0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa

Analysis

max time kernel
152s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
30/05/2024, 10:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83d5c4b2a023403d1f4708fff0533eaa_JaffaCakes118.apk
Size

13.6MB
MD5

83d5c4b2a023403d1f4708fff0533eaa
SHA1

2f7aac1addf79d6e7f46e02ed1e20c707faa0950
SHA256

0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa
SHA512

33e0d113c4e61d00666b3dede4d47258247159a17eaee28d223f28647f66169fe39622c154dc60515f6fdaa7bec60bd8c548d0dd6608cd47aef1937cb962c674
SSDEEP

393216:1jyNj0cGzvsZG80rGzho36eVQkSRF3isSF2x+Ig8abE:1jyynk5hoxsyTgcnbE

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iyuba.cet6

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.iyuba.cet6

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.iyuba.cet6

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iyuba.cet6

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.iyuba.cet6

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.iyuba.cet6

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.iyuba.cet6

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iyuba.cet6

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
38	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.iyuba.cet6

com.iyuba.cet6
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4310

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iyuba.cet6/cet6_13.sqlite

Filesize
1.4MB

MD5
01154722725ab3d8e8153ac16ba0c867

SHA1
5c512a6cad0c52a268e552b42e4519061926d0d7

SHA256
f2ee8ba7ed7e079e4d3ea13f6a51b189cf76d3e1b8e00665f32055ee370f1603

SHA512
d32cd6fdfaadb5d3513d446e7546ca89aa4dc8ae652ffc9f962816bf2f352457ba9c06c642726ff1b15b3cbb1cd6c6466445a1cb0428826007113d3043422079

Download Submit
/data/data/com.iyuba.cet6/cet6_13.sqlite

Filesize
1024B

MD5
67f72316eb23e932608cc07dcdc037e4

SHA1
89ddac76543745b4bbf3942dd61d4245a5c3425e

SHA256
6e06e13e10d0bb16367eb4b4a75ec34d9dad426dd446480c4d3f1aa65cc65ed7

SHA512
09b502853f11f07379ec6e7ab12b97b29a63b3c9ebbf484301b1929b4d38457f3561c846fafdc4f09ccb59591a87089f4813b259cfa3c58d85614bf69128fc65

Download Submit
/data/data/com.iyuba.cet6/cet6_13.sqlite-journal

Filesize
1KB

MD5
713f22e9738a20e850ffd542e185302d

SHA1
72e482acd270e9a8f65db13a2816403a923237ca

SHA256
ee93040606750b553744e17ee264e6ea44755cd0b8579780b2842f1d6d3c074a

SHA512
8b3341fbe19e3da2007721bc66c95cd84683403b5b378d44e8d167167e4b0ba46d71b427118f22c6933ffbcbc8d98d62897614787b0804610760bd2b97637c7e

Download Submit
/data/data/com.iyuba.cet6/databases/lib_database.sqlite

Filesize
7.3MB

MD5
0626e960b4b6fbd72b9e142ea763fa16

SHA1
b113ae2eced67bd7b7747b22194778a03439f311

SHA256
c4c5403ca4469154ab2ea6b2a6472841c77148269cd64bc8e47a735e85dc425a

SHA512
7306b131f9c02a9e40325f701f56ddd439d13e1a160720d74d0f4596c9429d3763fc91a33e22bd9e7a450b1df017380635c2e4716276d55981511ceb3d0c2c81

Download Submit
/data/data/com.iyuba.cet6/files/umeng_it.cache

Filesize
211B

MD5
51bc05b72503df190df51aabd9391e66

SHA1
e638958b82488b31bde80ea612619c1747a6a4aa

SHA256
f4e6a5bd74298ebded1d8ac4a5e321fcdacd1e73012621e1ba18de0f81f072c1

SHA512
5c49d1ced280b83b02e50de8d082e2f338ab28ea9a53a9db8b51ec02039aad6ca9b4e8e2e4859dcc30cfb710c04e2c1ecb056990f8b8e4a09aad8117d6976742

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite

Filesize
25KB

MD5
714157b88c7bf8cfefa384790c21be12

SHA1
9e9d731296da5c85010e3fd44f455cd1d0ac3bf7

SHA256
f3f2cec1e69443128e5bfaeca6c4a29223c1e8aa710f8af77fa3b38ce12b25ab

SHA512
3a85a539cec724596216031f568d7d995cff5cb68ea9b3402a5047aeef82e4a02cfccd00f93d66d7c1efeaf6f3839fae6c6e0dbc394e6c234d82857f943e58e2

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite

Filesize
26KB

MD5
646d1d92bc528ad73a1f6f23549410ad

SHA1
23abf5b255182e5bd09ce661d543d168573c8bc4

SHA256
afa49167aaa09e8310904451ea70aa091f29bc69004934524c9bdf1e82428375

SHA512
d83986677b4ea77a2f93a640301e2df11abed07214b068065450630ce3fcf7210b004a358f3be1d2a108f1560c41a3af9bfbf6a9e7bab8e8f9ae2e66b39513aa

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite-journal

Filesize
1KB

MD5
622c660e23ce156a11b3719ea894506b

SHA1
6ae66560d84676a4a3c10384a633f0311a36dbb9

SHA256
615b66a4e86f6ccaa2da1c9a560d7555795585eb262751930165852a69991e5c

SHA512
7c6d24b7cd80bf4c167984d1440f75ca4e8a1a5d1e9a0883c2aaa4b18dc7639b1dc22daac59ade7e03f3ef9e9ed7dd53258d3e3fe6cd19bb0239d0d8d037aead

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite-wal

Filesize
3KB

MD5
3bf646139e59dcce73e721d34503ae91

SHA1
0b6a32154949b3327e150edaf098eb0e0970ab51

SHA256
9d7153452e920394c0dff6fba9461841fd874723473bf67c467d7769f806a922

SHA512
baf0a89f7233b0ae4c087a7a8fe35a0b73ea745b603548636bce0364a181879de2c130d761a13dd6c0bea7333aaca1a4bcf5b773e72c8b1f9c8438084acd64c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads