Overview

overview

6

Static

static

6

a6eaf84475...18.apk

android-9-x86

6

a6eaf84475...18.apk

android-10-x64

6

eventservice.apk

android-9-x86

eventservice.apk

android-10-x64

eventservice.apk

android-11-x64

Analysis

  • max time kernel
    64s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13/06/2024, 22:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a6eaf84475925f4153205f25ebf2c7b1_JaffaCakes118.apk

  • Size

    5.0MB

  • MD5

    a6eaf84475925f4153205f25ebf2c7b1

  • SHA1

    30e553c05d0dfe983f7fb1d35b3692df3e76096a

  • SHA256

    7bd2eb8813be48062ee42adf29bbb26931e8a90c3ed83a3934f0494f2f75722a

  • SHA512

    66127481adbe5373567930db79e1df097cbcf5220bacc9923482a3e8a72a896ccc88a1cec3719504ab97a399e54f9e558eab61a5964141db58a85390a90f1257

  • SSDEEP

    98304:oJKd9J567myhtE+xg7QQ+8JvwbQDYcfWN0fhH3huSHeuQg0mx01wmAnzLqMuOnTn:LLyhGPqiDYcfW6NhuZPgVxfmSqMJnL3

Score
6/10
discoveryevasionpersistence

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.namcmbmpmemnjgji.dadaofuzhuworld
    1⤵
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4201
    • su
      2⤵
        PID:4266

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/.um/um_cache_1718318226649.env
            Filesize

            593B

            MD5

            920a68934d5ded468301923938731831

            SHA1

            a30cf147ed0b7f0c0b7b76ca046deb688b898713

            SHA256

            dd570d44a0a08978c55b004c48a686cb210b28717e352340b5e037e4c6689263

            SHA512

            6897b86e051b6473ea5aeb5f511b690b3b21c47746cfff036ac00529860c13512419f8bdc8df27ad690a6f6d60d427952b1b8feaabb7bb052dd0e4ed6ffb7b70

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/eventservice.jar
            Filesize

            218KB

            MD5

            459559bac3be2277f344b469c1c91aa5

            SHA1

            b2dba0f45a260664d700750a4c57dc3bcd2bc4ab

            SHA256

            23ad1ebc36c58fad8c9b6ca80c12f588173a091c5ff2e938f3308d6cfc07ec05

            SHA512

            a1e8e53687a6c0c3b06a79d9f72e367f631a3c9eb909fd218df71aa7ae6a416901d386ff48963aa7ec8851cd0eeecb14531de75c8efbfa36ffb6e0701d80137f

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.cfg
            Filesize

            482B

            MD5

            a18ca2b536a531b1aac67b7dc55bc99a

            SHA1

            fd2769dd38831a39802fd44413fc9b98fdbe6898

            SHA256

            2c4636f4ab490a570916144b799708249ceff46c2e8248e09815986cbb2bc8be

            SHA512

            a6e49372bfd014d8c9eb80b4992177d76d2504e3332974e671d6c4e1ed094662ba5bf2a8b95cc011662937244f2615910d958251549e7a9827370b89fa87a547

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.lc
            Filesize

            40KB

            MD5

            f8af2888960c16689eb1717632bf9925

            SHA1

            fc4dcbdf7a5e813c93861c905f48057f707a17bd

            SHA256

            1b46ce0ece4ed5e191ae10daf7a62219d5aecbe83d2f87315616f0cc3b6352d8

            SHA512

            b7264203a914341ff1833312017b7dd4bd7195d5a9289bec2d1182a62ee8c04900363194633a25aedeae2743a8ab7b39cded150be03a7be8f93e50d755cd5904

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.prop
            Filesize

            303B

            MD5

            d024be5953723e047913ad04a9301480

            SHA1

            6b827073d39a4b851117177215e146243256aa0d

            SHA256

            c66a12c17ad09a9cb46f9443232910ed44207a1216627d8f0d25430f401e8d00

            SHA512

            0c80f9f1b3dc97d9c140b34806fd9ef589e5b8d78a660039f0b8a529bac65b528ac6806c07516c64e8a08dce69333ab629bca9ae3c1b46b81963c93e017152c9

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.rtd
            Filesize

            2.1MB

            MD5

            9437741be627d1ea727bd87bb2b2c264

            SHA1

            daf98055a4127d5466ff546afcc586aede7f8de9

            SHA256

            3645edaf60644d3f242cfad51c251ce8dfed986ba6b638ceeb5b69970cc04dc0

            SHA512

            6e18646aaff2a1090911577a0e0de05e2ca3b6550ca80c23f1f25d6d4b57f53a05a01c75016ed79471c25da8305d9bc8a131a958af66cafc86e5d3c3857b21cb

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/script.ui
            Filesize

            9KB

            MD5

            b6109e8f4b051b2f16ac41a254fa970a

            SHA1

            33081a1ed4b7e8fe3005f8282f47f1ca70d21321

            SHA256

            b0593354c5caa9a3390f6c93ccafd90d83221160c4f0758fa3544dcdb6a6a3d3

            SHA512

            364225d9ebb9505907563748f5347e07a4676716b9eca737b9136dec1a0ff274db76a3e9801bfffd9864ad3d979c0ab7ea3d88a13e7a3057f47cfc7c95840e9c

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/start_eventsrv
            Filesize

            327B

            MD5

            10714a3dec300104239025c78b85ec14

            SHA1

            dd46c27020eadd92e267a06c4d822ac886a09e2e

            SHA256

            e06d08ce273a852dac3b8b284e954c6d4b357d17e10797abd370ec365eb051e9

            SHA512

            2b3bc70dedbdd706e4a9efd1bbbf5eee25583ae7b1a3070307233266ef64bdb681c585141e15876b7a585644f47aea68927ed96918a69df7678e5b2b68f089cc

            Download Submit

          • /data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/umeng_it.cache
            Filesize

            310B

            MD5

            b48c7c429b3acb288d5bf8205a1fa50f

            SHA1

            aa4c9fb44ecdec62b1ae8b0a6479e2f0f544b6c0

            SHA256

            f056cdc675c43a0a616e63481bd1a0690457644d5dea4e1590cbde84235022ec

            SHA512

            69d79a2217f03d9a814cecf33ed17e8685431be74c23a8c3a8114770bc36d22a7746544b6ed1c0ee760bd8f3b0dd52934a00e744ad74986bbf58c3a4e958094f

            Download Submit