Overview

overview

7

Static

static

6

a780bf3835...18.apk

android-9-x86

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    34s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a780bf383534bc5c152f6bd36853f672_JaffaCakes118.apk

  • Size

    4.7MB

  • MD5

    a780bf383534bc5c152f6bd36853f672

  • SHA1

    c4357df816d267300175a35596c822c21c033348

  • SHA256

    74eff5161779c6f89b903a0430d2a1b64873ccf13268604191567cf885bf468f

  • SHA512

    40d4cd3f63d7eb7c2d40df37a7b83b3884f1fc23feb88796f675bd1e415cc79cbc1288358ce411b259e5174137f5eee13ce8d1fd81b0c275592dded1eaece6fc

  • SSDEEP

    98304:vG74iDjBvZi9pWndxiGRmVx3bCaB+DbTNAkq2aJBBzDZ+gKwolK7GM0:ecsBRc9GRmzCDbRAkQfBzawuK7Gz

Score
7/10
discoveryimpact

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.unicom.vobao
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4285

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.unicom.vobao/files/.imprint
    Filesize

    846B

    MD5

    b39ea174a0e4c5ce1d67488768b633d4

    SHA1

    1b37f75976e958f4a4b5a4e7cf410410a7dd1cac

    SHA256

    0c69c91a9ac04ba7e7a2b11906084d598ca19b00869c8f0041d09f906730189b

    SHA512

    ac6264e946cc92b0664f7326502709cb49f97138598aa7658f10f194be6dbde58545f874ba0365b87d13620c6c1ed55331aae1c8ce50871c4a789b2f597fdacb

    Download Submit
  • /data/data/com.unicom.vobao/files/umeng_it.cache
    Filesize

    211B

    MD5

    e25cdeb0028733152d4950c67a2dff02

    SHA1

    038e1afaf89a270103b09c2acde337be280ef574

    SHA256

    1c2feaa73de1d7ffd6a04b34b19ff6b7bd3ef32507371804c17c57ccfba00541

    SHA512

    395c18a5035eda3335588fb798194d960ab9ed2d941349b3b93c572f9de6d5bb492815b1cd14951fb3463c95650e5b7cee5708e23c4e2abd34c81d7b2455ceaf

    Download Submit
  • /data/data/com.unicom.vobao/files/umeng_it.cache
    Filesize

    108B

    MD5

    e993f2b8ffaf469cfccaf2973d0f88c7

    SHA1

    93b3a97d1677d925d3bb391c8a7970bb370d5237

    SHA256

    134a667ac0544943bf669597923b2a797294a47f1d2f0d637e5ed586d30c66e7

    SHA512

    0dae5a25dffbaa69a7c76ed48106e02682be7fa43e04fb938379cd43828f44bb4ca00133fecd2e3a2620a2b02813c257632a9661ab12245e76be7c3d5d386cef

    Download Submit