56d867aab53040ec659966a291f0079e5e44fbf1b9afe5a1f558caf6a6f8426a

Analysis

max time kernel
176s
max time network
183s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
26/05/2024, 18:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

766315e6e5758b5b083fe90fd654a74a_JaffaCakes118.apk
Size

10.8MB
MD5

766315e6e5758b5b083fe90fd654a74a
SHA1

0a285ded7b5293c9cf3cab938a722830b36489cc
SHA256

56d867aab53040ec659966a291f0079e5e44fbf1b9afe5a1f558caf6a6f8426a
SHA512

2c574da83838d535d88bcb66409e59d381be810881111449d95f87a45c510cfa1920b0cdb7248aa4684b5a1247ce6b4aeba7bcd9a4cc2a94598da40fa38c623a
SSDEEP

196608:eX5mAyKmOIGHKnFTnRrKbv1+sBi5wucB28UQQxxt/um:eATZOFHgBReb1XIiN/QV7

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hj.dictation

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hj.dictation

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hj.dictation

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
32	alog.umeng.com

com.hj.dictation
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4567

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.hj.dictation/databases/database_analytics

Filesize
20KB

MD5
5ae3755fb589d154452e613e910bbbab

SHA1
785e8d8ea2dc5c473397467b28c46e32f916b82e

SHA256
a8b099270ebecd8a7105aa9b81029c730b6ec20079d861d01997b3bbf0610784

SHA512
3019a44b87f20fdacb348623dd0a845d36997b3d5262b9193abf97cf0a04bb1803facd7ef47174b76ac6304a97ba661f89d758b7551c6b8d57b33ef6951f0a3a

Download Submit
/data/user/0/com.hj.dictation/databases/database_analytics-journal

Filesize
512B

MD5
ae0782c2f4cb787945b9daa801273292

SHA1
07b9d3976452e821d84257f4aaf48b72b293bd94

SHA256
34579a8d3dc04bfc65d9a9c5644608eb126d76c6150bcf45ba79a0b86e39f88a

SHA512
5bf9d6b8451bf1a195ba96911b228dcd2592552081820eb8fd34b252897c44daaf7b6d699c6c98b6593a9c8c56072aa67e018690b0693cb4bedff31921bdb78a

Download Submit
/data/user/0/com.hj.dictation/databases/database_analytics-journal

Filesize
8KB

MD5
06138b5ba63d8547d0f7ff771aca9247

SHA1
a4e9953cc46dad88cd1e00405ac910a1d9ab48b6

SHA256
a4f175d012562143620536dfb904cf6278bea39e5b5b6b21c977f4d8dddd2654

SHA512
db97cb154c33ea5d9582a19c06e38cf2f37223d0f84a9cbf1d29f520f8ed12f8488aade5b0a2925515ae42e771a61465ddd19e3481ea8f5732603c360d9ff25d

Download Submit
/data/user/0/com.hj.dictation/databases/database_analytics-journal

Filesize
8KB

MD5
010dd1769d69720401f53c154098a51d

SHA1
9ef50e0c4293029f49c3dd188f570d324267eacd

SHA256
6bd882ae45894a04dc01eb2ca103604cd90d7e23c7d25501a90a81e2b4ff5976

SHA512
a095c792d9d658692652b2cb556aab920501b48b3cf5c4cda6b0b4804e7ea54c74b9f4102418bf0b6ac041aea6038be800a7770baccb6023487914f9bee32fe7

Download Submit
/data/user/0/com.hj.dictation/databases/rep.db

Filesize
24KB

MD5
ef059343a796b98c04ba09d685a89463

SHA1
4ea2821b5ad8d072f7f290de711de75aaf10d34b

SHA256
7f6fa1d88f941ceffb21c2a29ef4225b70dd767d8d8f05e975ec3236751ede0e

SHA512
64721384b027f6d6d42e6b87ddd0160d861f25b36324df48ca106ddaf3e101204eb77ecd6a7deb0e787ab1e5c245e741b1ff8940eccc3a95105843f3f5e69a5f

Download Submit
/data/user/0/com.hj.dictation/databases/rep.db-journal

Filesize
512B

MD5
7ac8d1a8261bf89d829a3dda7e3195b9

SHA1
7630dd8d28849809fb99a14e994f3040c3cd9818

SHA256
4de845cd0f19ba30aa0f6b839dbc6d3c2f339257c605f21cb9153bdcb1cabf76

SHA512
f1fe6cecfad13fa11cede27715779503f396a2d019af576df66e3c6500533e4bb90305f7c854b2f40b5d349736756f6fe1888f536baa901f83e71c47deba1280

Download Submit
/data/user/0/com.hj.dictation/databases/rep.db-journal

Filesize
8KB

MD5
c8ae318e642fd1de790c1869bac8ba2f

SHA1
404b3de8b7fde8468c8d3ca5fcc4212bfddad699

SHA256
172e026c941cde40c9ee1d2eb63f1c0955393358b1a35cfdc3c57552a0f1e84c

SHA512
fc9e5c2895a4012c3e598be415ff30fda002c4707ad4ced5bf2894a7679f0bf1685eb738d0e3c2fc81e166b06801e5c9c8a7e40542bab1eaba4320c8327c3be0

Download Submit
/data/user/0/com.hj.dictation/databases/rep.db-journal

Filesize
8KB

MD5
2d7ba5b064fb28b3073b90ca8566e657

SHA1
853687866188a33b29c2719f337ce7cfa539db34

SHA256
6d3312c7c9c1950ed70fa413db907dfff5d36e56f0e05b2b52781b79839d7a55

SHA512
39bcd345175df8eb20b2e678ff9c77226290edbbaec1277afd96fc7b7fceaa6968907dc2ff81582da629feceee65e82d3d7b10958f29c264e870206959de8e65

Download Submit
/data/user/0/com.hj.dictation/files/mobclick_agent_sealed_com.hj.dictation

Filesize
521B

MD5
316acf52224ad74f313e5a5ea4612113

SHA1
e2d5cc21b563fb5de4112395295b9eaececc237a

SHA256
f5823b78ad35074dfafd3608a4a9bee326ef7db6b1ecd49d0120d16cdaf7a1a6

SHA512
4a52c1cc4fe120f4279360d9d9b923ff60814c90e5d161536e1b9b477ee8b53de77ec34309c8d16ce521a5a6017dc7d03121c76b51594c7aa62c6ad393eee47a

Download Submit
/data/user/0/com.hj.dictation/files/umeng_it.cache

Filesize
148B

MD5
4b816eeb6c6943d18a4447bb771793c5

SHA1
16024cf84572e805478960df8ac35448e547fdd7

SHA256
d93fd95adc93d4b0e098efe999019a348013c9d2052fa293e4fa2470295d1b7f

SHA512
6006b343bee0c593adeb040ba7cc5fd5c1f74285bd59464e619efcb036188c5a3de4fa943c33f96a22ef03cb62370307c3d167f990c45055a897c96c7744d4f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads