7bd2eb8813be48062ee42adf29bbb26931e8a90c3ed83a3934f0494f2f75722a

Analysis

max time kernel
64s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6eaf84475925f4153205f25ebf2c7b1_JaffaCakes118.apk
Size

5.0MB
MD5

a6eaf84475925f4153205f25ebf2c7b1
SHA1

30e553c05d0dfe983f7fb1d35b3692df3e76096a
SHA256

7bd2eb8813be48062ee42adf29bbb26931e8a90c3ed83a3934f0494f2f75722a
SHA512

66127481adbe5373567930db79e1df097cbcf5220bacc9923482a3e8a72a896ccc88a1cec3719504ab97a399e54f9e558eab61a5964141db58a85390a90f1257
SSDEEP

98304:oJKd9J567myhtE+xg7QQ+8JvwbQDYcfWN0fhH3huSHeuQg0mx01wmAnzLqMuOnTn:LLyhGPqiDYcfW6NhuZPgVxfmSqMJnL3

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

7 alog.umeng.com
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.namcmbmpmemnjgji.dadaofuzhuworld
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.namcmbmpmemnjgji.dadaofuzhuworld
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.namcmbmpmemnjgji.dadaofuzhuworld

flow	ioc
7	alog.umeng.com

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.namcmbmpmemnjgji.dadaofuzhuworld

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

T1422

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.namcmbmpmemnjgji.dadaofuzhuworld

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.namcmbmpmemnjgji.dadaofuzhuworld
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.namcmbmpmemnjgji.dadaofuzhuworld
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

File opened for read /proc/cpuinfo com.namcmbmpmemnjgji.dadaofuzhuworld
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

File opened for read /proc/meminfo com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
File opened for read	/proc/cpuinfo	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
File opened for read	/proc/meminfo	com.namcmbmpmemnjgji.dadaofuzhuworld

com.namcmbmpmemnjgji.dadaofuzhuworld
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4201

su
2⤵
PID:4266

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/.um/um_cache_1718318226649.env
Filesize
593B

MD5
920a68934d5ded468301923938731831

SHA1
a30cf147ed0b7f0c0b7b76ca046deb688b898713

SHA256
dd570d44a0a08978c55b004c48a686cb210b28717e352340b5e037e4c6689263

SHA512
6897b86e051b6473ea5aeb5f511b690b3b21c47746cfff036ac00529860c13512419f8bdc8df27ad690a6f6d60d427952b1b8feaabb7bb052dd0e4ed6ffb7b70

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/eventservice.jar
Filesize
218KB

MD5
459559bac3be2277f344b469c1c91aa5

SHA1
b2dba0f45a260664d700750a4c57dc3bcd2bc4ab

SHA256
23ad1ebc36c58fad8c9b6ca80c12f588173a091c5ff2e938f3308d6cfc07ec05

SHA512
a1e8e53687a6c0c3b06a79d9f72e367f631a3c9eb909fd218df71aa7ae6a416901d386ff48963aa7ec8851cd0eeecb14531de75c8efbfa36ffb6e0701d80137f

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.cfg
Filesize
482B

MD5
a18ca2b536a531b1aac67b7dc55bc99a

SHA1
fd2769dd38831a39802fd44413fc9b98fdbe6898

SHA256
2c4636f4ab490a570916144b799708249ceff46c2e8248e09815986cbb2bc8be

SHA512
a6e49372bfd014d8c9eb80b4992177d76d2504e3332974e671d6c4e1ed094662ba5bf2a8b95cc011662937244f2615910d958251549e7a9827370b89fa87a547

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.lc
Filesize
40KB

MD5
f8af2888960c16689eb1717632bf9925

SHA1
fc4dcbdf7a5e813c93861c905f48057f707a17bd

SHA256
1b46ce0ece4ed5e191ae10daf7a62219d5aecbe83d2f87315616f0cc3b6352d8

SHA512
b7264203a914341ff1833312017b7dd4bd7195d5a9289bec2d1182a62ee8c04900363194633a25aedeae2743a8ab7b39cded150be03a7be8f93e50d755cd5904

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.prop
Filesize
303B

MD5
d024be5953723e047913ad04a9301480

SHA1
6b827073d39a4b851117177215e146243256aa0d

SHA256
c66a12c17ad09a9cb46f9443232910ed44207a1216627d8f0d25430f401e8d00

SHA512
0c80f9f1b3dc97d9c140b34806fd9ef589e5b8d78a660039f0b8a529bac65b528ac6806c07516c64e8a08dce69333ab629bca9ae3c1b46b81963c93e017152c9

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.rtd
Filesize
2.1MB

MD5
9437741be627d1ea727bd87bb2b2c264

SHA1
daf98055a4127d5466ff546afcc586aede7f8de9

SHA256
3645edaf60644d3f242cfad51c251ce8dfed986ba6b638ceeb5b69970cc04dc0

SHA512
6e18646aaff2a1090911577a0e0de05e2ca3b6550ca80c23f1f25d6d4b57f53a05a01c75016ed79471c25da8305d9bc8a131a958af66cafc86e5d3c3857b21cb

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.ui
Filesize
9KB

MD5
b6109e8f4b051b2f16ac41a254fa970a

SHA1
33081a1ed4b7e8fe3005f8282f47f1ca70d21321

SHA256
b0593354c5caa9a3390f6c93ccafd90d83221160c4f0758fa3544dcdb6a6a3d3

SHA512
364225d9ebb9505907563748f5347e07a4676716b9eca737b9136dec1a0ff274db76a3e9801bfffd9864ad3d979c0ab7ea3d88a13e7a3057f47cfc7c95840e9c

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/start_eventsrv
Filesize
327B

MD5
10714a3dec300104239025c78b85ec14

SHA1
dd46c27020eadd92e267a06c4d822ac886a09e2e

SHA256
e06d08ce273a852dac3b8b284e954c6d4b357d17e10797abd370ec365eb051e9

SHA512
2b3bc70dedbdd706e4a9efd1bbbf5eee25583ae7b1a3070307233266ef64bdb681c585141e15876b7a585644f47aea68927ed96918a69df7678e5b2b68f089cc

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/umeng_it.cache
Filesize
310B

MD5
b48c7c429b3acb288d5bf8205a1fa50f

SHA1
aa4c9fb44ecdec62b1ae8b0a6479e2f0f544b6c0

SHA256
f056cdc675c43a0a616e63481bd1a0690457644d5dea4e1590cbde84235022ec

SHA512
69d79a2217f03d9a814cecf33ed17e8685431be74c23a8c3a8114770bc36d22a7746544b6ed1c0ee760bd8f3b0dd52934a00e744ad74986bbf58c3a4e958094f

Download Submit