8f9510e561b8053db251a4c872a2062f429406755b79329dcafd9b5868c6705e

Analysis

max time kernel
179s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15/06/2024, 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb31e56b9f0d3ab1fa462bdd38d4d46_JaffaCakes118.apk
Size

30.9MB
MD5

acb31e56b9f0d3ab1fa462bdd38d4d46
SHA1

33a23a8f474d880c6265483b112a00a650f345c7
SHA256

8f9510e561b8053db251a4c872a2062f429406755b79329dcafd9b5868c6705e
SHA512

19b5ec4d51d0c53fdc07fb5a7b7c4c08d80ea289ffbf340fcf2d3e20235042616d9d15f65152a2bd45447d62f6a66c2f8e823c6a82946bf54659e7b3f8d70eba
SSDEEP

786432:H0FfBveo8syPSJxD4OWfiJdF7MiI6Iab/yhwJK:qv41gdG6IGK

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.rayclear.renrenjiang

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
15	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.rayclear.renrenjiang

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rayclear.renrenjiang

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.rayclear.renrenjiang

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rayclear.renrenjiang

com.rayclear.renrenjiang
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4205

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact