Analysis Overview
SHA256
ad902ca1dc5c2930f3aac5ad9ec25a489e8474e731e574b5fbf566fbe7259f80
Threat Level: Shows suspicious behavior
The file 9f125bf86519db0b6243e18dacdaac20_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Queries information about the current Wi-Fi connection
Listens for changes in the sensor environment (might be used to detect emulation)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 18:02
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 18:02
Reported
2024-06-11 18:05
Platform
android-x86-arm-20240611-en
Max time kernel
147s
Max time network
130s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/org.blusteam.lhfree.wildprism/files/data.jar | N/A | N/A |
| N/A | /data/user/0/org.blusteam.lhfree.wildprism/files/data.jar | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
org.blusteam.lhfree.wildprism
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.blusteam.lhfree.wildprism/files/data.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/org.blusteam.lhfree.wildprism/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.202:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
Files
/data/data/org.blusteam.lhfree.wildprism/files/pay.data
| MD5 | b3318d0f9efefa37d789745f55ec3b6a |
| SHA1 | 62794c6e107c5d6bd248fd1c883a5ab02da2d7df |
| SHA256 | 62e0bdbf50e5684c6ebf48c10491b662f1662d26c9594e852c34849bcaec856a |
| SHA512 | bbbb19ed4c7f427e1399c2d18a4e104812514feea1bbdcda927c593e9d9d987a72051e133c94fe4c3d15d24716299dae53f172eb32b02c79f0d3c885fe748f1d |
/data/data/org.blusteam.lhfree.wildprism/files/data.jar
| MD5 | 43aa6e671437df7e21ada10b9ca9c76e |
| SHA1 | 21603addc58ee1aacd36fc5a065a6c28d8348957 |
| SHA256 | bfb16339a70adf336c93d4eff1854ce69ec2f23e8473743721bb83e6c2816bc4 |
| SHA512 | 42e9caa35a717e4522bc4f2c69db219762338d66ae68d3b413e1c369952e9d05e5651d9b7c52e13f4beccb597c909c4d71884ec8cdb36323094cbeada9cf05e6 |
/data/user/0/org.blusteam.lhfree.wildprism/files/data.jar
| MD5 | 1cc8518346734dd6224a76390abdcc47 |
| SHA1 | 6b008b0bfaeb1f96b7e146cf90e6d5cdea251405 |
| SHA256 | f57bd8ca4cd7c881b8c304dad6e2530613bb287296888f5ffe1bdd39ad1d4f1d |
| SHA512 | 7c824d52c4ef673f437811315d2e2aab4fa9c84050a5814cba780eeca21ed2a82759e88d9bd36f9a402a53f64188ada8c78718d26919f14a8954624e9e939248 |
/data/user/0/org.blusteam.lhfree.wildprism/files/data.jar
| MD5 | 7b77931bfeb2f5c8b0337fbba9a8b528 |
| SHA1 | 0e6906a326f3921beedd676f7f0bd7c3eabaf2c2 |
| SHA256 | 92b9752d6ae65eeb948653cf5f27ab83438b787d5601845974c976f492df21d0 |
| SHA512 | c97a3e2063c68103a5298a1a5d8c740f6ec44b60e836092438fe6295964955d2c99d1e4a113d3dfab7eff2fb8c4caca09cca6ea516f0be20b02c57e51767c900 |
/storage/emulated/0/InAppBillingLibrary/log
| MD5 | fc648417b4802c5028b9f83114bed62e |
| SHA1 | a4557b096b208b396a413371be3b4d8a440f5357 |
| SHA256 | be608ca48b518caee3e850942a6fdfe0750ca1a6d8fbd84241bb3c5f86b7329a |
| SHA512 | 3004048176b4f0a24a764cecee177ab6479b1a5339222b702de177b884b8843791ba65521d68c5ba0b157eb3e05fd3ade9c0597cea090a40ee6b846b99b27f36 |
/storage/emulated/0/InAppBillingLibrary/log
| MD5 | b3c96e48b03a0438d91c59ffc05bebdb |
| SHA1 | 587cf3d9158f3174851789d7d11005f1935831da |
| SHA256 | 79b1b4f67c8c991b7bf9d0e8da863288e6ae111b6e2ed8e296e8ee4e58e3790d |
| SHA512 | 94e8e7fd184f6712257dea1adf6714dc93ad26d5917e42dbd5dc753be164541f5c37208e94038955c2686570b1f9f6cf0c4c0d4ad0b71793ad530a983c253cea |
/data/data/org.blusteam.lhfree.wildprism/files/iapSplash.dat
| MD5 | c6f057b86584942e415435ffb1fa93d4 |
| SHA1 | 8aefb06c426e07a0a671a1e2488b4858d694a730 |
| SHA256 | 2ac9a6746aca543af8dff39894cfe8173afba21eb01c6fae33d52947222855ef |
| SHA512 | bdc247a1a0e28a586ed40744d281993d519abe981aaef33277d4877d167e1150816e9723d068a59509991ed0cdd8c5cea0f9ecd0ef23664db7cb85db5a0dbe12 |
/data/data/org.blusteam.lhfree.wildprism/databases/license_data.db-journal
| MD5 | 4e438664f3ad2e604c4a9ab60fa3b6bd |
| SHA1 | d9d774694e25519b4684c8ae44e79ec35bd01f2d |
| SHA256 | 28cbaae209d45c4f789543e5530933a86b3809bc303df9a54a9830be9711f8a1 |
| SHA512 | 9286ff48dee82c59594d39210b5900ee9aa3de38da5343e0506f4f189e1a6b97d535f7e35ceee6ebbbb10801882c2cc8cec17bbcd6bbf812a33f395f42015b50 |
/data/data/org.blusteam.lhfree.wildprism/databases/license_data.db
| MD5 | ca2bcc7a502ebe854deae37d6952b481 |
| SHA1 | 29d9cacf79b5eaea6db50402bdb19fd17454ad1f |
| SHA256 | b8c2639c6e290d8880b1ecc74cd61838439860efa104c9d68c578d8fa3da85d2 |
| SHA512 | 0a6b1cb290da5bfc7641cf4df4df4a6b332f0cfc9db45a8bfe36379c8dbfb06ed6267792ef397be193d601e472b8607f441035e9a05b85546b626b90346443f5 |
/data/data/org.blusteam.lhfree.wildprism/databases/license_data.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/org.blusteam.lhfree.wildprism/databases/license_data.db-wal
| MD5 | ef04120b223864d574cef915fa4138cf |
| SHA1 | fe734e6a5d879cca8685bb4c5010688539e7e324 |
| SHA256 | fea760b8de2389dcd87d70db612debd128901fb9668c18d0e784ae7f7bfa1656 |
| SHA512 | 9bd93d6b8f9522ba15f0997ad5bc80a071cd4b58e2812d5b0b3990962d9bf6222c8718a5ffb918a535fa96a37386c3a47570ebbe1dfa8554ab8c79e1824d76c1 |
/storage/emulated/0/InAppBillingLibrary/log
| MD5 | 57e67f8686238591a351bc9324cebdef |
| SHA1 | d65f158b8a92726c0d2e0d01b76d84677178e8d6 |
| SHA256 | f630077bfd562a7743d80aca10e306bdf3aa27e5d451ca5210ab4d9f051bbe30 |
| SHA512 | 431267ea0150c00bbd533731416d4a074d2d3308fde25418d82fed0c7a720b98e4633cf5992b1ef66e2afb6e8d3df81e1917e0cd74ac81c70df73ee26567db07 |
/data/data/org.blusteam.lhfree.wildprism/files/umeng_it.cache
| MD5 | 49cc01bf78c51feceec770a748751441 |
| SHA1 | 3d671e35de477c9593047065f1219edb3855e5de |
| SHA256 | cd12ffeb310e1455b732db2a63c64be572675ef20a396514ea479b37365ee963 |
| SHA512 | 5569c3b20c0621d7b2f14ae41fbd013c01e9aa5c66f84a753b6596d6be8cd0fe46543424f0efb26aac6c4dbc1763cf3d1336b9c1b153f146328e563fd6998a1a |
/data/data/org.blusteam.lhfree.wildprism/files/GameClientBin/Config/CustomTmp.cf
| MD5 | 60608dcfeef53d633d264bb76a63ca45 |
| SHA1 | 4dfa54474d65992c700189d52285b0563c82ceca |
| SHA256 | db2b2e2ff0cbf636cf66571cf5ffad0c153ffbb898c402ec6fe5281aadfd19ec |
| SHA512 | ad1c1bbb2fb6eb5247deca3297e0a2121d05d3498df49a7d76a6a7d9620d7f165cd757ee2fdd0cdb98c6656c22cbb0542470c6c6a934590e4ec126018f8e6d64 |
/data/data/org.blusteam.lhfree.wildprism/files/.um/um_cache_1718129030366.env
| MD5 | 764738831633981ebf151b4a26448ecf |
| SHA1 | 0662e3c3373e38d8bb472af91fa0234497657437 |
| SHA256 | ffdb0a963fd6e8763ae96789ef47df3e2fc919801f277b025d978d0e4ba0259e |
| SHA512 | ef886d1f652bfa04a44e415ba0d93f393e1c8458b913d114c44da5267d4337815abd5457fcd9e0dc7b4733d6fcc3625c9c25059fef86c731ae27801274790b97 |