Analysis

  • max time kernel
    137s
  • max time network
    170s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240603-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240603-enlocale:en-usos:android-13-x64system
  • submitted
    05-06-2024 15:44

General

  • Target

    9888cc8aa1b49d30e608427d4d445e4f_JaffaCakes118.apk

  • Size

    10.6MB

  • MD5

    9888cc8aa1b49d30e608427d4d445e4f

  • SHA1

    e55f3e7981f280cdd2f317149b5da837860e53de

  • SHA256

    d7fe6e93853f841d6782b75903204d66507a781d5f19ebe1735447bc056bb0d4

  • SHA512

    42084157ad5ed2cb7b8c7714b5fe3b6028761425dd1ec9ef4826b77876bae80a3cc6161af3fcfc86070f1975d11243ca7e7cf43be8f4dc5f48ac2e1d2a85d8a4

  • SSDEEP

    196608:X8okYTIWCPtmImc8AbI9KGTlScrSz12lcGEiZkYuRrXaZIjt2LuT/yg:X84TCl/8+TG8ccW0iz8reDuT/9

Score
7/10

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 3 IoCs

Processes

  • com.fanshu.info.xinfanioew
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4241
  • com.fanshu.info.xinfanioew:ESS_RM
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Checks CPU information
    PID:4296
  • com.fanshu.info.xinfanioew:ESS_RS
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Checks CPU information
    PID:4322

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.fanshu.info.xinfanioew/databases/UmengLocalNotificationStore.db

    Filesize

    28KB

    MD5

    d9b41a7a9910678760cc526a3a7d4a38

    SHA1

    7c9c4e69c2dbf701cf7f83393e52e97066a4ffbf

    SHA256

    5ff0ffbbd6d3f7183082c6c8d575d1753ba6bf81196fc3b952108ed87b851c0e

    SHA512

    48a061dced72de8d3688ef320e54a08e993a8ce9321a06c466e46dfb551cd5ab665970a533433da750cb989b647e3b8fda45e9fdd0d85ed1857565135161dfdc

  • /data/user/0/com.fanshu.info.xinfanioew/databases/UmengLocalNotificationStore.db-journal

    Filesize

    8KB

    MD5

    33fe8c3e25ff51c473f016bef8b660a0

    SHA1

    f35dda5cd5dcb06c20071f617f58c27b563b568b

    SHA256

    9413a3236afe35e28d88c10a240f55795f589bc015897b8f0005eee532051358

    SHA512

    6b19da07fcdb7f097b57ecb8b207ad9aa4642b8d089f4033a7f0866157f43986570f5c578e42d6a749389f7c165d4c0079590dc1d3a4f184b77638a6215a1fba

  • /data/user/0/com.fanshu.info.xinfanioew/databases/UmengLocalNotificationStore.db-journal

    Filesize

    512B

    MD5

    c6cec9a3786701a5f893803d5133a6b9

    SHA1

    cafa00a989bf54ef88bb58da72f059a7610bf134

    SHA256

    79d87952faf217f4b424e6495fd4b62ac7aed8b5acb5221c41ce86e9b72e2afc

    SHA512

    bbae504becf54c9955239a388986ebbef4bceef83e83db42f283e380096d659c83b228ae0100fcc30351d5dc93d1b0ae1f5ffd95b876633c45e2a42f7f7f2726

  • /data/user/0/com.fanshu.info.xinfanioew/databases/UmengLocalNotificationStore.db-journal

    Filesize

    8KB

    MD5

    c2414f0bf4f4ee2ea5365cb074cd11c3

    SHA1

    6f2ab83b1d88c56b1b4fbf6ecaa05e293f0dfb98

    SHA256

    1a1299fb4d4e0629ba543ab5e9aa2d13f628f0e9ddf6f2154197c8c018989269

    SHA512

    6b57bed4155dcdd2ba1e9aeaf80fc156bc57781cb1e5be1366f46dbfacca0465a6f6fe25527d2c3a40a3734390854d13efaa0aac4611bd7b268b7c3601f67b36

  • /data/user/0/com.fanshu.info.xinfanioew/files/.um/um_cache_1717602348047.env

    Filesize

    556B

    MD5

    8c9d0a6f36680b7cf5a0c19d6845d69b

    SHA1

    50d0d33f0c82b3ed50bd365a56830934440d19c7

    SHA256

    cac6dc90be9f8e8fcc7457e3a1458f4fa03f4de3a0b14c3ed2fb0f337fe03f67

    SHA512

    6708be87ca6f9b89320c23c77b39e42ed2d2a12deb4842b42d638f34f652ef4f51cb7bfa9037a491026513b095ffd15fa5f6c95e7bd550774c37a65377ac27ad

  • /data/user/0/com.fanshu.info.xinfanioew/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    be285c6d20c21c92e89c65901f155231

    SHA1

    55811ec02b22185da0f672fe3d5519b10182170f

    SHA256

    88a10f4826565673dce4f150877fc981e02299c87e4a8e28070dd545d92fcc5e

    SHA512

    656741e6b4f8ab092d07b1261acbfd0fe74f4701dc703ef34782595c6630b7d7182cce64ad86dadd99cb48db57b23b18b0ccbf2c35c7ebfed28a9519fd2fdd7b

  • /data/user/0/com.fanshu.info.xinfanioew/files/.umeng/exchangeIdentity.json

    Filesize

    838B

    MD5

    a5f86b9272e480d312fedbd33dabd0f3

    SHA1

    499cc678228534d206a94bc417933121e3c2451b

    SHA256

    1750e9ac378c6fd0b5e821774ea66620e30cffbc469d53b15f01bdbeb173c629

    SHA512

    c9205d5594c3a213ef4164c711d3db37b75a84c178ef4f5e52283701ae6930a8668b82fb4bf17f99219dfe1c34900e6821e836938eed63f659c197524a35c6e8

  • /data/user/0/com.fanshu.info.xinfanioew/files/config_using_extra_setting.ser

    Filesize

    112B

    MD5

    872da7256d7874e985088f598c3fa822

    SHA1

    52bd8d89c6bb8d1c824f3fc6160c67b6977cfb9e

    SHA256

    3a9211c61885aebfc97fc31f6803100945302c038939b5574e7f177e1a7bee29

    SHA512

    1a30fd3b083c7ffb52298af055fa8512a15a3313c1d0a4f52d9be4e7afad6920f50bcf721217943f722066bd87c3e2db2c997ab97aaffadadfd8671a5b920793

  • /data/user/0/com.fanshu.info.xinfanioew/files/umeng_it.cache

    Filesize

    629B

    MD5

    d9cc3abde63578f9267df4e7fd0748bc

    SHA1

    ebb74503728e2afa3f58fbbd7ae4d19371f5496d

    SHA256

    c82baa326d055ff7d3edeaf7130cd06b41f257c902237672f3400028ba90ad72

    SHA512

    72d41ddde3ed8668873168bbb8d7beac6b119fcb01b1b379eba8b48f5596db3c60ed6808f902bb9fc04d1078a84cd453019b3b016d2baac3ef8de954a5e2a934

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    283c3587cf8000fad26fda92f4a5ebb7

    SHA1

    b97d5d7feef06c56fd83f6f26579b35cad3f4038

    SHA256

    a30be8133d41cb28ff69ddd473e84dabd3f5e94acdcfb0c1b414317249192e9e

    SHA512

    5a3b6b8380136a66cb52ec97dc16fbff1eb4dc9ba434735b161b91d0d1617f75bdb5acecf3dfea4a613653c11321ff03f8d424338974d715ed87880b8cef7afd

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    91f33d80332c344b04e5e352d42b1845

    SHA1

    adf2efdf520304eb09f58036dc7bbf5460dd8d57

    SHA256

    8bf2cf1b5cb905bc52cc743cecac33b0daa5e578338bf8878fe7c5cf343b74de

    SHA512

    8f050ff7214ff72805969ae07ca2218cd396a7c4b1449912e396b8300517fef60a4ee217845b107538cf3fee214e2b3d4fc2efacda728b994446b6c1447ace50

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    408B

    MD5

    5b840323fc93b14df8b883995c632060

    SHA1

    6d0c03d640dad9bd2c0a6d5c6521c4c91c04938a

    SHA256

    90eea6002a73c9b7c24eeba21e211a4318d09352d62a3067ce37cc4c9f857550

    SHA512

    7e13b700910db7185665cd4cb35a4c78cc36e6d7d7463831fa8fa8d65e429d52b1219df23f3d3d810f5c99067846de31d01feed43e8922e43298b5cfc11e3a1f

  • /storage/emulated/0/Android/data/com.fanshu.info.xinfanioew/cache/cube-image/journal.tmp (deleted)

    Filesize

    16B

    MD5

    366e8ab79a6ef9add751ab61cc943362

    SHA1

    e1963629c1440fef95fe5fa9ee7707e3e7b6b732

    SHA256

    2c421b01b77802ff02f990d5ce05b4a28b18290f4bc87c553803bb2fb8bb92a8

    SHA512

    b70246e253a9c3a99a5be449d7adacdd83d9385d7688d875b6d94818389a8c94a159e61c2aed9cd9864039691095b11572a8b073658e47d6e65224022bfebe26

  • /storage/emulated/0/Android/data/com.fanshu.info.xinfanioew/cache/extramaterial/frame_base.png

    Filesize

    3KB

    MD5

    fbbdf893d5bc7b433e7e1f02b405aa4a

    SHA1

    0b56e3ecb76d12a300413dad747bdc38364cb024

    SHA256

    07ed12889ea5dbcf3522858a94fafd8f13623252af2a20c1630aba52956fb824

    SHA512

    d8be38bf6da1c7b7e5c8e78db2c43b95167a6ec44ff13de2c14a4508bfea63b5495ca8f02fffe604c826edbcc4e2b0029dc4d7f9ed18ec973210d08295347033