785971bfe812f3abbf562824ab9aed04668cd529b386102518963f81bc166a48

Analysis

max time kernel
167s
max time network
182s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
06-06-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99fbb17b37ca785f58d855472bf14441_JaffaCakes118.apk
Size

24.4MB
MD5

99fbb17b37ca785f58d855472bf14441
SHA1

f7c5f6c4df0f682ba635578a45340e464252ed03
SHA256

785971bfe812f3abbf562824ab9aed04668cd529b386102518963f81bc166a48
SHA512

bc734a5f3d236641a8012fabf92f9b97d15032ca209bb50bfc2ca3b6bea2467d32cf6c9c47399faaecdce5d68299b75a452aafd7ef06371d3dd444da8c11e7d6
SSDEEP

393216:5Sl20pOZVu+EhkjB2FsXtsYlFTp6LMxPEcKWnxF37cJbcKucKj:5STOG+me2Fstblz6oMJ2

Score

7^/10

banker collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ksytech.weixinjiafenwang

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ksytech.weixinjiafenwang

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ksytech.weixinjiafenwang:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
25	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ksytech.weixinjiafenwang
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ksytech.weixinjiafenwang:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ksytech.weixinjiafenwang

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ksytech.weixinjiafenwang

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ksytech.weixinjiafenwang

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ksytech.weixinjiafenwang

com.ksytech.weixinjiafenwang
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4523

com.ksytech.weixinjiafenwang:pushservice
1⤵
- Acquires the wake lock
- Queries information about active data network
PID:4673

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ksytech.weixinjiafenwang/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
916fe43b2520ba4bd49d59402ab451f0

SHA1
596cde30e44cd3e86d4c6fc8d4c2c5ca5b4d44b6

SHA256
f094d733008cfe9b1864abcdb5caf92d3731de3a3363d328c68d05e8afaecb6e

SHA512
3f40a9d23514f077bd8104d87839cec39f260f9393be99bf9085c4e103c9f701cccc19fedf4316de5974535f7f78aa05dfeac7448b62a67fbdd2d364005db8ab

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/ThrowalbeLog.db-journal

Filesize
12KB

MD5
bcc51cf3b8057e67ed8b8100bbc4eaca

SHA1
602387fd0bddc69930e707da96da4e2ad37b274c

SHA256
719cd431812c6af21ea2c6a9151ea839638de05de50c6675763dd5866b977a28

SHA512
5ab8dc35faa752191c9ce1077542dc39ee6a571e08255e1e8f7bc8d0d5685b69dd1a83f71653a92dcbbc6c6e31098c383c4fd183b67184cc5a294a2b91d027a4

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/ThrowalbeLog.db-journal

Filesize
12KB

MD5
4c8a99f4a49bc39f9564a02c9ddcae3d

SHA1
3173531af98d1193338d8207ccf0053cb24e1a3c

SHA256
65b437906bb6b90579ffa211903fa3e2d8ec2868c48189c6eecc928c84dde055

SHA512
618526a8e204319eb7be9f21658e4702745b7fbac5d6cc0f13f7ee49f69193f423619405c61e4fe2eee025d0bb605c8fc7eb1699c93bd7ed7456d61792d81f5d

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/pushsdk.db

Filesize
44KB

MD5
91f3546cd78dd42fda4b0fdaf7e0d1ed

SHA1
ab3b56d779bfcd81de474a3d660743d901ccde1e

SHA256
ca25aeb140fe3221978fe99aff62da6450cb9db8c7af7e6f730b271dbd474db1

SHA512
b296a45ca4017f09eb5c11d774151ca068e1d31cdb57847370ae2392032e6d2424d74cf8e9606a275808b99f2711dc80231803a2671a083264829c35733c844b

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/pushsdk.db-journal

Filesize
8KB

MD5
fa751812946d529c8f6dd35107733f4e

SHA1
3c60fe2699d2a274f8ca1e6dba70e6195a43d9db

SHA256
eba0cc6ff081fc24c935f36177ad504e8a86e7a181bfa1044c665d6fbf97a544

SHA512
fa652e7f820b04cfb70f28dc646f7361dce7797d3d66b378e7b474692be10eae78db9a6cdf86f5a04a30d30edea86051c5ce8830197a7e5be55c4dc0cd62323e

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/pushsdk.db-journal

Filesize
60KB

MD5
e53bb572bb891bc0422906f2f9c5db0a

SHA1
ec2ec002199fb957c6e24aa6eb9508e9a310f6b9

SHA256
0f31cf77758dab73f3011d43aa65768663c293d8ff36e3e2a48044f2eee1bb0a

SHA512
a91fcb1462456ec0ded5f86301b69eadd31c354a4c148f4d1dfeaebdb5d42cd4e5b0137fa1fb874e1869a06b4feea476aedaa77136e84387d7543ee342992494

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/pushsdk.db-journal

Filesize
4KB

MD5
24352784baa917dd687c50c4733b9579

SHA1
5dcaef177a4c53965c5135ad6469d364e1ec926c

SHA256
4e23a65b2fecbd574c4a8e29933ce3e2f0c41ac5cfcfa09e16861322531027a1

SHA512
da161e607defb723c10b1f40bd8a35aa1f6dd9cae0c0667d20984485c4849f5f430bf1a70f069987db8b84dbaa45ed892250f14ace43c47a6fa2e50008f966d3

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/pushsdk.db-journal

Filesize
8KB

MD5
58e62e05b725cb4881ec5b1ccb47e704

SHA1
94ea1a268381da1002e3d3e347a47a6fe1d76edd

SHA256
2f37bc623293637c6581ebd79be28b2617d19b34615bca081e1c62d3c2914e2e

SHA512
26f7989d9acc282216b9d4d8667ad7f119f9911d1f64713cb2c9d98defaca9855469758e243350db56a69f8d37b8c9eafba3adbdbcfbc8f95cbb8facd79e6ec8

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/pushsdk.db-journal

Filesize
12KB

MD5
59fbc7dd693d80b0ea41ecf5377e38d0

SHA1
3e4a74372eec66cbf624d3ae2cf78a36fa7ca63b

SHA256
c55634ac2493aa05688e11d667518c838bb5ac1c2784f242926adef04423099e

SHA512
7a8cca5f754a5394639ecaecbe9adc887b860b5480f2f043056540fcbace8f40548bd5f1a771788914f74a7e97ab251fe013390fc3627c67c0a143b6dca4ac92

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/sharesdk.db

Filesize
20KB

MD5
d176b077a9de714a056194940473a251

SHA1
3ab5cf5024440c933ed19c7f10e048ac031514a3

SHA256
c93d112030d1c9948b0bcc14db0e93c5a7ae00a1d7a19a1d3cfccdbc516c3e7b

SHA512
877165bca824f8e07d1589199454588d055c5a676d3a5b4931a1c0bab685c723ae55a4da0b93b94e0c02029e76c8088947f228c0a770675cb65c2253e362ff79

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/sharesdk.db-journal

Filesize
512B

MD5
a76699ee0d1745ad9c41c043aaa76c0d

SHA1
3d32659a5cedc1921b63fad24c006a1c08047ae6

SHA256
e8a6de7f1f61d24e39f933e94a7831ac5aabe63e2b203a7b5ce7cfa65b1a8a59

SHA512
44d11e0d7b8da9406226ff459a1529f388d443fa90568899ffdae029ccaa26beedea16bef4cc0b09512483a6d3e4aac8363816ad06cfcf0d564711978551d46b

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/sharesdk.db-journal

Filesize
8KB

MD5
18fd0dcf27e9b556f5228d0c60b6d245

SHA1
58482c6b4e6595639464eb261fb7cbf65e13294d

SHA256
7e65a6b521ea4d48935e61e3b22b7d9dc6eed99c76ae8f11a83ab69043d287ac

SHA512
b4a87f4daf28794c5accc1a181b9eecb4fd3b2e04d40c31dcb329f47dacf292fd05692d56259a5a4d8b789e675fc6b35ec7ebf5b43972780136759f26b1fc696

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/databases/sharesdk.db-journal

Filesize
8KB

MD5
823b9a7818105899e3d8e759d8a568cf

SHA1
19b717d8d3397ab0003dc749bdc9ae9630ffc0f8

SHA256
1f08bcc36720b15ad417b549b5c214fc1953fb520b8270070d5fe259d6d9114e

SHA512
e8e61b4d1e8946b6ba7ca7bab68e5d2f0465c1bc57fbdd023be2e1ee180d4ab55de39bda67772998a77ca8b0b5818048b0fa104db11056d0cf8cc9019a7d814c

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/files/.um/um_cache_1717649300692.env

Filesize
559B

MD5
54ff62b0b0e5fc5cc3348dbffb642bb7

SHA1
ff7dfcb64dcbcfdaac68e63d01d89805547796f8

SHA256
53feee6c5c0691387d9ba668de1004ee349715a260a0cd8c3311520956f31eab

SHA512
068d7a0427461801135e96e7e91a56a6e2b1fc424b1bf3daf4f3415b488798d301f2b5aa5510059b25fd6913bde38a1438003f201931af00e6148c98a427afe2

Download Submit
/data/user/0/com.ksytech.weixinjiafenwang/files/umeng_it.cache

Filesize
512B

MD5
64d7fc38e8cf8bb4a5bdba7fa758fba6

SHA1
f4fa7f5b957a5fc0bc9b86e5fb28541cc1b165f1

SHA256
f0ca1bb8b4256dbfd99a00fbcf393d19409501078b71642073ea72679e2bbbe3

SHA512
5861b6447ce69989c15a45138f47e85ec5bd0935678f66817d19238445471074c0479fa78c24065f0c9d3f7bcbb39ea5ff8c546d5909e2c88895c1c79fa70260

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
389B

MD5
ad5aff6addf5c7d0e47aaeb4296cae2e

SHA1
0f1cac0d908c00f55d828816f041da70c53de363

SHA256
01936678634d03e13616c61cbe8637d8587f94a29b7662f0a3ee21fdaee781c0

SHA512
ba525bbd17d54ab37ac42f3120315c08fe5f9e623417f70adde1b0dd8c4524262c31261a27ff2e1099b8640faff8a43363efccd6a6888e7180ac14b336de7083

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
488B

MD5
f71419c647b3c1a72b9a9ca4ffb0efa5

SHA1
cb36c994ba092af60b8262d9db18f93f0b77bbcc

SHA256
4d9000098844546bcd12ce43bfbb6c59b302df0415bf819347f6569a2c1870b6

SHA512
1c69844d0a1320545bd16105a8547606114aabc395c7bb6bf145779b8c66b972ed1914f3007b6dc4e7cc834e9538738d47dc5fb582cb0cd31f2fecbca030a142

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads