Overview

overview

6

Static

static

6

b02f270e7f...18.apk

android-9-x86

6

__xadsdk__...__.apk

android-9-x86

__xadsdk__...__.apk

android-10-x64

__xadsdk__...__.apk

android-11-x64

Analysis

  • max time kernel
    176s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15-06-2024 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b02f270e7fafb9f711fb9507f282198c_JaffaCakes118.apk

  • Size

    18.5MB

  • MD5

    b02f270e7fafb9f711fb9507f282198c

  • SHA1

    405cb133fbfd540dbb2ab71d8895f0cf4e8e31e2

  • SHA256

    34acf58f2da3340e04537202d520c05bc90c760fdad65932bd7b805c3c5aaee4

  • SHA512

    f710713aada1718ee59694742a8e4a06e4fc77b903f8c670ea7400fe8d4f8e243049499a9bbecc6aa0d69b7aba612a0ea2bda1093ba6cb0cd428d3125c3ee5bf

  • SSDEEP

    393216:Q4qIcr6uZuGHvITuArWf8adiO1CU6nxMDrdFLEioj/VMtVGJYMVCK:3cr6uZuGHvI1q0+LZyeDrbEiO3JYu

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.foxit.mobile.pdf.lite
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4261

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.foxit.mobile.pdf.lite/databases/Foxit_Reader.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.foxit.mobile.pdf.lite/databases/Foxit_Reader.db-journal
    Filesize

    512B

    MD5

    59b9ea594bade7373eccb59d31acf78c

    SHA1

    8abbeb03f237178efe3b1ac58cd80c1e6d7f6171

    SHA256

    dbcba5d00aaec1dbeba7662d260765e338ae232a71c264b25b5fa20e38d2eebe

    SHA512

    ab07374c3068d1110a7820d06338c9e896259792b71d999c410865260af5acfcb25c6a31ca7f760800a9d1149e9a3223ad3d26007aaed8a121c9094817d180c8

    Download Submit

  • /data/data/com.foxit.mobile.pdf.lite/databases/Foxit_Reader.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.foxit.mobile.pdf.lite/databases/Foxit_Reader.db-wal
    Filesize

    140KB

    MD5

    7d4774029f5d31a4eedbabe2fd574adb

    SHA1

    ccd140d2e442204b62d678120944debe9f803d48

    SHA256

    1de64e67823d55d3d9483d5c66435c5480f9357550f4825397efa81268bc67ed

    SHA512

    d67e800024db6a290c5a45014152fd61073a10d5d3ee91201a35cfe0e5906f2e8bc96d8feb9186f8def7737fcbdee0056644a8c041cedd9643fcc628f17406cb

    Download Submit

  • /data/data/com.foxit.mobile.pdf.lite/files/.um/um_cache_1718487111390.env
    Filesize

    703B

    MD5

    018bbc832c1c502f90ba35aaa850c0d3

    SHA1

    880cc5d945b8bfc2d8537f9e6c02be1ffc3f7a4b

    SHA256

    8df26575a235d2217d224708f568a1721c4df9bfde9842c5852c88c37a1de37b

    SHA512

    48788910562577fe46ba93a2ace311f40108721129486b44bf68abd73d6b8815fc2054c7b2ed79b31631ba24722d3a1c56a2296cdace6e21c7893c3b4dbcbde5

    Download Submit

  • /data/data/com.foxit.mobile.pdf.lite/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    e0b987cac77824f46736ed79348059f7

    SHA1

    d880922d18c6c3f7e6e245b251a0eaf8ae35ceec

    SHA256

    175dedfe6f7592d6533f4d56261c5d2cd755d18608a2e6ab91a576c41ba87e31

    SHA512

    3e4276ecec5c82c100182526c4540b138cdbf811d5055be2d215415ba6591e8d676f4901c99b1fb1e6209b5e745c10074f5e741ca8a1a3477401898e9d6e7a4d

    Download Submit

  • /data/data/com.foxit.mobile.pdf.lite/files/umeng_it.cache
    Filesize

    415B

    MD5

    ecd91d890a0a6da6f408d897175b6afc

    SHA1

    2ea1b151373e5e49e9e6e81ae3e19bba2519b303

    SHA256

    14b8a0a9e23af53ab955c1c83bac5a8b9a47fed709462cf10b3a6068bc80c81c

    SHA512

    49020a9ffc0a41e48eb234ab99aaa335bc27fe36ce2a5a51a4086f9fc24526e0c17698fd241ad515ae30d60be3413a63751aecdb181b3c69158f8471d22c652a

    Download Submit

  • /storage/emulated/0/Foxit/FoxitSharedReview/CollabSyncData.xml
    Filesize

    56B

    MD5

    9f0984ea3b16d17227b370db4c3a9357

    SHA1

    ed4bad138dd531758369315f8ee2c3e66541e2c1

    SHA256

    ea0948ef2169593e1d645f4be5ac585027e5c45372ebcff8dba157492b81cbcb

    SHA512

    35577c6571321bc1da6eefe7b59319ab79794880d5bc41d81370ae6ec9e03e2493b46f38018d7765cf11448d9e6627edfad87e72a917e9a292d30fb52851b650

    Download Submit

  • /storage/emulated/0/Foxit/FoxitSharedReview/temp.xml
    Filesize

    54B

    MD5

    67e89011b7b5deb539236e2df38aa30a

    SHA1

    4719c1f51fb8480df657379e8845bb711e76682a

    SHA256

    8c180a52179a3926787914bd7b17e151ad9d722fad000682536f8ed0aa101a24

    SHA512

    7c9baefc2dd64b0ec85a812247899caf0afb2f7f7710ddca287b0dd57f0ddbbe1ba14f1faa61da50eaf5f155a1b39fd22c896f5a471435dee92bdc66bad49666

    Download Submit