3f04bb34997925120c5d8cb52cd793d9f94715ec804381296eee0bd65c730694

Analysis

max time kernel
63s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
03/06/2024, 12:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

91da4a8cd75e340cbd8215feefd5c0b9_JaffaCakes118.apk
Size

9.1MB
MD5

91da4a8cd75e340cbd8215feefd5c0b9
SHA1

b39deb2961cdbfa52c18dc24768f10e27159c1b9
SHA256

3f04bb34997925120c5d8cb52cd793d9f94715ec804381296eee0bd65c730694
SHA512

be0fc04e0b630d93b8b279030fdd1cfc308daffdbc8622e9c7706f584f3eb016cf51f6704cbb41f350143c8cbc0660b129897d6981952c3f3331a9f4ef0d1777
SSDEEP

196608:cn7TsWoXaQN09WyoIinq8IEvI0IMLdcR5UdzdwLlEi+tv4Lf9NLXxhG+:cnUW4TNGTinqG8aa+9iGaNFR

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cross.run.app.tucaoc

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cross.run.app.tucaoc

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cross.run.app.tucaoc

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
27	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

cross.run.app.tucaoc
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4662

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cross.run.app.tucaoc/files/mobclick_agent_sealed_cross.run.app.tucaoc

Filesize
530B

MD5
6202f8c717e3a7efda93ca8e548a452c

SHA1
78a54d7936bdc6af65cda0bba150e6a6b7fed956

SHA256
b7e875ddceaf23e8ea952e8164afef93f8a1616e2b134fb96584b798a0c9acbf

SHA512
e16c96466f80c028ae0aa7d8295be8cb81a3a129f884431d82b354d58408ec78b6dbe2fa7fc8bdef1139e968ea1a7af7bdd152ebcee27f4bb1b0ed7a6bdb86af

Download Submit
/data/user/0/cross.run.app.tucaoc/files/umeng_it.cache

Filesize
148B

MD5
b5104d1e5a7f4d4e7ea20e84129b1ba4

SHA1
71cd00a33090f42ddb228b496fb1bb48723e0e48

SHA256
92e16d9802d3231608343cc2cabf3cdfc5e7940298c2dd8bc9bfaf67dcff5542

SHA512
410c1b5334ce470d7327ddb2f0af4c4b46ef4402c3414a5ddcdcb8fb1d01db78bfd4d16a8467f72e50f1026d5b2ea6b832766ba4e9f3fe68e8856bbaa1d9d52c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads