ee5c986aa4ac104173b559fbf8e704ae803ecfb185d26d97cd0524e1d431f9f4

Analysis

max time kernel
163s
max time network
185s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15/06/2024, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adf8622156f7ee491ccf8f91a28265fd_JaffaCakes118.apk
Size

5.0MB
MD5

adf8622156f7ee491ccf8f91a28265fd
SHA1

f7d1fa0885c142e05dfa3d1bcfdfbd4a8ee7028f
SHA256

ee5c986aa4ac104173b559fbf8e704ae803ecfb185d26d97cd0524e1d431f9f4
SHA512

e93a3445b54ff19112f5d8d2458b622199c0c52f66d3c02bdb519e6a06de9dea0482f2c9d48eab8d00ee42a50b8c9b45a420c2301e4376798615c6a1c7fc1684
SSDEEP

98304:Tn+5jPkKahuQIcYuM1FGkP11xlpliHLbHFQIKiO88fPPiGBS:q5j85QXuMhd7QFLiPPiGBS

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.shuanasdjhssaile.cn/files/__pasys_remote_banner.jar	4565	com.shuanasdjhssaile.cn

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.shuanasdjhssaile.cn

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.shuanasdjhssaile.cn

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
30	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shuanasdjhssaile.cn

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shuanasdjhssaile.cn

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shuanasdjhssaile.cn

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.shuanasdjhssaile.cn

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.shuanasdjhssaile.cn

com.shuanasdjhssaile.cn
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4565

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.shuanasdjhssaile.cn/databases/note

Filesize
16KB

MD5
ddf8c9b18a969eaf21329927d56363a8

SHA1
3827570cb82e4948a25e5437789bd48b7330d730

SHA256
9eaf9876c706f215b6fb69e2ffca13d7dfeb974e60c6e75d60d700a63340dc27

SHA512
6dcb178b617220ea66e627b1a752f8a8b54ec7278087f8487dccc07b5ea29580b145e132e1dcf8465f8cd112b8d67886e72f096f22907b9247b2f80a18e06e26

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/databases/note-journal

Filesize
512B

MD5
7815d37c3ddf51eb17df4eb22f62619f

SHA1
a0462219ee301c666a8ae7328474314bd5830e28

SHA256
db3b9b64f9f674abe697669a971f809c1ff83feaf11d3469c8d1d223152b7de4

SHA512
3f1af4eaf4e503f6b9b1d62c229e4b1c40d08d33e289c400fd8ec65af9fd0197c735c378dcdc30e68953ff674479745981e0ac47ab15bc74b63a5a4097d7c7e2

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/databases/note-journal

Filesize
8KB

MD5
48e1769e1184f359d9d16b0a17249cae

SHA1
c30e5187a2fcb0603b350cdb668cce43a687f5e7

SHA256
56c9995894f5569592cab2e2175f39c74b3d0ea9c5d0d7543ce2b30c7b34bdbc

SHA512
eda73f05974a4c0395c456e25be9e25f9f1435286a2d0b9692eae6623247ec8d3ab196ae46490a24ab665d5587598891738978c297d94b15d5cfd57ea9d87ae6

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/databases/note-journal

Filesize
8KB

MD5
da180ee40797f2e1ff5466add1247e18

SHA1
dc4f0592641ed1d9fa98e9774c55cc388bef8629

SHA256
1f347c26585748f0a97c953572b09988a9db5e845e6436761c5c71748e4e4d95

SHA512
b6e6ed12c01afcba2bf5e72f78ae1a0e1b0e1e7c0ea2a4d245796d024fba120be49f72d46dcc0e626566cff8d34a291a2839b10d3c116a08f766ca6dc38b58ee

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/files/.um/um_cache_1718446975776.env

Filesize
552B

MD5
016369aad6411cd6045c42da2baca31a

SHA1
3957600c8a067b98b8a0dbee2bdc9c0c85102424

SHA256
aa7fe8a2d8280b315f7f37614aab0012e35f030e338751354a74a2cdcea0473b

SHA512
6220352be448b72cedb8cd80e7027330ef4bf4eaf00a2241c7a84741d37473e31d9dc213021fd783e684b34c8f3a1f3823337facd3c296404a34380b83e6e85c

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/files/__pasys_remote_banner.jar

Filesize
219KB

MD5
9c859e81e45f7d6f6d3a8b8cdaa650a2

SHA1
c6798ed55e37020cef4b4c76c095f45bbc404438

SHA256
028f5514443840c54d4b832d439a70cd732c4740bf2bedc3a8ba567268225fbe

SHA512
f01429687a0a9e85be068b7553a5e0928f7d7b4b306c1ba5823e7151be4e30f1f6a69bdc9d9fa3c5d0d722d8b46dafbfd956783fe4e27d52204c9a29e3092ee3

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/files/__pasys_remote_banner.tmp.jar

Filesize
108KB

MD5
63ba17ca047dc71aa659c7ed8bb60de5

SHA1
675bd0556bce8d43cd29a6d9b3d996d41f3e0b2b

SHA256
2750f3af62f5b9d1d21f6a8215f529e472e7098ac16295b976a29115e8520a52

SHA512
5b70f6bc391276d2034a97e371adad0a635caafdfc33d32791db1432d4cca3f0364e1af6b10b574df5c8f3345bd5539a4d70455aa521f10b239e68216f5ddc39

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/files/oat/__pasys_remote_banner.jar.cur.prof

Filesize
274B

MD5
740e3c425fb93fe5466ab812e9f77c6a

SHA1
05aa44fd9b8cc9bc4d4ca0f6395c3fbfde123e6c

SHA256
bb34e20c06027e9e7940cdfc5827f72325f05d5ecd6e941be04387df84bc30b7

SHA512
9535ac8e9c29d836e9961035b7d1240bcaa7c2a04b90bd00aa32e6dc8f5a42bc271c1be409da818f2ec4c7b41a05bd6f41665b5ed12ef457a0cf7a204b14d7bf

Download Submit
/data/user/0/com.shuanasdjhssaile.cn/files/umeng_it.cache

Filesize
245B

MD5
748b6cd6eaa469f1c1cd33b3ef0e193b

SHA1
0c6371706694eb465df4f0a8f66000a2d53f33a2

SHA256
ba8f4dfc98b74cde5e4f46ed584e12abd5b5f8788c81878bc1a0ae1ae33755e9

SHA512
448d7584fe8c792b75942815edc305fb07cb2f7f243dda68801e13d30c803ca7beb4b4a64516e15d5b0f099160973d18bf26c4e8e473a3fdcf6ba6ac61048884

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads