53c4db9f4e28b6b01465ec9ab52061c7c221ce77671daab5206ab90673763278

Analysis

max time kernel
176s
max time network
188s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
01-06-2024 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8be15230c11d67b8d2cc82e6f7741d3f_JaffaCakes118.apk
Size

4.3MB
MD5

8be15230c11d67b8d2cc82e6f7741d3f
SHA1

824a27cf1f7105c17f57145275be5e3af6db3b88
SHA256

53c4db9f4e28b6b01465ec9ab52061c7c221ce77671daab5206ab90673763278
SHA512

90af29c00a8378bf2d8995d6a6342100457962f57283b637e83c67dcd0b5eeeaec618832517aac8c20d5842d6cf1599de0d1c0f6e36a357f8e7dd81f218abec3
SSDEEP

98304:mQvsTDSI9S3a/tE/oo3yxyaf80zGijojJXwnqMV8L3/Bbc19/nMV8L3/Bbc19/tG:mXDSI9S3a1eR3yka00zGhFL3p29/BL3t

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	io.dcloud.H5D7DD228

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	io.dcloud.H5D7DD228

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	io.dcloud.H5D7DD228

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.H5D7DD228

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H5D7DD228

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.H5D7DD228

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H5D7DD228:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H5D7DD228

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H5D7DD228:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H5D7DD228

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
19	alog.umeng.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H5D7DD228:pushservice

io.dcloud.H5D7DD228
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5204

io.dcloud.H5D7DD228:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db

Filesize
48KB

MD5
81936e4ba880ec556f17c1779549dab9

SHA1
5d7437f127576cac4601d49c66887f211ef862fa

SHA256
aafedd7a74a139eb9145acced97b8b818faaff53f6b0371f98d2c0223707e305

SHA512
8f7a81a74266ee9d0cee1a03156d02ad5838a3772f03f83fe673353cdd3dd84d87e15683ddf244dc1dd72a36e3dda0e2204438fb1c88250da8bb9fffcdaed763

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db-journal

Filesize
8KB

MD5
ab39321446db780b06f66ec8bd4ebf71

SHA1
bb29d97d8746c8c75984cc734717bbacf895fac1

SHA256
665390d74491a86f6e93acb61c77d49cf170f1318051e246cc9bee5567cd4ac2

SHA512
72734831ce9011ed5e5f857aa354a8c1779b6179a56f9327734edc0b577a38a68c2cda61f5ed132ff8353e4af9fb1cc8d11a310ca63849263cdc3291aef76ca3

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db-journal

Filesize
8KB

MD5
f8a8af2ae6caffc651e935e14f9e8c2a

SHA1
2e082304b7155be4bab38c3c0bac0f1bb8e7604d

SHA256
7289430671b21aee2193a832376352bda0f8209ec372d7ee41097a31466f7875

SHA512
824108afd3e3e3145877014055bfc734bc6d40499440380b376cde4fb2b45044682e87c8b4287c636295cfc0a8a618dfea11e80ed5a935699be10ede5ff871e3

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db-journal

Filesize
12KB

MD5
953e8b009d1239854630e9fd8c20e225

SHA1
73a96ea905a61196d31451ae23062b44753c8252

SHA256
ad0bc40e36cd36b7f22c659f96cd821bbdaeed7531284c2153fe983166ad1cf2

SHA512
ee1ac6aecaf3995e8241a37605e1d96f2e610eb7607dac26f6a8150f6a1c628d6fd8d765598753c63cbb261604333cc34c977b2020c92d5359bcc6acd65ddac2

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db-journal

Filesize
512B

MD5
a443c03cfb5e750e87809f4f1b1d1bf4

SHA1
a64e155d77f799b9a795c4bd90b8c04ee4cd2917

SHA256
a2c2a59b7d3c67ac8ba16d81fe8116c6a26c3f4103368ebc42378c79bdf66ad6

SHA512
b04f56ab0752d6b9a0b2d89ae2c377862ccbedf8eb4eefdb77c87ec8134f27893d360327c2afb841c487b4e5b10c9cf97f32d4fc4141884b4f3f6995230c0d6c

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db-journal

Filesize
8KB

MD5
f16efd6be789bd503f931f527ebf62d9

SHA1
11dae1212f154abdf4f3238bd1a4df47aa255bd3

SHA256
b12cd2b768b6f5c1b5f2088b491b273fe645ae978977ca7b7da2a42b3b6dc752

SHA512
8b1d2efc51da3dbf7f06bc2f553dcda6138e37d37dd907257014f57ded23f3545b7e75b190610ffb2f54c82d0ec57f41ac223320676b7a02f06c7174db4f2ef8

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/cc/cc.db-journal

Filesize
8KB

MD5
53e1679a7a217568fab815746e648941

SHA1
9f12066414a482946152d07c5ca89892400565dd

SHA256
4102657508e35781800f8f36b133e6aa92c49287bc5866db4a48248142321395

SHA512
6725bd7f9c44db4ca084d2b9ef1f0cd6c4c817fb9575730d374de51427a4dd4b2ed266455a4b119b938c25576a698d75dfa15b31e282e4562a7daa824785a3ac

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/pushsdk.db-journal

Filesize
4KB

MD5
8c202aa442e5474216d6b4ae679d602c

SHA1
80bb054b06e936189365a2078c7b92f1c0e4b1d3

SHA256
b2578ca6cb59bb3192c3c6c5bac9cd926297b74236ce8181007a1265c4495761

SHA512
fa4c860021c6445a4a04c59d833551e3446b232c81721cdc1cb04bb7128f27414a6f20289f6c44b1bddecf671c89f88e214b224281a6bb2775fabcfd2b8278d0

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/pushsdk.db-journal

Filesize
8KB

MD5
c83b4da9317db50a6136442a753889ec

SHA1
1d2926c42b9f1b3a9d5040b654bb23307839f5f4

SHA256
e45c73c6f94317091a6ea971e2f71b188e7c6715f7355afd767d8f63f92b5615

SHA512
df328ea041580c27ea0920135dda177adb2ed72d97985caa42e027cf32193f2f32350c645dd1b7cfb2d8787881322e18f2ece2351854bc509d90c63753cba91a

Download Submit
/data/data/io.dcloud.H5D7DD228/databases/pushsdk.db-journal

Filesize
8KB

MD5
eed5dd75ffcc07d3fbcea2c59af11ca6

SHA1
5bd0f8934898165983b90f8123df682142a5912e

SHA256
fdcfa25915839a4f1d1fbcc03a10c9f9950b9a850b58c2eae04c6f378b4f68b4

SHA512
bc5f550b274c8e9eec0f6088cf10b47f52c92d9a76524913d96de089d59741855f4eccf37dd4c279d75e0108cfb20baa23372c962b261ccffde38e51beb57975

Download Submit
/data/data/io.dcloud.H5D7DD228/files/.um/um_cache_1717278210193.env

Filesize
1KB

MD5
febed4581179a8ab9ccfff7904b0fd48

SHA1
a1d8ff5d7a4949bb2a59b6f283bb6abc105fad15

SHA256
53fc7d0bf21c7ab7d20ecbc52bcef1f2a368521c8e4bf2ecf2a29a4f4217be02

SHA512
7162927aa07b93b611aad88a6055d6e9c87730e5fc88e4d46fd1fe73e5f44d81c206b46d19039eff335f99d2a2d839bd18230abbbca2f544dbc0726a427d09d7

Download Submit
/data/data/io.dcloud.H5D7DD228/files/init_c1.pid

Filesize
14B

MD5
14ced17d65f6f876d15b552bb6a33fa1

SHA1
4d4c2876cc422e82c1a21330116aa25a349bc0ec

SHA256
277747b319a5a1f525599680cc416c3f677abcf0df1cdb867a524999caf4ae46

SHA512
456af4475d695ca50c299b9c10b56ca8aefa4146aed0f1f4a1434724ce692bb1289ff8563e3216b0a3c26e9d4ef1c990d263275e57327dab08795c8bb7c8a82f

Download Submit
/data/data/io.dcloud.H5D7DD228/files/umeng_it.cache

Filesize
431B

MD5
2ffa8ad3fe7721ba014a3d1eeb9db5fe

SHA1
255591cdb94108266f3bd4ab2419172ebd819928

SHA256
8057e435644df115072a005aaf27db37ddecc0f033068825ec32d2cb2b3649c7

SHA512
fe6186f4de0d6f2abafd1cc2b39beaa1812f205dafdfa4bfedd3c43b70dd20aad411147337f2fdad42df1c226b96d3cab2fdfce99952f29f563f13e8bd3d5118

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
fbe5aace736f2a21543998610f40174f

SHA1
d8cae1a66c2b06b1b50910d5705427b6670a7943

SHA256
b9d76969d529d171c5fa775be321f2dc5fe2870bc7e21ad28f331f6f111037de

SHA512
17e4df6b1a5d4b03c189a53e6fe05017a7dce26f600a62481f7fe110675fefea079ec8af86c72545908be379c6c4aa2b2c86d623bab8827bb6a174e1b2f11082

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
408B

MD5
0a69676a3d7bafd6cc44f440348290d2

SHA1
3ff45c68a23b1d177e0979c07fd20a333933c795

SHA256
497fcafc2106118480922bb43f8bd33fccb9ccdbf89ab88245dfc39abf188700

SHA512
10ea629c55ebd24d4801528acc26d7d0ebd2fddacfa7db6e5da9392704f54b1ecc81931739651a0ee5d3aa6eaac3b30019c2b20aeb536655b4ef5cba17bb6e24

Download Submit
/storage/emulated/0/libs/io.dcloud.H5D7DD228.bin

Filesize
162B

MD5
72db51e03f6c3b8a5c7ba5387e566e4e

SHA1
b227b538864a95fe234c916fcf1c385b109e737a

SHA256
c81274fbe0fb5773f02aa9ca258a5931fa380b62e3e6e5faa466a512fdcae6e4

SHA512
044cc48d85884ebdb157e22b8244cf21500ce2c2d159b393b004c2bea374a7588aecaa05bcf7f9840abe7be1173f8bed71bdf53514110721f96eb96617c7a9e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads