7bd2eb8813be48062ee42adf29bbb26931e8a90c3ed83a3934f0494f2f75722a

Analysis

max time kernel
55s
max time network
152s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
13-06-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6eaf84475925f4153205f25ebf2c7b1_JaffaCakes118.apk
Size

5.0MB
MD5

a6eaf84475925f4153205f25ebf2c7b1
SHA1

30e553c05d0dfe983f7fb1d35b3692df3e76096a
SHA256

7bd2eb8813be48062ee42adf29bbb26931e8a90c3ed83a3934f0494f2f75722a
SHA512

66127481adbe5373567930db79e1df097cbcf5220bacc9923482a3e8a72a896ccc88a1cec3719504ab97a399e54f9e558eab61a5964141db58a85390a90f1257
SSDEEP

98304:oJKd9J567myhtE+xg7QQ+8JvwbQDYcfWN0fhH3huSHeuQg0mx01wmAnzLqMuOnTn:LLyhGPqiDYcfW6NhuZPgVxfmSqMJnL3

Score

6^/10

discovery evasion

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

9 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.namcmbmpmemnjgji.dadaofuzhuworld
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.namcmbmpmemnjgji.dadaofuzhuworld
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.namcmbmpmemnjgji.dadaofuzhuworld
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.namcmbmpmemnjgji.dadaofuzhuworld

description ioc process

File opened for read /proc/cpuinfo com.namcmbmpmemnjgji.dadaofuzhuworld

flow	ioc
9	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.namcmbmpmemnjgji.dadaofuzhuworld

description	ioc	process
File opened for read	/proc/cpuinfo	com.namcmbmpmemnjgji.dadaofuzhuworld

com.namcmbmpmemnjgji.dadaofuzhuworld
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
PID:5010

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/.imprint
Filesize
894B

MD5
84eb2769782f51d3ae9979b8583d681b

SHA1
4e79d0848658441cd654c5dc3b6f679f1316dff4

SHA256
b02d04e28070e916f2583e9e1d687e223b4fa0a978b4bb3af05928ed033cdb51

SHA512
5699471f7cb1f6f0a0a4d6d85bd54c02138b36d7d10ee1a59d40fe46f961d76c737750af66306a0444b29a42e80a6abe71d89e3bd5420217e87c81c661de1e12

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/eventservice.jar
Filesize
218KB

MD5
459559bac3be2277f344b469c1c91aa5

SHA1
b2dba0f45a260664d700750a4c57dc3bcd2bc4ab

SHA256
23ad1ebc36c58fad8c9b6ca80c12f588173a091c5ff2e938f3308d6cfc07ec05

SHA512
a1e8e53687a6c0c3b06a79d9f72e367f631a3c9eb909fd218df71aa7ae6a416901d386ff48963aa7ec8851cd0eeecb14531de75c8efbfa36ffb6e0701d80137f

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/start_eventsrv
Filesize
327B

MD5
10714a3dec300104239025c78b85ec14

SHA1
dd46c27020eadd92e267a06c4d822ac886a09e2e

SHA256
e06d08ce273a852dac3b8b284e954c6d4b357d17e10797abd370ec365eb051e9

SHA512
2b3bc70dedbdd706e4a9efd1bbbf5eee25583ae7b1a3070307233266ef64bdb681c585141e15876b7a585644f47aea68927ed96918a69df7678e5b2b68f089cc

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/umeng_it.cache
Filesize
245B

MD5
c74d9fe18d096310626a39b51c92d38e

SHA1
ad9eb5e363a6c16cd1d6f88c5676635fff020797

SHA256
04e0ea4df0c35f21fc4dd2862ae9ff7d385816855fbd1b6eb3b72a1adc2d0e34

SHA512
e31a38c8629cda415eb14eba607c8227f4391f9481194c99318be571965f0a04fc5b5bda30c0b35536baadebe01b6605ce7139ae4d1540e764017929f25a9815

Download Submit
/data/data/com.namcmbmpmemnjgji.dadaofuzhuworld/files/umeng_it.cache
Filesize
125B

MD5
ef49ba1feb82525ab6770ac75083e30e

SHA1
5db6df6f82734e19af9043fc5d0ca14e8f2d9234

SHA256
a4455bea3f9e5bee436bf15aa7171a114921c6f5b55cba7da386f0caffa6e34a

SHA512
7d81112ac5917c0222ab690862b94a9fd9048fa7c9283ada5f72521c8e3b391938093971a4595fb14d33effc148922c3f2242693ae6fd4f33fa250c8923fcb55

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads