b77f03b05b21d06e8b1d16567b25ffef70afc61574edd9123b53121767eb5008

Analysis

max time kernel
176s
max time network
178s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16/06/2024, 19:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4eab4ad4dbe3b1c1c78c7b10288a031_JaffaCakes118.apk
Size

16.2MB
MD5

b4eab4ad4dbe3b1c1c78c7b10288a031
SHA1

657af869440d1b98ff04ba57f0a361c575481080
SHA256

b77f03b05b21d06e8b1d16567b25ffef70afc61574edd9123b53121767eb5008
SHA512

b1395ce203021ea802c9813002697d946f8a4700699342193abbb6829bc884c51eb6e15b30ef2c78d61f262402f25d5bd0818cced6305552ee9d64f435f2d76e
SSDEEP

393216:25EqNpjxweZgLLkI9tpc9ca0g2q6U6ckF3TIVikw3I1:2bNpjxDwLkI9txI6UWFEVnYu

Score

7^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.niubang.uguma:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
18	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.niubang.uguma
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.niubang.uguma:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.niubang.uguma

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.niubang.uguma

com.niubang.uguma
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4646

com.niubang.uguma:pushservice
1⤵
- Acquires the wake lock
- Queries information about active data network
PID:4702

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.niubang.uguma/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db

Filesize
36KB

MD5
6fa3d95e295f38e0c247ca99995376d9

SHA1
81939154b8158406cfc0f0ee9cd77dde2bb16160

SHA256
03ce93838e09911dbde1e6440f701874be69e61c9f61a6b42951aec66afbfdd3

SHA512
ab3fe1de942ea92116e27b51d13c0d388b113eac3579fecc96f7b6eb75536733c9541c10847e4689f4cd7d3f964bba8d2a3c5e19e01b5ce956bdf9f52481abb5

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db-journal

Filesize
8KB

MD5
4a45902d5730344375a250eefc2d58f1

SHA1
20dd4e66e766f3e75b1ce0a741dab0765927fb0a

SHA256
4b0ccd48ba2defaa296350c9c0a5883314dfb14b3d9d50b7fa4d4e4a5c08e529

SHA512
aaf7c4dc287c099b6d761177853ed634d8ce7b67fa442a8cff77f98ea69a1f38ddbc9269dc2784a987f4991bac521c0b5e4e9e2dd2a51434fc61cda549e45598

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db-journal

Filesize
8KB

MD5
5112675539e30b2e65dc147ba118babf

SHA1
d4cc1228d982ccdc72a2025b210748c9f1662ec3

SHA256
2aaf86d30bf8c107b98d44ec430aad082a3ee7965e7b3fdd7f86665245149fa3

SHA512
3bd5cb3cc553db2e843ba62c01da285cffcae88aa6725e587b512472bbb4d9d0332215f4dccaed5f6651d9da7b6d3a9f4fc6de709eeb4d79a5722b4f92422085

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db-journal

Filesize
12KB

MD5
6769d3999285138fa1ae1cdb09f994bf

SHA1
1b58c0e5d139fe3f426f55ffcf9de82e847fe19e

SHA256
e4e8350846eaf851fadd782c27f788e416cdc9855e39c908767385fd47ae9a3d

SHA512
c15aaa4877169ab2fc4b4b27c980c6498c485280af4d0c5f7d8da5cece15d89b6a4ef1f99282bc220e23b5bf0e057a93cab575e675f9a9dbcc53f2a86045108c

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db-journal

Filesize
4KB

MD5
189643a2a37aefd5df7ccd473bf2eb08

SHA1
d32f1c0a5f08f1c2136545d8869165a5fab04c51

SHA256
d4cd84d5c6528a9d6ee88dad4da1a3a182f475479722a37e9376798aac4b290e

SHA512
cb5843977dd73e92c8484d88beed194854c67cbbab783d48ece1734e84de23635ae4034edf542daf0db1c662ddfe35c0c8e6de4dd24f8e8edf442dfb41fa825f

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db-journal

Filesize
8KB

MD5
2ae140d9b22480209ee2261f3411e5b5

SHA1
69c5d3a99c038c44971454f72239cbd5a33952d3

SHA256
4081d5a152dbf429ad0916acbb381c5310f93b2792ca8a118af7ed7591ed31f3

SHA512
2214e00f419052ec8ef3a9a7214068f56f2c25a07f888d78e28b55c31bd47b37d991d0f86013be582f8f76b9eaa81258303455d60c6c32ce489b122f8dc021b4

Download Submit
/data/data/com.niubang.uguma/databases/cc/cc.db-journal

Filesize
12KB

MD5
7ad8514174e2acd78200303a3c7e5fed

SHA1
6043b2bcefb9a3cee75e324aac28ee2bebdc28c6

SHA256
e7130914ff99689ea8560493affa9836291e657f9231d89b2e64358cc49fc6a3

SHA512
ce30052d7a47ad4b3772541cc0dbf91b9ed3ba0415178984a4a1d775b4319cbb80da6f68dd61f0aa3204cefd73692e593cec9e8f9e0c945e13181a67194c0ed0

Download Submit
/data/user/0/com.niubang.uguma/cache/image_manager_disk_cache/3763ca5d0130075b9db88f023bf88fcf20782286fe056bb52a018bb81ec613e3.0.tmp

Filesize
261KB

MD5
fca3e49c078e60b40c2d15366ad7be2e

SHA1
d5cd8c94b651da941f6fcc20220b960c19b223f8

SHA256
cf192a44d09c0e572ec92dd10b3ffa7ef25dc1b60417827be2376a8bb8621edb

SHA512
c325f53c761b0fec00259b998df1438f2177e22e6eeec2e74e1763e75b601674613559b42160e772a611f99f84ca2d672a093773667d55ded7bf6226e221747f

Download Submit
/data/user/0/com.niubang.uguma/cache/image_manager_disk_cache/journal

Filesize
512B

MD5
6f40e3b013ffbc50b6369100f7b66e2a

SHA1
9dfd2d48b6761b0e40654cee42478380b5cdb80f

SHA256
168d562cd056279dd140194aef88a69ce7b8b52e4d3d1c0e8cff5f9d3eebe579

SHA512
52c025ca76d2f4c1072d12e67f2b2cc0f097d0f29c4968fdce3236cce2729a05ae464b4b4f45ebc5e5895532f05a4f6b670c7b1fcaaa673142b7ad4f0dddf724

Download Submit
/data/user/0/com.niubang.uguma/cache/image_manager_disk_cache/journal.tmp

Filesize
44KB

MD5
dd52ea78e534dbd0fdfbe58aa21916d9

SHA1
112a8838103a17394c8c9917032af3066b22ca0f

SHA256
2923326a2c6632cb08508909a781c8577e40698f151576cac1d647b7fc623520

SHA512
815186eb163ee7ec13e8186fcc85a33fa43b79b86a0a7d1bfc557c604acdb36a12036820699982a17146449df32616dfca04b381f367b68725e8e5586521eddd

Download Submit
/data/user/0/com.niubang.uguma/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
de21b63766fb018a0a29931b2943f937

SHA1
2636a88e320ac3078f7851966e171374a4b5c1a3

SHA256
10ce76a8c6827ae4c47dfa941e77c4b2e2f0c61f1cf27c0b5fbaff7f63e4e29f

SHA512
a9ee982a050b5f0ceecb4cf81cb3c773d912a3461347614dca6ece31dcc1d2284c2bea2fa1429e5084a837ea50800cd46380fd3c13621f3b85cea10caa5bf5d3

Download Submit
/data/user/0/com.niubang.uguma/files/armeabi/libtestfast.so

Filesize
1.1MB

MD5
0a764b4dcba7a27768c9462ab99ba8a0

SHA1
c5b6ef9d0822c9a914fa21dc576b0144afb93d98

SHA256
4efd0503d98ce0fa56cf71180b7ccea377f839468ce62945e2917b69e547dd8d

SHA512
8ce45ae525dcb641a11199c501ee1c83d89fbd4a79d3c438776c53c57be381e88e87b629763b3b567dd42454c276ebe1261d36ffa2be6923ed11a99db8503cc4

Download Submit
/data/user/0/com.niubang.uguma/files/umeng_it.cache

Filesize
352B

MD5
a6e425ef389203344cb876196b3ee99a

SHA1
37fa4808ddaaf8f7d1e263d7e193ba2c51acc79e

SHA256
7a3caeeff1b6282a2920eecafb453a4ae89d307c280b6a864600d77dfd4f9a29

SHA512
e2a6a85281d4c850d70d254cdefbc538026817ab85b425294a677abaa4fb4052a39f4ee87220338170fff1a3c79147947b4a48c17aa538238d64061d54070e7f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads