502db246e779adc4b8bec545d491016740520d8323821a7eea7caa8c4c65cf54f599b799ac5b50f62ccbb0c556

Download Submit
/data/data/com.feelingtouch.gnz/files/mobclick_agent_cached_com.feelingtouch.gnz

Filesize
121B

MD5
5cce60cbb347d6572f86461516ac899c

SHA1
0888dd2acc91f88f7b896714d1c210c6d8a55ff0

SHA256
5f589dcba3f979bd68382a15888613e4b5dc11f024df17a37537824037a3bc6a

SHA512
208d856066ea35658d049d6c30cbfa74d3000ad6e1043ef7d6525ee6f9aba37ab53f5d71c65db53b31de3d10340f959ddd9f0c253deaf6becc9240eeb96b867c

Download Submit
/storage/emulated/0/.gameAd/com.feelingtouch.zf3d_LANDSCAPE.jpg

Filesize
113KB

MD5
7c9b8726e2028a3e5bf0494db1d6d0bd

SHA1
c357d02aa55f78b0c458f45e39fc9b2791a6337b

SHA256
809e5efd83df13416a5a7223d8c09eab126b1d37f9b73a7f6ad9ae0c1ee1de4e

SHA512
9342b01c3c567324cc9565bf0da781173e5040256609271023dd2c43f339567d0d04ce27d351418856a1a1df30d53b8bf1a4d98305b4312ec560b2107b9d2d61

Download Submit
/storage/emulated/0/.gameAd/icon/banner_ad_ew_en.jpg

Filesize
124KB

MD5
d369fe6614f1de745536560e16ae1761

SHA1
4e034c3caee28601ad804f72d0f84dfecd0e7618

SHA256
94b17cdd0513f9989e7789d2bf4475deed1ed734ff42b43f15a391c3c3b449b0

SHA512
e5ef1183463c8b0d7588aee1c74de94cd4f0d5ca965052440f13f2f160ee09f56146d13bf5506d0a74c3ea47bbe8e4acc0412b32b45e66dd7c39d36665ce0b3d

Download Submit
/storage/emulated/0/.gameAd/icon/com.feelingtouch.empirewar.png

Filesize
23KB

MD5
e49c0dba932ca6626bd0832fa8ddfc7f

SHA1
9aa717a4ebc0811401791122c8d05a6ff43cc77b

SHA256
3bad0da48acbec9ec7b72d16bd3c099c0c339bd94762fb0e2f892c4471bf71d7

SHA512
d4a28fea07f3dfa15fb7bf587cb27b6e352f720f1a26d3ce13427bc56a049f899c7a64c6796b948d1fde3ec8980f98c715c3155cb7d4432ebd225f482ae19e61

Download Submit
/storage/emulated/0/.gameAd/icon/com.feelingtouch.zf3d.png

Filesize
24KB

MD5
11d1d09d5ac7df654da6370c926f465b

SHA1
7774d0a7bd818b8233d60d01ae6fba34d9d006fb

SHA256
1a20613afb04e419b1e80489a67df0ce2140e482b3405e8eb7606c3ee5a432af

SHA512
87553d42a0c9baecc2a2a5ea417bb7d29383ff59c17e2dd442f39a9ad3ca3a2eaf36f14acbc3c6cf3461db7502119c1fd34af9d83b0115b677774cc21b5588d8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads