Malware Analysis Report

2024-09-09 17:18

Sample ID 240613-3z2eaawfpc
Target a7354601ba0cdfa1f3e073bcb46623cb_JaffaCakes118
SHA256 051d1f874f42ea0530e89289721d60ebbe3c7ab877f10f221c95d992d69598f1
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

051d1f874f42ea0530e89289721d60ebbe3c7ab877f10f221c95d992d69598f1

Threat Level: Shows suspicious behavior

The file a7354601ba0cdfa1f3e073bcb46623cb_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:57

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:57

Reported

2024-06-14 00:01

Platform

android-x86-arm-20240611.1-en

Max time kernel

67s

Max time network

131s

Command Line

com.own.league

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.own.league

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.zjr360.com udp
HK 103.143.80.223:80 www.zjr360.com tcp
HK 103.143.80.223:80 www.zjr360.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.own.league/databases/area

MD5 c8650adcdb15ea6c7fc6d9625737518f
SHA1 a19c7e0d17f4acf79fdf35aeff8bf64700f5f4ac
SHA256 fb6aa75601ca79282f6a1dc264a6b6e7c0fbf85d96ec68e17cbe6b025adae8bf
SHA512 50d92f89b998d12c1c9758e7f4dd193f29bb264c803b9c0e8a2db07cf85e04036594308f0e3919f33cc2a6096279fb3cdd383af162e51b2db94394e44fabc7c2

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 f104ab94224d7d34aee64554125eabf7
SHA1 4f3bed892da9d15058bc5bd9d5ea2fb09557850b
SHA256 a5391848010fed1f5ee11751b5364637139f5ff1dff171cda1f0eadc24236cdc
SHA512 037c227462b0c9649b840c0abc1cbe2987f9236013ec165d159600c3edf13abab3b589e1f38b847a250c8077e64a51060088e1b4c730d756e621015ee0799cc4

/data/data/com.own.league/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.own.league/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.own.league/databases/cc/cc.db-wal

MD5 3aaaf541cd0b2b2a4339861003ea0c9a
SHA1 3e032de592ad22048fd631a131816daace72acdb
SHA256 b5d19bdae3776530d22a612e79dc52f7e2d47433a7f3619b3cafd0f9edcdadc0
SHA512 19bb2db01dd229a1e7c65124e0e46d00b25dcee9d4d6e3d511ce7006dcec03b16fe855bca83580c0882016ebaed2d09006dcff60b20afc0b8743972c1cc3b548

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 8f70432404e36081cfdee5fe81fb4a09
SHA1 ab9c8bd792b10e97a7943eb2a899178775ad8a40
SHA256 9d0219495a3cac53acc5f66d98c934f12c74c0b101c402964c4f127d24e2b5ff
SHA512 8c62cbf8c95377d6a0f9bcc75bb1ec909d78218e12cd0f88bc314f1d63faf48314b9a22ef8b6e6c3c2373636b51c68573cc77f94db846a5877882d320346a596

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 148861aab055f79ab61af58f45126e13
SHA1 0ef81131100b8622c668906a565b0630bda6a1ed
SHA256 c19b5a75ac04146b30eaa65e8f024a8107abaf5834cc3d59d14cdc6507b74a57
SHA512 a542d8c3b364e98aefd9679cde65ca8f3c57a541280361b962289ccda698416856c3c26e226c5a04b13677cf754b2e4598a70da2de155e1dc17b4a23564aec3f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 03c25bcb5009b443d8f2a62f3429b1be
SHA1 7937a5763c64a5ba42f47c0aa05f7f12de4eb3ba
SHA256 a2b901271158eb19f019420fc71d1eea445091eb2ea6f0d3ffa26cd661107c1b
SHA512 88629630319d50969ef9f5bf0be8527d655b675dfac3a67f216598e74805ef90727170fc0d0a25aa4c9483fe1b009137e63638a05e91ad8f4afa51ce15ff1810

/data/data/com.own.league/files/umeng_it.cache

MD5 618edaf437aac3fc12694cf79380b942
SHA1 b9aa5b3b2475d3940278a291e31f3703650c0f7d
SHA256 4e5b9ae472c55af579e935620ed6fbe09e8c2a34c4c01d4e6c9cc38c14bb0d5a
SHA512 835715520934cbb3598dbee4fa0a9445aae115d083409fde7d808282395d6a09b7f057ef59ddd5d5ae802d0042b6eeb46917bc16301280bafc037fd58d766199

/data/data/com.own.league/files/.umeng/exchangeIdentity.json

MD5 8d8a56ada5476f85d1fd3a17cd17939b
SHA1 009ca2adcc94c74ac6c7c32f3afbcfc9788ff713
SHA256 f1464a5c51011a7adb575ac20270c4d9700eebc259c0c73fc8eda9a4a91ba519
SHA512 b70e7e67b25cf7134d1888a3b86c981df1fa6d35c9e3870697965e7518667239c734715dec7c166fab071edc520f138a292f48aa629f230fb693119f549afecd

/data/data/com.own.league/databases/cc/cc.db-wal

MD5 0aac5c0ebfcf7863f8072acac3e6f1b0
SHA1 d1155e5ffd1992f96fbb7e30e93309aa8b743d1e
SHA256 11ff49788a5045d6736f7ecc90ee146b3412b844d978d227519cb5d3726784fe
SHA512 c6da454540500803f2ec6e2b0692381d2d8c4a30eda5bccc0e46b9cba304ddf830ee3b2b24110581bc778f27bbe05943553502feaaf95058b833ef7c32cf1b9d

/data/data/com.own.league/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.own.league/files/.um/um_cache_1718323197744.env

MD5 4295cf4e43af0238d367db996972075a
SHA1 2f3783a74d42ca2b84be8c27cb612f7c574e16f0
SHA256 777d4539ff6ff8eb95e031055cb93cde5ce382433b3dbf1f23a1f15ad56d2f9d
SHA512 653e393d18f5af56994670ffa8206c17d91bb7e0bf12b8dfa158f26f84bfd31153fff49812a49b97a8bd78f78e98668fa803059b32aea575e22c17a47f1b0432

/data/data/com.own.league/files/mobclick_agent_cached_com.own.league107

MD5 bd69db5f521c1f130d938fc85be093b3
SHA1 e98ed99324596493e1e95397e425dfcc3d9e2051
SHA256 b7a686ee9f50c23080c9eaf0d7e1446f51cef9e2282d4ff12d5d5283a39b3fd0
SHA512 95578d215be462319ab00ac3a4c2944b3c50cb584252da8dbb0f5e42bc129fd3433fc32b23ed38d85054757dc3282108276e761a59828e859ef6843a3a0544bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:57

Reported

2024-06-14 00:02

Platform

android-x64-20240611.1-en

Max time kernel

70s

Max time network

150s

Command Line

com.own.league

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.own.league

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.zjr360.com udp
GB 172.217.16.234:443 tcp
HK 103.143.80.223:80 www.zjr360.com tcp
HK 103.143.80.223:80 www.zjr360.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.169.46:443 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp

Files

/data/data/com.own.league/databases/area

MD5 c8650adcdb15ea6c7fc6d9625737518f
SHA1 a19c7e0d17f4acf79fdf35aeff8bf64700f5f4ac
SHA256 fb6aa75601ca79282f6a1dc264a6b6e7c0fbf85d96ec68e17cbe6b025adae8bf
SHA512 50d92f89b998d12c1c9758e7f4dd193f29bb264c803b9c0e8a2db07cf85e04036594308f0e3919f33cc2a6096279fb3cdd383af162e51b2db94394e44fabc7c2

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 ace8c2aa5f54c442bc667709f6346eec
SHA1 6f80488abb6ed6e53e9e2f5b88ec851ef5d40fce
SHA256 afa4956cac30a8645268eff6580e92771bc1c36108451f8bc492bd7c58a62775
SHA512 c5824341776a684a8b5346a6ee48cd24b03cab1832a9943493c05f5a0b4eae57e36334d1548306048fefe7b477782f30ec8f7484b7388fc3d69062acfd619e6d

/data/data/com.own.league/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 fb2bc703d33506f9c2a96cbc67da5a87
SHA1 37c9028951bfb091e56d5fb367e33c3e91143308
SHA256 d6c6859a7c8eddc3c46a1cf3261c97538d07590327b7996828368a4837204797
SHA512 808e3892a567672b913a3de07af5fbfdf5926cba531f604fc2dc0eb68735338f2d133c6d56edd16cda4159fbc64bdfc293d167d57097ac7ebbd999b3e3b2e845

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 fe2bf2cb0d6e1582e00b93d94f8755d5
SHA1 e1f5c344f7a24d431b26ebb9ad5ea4725a751c67
SHA256 9b1cca30aa0b82a8397d19b76cf3bc68d0d02a8c33f9faf66be717ea3029bfd3
SHA512 609d6a9271932ef0dd1d4e1a256970a216f9cb7cc20d1a0467eddb8c082ab406f0b1bb0e93f8e904f6efb70fda3ca3b6ac703632b397c8588e137a1a42832fac

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b178b775e347fe72b1b7c020ab3fd329
SHA1 4c5e5fe26ceb7a43faeaabfd4c85ddba331269ad
SHA256 0aaf1007eef09bcfd7c42679f7c1af3a8b8f45afa32c2da691017c9219f7677f
SHA512 dbf8853ee12078b90f8c16863c97e7030a7bf4a4a481034f25affa02d7ce5e13095abeedfe37162ad957dab64aba4300bf784381ca18fe76c045f5b573a42037

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 6c5d62e4187b829c823de43f39839704
SHA1 1b493bb6eded63c8dda5ed6b34a10cd789fd5f90
SHA256 ed697d36306576306814ca21eb9561f830851d1a2b5607e5b18a782c36a9b8f3
SHA512 9b81d571087bbcfd5322cc07041ce439ed0681ada3a33de9ecd386a4626d129e172ea83ff69957178232998362d71577957e1c36562d245ff5d7cf1a4a37d75b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 57dc1ef842d6fc9570693fd9c75d9f19
SHA1 78f4168ce41f613517b9bb604f27c850233833ee
SHA256 66401f11c5a1e639e1214a22b5b222632d65dc68d5fbbf373b095083efa74866
SHA512 9e49c33c3d9bf2044e40a5f2a34ddf5787ea8a724a69a797819561ec74c5c05732bfe4ee599db2fe3fbdc710f0e49fe29ba100107bf60d70e1ff1abd13cd1625

/data/data/com.own.league/files/umeng_it.cache

MD5 36a6bcc8f6a9d67bfc8dc1561b174cf5
SHA1 77cd1c24c47c9fc223be646e02bcfc5046ec62de
SHA256 6d5188dc02698c3b5fc72ff4a6b8adcff54fa4d680d960e07610939bdf12b254
SHA512 07f383211eddc259068ae078f53b2dbc715c90b232ecebe9e65ac25f584a2b511ebdc0dea2262078e1f694c451ec5b0819bcc37f63ca7abdab5bda5743b9bf1c

/data/data/com.own.league/files/.umeng/exchangeIdentity.json

MD5 7d5e25beec7f7abf8a1d419afd4fd18f
SHA1 02ffb93c17bbc5c7a895af256a2197314f2bb34f
SHA256 ec1a5d3d453e56bba3ec9cb1c084f4e6733239c9769bccb07b1d39967ae475b7
SHA512 997ccee63ff2b27c21d503c42ee2378bcac9550263b54416868aa6e6ace4b9a7730f9513bc9c1a82ae4457b09516793a8a992acc2f6e5fe3923045f16fb73b42

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 82bf7661c254d88cad7175f701d64bf9
SHA1 345ceee1ec6fba91d78e5cfcb547c1f4167fb98a
SHA256 f3107b0c9e55740e62ae0369812c3838f02ed349afe552dd08d38a511b92368f
SHA512 0323951cb5944c7ae5fc610fc87bf0ff22f77da061cc7f3b1518015c60f5a42094e27a5723ce863e6f17ba25ed8945f0318cace663bbe34185cf4de69881e7f1

/data/data/com.own.league/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 35bbaee270193727bfb86f1f69536466
SHA1 fbbb4123a3bd15e56bb1e46fdf6589fb8576ea37
SHA256 0621e6a8c4ec1b0b2e5cd6c9d0c01aaaa693ab067116374666562a469dabcbf9
SHA512 0de5a579271141d71b20754841bd8f38da7932ea66d878528adf62e185b70bfc67e336bf0a6d27c41e58bc74a6985f7f9cad1dccc26bcd5e201e6d4cac6932a0

/data/data/com.own.league/databases/cc/cc.db-journal

MD5 4c2018a3803a96feab3eb39866c42b40
SHA1 4f086768c0a700c93905f989995e75aed79dc97e
SHA256 e0d9455b87878384486abed9ceed02ada79ee404fe7c8b8f3c20e66d4420d73a
SHA512 9a19b76c51d44d5b72de6f16d462fb2a627ee046304c674d20192eb4ceb057a8e4bb6b9713a16d65706977230802aae0fbaecc02806e6b7c8503e1cc790c4fd4

/data/data/com.own.league/files/.um/um_cache_1718323205618.env

MD5 a4898ad51ca19330340c74adff091e28
SHA1 13ace955ef3e41e8051aa3ba6d68e517dd47b291
SHA256 c5a3567ef8c6367d8692a956e7bb87f6c37c38ff0e0a3d593dae76e6626306ec
SHA512 83963ef3fd51958ea08e5e8b689e39e3a53f9b8a25adedd2c534a5c5459eb7c2d8972928e1b956bfae49aac2a6e9191e032423797873bccd5dd00bbdd9777564

/data/data/com.own.league/files/mobclick_agent_cached_com.own.league107

MD5 efd1ce97425383fbf799d8c4b1445426
SHA1 4f50b0ae2c0964c64fed2049c4a4ede4b9cd69b6
SHA256 937d0051fec8bc4a9ba4121326cdf0cbb222454c08607952f7b0f218029d45d3
SHA512 18bb69f6244a6549a4a9ca59722b862d00df3b9622a6d79463e39d03429dab6d28bbfa13cdf1608b207cdf55d94c88ecb0655de11f79611376d095852c17528e