504e7d85f6128d40beabc873eedb957eac9ed2ad0d5c67780125e97e4c959af4

Analysis

max time kernel
64s
max time network
137s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
13-06-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5e00b16d26012ab1221d4a63cbaa287_JaffaCakes118.apk
Size

1.6MB
MD5

a5e00b16d26012ab1221d4a63cbaa287
SHA1

ef9dc4965e4bc129addd9399ad20c34249accdfe
SHA256

504e7d85f6128d40beabc873eedb957eac9ed2ad0d5c67780125e97e4c959af4
SHA512

b6c29a441e347795760d677b23d2bcd94280a1e0be7bcb103dbaba1590fda1511ddd6a5a3c3316b702b0d912f6ba05db2cef8b9757036c7bf2582887e2ec6f53
SSDEEP

49152:WHefROtgUnT2b+C6JlUshuA4DyyAG5gNYR3cMrI06j:WHef+2bZ6JlUKuxDRRKmdcMrI0A

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

4 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

me.drakeet.inmessage

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo me.drakeet.inmessage
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

me.drakeet.inmessage

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo me.drakeet.inmessage
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

me.drakeet.inmessage

description ioc process

File opened for read /proc/cpuinfo me.drakeet.inmessage

flow	ioc
4	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	me.drakeet.inmessage

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	me.drakeet.inmessage

description	ioc	process
File opened for read	/proc/cpuinfo	me.drakeet.inmessage

me.drakeet.inmessage
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:5126

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/me.drakeet.inmessage/databases/messageDatabase.db
Filesize
24KB

MD5
f06126e7420e8e88dc8a60567d421fff

SHA1
d15b576d2a1902ef79a182903fd4d2b1819db935

SHA256
9ff971e4e865639899f54bedd523cf75c2916403cc572cd422d3adffdf4d1447

SHA512
2d3de23042d9a668ab75f5f868e416bf574b3438cbeb84084d43b612e62d0f0d8549f540f8306fede57b63fd04ac80fb2f8d4f8278ea26e3be70c5121be5e58e

Download Submit
/data/data/me.drakeet.inmessage/databases/messageDatabase.db-journal
Filesize
512B

MD5
f4e0e756ca80ca6ecca46897579031e2

SHA1
c60302f3446fbdedc923af817e4ff8a7b25bd1e0

SHA256
13614af91c75be1036cd98d21907e4c6103385c1bf7f685c51cbee88255fb5b6

SHA512
ada2f01b3944e05107a788359f51f54225b302bdfdc94671915d958e778a3796f723ebd7219611b9714af3c5aa1c4ba428945640a96b41ba606b9379ba004b49

Download Submit
/data/data/me.drakeet.inmessage/databases/messageDatabase.db-journal
Filesize
8KB

MD5
5f4ce4c5f1d12848c59512218922d7d3

SHA1
2182e1f075a74943b9a3b02869bcee930c25cd95

SHA256
2da624f54cec12f33d19737119e00b44327a40523a8bc679a41a781844b9068f

SHA512
51c05c0bf3a7180c4fb6ec351783c15d3919c7fc0fe1dbcc6ce0f6ba42f515faa28b8c7795333e85e6b68cc291a8b3b7dedfd14fb354890eb348db5a62135d55

Download Submit
/data/data/me.drakeet.inmessage/databases/messageDatabase.db-journal
Filesize
8KB

MD5
b55cb02258fb8a5a5a081d7bc3789231

SHA1
c8c0ed274c902dcb7c5445fa6904b892b0956bcf

SHA256
b889ca73194d918e58edc0ab3a710ba693fa377ab86a9e01a28d92ad02d56a6f

SHA512
d13babb2f5e3d0a248047a1d5a3592c2363db6699e831f06f1e2cd86f8b5db20fad6680a6f6a649574e1eec302e3b01c03ec1e0c82bf07ebbe2af89a5d4ab5f5

Download Submit
/data/data/me.drakeet.inmessage/files/.um/um_cache_1718286726352.env
Filesize
548B

MD5
fbb87d77db4d15333bb62e0af98ec7a0

SHA1
fa73460ab225bb29587d11dd0450bb0d8aa96ac6

SHA256
5d4351c149da919103f9d400d30b90800f00cd7c9ff52838c72b035a9d80875a

SHA512
aa602efe55eafa30e2f5e611295f6f5a254f3e8f9d8663a9f49abedbfff6c28a7c048121239a3c950ab954425f9bc4b1017ad9a96a3b75503e23dc87b573a510

Download Submit
/data/data/me.drakeet.inmessage/files/umeng_it.cache
Filesize
245B

MD5
03ac2b5be741f0df43ced38e33a59002

SHA1
35e0d9617dd314101501a96f8b6d61e06226ee2b

SHA256
a467e03213d1e98037bdfbdab4da67370d4d585c24a8604a8e6c089a1e8a937c

SHA512
1220f65f18360edceff2eb4721e0f8b06f176327ea76e209639854868a6c48cdfe098fee66b030de7915dd2bacaf33d5a31c41a047d93b7478dcff53f20bfc9d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads