Overview

overview

7

Static

static

6

b4eab4ad4d...18.apk

android-9-x86

7

b4eab4ad4d...18.apk

android-11-x64

7

Analysis

  • max time kernel
    179s
  • max time network
    189s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16-06-2024 19:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4eab4ad4dbe3b1c1c78c7b10288a031_JaffaCakes118.apk

  • Size

    16.2MB

  • MD5

    b4eab4ad4dbe3b1c1c78c7b10288a031

  • SHA1

    657af869440d1b98ff04ba57f0a361c575481080

  • SHA256

    b77f03b05b21d06e8b1d16567b25ffef70afc61574edd9123b53121767eb5008

  • SHA512

    b1395ce203021ea802c9813002697d946f8a4700699342193abbb6829bc884c51eb6e15b30ef2c78d61f262402f25d5bd0818cced6305552ee9d64f435f2d76e

  • SSDEEP

    393216:25EqNpjxweZgLLkI9tpc9ca0g2q6U6ckF3TIVikw3I1:2bNpjxDwLkI9txI6UWFEVnYu

Score
7/10
bankerdiscoverypersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.niubang.uguma
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4203
  • com.niubang.uguma:pushservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4252

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.niubang.uguma/cache/image_manager_disk_cache/3763ca5d0130075b9db88f023bf88fcf20782286fe056bb52a018bb81ec613e3.0.tmp
    Filesize

    261KB

    MD5

    e40758211eb3042c09567f00f7fdfccb

    SHA1

    342b5efc2f9ccaff69ac2725529bc22f0471f3e7

    SHA256

    7b9726c94db88d32f90f8b4a80ef232b83321994a603d1069c50e5973ff67b2b

    SHA512

    0725ba31ab5aef1c08f13bd7ccace786ca47c96bbbe4848e11a02d4f112206ae24cfa98cd2118bbbd9c9c5408d7b037be0ba666027d60c0164c975dfd6b9e75b

    Download Submit

  • /data/data/com.niubang.uguma/cache/image_manager_disk_cache/journal
    Filesize

    512B

    MD5

    462359d730e2c031c4ef200aed7c89ab

    SHA1

    3c13002435a05890b58ba396604d5778bb940897

    SHA256

    89497c78569f2466d3a3f1cde810be31ca263167e34ac83f34cd76718d2a0e4f

    SHA512

    ad7def82d66c02be0e2c35c65d9633263161eb307ee8bb0c6167b93df5acc0c703f3bf6dfee4cb4826bf62cc5371314e09383adda9cf0b654a6fa92ae13d7e03

    Download Submit

  • /data/data/com.niubang.uguma/cache/image_manager_disk_cache/journal.tmp
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.niubang.uguma/databases/cc/cc.db
    Filesize

    36KB

    MD5

    ce6135aa1b1fe4f2c2db2a546d2a5558

    SHA1

    79b59582154017aadab783dc266fcb158c252940

    SHA256

    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

    SHA512

    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

    Download Submit

  • /data/data/com.niubang.uguma/databases/cc/cc.db
    Filesize

    36KB

    MD5

    d422883e4047fbd3fc0c03fab6719b53

    SHA1

    b43b28d5c2f95374347a1f4923cb342ecf2ce2f7

    SHA256

    b416f5aa42a8aa5ff34bba8ca829b3146be1e5c10f8bc040be3e633ef28bd6ef

    SHA512

    15a6f413433f942c4e8c58ac7aea7ba1a64215c2f75a3d9e0610262d4ddb3ae75e2753321d442bfa177bf63c9b62e3b8a167d36d237e5237c154f669f44376f8

    Download Submit

  • /data/data/com.niubang.uguma/databases/cc/cc.db-journal
    Filesize

    512B

    MD5

    e088e34921df6767732e1b389f448e4a

    SHA1

    6214cd09fb735b55781e2708a7731cd9d0b5d00c

    SHA256

    c4daf1e11089d5a4707f0eb8125df0a943578dae168fd80150741a8b512bead5

    SHA512

    61f1495b27d61e02fdf61a7632814fdbfe5e5bf01ef44aa59bde6f5367de924cf3476085de97fada5cfdacc32e9ecd05735925516d28273968dee36f774cbe9d

    Download Submit

  • /data/data/com.niubang.uguma/databases/cc/cc.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.niubang.uguma/databases/cc/cc.db-wal
    Filesize

    16KB

    MD5

    098659c0a0b04ddc68b9b04891fafb63

    SHA1

    a23aa31b17ee615dfa4ea53caa298f538b20469e

    SHA256

    8ef36d8ee4ab8ebd12b1e6d2869bd39684e1ae29536383507f1a94289fea3556

    SHA512

    f5315019e44f21f8cef58ce7097db5f90125c42a3a9ce6458a1414ebbe1ff98cf03335cb76ac84851ad5c82506ed2a19f97a5d4ce023fa3393e3d0a978cf48c1

    Download Submit

  • /data/data/com.niubang.uguma/databases/cc/cc.db-wal
    Filesize

    48KB

    MD5

    2de3dd0ba22dbfc5e0b841602bc62769

    SHA1

    d14e8ef70fca99749dac42625b7f53d3bb6f8d2f

    SHA256

    b83ed65a6a68ec56184a42a40c66ce42a58303f66823dc0a57397c3495f06e8d

    SHA512

    e6454540fc5f32cfccbd25e389556f5d89c610790eddd5dde3884d6f909b9dc028a30bfaffe0276d88ba30b5602cf8fa3a1fbbab7720224b569dadc02ca0aace

    Download Submit

  • /data/data/com.niubang.uguma/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    49fcb878dcc188353b2a0621e4c9d691

    SHA1

    0c4e6fb7c1d8aa1d7ec6c43459e91c690d83fc76

    SHA256

    a858a25bd70a369a9226fb2a26d3eccc997db92b45c258ce3b7c8a687205b3b7

    SHA512

    848aa15996e5e508c2bb20bd12481f1c4f1ef22b1d3ca2297e305cccfff17775c45c5458bbae17c58eaccf0ba6966723511e19a5e6e8e2831798f09ecd77426f

    Download Submit

  • /data/data/com.niubang.uguma/files/armeabi/libtestfast.so
    Filesize

    1.1MB

    MD5

    0a764b4dcba7a27768c9462ab99ba8a0

    SHA1

    c5b6ef9d0822c9a914fa21dc576b0144afb93d98

    SHA256

    4efd0503d98ce0fa56cf71180b7ccea377f839468ce62945e2917b69e547dd8d

    SHA512

    8ce45ae525dcb641a11199c501ee1c83d89fbd4a79d3c438776c53c57be381e88e87b629763b3b567dd42454c276ebe1261d36ffa2be6923ed11a99db8503cc4

    Download Submit

  • /data/data/com.niubang.uguma/files/umeng_it.cache
    Filesize

    415B

    MD5

    66de9d7855aa9b16c6c25c3fdf2c1994

    SHA1

    3f4a132368b63cc2ceb907f19748adf552e3a614

    SHA256

    73da85b83ba69ba663381824e53dff5ade31ba34b0b3ff5dec1b7420a7523e69

    SHA512

    943733895fd6c6c29dc07b749d5a574ad72eb719139b2b62a1a25807293b131c2ef37ca6f23d274bb5e92391cdfeb61d7f58faa4d697c62150f44cdaed862458

    Download Submit