9546795f121025fdf2a780db0ea7d49985e146afe48628dc5ade0129284061eb

Analysis

max time kernel
66s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
03/06/2024, 16:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92857cb00820b9f2c77e958abd66a8d2_JaffaCakes118.apk
Size

10.6MB
MD5

92857cb00820b9f2c77e958abd66a8d2
SHA1

de8c76e8a8f0711e711bd80e71a0132a0a961488
SHA256

9546795f121025fdf2a780db0ea7d49985e146afe48628dc5ade0129284061eb
SHA512

07409f0baf5d00a8b8c1a263526beb78a02253b88827cc1043b8cba7942a7789622b48b30b7400e849fd5fd7fcb085f50f1deeb67307cf0ab2a877edc8d55c69
SSDEEP

196608:dHlhAQNtdMj3KypL0i/8LvMGkbYCbdFllMJ9HZPLGqpkFmFkJZNSEtw+2xT6t8Y8:dH/AQXq7KM0M8Ti1bjXMJ9HVLGCkFMKg

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.brixd.wallpager

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.brixd.wallpager
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.brixd.wallpager:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.brixd.wallpager

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.brixd.wallpager
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.brixd.wallpager:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
17	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.brixd.wallpager
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4457

com.brixd.wallpager:pushservice
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4500

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.brixd.wallpager/databases/com.zuimeia.sdk.analytics.db

Filesize
20KB

MD5
c5a0771073ded6d1c084b7be84ec9554

SHA1
fa4114564179015c2b53b54fac4a56db4216b0ce

SHA256
864ed1636884ce3352790874125d272a541f3484cd23aa328561a80494127b7e

SHA512
cd4c27e1fb9160f649816641b1c8c58391c42030eaad83a6fdff22b2b8e303bb2cfa60fe578ff174bf1394cf4a4a1020941742362faa1b0020ae1213cc474735

Download Submit
/data/user/0/com.brixd.wallpager/databases/com.zuimeia.sdk.analytics.db-journal

Filesize
512B

MD5
99f9817fe6443b924c16a0f3f0e9cdd2

SHA1
9cf2e0b1d2f97032f64bc29faddffa98e38eb667

SHA256
e353ff08150edaa1989cf4157b0257d3b919b996cd918b34b188db59a6f8bcf6

SHA512
e0cca1198578abedd1785dcf76a530ddc0b8df57a0e92c2bcce6ed7c6681d1ce928acf11100de7d3042c523a74b973db4caea013bef6c6f7d01979670607c064

Download Submit
/data/user/0/com.brixd.wallpager/databases/com.zuimeia.sdk.analytics.db-journal

Filesize
8KB

MD5
be6f59454289cbc425c49c805b6ab8a9

SHA1
931f2a19654e62a3410baee5440364823562752f

SHA256
ad57ba63dc2dfd0781bab9d801cbb0d5d388ccd47b88d71bc6ee6505da56f210

SHA512
5aa258ee772cc4c12d5b562e115d985e78ebcffcbf1948a23680333de63b8dd84a70beb862321f2199f742929f93948e1a6bb8fe5da4471c5746f9ec05c8058f

Download Submit
/data/user/0/com.brixd.wallpager/databases/com.zuimeia.sdk.analytics.db-journal

Filesize
8KB

MD5
ef464b3678d49890b5a3f2c454045501

SHA1
6788b27ac901949a0e9835db583b5849bd500255

SHA256
e8b44d3743ae8d7e206657f052400e84385fbb65a43a1a717bb1d5a8f2ece885

SHA512
3b80ce921b8d6f8185855604147c37a78bd94c0720ee42efb554fae2b8b4936673313a5ed1bd04a3749d1c0c1145e7b245c2d767e573706de330b21f8c52a6c6

Download Submit
/data/user/0/com.brixd.wallpager/databases/wallpaper.db

Filesize
76KB

MD5
4d76ff971c9c0a8778e77cc9a86dcc19

SHA1
53de3a2af4145ef25fff985d5a3c12b08e3b6af9

SHA256
07e77267b227a9f02d26826bc62377cd66e6b3d0a95d0561fcc9530b38418bfa

SHA512
b7c09ed5a1a8f44d9fe9a1d1c5e8802a479df290cf730acc34f64701f0dcbc763f3e151035bb99a1b75cd2a6f2b47445ade0f0454cc023cd74301fb32dc74bf2

Download Submit
/data/user/0/com.brixd.wallpager/databases/wallpaper.db-journal

Filesize
512B

MD5
99b032e805a82071abf8ba7f103537a0

SHA1
fd419123440a57020a969da56d9a53b9f6edbd45

SHA256
3fb1e0c9467c74a0fd429b63bac7c9921778e4add1041517459d5ad36e22738c

SHA512
a1ef94a1a9f490a44f98e6ed87c7bafb6def2dcd441031b899c4ce99bf5e3c1a9ac3a345d3cb83124a8ee76d4ab8dcb7645e4698ba40b81377fe3481c2753a4b

Download Submit
/data/user/0/com.brixd.wallpager/databases/wallpaper.db-journal

Filesize
8KB

MD5
02c5a7cd053e7ae79fbf5269dbbc3121

SHA1
4f917c116d8601fc3299eefd95387344e452d626

SHA256
d685cb0026056e4ff837d9ec3162c5e87acc9ec9c02a68f83d59cefd23f11ee0

SHA512
39ea569ad5cc33ce5d67101d53f9128ff302996665ea30a32a9dcaf53fd17ebb8738afb4ba6f7993da1339cfd2242d2c39195b0b368a1b7d84daba94614fa0d1

Download Submit
/data/user/0/com.brixd.wallpager/databases/wallpaper.db-journal

Filesize
8KB

MD5
a186c16941af0198fc28f80c52c0e6ef

SHA1
d013bf33e21c11e6628a44c57662682c82754d50

SHA256
0011dbc1cccf3dfe9fd9b9c9982c542a0d58df56521b69573644bae3af8e23b0

SHA512
fed93cb75d5cc41383a6ee1e8eedc4de733f1ff1055e60fa7af728d38ec06c799c2cee2e07ec2c898208847f37dbdf6b2aede042ed10c7897cca2c47eded048e

Download Submit
/data/user/0/com.brixd.wallpager/files/.um/um_cache_1717433955531.env

Filesize
605B

MD5
4b87932202c01e9b1a674b3e9677fdd1

SHA1
9a0331ef04d91e50dab034a478e6c98790b51e1e

SHA256
25c9c6e4be86381c34331543bf564ee028aebd96571c79db09c5c210cf181146

SHA512
dc01ed1058cfda0687aa26a4c5c2a84279f49950f8210f81f7d30eaa10a370bff67fc2d9230ac9ddbbd23745f886ff106d31999250ef4e41c03bf1710c581b41

Download Submit
/data/user/0/com.brixd.wallpager/files/umeng_it.cache

Filesize
245B

MD5
2f66c5028dd94cd52a0d202d2111811a

SHA1
2ea2faad06dc126513de80676bd0c223b4cbb932

SHA256
730f5bab007d9266b3a56f40e1c1477c37430bfbeedb073a770befa205547991

SHA512
60646f69c216954a86fa78da118a4d9889582d1531af2345e5098b81ea44c61c80a213ca20a712084f67a27459454a29f26e8f25786c2bbc49665e268cc3fdc3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads