Analysis
-
max time kernel
147s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240611-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611-enlocale:en-usos:android-9-x86system -
submitted
11-06-2024 18:02
Static task
static1
General
-
Target
9f125bf86519db0b6243e18dacdaac20_JaffaCakes118.apk
-
Size
11.7MB
-
MD5
9f125bf86519db0b6243e18dacdaac20
-
SHA1
6ce9987a0b588aa73cd1a8d0bba6b6b777e10faf
-
SHA256
ad902ca1dc5c2930f3aac5ad9ec25a489e8474e731e574b5fbf566fbe7259f80
-
SHA512
62af5f96c2cc2461fef6e64ffd5d230954a4da0639bdee8d569ed84fc2f939078dfaf6bbf06e50d06128855377d071bb7a30ab85599c8a07679cf91b3ad1064d
-
SSDEEP
196608:LLGFcFPQmmWd7K0pEgoWX51ycBucl3JduqtYYRSkxLy1+4Ngp9bLMTCaSPsLWOAv:LKF4fUCEaXTycMclFY3kKH6xXVsLWpW8
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/org.blusteam.lhfree.wildprism/files/data.jar 4361 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.blusteam.lhfree.wildprism/files/data.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/org.blusteam.lhfree.wildprism/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/org.blusteam.lhfree.wildprism/files/data.jar 4323 org.blusteam.lhfree.wildprism -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 19 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.blusteam.lhfree.wildprism -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.blusteam.lhfree.wildprism -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener org.blusteam.lhfree.wildprism -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo org.blusteam.lhfree.wildprism
Processes
-
org.blusteam.lhfree.wildprism1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
PID:4323 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.blusteam.lhfree.wildprism/files/data.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/org.blusteam.lhfree.wildprism/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4361
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5ca2bcc7a502ebe854deae37d6952b481
SHA129d9cacf79b5eaea6db50402bdb19fd17454ad1f
SHA256b8c2639c6e290d8880b1ecc74cd61838439860efa104c9d68c578d8fa3da85d2
SHA5120a6b1cb290da5bfc7641cf4df4df4a6b332f0cfc9db45a8bfe36379c8dbfb06ed6267792ef397be193d601e472b8607f441035e9a05b85546b626b90346443f5
-
Filesize
512B
MD54e438664f3ad2e604c4a9ab60fa3b6bd
SHA1d9d774694e25519b4684c8ae44e79ec35bd01f2d
SHA25628cbaae209d45c4f789543e5530933a86b3809bc303df9a54a9830be9711f8a1
SHA5129286ff48dee82c59594d39210b5900ee9aa3de38da5343e0506f4f189e1a6b97d535f7e35ceee6ebbbb10801882c2cc8cec17bbcd6bbf812a33f395f42015b50
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
44KB
MD5ef04120b223864d574cef915fa4138cf
SHA1fe734e6a5d879cca8685bb4c5010688539e7e324
SHA256fea760b8de2389dcd87d70db612debd128901fb9668c18d0e784ae7f7bfa1656
SHA5129bd93d6b8f9522ba15f0997ad5bc80a071cd4b58e2812d5b0b3990962d9bf6222c8718a5ffb918a535fa96a37386c3a47570ebbe1dfa8554ab8c79e1824d76c1
-
Filesize
601B
MD5764738831633981ebf151b4a26448ecf
SHA10662e3c3373e38d8bb472af91fa0234497657437
SHA256ffdb0a963fd6e8763ae96789ef47df3e2fc919801f277b025d978d0e4ba0259e
SHA512ef886d1f652bfa04a44e415ba0d93f393e1c8458b913d114c44da5267d4337815abd5457fcd9e0dc7b4733d6fcc3625c9c25059fef86c731ae27801274790b97
-
Filesize
888B
MD560608dcfeef53d633d264bb76a63ca45
SHA14dfa54474d65992c700189d52285b0563c82ceca
SHA256db2b2e2ff0cbf636cf66571cf5ffad0c153ffbb898c402ec6fe5281aadfd19ec
SHA512ad1c1bbb2fb6eb5247deca3297e0a2121d05d3498df49a7d76a6a7d9620d7f165cd757ee2fdd0cdb98c6656c22cbb0542470c6c6a934590e4ec126018f8e6d64
-
Filesize
97KB
MD543aa6e671437df7e21ada10b9ca9c76e
SHA121603addc58ee1aacd36fc5a065a6c28d8348957
SHA256bfb16339a70adf336c93d4eff1854ce69ec2f23e8473743721bb83e6c2816bc4
SHA51242e9caa35a717e4522bc4f2c69db219762338d66ae68d3b413e1c369952e9d05e5651d9b7c52e13f4beccb597c909c4d71884ec8cdb36323094cbeada9cf05e6
-
Filesize
3B
MD5c6f057b86584942e415435ffb1fa93d4
SHA18aefb06c426e07a0a671a1e2488b4858d694a730
SHA2562ac9a6746aca543af8dff39894cfe8173afba21eb01c6fae33d52947222855ef
SHA512bdc247a1a0e28a586ed40744d281993d519abe981aaef33277d4877d167e1150816e9723d068a59509991ed0cdd8c5cea0f9ecd0ef23664db7cb85db5a0dbe12
-
Filesize
97KB
MD5b3318d0f9efefa37d789745f55ec3b6a
SHA162794c6e107c5d6bd248fd1c883a5ab02da2d7df
SHA25662e0bdbf50e5684c6ebf48c10491b662f1662d26c9594e852c34849bcaec856a
SHA512bbbb19ed4c7f427e1399c2d18a4e104812514feea1bbdcda927c593e9d9d987a72051e133c94fe4c3d15d24716299dae53f172eb32b02c79f0d3c885fe748f1d
-
Filesize
310B
MD549cc01bf78c51feceec770a748751441
SHA13d671e35de477c9593047065f1219edb3855e5de
SHA256cd12ffeb310e1455b732db2a63c64be572675ef20a396514ea479b37365ee963
SHA5125569c3b20c0621d7b2f14ae41fbd013c01e9aa5c66f84a753b6596d6be8cd0fe46543424f0efb26aac6c4dbc1763cf3d1336b9c1b153f146328e563fd6998a1a
-
Filesize
238KB
MD57b77931bfeb2f5c8b0337fbba9a8b528
SHA10e6906a326f3921beedd676f7f0bd7c3eabaf2c2
SHA25692b9752d6ae65eeb948653cf5f27ab83438b787d5601845974c976f492df21d0
SHA512c97a3e2063c68103a5298a1a5d8c740f6ec44b60e836092438fe6295964955d2c99d1e4a113d3dfab7eff2fb8c4caca09cca6ea516f0be20b02c57e51767c900
-
Filesize
238KB
MD51cc8518346734dd6224a76390abdcc47
SHA16b008b0bfaeb1f96b7e146cf90e6d5cdea251405
SHA256f57bd8ca4cd7c881b8c304dad6e2530613bb287296888f5ffe1bdd39ad1d4f1d
SHA5127c824d52c4ef673f437811315d2e2aab4fa9c84050a5814cba780eeca21ed2a82759e88d9bd36f9a402a53f64188ada8c78718d26919f14a8954624e9e939248
-
Filesize
90B
MD557e67f8686238591a351bc9324cebdef
SHA1d65f158b8a92726c0d2e0d01b76d84677178e8d6
SHA256f630077bfd562a7743d80aca10e306bdf3aa27e5d451ca5210ab4d9f051bbe30
SHA512431267ea0150c00bbd533731416d4a074d2d3308fde25418d82fed0c7a720b98e4633cf5992b1ef66e2afb6e8d3df81e1917e0cd74ac81c70df73ee26567db07
-
Filesize
83B
MD5fc648417b4802c5028b9f83114bed62e
SHA1a4557b096b208b396a413371be3b4d8a440f5357
SHA256be608ca48b518caee3e850942a6fdfe0750ca1a6d8fbd84241bb3c5f86b7329a
SHA5123004048176b4f0a24a764cecee177ab6479b1a5339222b702de177b884b8843791ba65521d68c5ba0b157eb3e05fd3ade9c0597cea090a40ee6b846b99b27f36
-
Filesize
80B
MD5b3c96e48b03a0438d91c59ffc05bebdb
SHA1587cf3d9158f3174851789d7d11005f1935831da
SHA25679b1b4f67c8c991b7bf9d0e8da863288e6ae111b6e2ed8e296e8ee4e58e3790d
SHA51294e8e7fd184f6712257dea1adf6714dc93ad26d5917e42dbd5dc753be164541f5c37208e94038955c2686570b1f9f6cf0c4c0d4ad0b71793ad530a983c253cea