50506cf771853f33a540bc6dd947f494409f656d8e10363562b0b9fd2c01e791

Analysis

max time kernel
127s
max time network
180s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
06-06-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99d2c029c018e5bb8ca76a7c01692b92_JaffaCakes118.apk
Size

4.2MB
MD5

99d2c029c018e5bb8ca76a7c01692b92
SHA1

56c9f869255eb777609a6bd1e2032a4bba3619bc
SHA256

50506cf771853f33a540bc6dd947f494409f656d8e10363562b0b9fd2c01e791
SHA512

6ec1fd2cdd042a96f843bcc13ec3249951aa9cff37ae94199eb2db801f55047f90b3fcabe9ea5d8aa81de73fe95001a47cb4aad8d6856482d6709fbeb65bf2bb
SSDEEP

98304:giZF5lhzfGl8jLMg27EHQM8Q661jiYesOnkoTsdGBC9joh0X:zZF5f+l8fhS61WtkoT6Bh

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.netease.ic

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
10	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.netease.ic

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.netease.ic

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.netease.ic

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.netease.ic

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.netease.ic

com.netease.ic
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4291

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.netease.ic/app_crashrecord/1002

Filesize
224B

MD5
d13e19ff50b16db6112a203e1117a066

SHA1
460253571714be0dda41b31c91b3f80cf8d5e08e

SHA256
6cf245969b37c6b64b3f51c5a149cd86d2e8c447b59795478c33ddb36e573a7c

SHA512
9e448d15c368a85df9d9d92a4ca9b6024f001ab967cad1e57196a59ddb4793b98e0c3d5bc515c59d0e910c4f5fb910f95d362a92113c9bcbad04424d2920c4d4

Download Submit
/data/data/com.netease.ic/app_crashrecord/1004

Filesize
224B

MD5
8234efa2f38416937ffd834f9d2b518c

SHA1
5cb0aad243e6212fe89242544133a59de58c5c16

SHA256
079c0f45e2ae3163677198737c56a0d5232c7412f17b93d3b57e67d666f66506

SHA512
8e9c7faa4cfe5286a1b0e70e83ea133456e1175be84091b1949c693206381e8c1ac07fe57d6db5db1f40899ee5858c2d02ac52f51741bcb501c7c801e306026d

Download Submit
/data/data/com.netease.ic/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.netease.ic/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.netease.ic/databases/bugly_db_-journal

Filesize
512B

MD5
a2b7b107aa21ab95b1557cd143117bf8

SHA1
27fba1b202c3e56d48163f2ed8d3a43048854631

SHA256
b8732641def97d71b35633b591a55b61159d71eb66c1244c32d7ee6a61880a08

SHA512
8ae3c464bed3e207752e3048df67b357c1a1b693ebff183eb31d52e71f51c0269a2c3b0f6eb0d859bd1c41095c8ab3fdac6af5d8a9dd7492fa15f5ccf3371363

Download Submit
/data/data/com.netease.ic/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.netease.ic/databases/bugly_db_-wal

Filesize
84KB

MD5
9cf09b10fd8633a8504dc9f1ae96cd83

SHA1
e9ff7bbbd4db9e4a2d3c853c5fcc1dd16f6da835

SHA256
5e6a99834a8450aec103778fc66f5948a4cc548e229f5c50da72931532ea9472

SHA512
ebd72f311230c29b1cc7563a4c52964b01d703e58ac48ec7e33807594e7450809d57c0d4d5e31af53918c144909657840d3b15f57fe9e582477ff1fb0fa56ae8

Download Submit
/data/data/com.netease.ic/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.netease.ic/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.netease.ic/databases/cc/cc.db-journal

Filesize
512B

MD5
8c6326e73725ac8fa85b0290b2c7d6b0

SHA1
ab927d7a94bafb84aebbd7b104a7cb7100a2edda

SHA256
7919b39c19e04c52e5f12cb47a66828917a01c5febd3d16c65cb71e67395cdb2

SHA512
de942938a5acb1df140a10789e03557ef4048b3155a26dc68949e43d7df50cc836847e33d3a10595006835b5d60713a7191d472bd48ee10e3ba5663c22df56cf

Download Submit
/data/data/com.netease.ic/databases/cc/cc.db-wal

Filesize
48KB

MD5
07bcf9a4965b28de734346a3d979945c

SHA1
0f4254e2b18294a4c7a46ea9d7cda992c4815e8b

SHA256
ddac73902f1cbee3fc86054564077b794cbd219bf7bb53238acbc40ec56dc533

SHA512
04bcef5ced6f2fe1a45940e8251e0c733ab113e616926d9a8b54cfec57b34897a3434eb0b85a66758f8334cf0bfe157ab7f6083bd684669ccaee958e65797439

Download Submit
/data/data/com.netease.ic/databases/cc/cc.db-wal

Filesize
16KB

MD5
92db12cf0c1faba5792ad47d9bbdc78f

SHA1
e4d3777a561c94ddbd49755b021b140a6073c735

SHA256
277bed6c737bef817d5d9cc3fbfd555bec33bdb801473feb9964221dd1a2764b

SHA512
533331c4d7c8a744d28a1547c9822903736668d4b5d138772be7a3dd7e907c596ce50157273c56ff1ba6469d29fefd89df051820a5a0f5f6823ac117c5712c0d

Download Submit
/data/data/com.netease.ic/databases/ua.db

Filesize
32KB

MD5
bf224f1cf27a9747c829d7197d0aef2f

SHA1
86d88d8c0e5e70d5ba7c37de77d283c99296c03f

SHA256
54f943cc972942a3f8fc661a1d30f13cbfffbab494314a7df5080ae27059aa62

SHA512
c6894578a281a6042d67ad001444e7980829b542dae6d47abf9dcfeeebf74b3d2db786c443b26ba4677df0099258ec9d95cfdd6bf59c688c836d0d0786ef5c57

Download Submit
/data/data/com.netease.ic/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.netease.ic/databases/ua.db

Filesize
16KB

MD5
c1face5a59622698a50f1abc0eaca913

SHA1
263a71eaab22e716f2d1261c8b25de18fb3d03c8

SHA256
3a3673600ec2f7e472e8a046ab953b8b765252f4f32fe4351e5c1cba6536737b

SHA512
4b0d19bfa2797ca7b93bbdc6861c0cff687a34512ff1c500b19ca53a5a93fd99abbbf0372b5423c41dd7d9fc424fcc7f4919745007df4d0f999ccfa605f9c75d

Download Submit
/data/data/com.netease.ic/databases/ua.db-journal

Filesize
512B

MD5
adf9e114749916823800c09532b78bf0

SHA1
99bb0712c27fd5ddbe1d5a54017b654f05e9b858

SHA256
98160469757824ffee68ff0d57494942c6fa433e3b82aac56d7a779d03a502a8

SHA512
7572fa6c2f356d76f469e2ad318a8a81daa01e2fa3c1698584bc907b0e6d9ec94cf8a6339b88ec7b3d078f8c39b9ac8eff08d4528255985907b69dff1a954329

Download Submit
/data/data/com.netease.ic/databases/ua.db-wal

Filesize
56KB

MD5
e25b8c32d3ac72c3815bfd88bfecf209

SHA1
9f29d927378160f62dc1a1e27c92ff21ca9c6e35

SHA256
94c764a1c70cbd063109b51190387e8077b5eb0cfd63746cec961c7e6081cfc2

SHA512
0769c439d7180fb2669c2cff26a77b38414d29bea246c585513a0677b5ffc54837db46f11551bb8134788f8cfedf4ca5189ee4c82b5777ef2c9be63d97918f06

Download Submit
/data/data/com.netease.ic/databases/ua.db-wal

Filesize
8KB

MD5
88991eed020296dcc101ba3493305af1

SHA1
54520b4157d3fd759e8607c21e736ac0aa1b4ba1

SHA256
d06c8af1f05b012c757fa6303f460c29e7c8dac4b6bee25f2e11ee2c002ed369

SHA512
562f944d9268fac9ccb284565471e9d3ecfd60d10e79e6bb9a63789dea79680ef8f2c1c6864ff42f610b8e323c29c6405721e675fdc0ba2ea55d99cdfc0da24a

Download Submit
/data/data/com.netease.ic/databases/ua.db-wal

Filesize
4KB

MD5
ca098c144d0e82ca54084eef097f2244

SHA1
a2e8f27124d63914d951c13f364dcd8eefd5ac70

SHA256
ecb40e927d59ff0931e0b44ad877b6549878f5444683a5b41bf7cbd816441acf

SHA512
2295375fdfa16b6a053bff0ae6fddcad811e082754036225e7dd792e613370f96bf68b005f55175d078fc04b4cb0d2b237ee78ae04177186d45416591c7afccf

Download Submit
/data/data/com.netease.ic/files/.imprint

Filesize
1008B

MD5
116ead44a9bf29401bae7e4e247f632e

SHA1
d9daa3118ee59211f495a7ab11a0ea989be0084e

SHA256
8803300ee9f422c316e548c354e48e5a4b6afdeec676f52634501850c82555a1

SHA512
dfb182cbf9664257517f7286b23481118d4e6b97a2c72a989ffee32a94bbd36f8ca42dfa22ba2c39e142529c284cd9e6f59f62601ac6babc5ea5332e14b2d83d

Download Submit
/data/data/com.netease.ic/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
2d0b89494244ac080a9463d934ba5637

SHA1
905643a168b44ce0fb0e85d8d5418c0c6302cd77

SHA256
3fae20b693c2d66811d220f46b0b04c2bb2c9ff0564485b31c69d177ab7cf891

SHA512
468760a512e334f38bfab639509306995eca70e06ede813c01104c6a6f5d8f97e25bb3de83df95f2c7586f34204b8e479f7a3fbc2416bb47244418a0dcc921f9

Download Submit
/data/data/com.netease.ic/files/exid.dat

Filesize
61B

MD5
41bbc0164d1b3c2e2b523e15c5113558

SHA1
9f3a78ba3d1d60319c31c670fdd876c43970b485

SHA256
eac351a9e2a5d08e17294ba4e4961fd38cb264a773efa95753a5dd2bcbb47313

SHA512
830ba9e35bfb5f9622c5ba7800a0d101586aef2a90e2e8ea36a8098dbfcf60d97b6c861cc6449e831cb7eff461a63ca905e6dae96b02ddb1255e27675e6db59e

Download Submit
/data/data/com.netease.ic/files/umeng_it.cache

Filesize
498B

MD5
9b4d1cb54e9b355171b8ade0889a1057

SHA1
3889aac09a281b6b9181516c1abf459da56d0adb

SHA256
d1ccd3e66acff4c72b92de1a4e3a854207b54ed0e342a65c34530b27709af7fc

SHA512
8bc841bffc88723e9382f2ebec9b0d52c4a162359e27eb80220c2c72ec0dc86ca60ee453e06c035e2dfac5f37baf8b09c708687c7efae0505b446a9862a85e07

Download Submit
/data/data/com.netease.ic/files/umeng_it.cache

Filesize
253B

MD5
b7ba7189734f673aeaee2fe02c5a04ae

SHA1
b0b1370e98e03db3cac214ca53f1c44f166ab823

SHA256
d8995ef096ef026a3a15b377442de782835126df5165038d01457b2985520eaf

SHA512
8dc41c3da17b1f6805ef7807676eb1cf95a5b2e437717ba93157e23170813e9a519dc68e4fdb3b773ba2e15233d71fc17ccbf2b6d4f74fc1a266a15bcbe6f3a0

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
a47db71cebff60b2b7f09fb540925755

SHA1
912348cddbba052d0be36ff48e89cf6f5a332f87

SHA256
45d0922769b8c3eaaf4c4044c019984959d7b396db9fb1c9d5c2e92ee46eb68d

SHA512
1b4af3fdab91120dc328d6abd563a81ad09000b6c270d29867a94114152fbcd384db0c53cdbb581264c475c5d7e5ebbc183c7381e0528c8a857edb8cf9603cf3

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
0f149b3b0db03a56d06aea66c47686db

SHA1
521a368a56d339d5036bb7f1e2e46508dc9b3f11

SHA256
227ffdb0db22ab87078496a8729b7a7c8dc1861ec9ba05226f4e38ac9b14ea28

SHA512
c94b2519e8dc7dbfd6a7632724b449221d7d2a9c8ccdd93f92dcefb85568b1ae0f692ac4b275fc129f0ff409f87069f1ed9e983103456b6594a399e899de97d3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
ef568104805377d0e18d6fa0378472a6

SHA1
5ae15ad7c9e1f917e10cd983e9e6e7d37445c8b6

SHA256
a17596a511c7490918204d362ee0a57ce12f53d447036fdfe676bfb1401fd9cc

SHA512
ee278711237389a6a080109de7088695144e3240aece8ed7976925e25431ba8d315f71ac9519a90af6b21e92342afba51f95d6e1ef874814cf18e08d513d294e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
8cc4ec9f41a590fe8ff7c09f73690e46

SHA1
740277b0ffefeb1f353c67bf2faec210756806ff

SHA256
8e76ce58e7ca8e2e3de2dbea1f8c4faa10d54bd661790cf1ef0ae496421df8c8

SHA512
a7757931c441028d387597852ae38c6e04d910143eeaf4614985fd610e09815533d81e3568befc22f970e41f38901a0978ae9172b2e3f622ad5aba124a64bb80

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads