Malware Analysis Report

2025-01-19 07:48

Sample ID 240611-yfwbpsygmj
Target 9f529f7e621da450fba9cc2deb70e83a_JaffaCakes118
SHA256 0bfeade22efd26fcb77d5c232598273d602406460297e084d254b23075b43786
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

0bfeade22efd26fcb77d5c232598273d602406460297e084d254b23075b43786

Threat Level: Shows suspicious behavior

The file 9f529f7e621da450fba9cc2deb70e83a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 19:44

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 19:44

Reported

2024-06-11 19:47

Platform

android-x86-arm-20240611.1-en

Max time kernel

123s

Max time network

136s

Command Line

co.lvdou.livewallpaper.ld948793

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

co.lvdou.livewallpaper.ld948793

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/co.lvdou.livewallpaper.ld948793/databases/download-journal

MD5 c86ab70933e7bfb242bfa405a9cc0297
SHA1 421b0e33f4fbd8c10173b224244c63e9dec27b54
SHA256 84d958741bc8ba6a97c33592e85973d0dbb4845b4b499affb2629edc7510aed7
SHA512 589094ec1497776a518d2ac02f379bd5928ae8d68276587c89d1d935cd88ca2ba42ec3e18f86d0cc90180fb3765dc4430a0252ac6a543a9a45b7a32f74ae3d7c

/data/data/co.lvdou.livewallpaper.ld948793/databases/download

MD5 a4a8d96dd67c31fd7d9c4bb37f98010d
SHA1 1766f3675e88e07a4c5033f3580f198f3ea0e152
SHA256 e685321a5600268632c01d25fb4ca2904f7f75e49d0b7cd6ce6b2eb3a6eff032
SHA512 8175993024e06082a99ec17844815b0dc1ba317008acf33583a3240207d7919ea3c3fd9449832dde0604792c6f98cafcebdb02f1a0cf858eab1f376f0ad6a473

/data/data/co.lvdou.livewallpaper.ld948793/databases/download-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/co.lvdou.livewallpaper.ld948793/databases/download-wal

MD5 388e4cff3f09b04eb30bf1169fafc0fe
SHA1 6445c2d5cf68ddc3d7f4916952a3470450a9d204
SHA256 9b7bca8e04d578d12368a22ab7672b43ec6569756e3acb0c439a78f315c676eb
SHA512 d242b79aa2c6738070b17c659ac60e0e9f717b0a025d8d31b0566d6ac0813e938e90e2246b62a8005f6512d83ba4650ed9e93f6ca8ecfcec2f6a17ce555afe25

/data/data/co.lvdou.livewallpaper.ld948793/files/wallpaper.ld

MD5 6522b4f00ed7171d98516b1eb4ef45ae
SHA1 a73ab60960129415eecb839b2eaaa3c5c06eb5d4
SHA256 2ebdc01a2dc621afa984d14f093b8294a91a9444784619ace71a690603841768
SHA512 2c59b810a3d81b12ed599fa773c511297a900ab7e517c6f85e4ad775095784ddf7bae0c1878435bfb179821f7eee7f56b43d515e6e3a1e00db720087057eb660

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/decoration/0/resource/locker.xml

MD5 bff263cb5b60943306b5058f98f5c9c2
SHA1 9134f62d5e274e92073a2e69f1917382a83432b4
SHA256 fa47dc65bf85882f401db62fb070328556c8264e617c41588cec4d29853bfaf5
SHA512 e3a660aab9779a5064f07e5f1242a43c0a400e68daf634b8a32b774b23922ac3eb00a7429f40278f28f64296758ebf9e11a01da61c8a5df8c72d7f169a558964

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/326/resource/effect/xing/Effect.xml

MD5 0e85f48c551e84a539d10589dc29249d
SHA1 665368926acfd8c7ede217a4eaab5871b3c435ee
SHA256 1de4e7c6b0d638bc494a66d2e51478c32d42fe86a945cb300caffe7290dc6040
SHA512 0798805bb3b0255b9536e94f9da223e6dfee335cca01b720ba7ba4473e2b9ff5b3b75db95a87e7b0e633b70f62490b17fe46d6fb4931591a74d37c0490a94ffc

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/326/resource/effect/xing/xing.png

MD5 4e604b597501806f6ca7577c682a570b
SHA1 12124997116db6df68d32213b59a9db9ec4e6029
SHA256 6707f0f7cbf64a1706956f67457e4cdf1caa4d6449e31183c9da47cba07575d5
SHA512 ad6dc8bed643707054c3ae5bbac44428209ca4be20055b953c512cf26f09dbe29030904e5c1aee3923b5ea2757c365b81053e96e238290b69cc1afe44e59742d

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/326/resource/locker.xml

MD5 5248d0b9f2a5d6f3700cbc93794dd377
SHA1 558ef28b2b00dab500bda71fca2103a0a0b5f75f
SHA256 43e2fc9bf52d27430403d4a11239a95928f95130010cb157445a2ccb9ce5c15f
SHA512 6dd53d8b6fdb56e023a25ee43d955678fdec10adcd741eada18612abd776a1e8b88873506a1c874de6627238feabc76bf1ac36faf6bd7065d4f47d9414117f29

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/495/resource/effect/yu1.png

MD5 3f72ab2bf3bbac9a66e941b1469cfd49
SHA1 feac53b81b2b3bac83b2c4d650f80f8bb57576eb
SHA256 5c2402d85ebfc52d38787aca26ac76b09dc52f7a7b776718074a8fc2de369e3e
SHA512 e86c8b38de63ae21e0d34d977473ad4c9084b2ab4e38631d1f1223204975c2c593d07d69cc191ad3c146197f9d3b28151b58e936fa94dad17b345b7b376884a1

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/495/resource/effect/yu.plist

MD5 0af4253c421ec3684ab36f5e87c54f71
SHA1 f073064ed5460ea5d6b05420a968ec3fed5e71c0
SHA256 9d855c6bee281c57ac1510190c5c23469c5e0154c4c6086e6355579c0e920ce9
SHA512 095492270400f3962f1e5ec54623d73052107a88c3fd9f0b524e6e85300ba8d76e400b0c96a941cc1d000f470192baff0d726c59e02c6541b595683572cac1bc

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/495/resource/locker.xml

MD5 83119f0278704e7ca72ceae2f9f9271a
SHA1 b91a8d13b8564234a8e665f781ef08eb48d16647
SHA256 ba32ab642f0da25d791ccb8a7ed13b53e0b5bd0ee59523a564d818e79655d505
SHA512 079373710823281fc53c526bb0d6894a6d5f21645fabda06e27a53770de0e7f7d6fca35605c9f5d3bda7636fcbe4c7864ffb72906c96a75f565674dc3954f5a6

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/decoration/bird/move.xml

MD5 96c3eb81b85521fe8a463c05d2c96cce
SHA1 23739f8c1005ea528843561eef316a7c336798b6
SHA256 886bf1b69efee6d7062ddc2ddad37d2d69b3c724e16a8824d568e18fae9a25e1
SHA512 d5ff048ce26571cdb6331acd5089226489cde429b348009d6584e489f9f51cf8408de51aea489c4ddf3d50aa65e20667ad8c36f78ae6347946542747534be3a4

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/decoration/bird/bird.png

MD5 06ef4b7b9e3e2a7fa2ac93cd6617dade
SHA1 9ae9ad665f896544796f957b67248a7b6f7cf2e4
SHA256 b47f2b06ed9b8e71f1d768b09673278cf230af4503273274426a0ea2c6f8b0e2
SHA512 8de2175b98b1b861dcdb6dccd2840bf5e8b44a88d6a527a36c98c5d5104243121d80a4e7440edc5fc16e8cdfddb4b4391d7b72f5388f114a3d0ffd176b78a9ed

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/decoration/bird/Sprite.xml

MD5 ae83828805a19ba6940c928a79d551b9
SHA1 a85e78de3e52f993b33d212b67e9659621f7c33c
SHA256 756ec669852c2a5eed7d6953a81c5d600829fa811cd45cfa3b8f7862aca011a1
SHA512 2876a4bdff44f8ccb7ab7d205a3502d60750310c797acef75cc41f41eb5d2e2ffeb09f04f2d616826f632794cc045ed39b171287fb9d39e201f08a1ae843f465

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/decoration/cloud/cloud.png

MD5 ae04e58d37cd738d30fdda55fbd01d3a
SHA1 d5a221ddc60edbb0c76772cd1fe9f6b82ad7346f
SHA256 774d6018eb980545a7107497d1a17f056147b18cc8cd73f16c0e0d1f8dca9c23
SHA512 35396f1dadc8d435632799da45aa4544bac985cf6375b322283757264c0f03a80acff11beaaa03fe165b25af1beea0c97e97c2794199c5bf0472a92de4751385

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/decoration/cloud/move.xml

MD5 de62d55de3dea36f8991744e30dc0cc8
SHA1 208b6a4b81f0fb3867b62a8599394b2503fea134
SHA256 184c9199434adc6d08bd6ff941f793f50ed245bb3bdec403643b6aef46958a81
SHA512 344a15f5678de7c9c2753c13798e0ee12d89b40adbb0a2c2d911200925c79126b09eed5998981eeee319965cf09ff0da4b58359b7316cb7ae9bc091cb7c52382

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/decoration/cloud/Sprite.xml

MD5 d2f15416d44f949eb28a7e203798ce31
SHA1 7e10199957a97b9133b311a63ccf218f42924931
SHA256 efdbf1ac05c979291797376bc23f87dbce22c278fc2af2c224529d7a4ad4d5c6
SHA512 2f589cf54322034bc7a2dd19da450686c4796758151273b89689d252b0c3065e2dd9c383b3d27d1f9bba8c70fc5fc9822d71af73fe6458590805c8a090fce6dd

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/templates/496/resource/locker.xml

MD5 06158e3a24783f30e52f2d78361323ef
SHA1 7ae5725d041f1db32e51f58b542b401142732794
SHA256 547f391c5cbc268341771515c5184f6501638611a5e88d27ad06ed0960a2ebac
SHA512 bd14ab22cd3ad4288c0f45a87a153c41adf62b2c0663b053ac10c7848638eab04d54cc5e0d07fe1232bb2051340e8b32d4a375b943d80af64f0e33278d206446

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/background/0/resource/locker.xml

MD5 1c81e4ab2c16a1b766172392f72abfa5
SHA1 e9dd5bb5b1142199eea269dac89ef0bf1ac07117
SHA256 4a1fa85d83bd3893c0281d3c7414dbac01952670cf92e7df6b3b743c761f742b
SHA512 7cfcefbbb951e98b6e65392c45cad99e252b8fce3147d40a56b037c9991bd8cb77731696d4a3d7e62a9a4b1fd5b8271814cfb2388981049445cb8bd1f4cc3c6d

/data/data/co.lvdou.livewallpaper.ld948793/files/ldengine/wallpaper/resource/diy/background/0/resource/background/default1414768618652.png

MD5 429d393be2a3971405256553f6536daa
SHA1 562e9099e182dff22af22e9bdbb5f148e229f4ae
SHA256 729828c6af48ed25ee2e1c65ee12f8e142e86aa40713ee4d126c8ac55d908cc8
SHA512 ade6fdf325cbd539f1caed553023722809a2b6ceb4bafce0cd795f0f4f0d8797363ff2c56dde97180d9ad8fd5f178f6dddb40578bde065e4264b4ee2baceb00d

/data/data/co.lvdou.livewallpaper.ld948793/files/umeng_it.cache

MD5 4d27862e65a7fd435aaf9a761faa0a2d
SHA1 2079cfa6ccd8d94472e19922372dd484c2ff01f0
SHA256 e2a72d862d5c539c6f2905e359d1c63d3436f64765e345f1d018692724fb64c6
SHA512 6c1f7077548371f00d063d8e510e1c4dbda071a545ba7ebbb6f63a9d79cdaa96dc9e86c8710df95fe67cc6a4b6e457eb780d3a7f708093cf9d11de7c38d666a8

/data/data/co.lvdou.livewallpaper.ld948793/files/mobclick_agent_sealed_co.lvdou.livewallpaper.ld948793

MD5 b610871828aa84237fb716765e381946
SHA1 fdeb94555120901f193cd75c9bde9c17b7e87a47
SHA256 814892fc300da086adb60509dc1b6858f1c61a2782e349961ca23c1d39042653
SHA512 656aa96d74cfdada874f5980f8be487addeae0f1d6baf28b14336d3b030b17a0127ed014a9fa235f32ad51435381898cf8f0bf68a375e701124572c0d04bacbe