0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa

Analysis

max time kernel
155s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
30/05/2024, 10:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83d5c4b2a023403d1f4708fff0533eaa_JaffaCakes118.apk
Size

13.6MB
MD5

83d5c4b2a023403d1f4708fff0533eaa
SHA1

2f7aac1addf79d6e7f46e02ed1e20c707faa0950
SHA256

0b952b02824c47701066187433878ebfed9f7cbb1e931115676618d9eb7d2bfa
SHA512

33e0d113c4e61d00666b3dede4d47258247159a17eaee28d223f28647f66169fe39622c154dc60515f6fdaa7bec60bd8c548d0dd6608cd47aef1937cb962c674
SSDEEP

393216:1jyNj0cGzvsZG80rGzho36eVQkSRF3isSF2x+Ig8abE:1jyynk5hoxsyTgcnbE

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iyuba.cet6

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.iyuba.cet6

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.iyuba.cet6

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.iyuba.cet6

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iyuba.cet6

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.iyuba.cet6

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.iyuba.cet6

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iyuba.cet6

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
36	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.iyuba.cet6

com.iyuba.cet6
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4527

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iyuba.cet6/cet6_13.sqlite

Filesize
1.4MB

MD5
01154722725ab3d8e8153ac16ba0c867

SHA1
5c512a6cad0c52a268e552b42e4519061926d0d7

SHA256
f2ee8ba7ed7e079e4d3ea13f6a51b189cf76d3e1b8e00665f32055ee370f1603

SHA512
d32cd6fdfaadb5d3513d446e7546ca89aa4dc8ae652ffc9f962816bf2f352457ba9c06c642726ff1b15b3cbb1cd6c6466445a1cb0428826007113d3043422079

Download Submit
/data/data/com.iyuba.cet6/databases/lib_database.sqlite

Filesize
7.3MB

MD5
0626e960b4b6fbd72b9e142ea763fa16

SHA1
b113ae2eced67bd7b7747b22194778a03439f311

SHA256
c4c5403ca4469154ab2ea6b2a6472841c77148269cd64bc8e47a735e85dc425a

SHA512
7306b131f9c02a9e40325f701f56ddd439d13e1a160720d74d0f4596c9429d3763fc91a33e22bd9e7a450b1df017380635c2e4716276d55981511ceb3d0c2c81

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite

Filesize
25KB

MD5
714157b88c7bf8cfefa384790c21be12

SHA1
9e9d731296da5c85010e3fd44f455cd1d0ac3bf7

SHA256
f3f2cec1e69443128e5bfaeca6c4a29223c1e8aa710f8af77fa3b38ce12b25ab

SHA512
3a85a539cec724596216031f568d7d995cff5cb68ea9b3402a5047aeef82e4a02cfccd00f93d66d7c1efeaf6f3839fae6c6e0dbc394e6c234d82857f943e58e2

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite

Filesize
26KB

MD5
165a66e4faeca0904bc9a03fb084b6c8

SHA1
9d820b41c66e89e6842ac39bcc22b936be6023b4

SHA256
623faa910aa8d8bad40103e5c9685b2d71d20d92e551a2ea56f26ccb083c5e50

SHA512
bd99c497285746e32fac6d731c4a28186889c8955114b6fc6f4ba9d1e6626698bbbdafaddc45a02438fcc664267c4146163c189ee3f529cf2a7fbf08f26e6022

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite-journal

Filesize
1KB

MD5
f6afde80c0ea662ee325788d08c90fc9

SHA1
66bdaa930cf2324eeda3209dc9e241f4ec4865fc

SHA256
6f568abc21301582edc9fd26eb7c222a6926b6f450db23868c157da4c1107450

SHA512
915ec7fd66ec86bec9aeb5b84c34bb657e444b50482e26f0c9d68add49cbc57eb1e144a638b1db042d5e58afa8c541b5b0bccc6e420a7f7c415ac72786673d2b

Download Submit
/data/data/com.iyuba.cet6/sayings.sqlite-journal

Filesize
2KB

MD5
1167455e2a11b634447c73ed43bc18bc

SHA1
2d8712cd738f58209bbd9ea721e34c2a514a89b0

SHA256
57aca0b6464eae387252c8a70a281a67b61bed364b3a313a3549cd17c31d11f3

SHA512
2e11c47f59819cf9781485194a00d3d26a593cc21c81b8c906b02ad0e499f670afdbc8c574596b4fde071d04e1e9d88e369387aa73025b7e804f11b774890064

Download Submit
/data/user/0/com.iyuba.cet6/files/mobclick_agent_sealed_com.iyuba.cet6

Filesize
517B

MD5
bb003675dcdebafedb85f425dd175261

SHA1
1c1b0c9b0db8c998e33b8495bc2de867cd5916b7

SHA256
af9c21054ee583c2531aa22894410ea09731bec58015fb2bffd42afc318c20ad

SHA512
08d1f49586d72c6880dfcc4591a75697da48cda2f200cc9e53f16cdfb1c0d26e81a9ec341799a5efb27284e0d427e7c2a0d6795c1e41d0226257d3e35378c223

Download Submit
/data/user/0/com.iyuba.cet6/files/umeng_it.cache

Filesize
148B

MD5
62a03aca5a77953d184d2277060398ba

SHA1
62dfc0fc256b75c1975f3efeab0c5268eed31ed7

SHA256
32247b62260b134544e6496c4c31da6ec52617a935b5418126f79c434da133ce

SHA512
94ad80744d13eed7bcd8aa761285be3bed7a21ec060ef06199efdcd588c953c34d859fa890f4a699a829228c047c7a95e2a42c5b0ff055d15ba3fc60ef973526

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads