43e0b8e2fd416eca3fc0d83e7fdad6c1563202ec6e8ceadd148031c07126f6c9

Analysis

max time kernel
117s
max time network
170s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16-06-2024 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b58a30c210f824368dd88429e22fb933_JaffaCakes118.apk
Size

23.7MB
MD5

b58a30c210f824368dd88429e22fb933
SHA1

c2ca1f6034b8ed9f2a23447a3b207dbbf59d02aa
SHA256

43e0b8e2fd416eca3fc0d83e7fdad6c1563202ec6e8ceadd148031c07126f6c9
SHA512

cc22f8281634a471b5ca8b7962c14fcc96aa49eb7d44ab8aefd832282d48d1adfd47dea2c83b8f0a5a278e7f766312d75dfa31f2c25fae90735d1150fe098d86
SSDEEP

393216:iQTS/+qeBvKG8F7FTy6pma82K1ESNH0ya1y/1AaIBtQtPCrBfR1s:iQ4+lB38x582U8USaIAas

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wangniu.fndmlfree

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wangniu.fndmlfree

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wangniu.fndmlfree

com.wangniu.fndmlfree
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4194

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wangniu.fndmlfree/files/.um/um_cache_1718577577715.env

Filesize
596B

MD5
8ba2c670828d611bb4210ff309061c8f

SHA1
aad55d900f1cebdcf4a60ea829d61c828f743baf

SHA256
31ef5d411e46504a09a9d7d53a0104b6a053023605949919ca886b88db15a4a8

SHA512
94d8226c187d1d28bdc871963c0454f609a90dd856226916235284f0e87d87ffe069aa481bb46109be4adbe8ceff4c2731156218b47cc57171237a5df2ecaa1f

Download Submit
/data/data/com.wangniu.fndmlfree/files/umeng_it.cache

Filesize
310B

MD5
6f2b3989a7a681287547a5034997ed5b

SHA1
0acefa2965aeed33e9d5386e253f83508c94d86d

SHA256
59933545bc584c1d6737273593efe95a72b8e6181e4e434fed43ee8ad51f7fba

SHA512
8a99c4a54aa8662dd18216a5af9e8a5f660a717433b454a9baa3105eed10394457cd01dd8ac0d6e657466d603f38ef9f13ad9d439b5a74f9fc5819870b9e20bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads