f5c12fdb2b690a5e851692248efe18dade3dd48bdb468614b0b3325a53b22a9a | Triage

Analysis

max time kernel
127s
max time network
183s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
12-06-2024 23:12

Sharing

Report Analysis Logs

General

Target

a2de6ae50c1095f42f173fc982be48d1_JaffaCakes118.apk
Size

5.0MB
MD5

a2de6ae50c1095f42f173fc982be48d1
SHA1

e3bc1b4090aea970b7419a7fa6d8de126ea65fd8
SHA256

f5c12fdb2b690a5e851692248efe18dade3dd48bdb468614b0b3325a53b22a9a
SHA512

17d82d22f5d49b7e4a9f3ffe32f2a6e9d82473836a7f19f3674fe40a4b6303c67e88e6767bc501ebdfee69d45863a5aafe7961ecabdeb4138a73e396cd254eae
SSDEEP

98304:DpaSIYAGnjwILWT/1BjPYXBUBGxXASDPVlQ9dnLqCYBp6tOkwFj:ISIsUILWTNBJBGZzPQu9Bp6tf2

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
16	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zm.heinote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zm.heinote

Checks CPU information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zm.heinote

com.zm.heinote
1⤵
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4631

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zm.heinote/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db-journal

Filesize
512B

MD5
c44d305e0a91aab490fc163b9550e077

SHA1
41c512278ace5134f3c5c34e7019df395f22af4c

SHA256
85318a0966d1d6cb3f44bb5d5a91e9d25399f20734408d48e2a0e591e476fb96

SHA512
ff2f37a195921589219842d1f6a34d4b0e5a1b78fcf19d9932f57b61b6f928dba6fa1eb44b4f7f9dff9596493ecb6a0c481da83e59bb6210fd143ed2e612f936

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db-journal

Filesize
8KB

MD5
f590202a664ef0504c5daf0670c880fe

SHA1
e85da78659a38e2522466dd2a5ce5d5f37c9830e

SHA256
f7ac2481aace7e86864a5976243d5fdd35525142d4ff95a864c78f435454992f

SHA512
9ae0654865e3c3afe2b58fa050d4ede41f51a63c81b533464b81b08536fd2e83e4569d87febbce9d4dd789f431cbe927b947b4ea02b80641397d3eb13bef0523

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db-journal

Filesize
8KB

MD5
4f1c8242cfcec5a74fe53615e94d852a

SHA1
eb191926c4e0e4e146ca11d075b5a2192765d3f8

SHA256
585496c799dca46fff6c1bba7ddf974d1254649b8a1fc5a3d26a4ea26daa6e40

SHA512
a2b3ea249119f6853ea6195db32f82f7d84fc235124bd73b99bf2646cbe0d95d60b1c637a73c434b1f7f9dab053800ac0e65821e3f469937085f68b003cd86e1

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db-journal

Filesize
8KB

MD5
31ce33e6b06ce4acf81619b23f9b7468

SHA1
4dc4445ada4d1a86ff1bb1a316f23c58a324728b

SHA256
c16c639c689f2d8df1968dc1621133781f60facaa70719ad30fb13ed441c1118

SHA512
319d9e68086043812389a85f85a2189588a08032b8deaca08b1e8a35316c20428a770fbac3356935722c776a901f8e597da56a69993d1d33eb94b34f4e4033cb

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db-journal

Filesize
8KB

MD5
e4e95ba0da584a5e51778b18db0302b9

SHA1
e08524c9e1daf835bfd934240878e4d2712cebec

SHA256
b846b406834fe43ba57584e4923847b8e6f7f53c0a99d7175e07680d9c7b42ce

SHA512
5e21bc74531f80bb5060f05dc1216ceac113d978622fbbc39206c72313f08ac39b5798af655044066ceb42254f536e4d0a8f3229192385e40da5b5207c997298

Download Submit
/data/data/com.zm.heinote/databases/cc/cc.db-journal

Filesize
12KB

MD5
03b285a675c7471a7325f58a25d55245

SHA1
fd67174bfb5987853ca37ab2cebf41b51d11f53a

SHA256
3b270075ecece701aa7dff1567e28edb95a0f71e3245fe0d456dad8c6c1da76c

SHA512
b0f2c2b134fe9d95a8163cab0e116f809b6d0881cbc4cc5510bf4cddc3bf88562ab8a3a86302de07285bef0e9f270039af092ef4f524e75f41fdab5b9046e5ad

Download Submit
/data/data/com.zm.heinote/databases/ua.db

Filesize
32KB

MD5
dc228ea6d31de8ced228a6dacebb345d

SHA1
275a849c2e419eb2161526fce76fe251a021863b

SHA256
22a966403b2e1592d5f8e1dd9b65a8ba26e212c8f51734299eb652897cb8c51e

SHA512
22c9738ee4720e78ce23b214ae38c2ce631b89fffd3d108e3cd4fe759b5aea99915e377f05e8ff751b35241d2d3bd9f6a61cebec007b5d776c408ca48c5b4b18

Download Submit
/data/data/com.zm.heinote/databases/ua.db

Filesize
32KB

MD5
4cac7d31fb94d5c9581893537f64c5ed

SHA1
96bef3288546196ac3058b5eeddbe9da1d999fe5

SHA256
d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

SHA512
0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

Download Submit
/data/data/com.zm.heinote/databases/ua.db

Filesize
16KB

MD5
79284c7573a84ec72c67a616ebf125a2

SHA1
78664c8af7876565170d479fa9761373fb7f0f7d

SHA256
842d6c07c0b990e330846084489693d5337281af55a2d6b3b00a7b2cc6e87678

SHA512
02c1eb12c004f65949e11b45d0d13df5ed9d4109651d4720901ad62d3b7dfcfe97156dc3c2467f83cf9fdcd5d8f26e51c83c0610c88c72187e834d1bc80ea246

Download Submit
/data/data/com.zm.heinote/databases/ua.db

Filesize
16KB

MD5
df56e89d8b64cc4646cfc271c47cd12c

SHA1
6c093d70b09dfcd1f634bf0b12014e4494d7305d

SHA256
2ae51ec0cce91cea4d08b09a84430acf31da5a8d7660c8b3b24e3226ae5bf034

SHA512
5faba978bb6568e6824cee54441c5c03007f93ccf7cbf16c5f529aa447e301a00ed985c470ab444d976ba2dbcb3cd234f96f24c9861291544080bc2bf979f91b

Download Submit
/data/data/com.zm.heinote/databases/ua.db-journal

Filesize
512B

MD5
8c32dc05ba945ec0fbabdaa32558f159

SHA1
be96424770074cbbfceb796cbedfdc7bc13c53fd

SHA256
08c0116c2eb7a9375260fd60fa7c0245ad7dd1da9cfaa5d6f7a547395bcd5f97

SHA512
23b49c65b1f7a4872462ed7d273a1adfdd0fd9467ed85d35a2c3078a2e44212738ec175c208cc568d8034bd6333bdffce619a164ae7140820c51e9cbfa01ac98

Download Submit
/data/data/com.zm.heinote/databases/ua.db-journal

Filesize
8KB

MD5
dcd1bd608e4a1104e7d29e777e8b5967

SHA1
6148b39dc43bfdee9f45657eff2db7fe98d67abd

SHA256
45da0c5788d9a09b198cd0f664c3200305b76d27b32f6c165bd1f51848c4f09c

SHA512
089094181dc7c6c591eddc7184ab8732bc77f75db4d66ad0a07f4e089e6f61b41edbfa5a1b0cf1faf789fd2ccbf5010460fa87d723f37bfc92e27457821f800d

Download Submit
/data/data/com.zm.heinote/databases/ua.db-journal

Filesize
8KB

MD5
5911b7f8431e837f624bca9221d84bc3

SHA1
225d1657e818e6f10d7b9caba8b85a625219ee8f

SHA256
d4d3538a5a4abe68d530b59dc9e4f5b3f10f956a16dbe19c579d93bb8560895e

SHA512
ba9867831d3d51b6a625715f228c49094ab640cc296a09e2fd6a80283fff9166a42053df978fc01960f1202dc641592c116d94287a08ae31d53898a10d9afa98

Download Submit
/data/data/com.zm.heinote/databases/ua.db-journal

Filesize
16KB

MD5
65221069151920e4f5fdb24fb75f47b3

SHA1
e872e34b8473968c5ec364a4b3fdf7bdcef86d36

SHA256
236e84c44de3a61cc559bb6ecda9a79625829a04b8542109d58ed4d97939436a

SHA512
93d260d2c52738cce9325e243b0ebf8ea38ad79512548aadea0edcc7a2cf3c0d6beb0d16285650a0d623f55bc9a35d52aaabb452130aa8c1303227039fdaa003

Download Submit
/data/data/com.zm.heinote/databases/ua.db-journal

Filesize
12KB

MD5
67bd9937a052c4c5498451c5b292fc0f

SHA1
dde9fb0d8892ec1b3b08bef56ae8306a3c0db70d

SHA256
59c8c2433d5564b5ffeb76afe82944d5bf31ac9570850fb88c62196d6d64d228

SHA512
cc63b14eff260733cfb2d2bb7b5bda31630b173b303c14dab93ffb09ae3ccf9bff9f4ada09cc5a0bc0319c4667be44cd1c98bffbfcb79c5acbefa5672e453ff7

Download Submit
/data/data/com.zm.heinote/databases/ua.db-journal

Filesize
8KB

MD5
742c7e0a96a2f772b2f20950cc10af99

SHA1
c7af7bf47aad70067bbbd593bf657725258f3af0

SHA256
073816a0a48bc6eec51b7323957d0a506ea50c30805b282f878421afdb35071d

SHA512
6d8c4decc5442df6582bd8640ad2c274d744790a7d89063a4e0a9e3e282ea8e92e737a7a0f58a5e45a6069f80ffc0e91bf3e97811a4998554679512c3688904b

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE-journal

Filesize
512B

MD5
5184e6a863605d960a480c511778777b

SHA1
996540c1177e5a557a5cead85d40dd80c2f28ade

SHA256
252eceb5b85b9250c0e79d8ef89c929967d418bd3dbe37a513f512dfc4981e32

SHA512
81a0b5632bb0d01af2dcc08fba4437b80e32b1a3f41b30c27d9c36cb8a72fd4ce1c1ca48291d6b8aa86432d9c122fef89511594ee240579dbdbd826a128fcd9a

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE-journal

Filesize
8KB

MD5
fb277fa10603841cfc928f9f38a8bb78

SHA1
f541474c375fd740dda398b3537f02a4c3bc6d45

SHA256
8c8122b7e557139f897f06dcf3b0cf023afa00a27384ff531e9ec951cd8566e4

SHA512
e12eb083f4bd27255659da721965c84319e277275aff298a5f5e7c8b5ea7de54e85651e003f3b872d3a05ba3b4691c848fc08ab16eb19a37a56473bb0554646a

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE-journal

Filesize
8KB

MD5
34f7a6e31957d9c49211f3f391994c3a

SHA1
77936f937799f3d787fbeeaa9fae4eddac5443b6

SHA256
f5eecad075b56bd9f883d4c8d17535da331e7994e47072b6967fbc05b76d4baa

SHA512
f0d5ccc2fe05d5cf5d8afd5e7119ee441f309037713d11d8a2810106b6d273e79c4acded812b5fd77ae28ae8277d5c3b3a937ac8f803098f1132e33b89a568cf

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE_GROUP

Filesize
28KB

MD5
e5595574bdbba91b7b5db919b241e155

SHA1
ddd8890e798b362c6f767b3a72f78cce08702372

SHA256
126977f429be37251466dafb37d01baf8e0fa7e99931a6637ac624b3cccf1af6

SHA512
cf5bc49c7fc2dd2c6709ae65995ff03c54288634d0177282f2e52010e5bb0091d2102f4f7ff3d9d15610777ce38f8b76306a82e709479bfcc83adb5543dfcf10

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE_GROUP-journal

Filesize
512B

MD5
f1054c606c6b67c635d6f559549b46d7

SHA1
f2dba40ba087cf5d294744cd00d9f35093a12205

SHA256
8886681353c7d7519f76695d5f4755f51bb2afe81301fe5a75c6adb58e8bc526

SHA512
52b127b08ef91704a4169116b0b3213ef28988abe9a4bed6c70e2b4b47db09f35cb9913010fb2c9cd531e2c54d42e5956d38d2286e78ca8c1794363a2ab3ac1e

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE_GROUP-journal

Filesize
8KB

MD5
3610267d91367e145e0a88a0e86235e2

SHA1
687578c96b2261f2c0622cf2700584781da84cb3

SHA256
38faa6647fa3bf8abe93dc2831d03bfb55270611b7e9cd7a486c06d726c19a05

SHA512
c8b756dd4522b8283ec43a72975f690ecd90ee06bb49397376ff4477f8df10971ca8b196a559f19a92b9aa99a88e26053a81c9ef4469fe82dc626ac1a478971a

Download Submit
/data/user/0/com.zm.heinote/databases/NOTE_GROUP-journal

Filesize
8KB

MD5
4f56ffeba1210d7d5a86ad469c4bbe9e

SHA1
796d5907a562c7745c7a7c6617d7bfd5c778d629

SHA256
f163a662ce461f33c728176ee4ce37b1398455f4fffc99273bba6f2b08323f31

SHA512
e5cf0abf8e5c3691e4e6b0fd3bb4f7566dde700e307224782f5338fc8aaf855e04f9c94e83017e3da922b4e5a6732e01a578e9ca285bcb4a5912c5fbd979cfc0

Download Submit
/data/user/0/com.zm.heinote/files/.um/um_cache_1718234212666.env

Filesize
1KB

MD5
52eadbba1bef392ca90180db5ef3834d

SHA1
aa65062d5e157813b4d739fc1012801d6e023a3f

SHA256
a003e838c8f89a160c1c7be9c8bccda2c093367612c563224e5d14f2798de2ab

SHA512
7aa9978364390ee16ebf628052bbf272f6a03e4a29360f4adf54dce4eba1372e3ffcd4bce6034bf8cf247872ecc3d54afcab92d674b3691e9801a1fdb30b92bb

Download Submit
/data/user/0/com.zm.heinote/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f292c2d1ef95b77365eecc57cff71008

SHA1
ca733ac6facb3aaead4f7a896be13031cb43f471

SHA256
034053795e8bbed5cc31227a2016316c11cf7ba319cdfc40ebd0cbb010b05f45

SHA512
fe6358ac835cf32cb42d7c82905a680ccafee0720c439490ab21fde366da6bec024c38352490bbfcccc66e8b9a0f87002f8db69ad07297770689f59920120e89

Download Submit
/data/user/0/com.zm.heinote/files/exid.dat

Filesize
61B

MD5
d9412753350798bee4ba370bd3004381

SHA1
88e7cdc1019faf36cc4f5cd5cf55bc78754e7e4d

SHA256
6697d02126bc810a7a93978ac0749310530b8df72c6d8ec9c34dac374c1d8db3

SHA512
0346712e7f3c594d59f80502dfee14056079c2e111256ee8606b372007d386f735d9a906833d44170f772937f22ebebfac550dd92441a7990213561a99145d65

Download Submit
/data/user/0/com.zm.heinote/files/umeng_it.cache

Filesize
350B

MD5
983b882a0860868d4fc3ed5795c6b655

SHA1
674efc46e935a1ba71ee3d42b8f19b560d81fd26

SHA256
4ccd34f3119b61c30184463a085a5a505003249cb17fb9f1f772cdf41f1b0ea8

SHA512
b3c06366b79b961023675175fc78bda561ded55b6641c2244ece33e27ffa2c1f983d21720769d98d1cefbaa8a783789a40674c8fc541bd92e31e2dee890453b1

Download Submit