4dd7aee7e6db4e7caaf13ac7c515eb08c4e765cac1ee941732dfa95d437eb7eb

Analysis

max time kernel
33s
max time network
170s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15/06/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af92481d2dd6605f6fc7a365963f7906_JaffaCakes118.apk
Size

16.1MB
MD5

af92481d2dd6605f6fc7a365963f7906
SHA1

a30c1f3a1d97229620f8150f445a25248b4f3218
SHA256

4dd7aee7e6db4e7caaf13ac7c515eb08c4e765cac1ee941732dfa95d437eb7eb
SHA512

9d1506cda1624a8060ff4773aa3d3dca6fc1778e5c1bdabdf6c54c1c10faa6c0f2ca79292be9773dad1052fd5976db1e91380bff3b86e91629e5472acfea6ddd
SSDEEP

393216:61H5sns7yXBcEK5Ma+9V12OpxZowmJsowmJOmecuTWrOCDDVlX:YH5OsmXBYmwcbcumjDH

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	f.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.digitalchina.fupin

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.digitalchina.fupin

com.digitalchina.fupin
1⤵
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4191
- chmod 755 /data/user/0/com.digitalchina.fupin/.jiagu/libjiagu.so
  2⤵
  PID:4219

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact