0e6da71cbcc523222855d7cbbc2349873fde38bea998e2f2320970143a291267

Analysis

max time kernel
171s
max time network
174s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16-06-2024 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b431c1c652ba847e80752ee4d77042d7_JaffaCakes118.apk
Size

17.7MB
MD5

b431c1c652ba847e80752ee4d77042d7
SHA1

c45935104c4bc0dfeba535aefa53c474e2199ee8
SHA256

0e6da71cbcc523222855d7cbbc2349873fde38bea998e2f2320970143a291267
SHA512

f5a51ce8c3972de1669128a333d5480f232a45dc21f4f5ad3aea7f6ce0c335aa11c05c3318747dee03ac045ad609506b0763c1471fe388d7e94567e17cd7ac86
SSDEEP

393216:f+Unuyn6RPxcYeigIxp3ExZToLkv4rnUc5ZRhO51qpB:fvLkP+s3AvviUoNw6

Score

7^/10

discovery impact

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.junyue.him

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
8	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.junyue.him

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.junyue.him

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.junyue.him

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.junyue.him

com.junyue.him
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4268

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.junyue.him/files/.um/um_cache_1718551230098.env

Filesize
654B

MD5
0f6dd26840d0f481e8d0b0624d3726d0

SHA1
a1d43ab5e274dba8551b261bab0407d2dca35532

SHA256
ef4cf3a7df4222f0e9d98cab0860f2d3081c8cf3d4c3a96ed61a3fbb831fd536

SHA512
a4993183ebf05d6972105dbafb57c75a45b22c85670089d0e352bd76006b544dc3ec8ce1c787496505c76986482807847f0e62d306b317576fac3f2be945146f

Download Submit
/data/data/com.junyue.him/files/umeng_it.cache

Filesize
393B

MD5
058127d3d8b8a9f78e158c60c9dc1d62

SHA1
870b4b205b0d0a69f28067bafcd56f5bf8bed47d

SHA256
de0c5ab5ddc2633304e41a210e47fef008fbed2a57d1d64773c085dac8ab7290

SHA512
6c6cf31e8a3275824a6119c62f50264d236e61b7bebe853b9394c68c437f8ba0323cd9c6f5f09d31ef1d38d658480f8635e13ab88335595b4b47792ca6e89c62

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
c15a756ede16a6a04a4264aaffe32915

SHA1
dc7205da5447685676283871e48724ba4eb617c7

SHA256
07b6bc7d645f4835822fb2131d6517d345d1c197d4ba7f19c675c45d57eb0b4e

SHA512
c1bc78cf93c5cf9e0ebe45a8ff526945b68f1dfddb90f7041e254b126add528f989dd1ade940e68aa8be3ec2d16c3c63cf443081ba38985612dc2b3b5552f34c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
a3846142b44492fcfe632581c34adec8

SHA1
7a5ca32f8161cea00fce91c0d3833618f07a71d7

SHA256
7a2054dcb1af68b52054bcda30a812cdf755084edad1ad8c7143902af7a6c244

SHA512
8d3470151977b20724640c32e59f0aebdcc06beecc1829b3d5b446ac897b39297968ef69f8c7d05ac30f5601313f85cfb86e6cacf619f4a462d5cea1a2b66457

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
15103f34aeda8e219bfd7a02ec096a42

SHA1
4ec9d9d267c649fcf037f542413926ea05ba55e5

SHA256
ba0ddb31296bbbbdebc7d169f35db97db5b3b0dec6f4c95ec441f7dbe54afafa

SHA512
15044c5b0379c4e7d38be055ccc3ab94d9dd46244f6911c22d3ef302acf7a570ac7bf77161ef2202b154c4ceffef1fa6c98607182d46c88718b4538904d15d74

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads