1fc629567ce7eb1fd3a983de6ef3f16e3bae903fd335a10fcf0c7ebe8b1719c4

General

Target

b70a906b75a133e5df3d0476c04488b0_JaffaCakes118.apk
Size

2.3MB
MD5

b70a906b75a133e5df3d0476c04488b0
SHA1

15302a87b4ea723b931bdba2c07c171a70ae21ce
SHA256

1fc629567ce7eb1fd3a983de6ef3f16e3bae903fd335a10fcf0c7ebe8b1719c4
SHA512

8aefb1f110bccd13a7afb0c9d3c6fee979d9ad8ac27d06389bbe9f6c6d1bea901f77d4580e12fc0385f024fdbf8c714a3184919fa0311936a6f76511198a67ba
SSDEEP

49152:wu63AYgxDpBPkziM83ZkIcttJOmVZ/JpnJgsM+BUf51q5iRxVAqZtTG:w7lEBsziMoFc/JV7fnJgshBUf2WxVAqG

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
13	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5045

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

3

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a/databases/http_auth.db

Filesize
20KB

MD5
62a3561989ede658cd16cc1f14199c1d

SHA1
6320791cdfd16b26450bf711bd6776d80a396912

SHA256
9ae0206411304ee027e0cfe3b4e6732ced5b423f99c33340dafb68d2b5b215f6

SHA512
c4ef43e702e053ee39153149d1fb11311c57c6ad5393ea905df942df8bcd3625e2224563eb4c35bfc45e140aa09135c5123f48d220fe622d9dcf2a4cdaf5dfe4

Download Submit
/data/data/com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a/databases/http_auth.db-journal

Filesize
512B

MD5
0c16df27bef501dbc27fd93b15e1797e

SHA1
b78d8b87319f60e588f52683c27149cf10d7988b

SHA256
0d0fb5fee22b891af909790ce50ea62048b9a7a53a68fa40ad75aaf221d46e0e

SHA512
ce3966a3532a7b55fa7b7e1b4a90354549aab468f0c00ecb254f1d59a0d795568e6b7af49937c3fa99057cfe74871b21cb83285a70672810952888d9b6b51dbf

Download Submit
/data/data/com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a/databases/http_auth.db-journal

Filesize
8KB

MD5
7a4c16aa3fa51bb52ebce45fc544ad18

SHA1
16e76f1a1acf2c393937b472acb82eda43900d3c

SHA256
c568b55e09f0fea9b0f8880ce8ab4b59fb489fb7184cd0a1d85d6a3ccafe91a5

SHA512
0e5f12720f248bed1e6155620d9c89a1ac0fefe998e3c204c72fcfa69df66f99a2c3227a12555000164520ba963a58fa6487933f24c217f565687b448c2baa8d

Download Submit
/data/data/com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a/databases/http_auth.db-journal

Filesize
8KB

MD5
a51c9c92876aff2f04b3fe206fc4f445

SHA1
35f01f65f829c47591e1eabfaeec41fd3eab104f

SHA256
30a13e6f89ef60e7cbead35bc6e54022634d826fb65da38db103c27dcd5a4216

SHA512
73e28a205a74634571f9cea0cfd4a1bf7a39b4ecb969922b1b6927ef8d135ed3139b2d95914a923d8e7894b3d7c3f105182df2f893ef4d8dd623223d13049cf0

Download Submit
/data/data/com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a/files/mobclick_agent_sealed_com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a

Filesize
546B

MD5
077d4a1c3b07f3fd98fb3a6daa983db3

SHA1
faa33c67af16a000e42b5330cb0fc06d7cd0a1d4

SHA256
9177934f7c064666d1ec0fe193a08669095ea1ab57719157ce676e01b4bbab5b

SHA512
c18a90cd8cb6e369c2197dff0aee9e699989f4985e0e015e79cf2ca89541e88b3dc6a4eb31408b07e857227c3dad59cc5f357798117b8b242b38fb565b913605

Download Submit
/data/data/com.cyou.cma.clauncher.theme.v54a309dd7a5e409c7647331a/files/uuid.md

Filesize
32B

MD5
c678ed8ca6be188b69e93baddecd7d70

SHA1
accd8e9f07f7d87997d01a5f5d78ae341241046d

SHA256
a6dc0943b2558e2601993b44cf23e9e3e5b01753d5d77ced1b00a467eef65f79

SHA512
8812be74c7ffc8309afed30530c11f7588363b078e79c202f2d2312714fc340ab23d85078f1d6262eda0530f0ad30543a1e23b9bd1ec874484f14bde2081a80e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads