Overview

overview

6

Static

static

6

ac849a64ee...18.apk

android-9-x86

6

ac849a64ee...18.apk

android-11-x64

6

__pasys_re...er.apk

android-9-x86

__pasys_re...er.apk

android-10-x64

__pasys_re...er.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    11s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15/06/2024, 02:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ac849a64eead20eeefbb6ee110c02eb3_JaffaCakes118.apk

  • Size

    6.8MB

  • MD5

    ac849a64eead20eeefbb6ee110c02eb3

  • SHA1

    8e8fc5c44ba77d225f2245b2b120fd06b19fee61

  • SHA256

    54e5a5c66ce548a73c04a9bd042c50ce1f83db58e4530b85f33e22a42b90924e

  • SHA512

    94feca654482ca4f2dfb8a30febe67ae28b68369e2a7054eaa0212d6a9c7b2a393808d625c0f0c4fe234ddfc4bdc4ba09588d14e1b701914827c1cddbeab0829

  • SSDEEP

    196608:B438fEWxVLexlcw9zhSFlvKp8x3URx8v/eL4/b:BT8WxVLY9lKF5NUbc/eL4/b

Score
6/10
discoveryimpactpersistence

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.iqinbao.android.fairytale
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4251

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.iqinbao.android.fairytale/databases/afinal.db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/com.iqinbao.android.fairytale/databases/afinal.db-journal
          Filesize

          512B

          MD5

          0dceabda9ba30791485683160aa5fd36

          SHA1

          f2c3ee86a26686b55735e48b201cc1a646865a3c

          SHA256

          c6333dc9d6a9c8356f8b05d841a24746b2c76eff5e7aa9f37e34ed872a5452da

          SHA512

          4f2a875e9990530619eb16aa593be026c54ed23557d4ab1666d30d7118c318b2ae79d145aca4f4ff6de7c7b516f587631840b0a2aac4ce9f24c07ec4079dc3df

          Download Submit

        • /data/data/com.iqinbao.android.fairytale/databases/afinal.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit

        • /data/data/com.iqinbao.android.fairytale/databases/afinal.db-wal
          Filesize

          36KB

          MD5

          b0e5e80b3c2c7d0e429e38e4581f1e9c

          SHA1

          9d520b60c0245564323a5518306ca5be4495b9bc

          SHA256

          ef22bf90d17b4789bd8bf079fd8b8af606148b1cdab5874fc16be58433f3b152

          SHA512

          82ced5eb9b7268926ece8b6cb5f2976153bbee97335a2631d09d1706df20245ee48e835c23bfa244734feb38f74093dfd34068c2866691ecd405a6dbac55469c

          Download Submit

        • /data/data/com.iqinbao.android.fairytale/files/umeng_it.cache
          Filesize

          393B

          MD5

          5d528a966b49a81c6edf6d9bdc5daf41

          SHA1

          74d91ab60ec8882af71e659c2acff60a09844ed7

          SHA256

          7d93f3699acc6262670d27651a7f308d64670d4e6efb66f98bf35a5083165567

          SHA512

          de4a5b936ee34022900e02d0090de3a3dac62a4f7219c4207173b90a2c989a2b14bad0f89c4477a3ffc61bff90d895017c1128ddfba1905d36d7e36a6944eef1

          Download Submit

        • /storage/emulated/0/.DataStorage/ContextData.xml
          Filesize

          111B

          MD5

          81c942894de91594bc2d9224cb1be9e8

          SHA1

          00e006991179c1f66b8a6ee569e41b56484e0df2

          SHA256

          37be4998d4a06ba076aa984efca9a97b1bf67020c483df132118a065ae8256f1

          SHA512

          fc8a9e6ddf8fd17c72a6920af2047dfcf83477e3073a8f964ef1d4a0ef5d1a0ba6c485b2c053a897fbde1a0399a7551b41735d07572a731d799c35c3278d6150

          Download Submit

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

          Download Submit

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
          Filesize

          111B

          MD5

          fa1f39512b3b217197f4b392ca13a079

          SHA1

          6193786b6dff6af3982d5a4d346f3931c0ea30d9

          SHA256

          fce2d535634dcd2a7e139abb90587ee3e4612e085d21ecfe5e6694536ce45c68

          SHA512

          7e9abd5046ca8d0f148a88dd528e7657271e01bee4283ada901d529ba5f7dc89857d4f8a670480b878c30976923ecbbfbded80fe3b148e8a3dba408ebe349c4c

          Download Submit

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
          Filesize

          381B

          MD5

          2913c3a419b497ae67f2d5b303af1758

          SHA1

          367a2ba61994882b3e7d37addc15b72ceae36df5

          SHA256

          e57ad26e2bdcb7636b6a860279bff99216c16a863be47a029a06681ef0dbcc8f

          SHA512

          2ef005b4f7c4bdd49c04abd95fad460583405a3d822f4381ec3f7e1d3e20f1dc5a9eb37be6db4034552ad8642d4e7060b163b536ad4f04bdc2b41dd1db462059

          Download Submit