Analysis

  • max time kernel
    7s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 07:20

General

  • Target

    a87ec6a33d2d0bd534eb7c4c66d1c4e8_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    a87ec6a33d2d0bd534eb7c4c66d1c4e8

  • SHA1

    582b456c2a43a6c1ca8b0bfbf79dae581ead277a

  • SHA256

    7f09cf0c2937db58fcf91d1d7bcae7d18aa8807a43f5e9bd721f45435a560e6a

  • SHA512

    b09bc2618cf178ffe01484093b4c432305ebd0d990d45f30d96601274162b478c2350b6d0d0448d10881baef68db614f48f7bcef9956a4f694f8a1ec94788a63

  • SSDEEP

    49152:hIiE7wWpZc08dwbVMjAKG+6V2F71C5bCZaqOEMYLmeM4CDKhPuykxyJWiNuCk61:67we/RVEXG+6k1C54aRVYLBjCWhPuzy1

Score
6/10

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.east2d.everyimage
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:5169

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.east2d.everyimage/files/.imprint
    Filesize

    701B

    MD5

    277eb637875c4e482764238da38799db

    SHA1

    2815667c08d6488b10ff59e2037c4e58615b1b64

    SHA256

    354d7675658f5e05041e528e17742efd0debfca644bfb705796b15a622f5158d

    SHA512

    7c334739f58368cd8f7dc9b097de3a2b140066922995e68d0c19a14a7a8971caf593915eba5f970198982cf85574bc8e636bcc707b15bd9c886b9a1776999b81

  • /data/data/com.east2d.everyimage/files/__local_except_cache.json
    Filesize

    408B

    MD5

    2a882ca6b6b509e985ca32e5fbb2a71c

    SHA1

    1b181750662f500bb6af6af2f79d0722412b3c99

    SHA256

    b0d226f7f356f42a03ae9601c684265ebd5a5a332d5be7739d0f9d26ae0c873f

    SHA512

    1f5ad565454eddf09857d67d0f712e34150d78e380576c9c35e8fe786965fb81053e73ba9851e5fc7ff5b361fd3ab6242845fbb7fbd059e338218dfba507572b

  • /data/data/com.east2d.everyimage/files/__local_last_session.json
    Filesize

    108B

    MD5

    ebda53cf8dea498c5906263ab414e710

    SHA1

    11b19a76f4a8ed9f5e14886dbc482c7d62fae118

    SHA256

    303d8eac02dd7f9de41716f4d4deb2849fb941f68557cba81151d072b6222c04

    SHA512

    226f4cadcdd37cc665344b4f8e532b7e46a25b603cbd94b43abe3a9370a0fb27cbaeb589003f6abce734c93f90e14d782b5f534d446658649a28dd72ea5d336a

  • /data/data/com.east2d.everyimage/files/__local_stat_cache.json
    Filesize

    25B

    MD5

    2d805b13f2f28dc3ca9bbcc000f49bb5

    SHA1

    9eac165b4d81258fd3967cde5cc53b53b1dabcb1

    SHA256

    c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

    SHA512

    5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

  • /data/data/com.east2d.everyimage/files/mobclick_agent_cached_com.east2d.everyimage22
    Filesize

    1KB

    MD5

    a000e66bd332a82066cdad4bdb27d758

    SHA1

    e4f00fdd0444b4d58f833ba7df8f7fd3e22d9751

    SHA256

    4be8b865d06984ea47829b586256efd0a24492951330b0f97052ff281fa0ed4f

    SHA512

    2c17088217e389b394fade7feb3fa3e44f4084d6172f6ae1e3d449037350e2b53db74f9d8465167480bdabca866c201d4b31aa6e13a2c925bb25cac218a4db0e

  • /data/data/com.east2d.everyimage/files/umeng_it.cache
    Filesize

    83B

    MD5

    48d5cb00571a201ac68fe792ec82728f

    SHA1

    bbac128a96c48012820747de9da629f03d0fc5fa

    SHA256

    ab7a1e322519c2d211d2eaa44d7e29e32bcdc5d67d5ec6e98ae3f4547715a9b3

    SHA512

    630f9fa11847bf01c48f10f9891c7166e55ab1a2ede0de634e438323cdeac40049e9be2960a99d14910ca5066f854549542c403bbce0c4b762709953a2345007

  • /data/data/com.east2d.everyimage/files/umeng_it.cache
    Filesize

    43B

    MD5

    f1d9eba5bcce55dc6ffc4c1e53d1cb99

    SHA1

    729598fb101fd8d379612ac80ac95ebc4a899389

    SHA256

    8e05d0863e877d7ae3178e902384f817225923d976db07e4e4f8aef2f7779759

    SHA512

    32501b21bea7f68f31ca6afedaf72c3aeea7ef4badc70466494255fe27a5a7a38c7b33ec56f92a864a4d24ca2037f8393f9373b3b698571cc59dd3dfc6a99f12

  • /storage/emulated/0/crash/crash-2024-06-14-07-20-31-1718349631005.log
    Filesize

    1KB

    MD5

    1e5a2d6c402c21a04a166be2cf29020a

    SHA1

    de2965c4714cb90d2b395884cc0d3520d10d262a

    SHA256

    261298fd2eae66f236170a419c3ff6380463bfe3b19e671d4fed837d2ab9117b

    SHA512

    4ceab6577390672deb2db6d47a8e24dd5b2e96e15386657f42cdf2e9a667dc4e97e334670bd4263af11f6437bbf0e5490b427e11c3e9ff2991ed1c7436da2c0f