54e5a5c66ce548a73c04a9bd042c50ce1f83db58e4530b85f33e22a42b90924e

Analysis

max time kernel
12s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15-06-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac849a64eead20eeefbb6ee110c02eb3_JaffaCakes118.apk
Size

6.8MB
MD5

ac849a64eead20eeefbb6ee110c02eb3
SHA1

8e8fc5c44ba77d225f2245b2b120fd06b19fee61
SHA256

54e5a5c66ce548a73c04a9bd042c50ce1f83db58e4530b85f33e22a42b90924e
SHA512

94feca654482ca4f2dfb8a30febe67ae28b68369e2a7054eaa0212d6a9c7b2a393808d625c0f0c4fe234ddfc4bdc4ba09588d14e1b701914827c1cddbeab0829
SSDEEP

196608:B438fEWxVLexlcw9zhSFlvKp8x3URx8v/eL4/b:BT8WxVLY9lKF5NUbc/eL4/b

Score

6^/10

discovery impact

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.iqinbao.android.fairytale

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iqinbao.android.fairytale

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iqinbao.android.fairytale

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.iqinbao.android.fairytale

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.iqinbao.android.fairytale

com.iqinbao.android.fairytale
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4456

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.iqinbao.android.fairytale/databases/afinal.db

Filesize
20KB

MD5
865bcaeda0681f93af8515e109d47607

SHA1
c6ac1e2315ab9b1d7991cb33ffee6f2816205cc6

SHA256
97e2a4c1fef15a118c37d3ed603f1de5d95177b3d7779fdec5faac49a97a0892

SHA512
5c436088064cc4857174032031ef0c4fda50885783bbe67cfb95614a1bf1c5cecce434f81642602a85c0b3741f6914c0a81d6f75233b7d8a2969ad576d578191

Download Submit
/data/user/0/com.iqinbao.android.fairytale/databases/afinal.db-journal

Filesize
8KB

MD5
2fb249e8469ccdac814d0fabf54c3052

SHA1
743ebefe979a52dc0110fbc295ca7af5d6e4714b

SHA256
60be4197c0adee3cf566b23b1e2153e9e3877b56b1843741cee32a2206b9784c

SHA512
779c9942c6d3f619995f5773a78f4dc5dd3bd653a64e246fe1d3e08da0379c29ad971c4bab54a222c7d0b5868c1e19f3efa8210cc5c49022764a22b2b2dcbc84

Download Submit
/data/user/0/com.iqinbao.android.fairytale/databases/afinal.db-journal

Filesize
512B

MD5
52cb3ea4db41ba4037bef2741945338e

SHA1
08e191d0af10a2cc225a18ece0af4993230db28e

SHA256
1eb1b09f80c4249874e9d0e42d49de71ddcf21a2d8f18b98c9bdc9bf4fb44bc2

SHA512
cfdb78bed127e7618391bff34508bf68c23c76e9b852ac594ecb33f3d438a0fac8fb5682f95464862d5b3d72d18282071a286d29c7ed2d559e2599c7d2cc5005

Download Submit
/data/user/0/com.iqinbao.android.fairytale/databases/afinal.db-journal

Filesize
8KB

MD5
14bd0b40887fc75bc24f87aa69e6e52b

SHA1
79fe0c4e15b227da44f89d5f13bb74bdc2fe65a4

SHA256
4f4c88fb637afcabedec5f37b661290cb57a8c0f705186838489f1a17993d418

SHA512
14f7097820301682280e911d4c128a04634d885079e4172b3cfdf783e95469cc1c4f8effd9898dff1932b342eebdc91bdf016053fc0cae163247d3c9157fbd95

Download Submit
/data/user/0/com.iqinbao.android.fairytale/databases/afinal.db-journal

Filesize
4KB

MD5
c2c6047b80a58d27bcec8ec7960b4e8b

SHA1
9d7cb0e4a340d7cc401b3f70ff8d627da88310a1

SHA256
3d559a86609173f11a199350d5f8f54ce8704aaa7312ab6f303ad844df0a272c

SHA512
018579314c0639b2d478eba00cb38e1ffa3ca9c76cf9a80968097e14d8a7cab084f605e35f95a9245791bfa0d3b6153edc2490f6a762f4f0b58ea5333ac98088

Download Submit
/data/user/0/com.iqinbao.android.fairytale/files/umeng_it.cache

Filesize
245B

MD5
e69e77423a7b99b466deed5fae3c928f

SHA1
50b65970e1c27a42b9b91f54a2a538dc7f6e9168

SHA256
f383e5a7e60f0dbc344853bb43f850f9fc7c60a1d360d28ef038380dd576c18b

SHA512
796f83e0ff532aaca31dc83317b26f0ab85027dddfdc37f58b609b6f091ade012b661d4e0a97bb97337f3711e7b42bb49065c8251d6b653bd6df7c85cad26d8c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
24a4a088881cec48c282c71c61a10c6f

SHA1
0fbb01a0e96bf1a158862d15fb51126290fe79db

SHA256
e8d9f28de36071a2acd3b736d1004e2d375b627ba3b19ccb9ee4f9e8803d7fe6

SHA512
88d58e542fd66ecad07533ba09b9389864403ccfeb76a117b835a4f404bb63dbcc8d5da926bfa4c7b91ff4dcecd27d5f5fa9c4ce3dc88ff4309d1626d5f0d122

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
407B

MD5
3923e0a446a7293322fd21cea7207c24

SHA1
0d8c3d1b1d95b8d9da306af804e3b6a3af6e237c

SHA256
f381e89f8f77250d9a104d4c9f29b98ff0aae1f31913fa273032750d5a83742d

SHA512
1f1790b3aacf822a7a7620d61f668fb40e3361761659b864111e4c21b2d2dc3c8007056559e494da71726032f2fb07db5256f12c807da7a1edd2583c70b401c3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml (deleted)

Filesize
111B

MD5
1282c4fe1a8b7041a9860e7b75140fec

SHA1
93bb1828ef50994d9b160d498c7e8b86898f7213

SHA256
41f6154d7237a40721d83f3b67b0ac2696bff5221354ecfb4e4d43b73f5795a1

SHA512
48066df4c11bc88752f2653be1c0e17fe66a4d11a55ebeb444774cb0436726da541d8d5e701be504d1483cd4afa7af37d8e3e4d8e21205a22a5ea9303010f10d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads