a5a64b088603d9b9dc6236274422dd481eb3188bfb400b48f3a3885bacaecdc8

Analysis

max time kernel
108s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
17-06-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b753330a5e2ee22ad26f737845d1113e_JaffaCakes118.apk
Size

10.8MB
MD5

b753330a5e2ee22ad26f737845d1113e
SHA1

483e388287be882e7c4fb87491c49a562ac5a451
SHA256

a5a64b088603d9b9dc6236274422dd481eb3188bfb400b48f3a3885bacaecdc8
SHA512

41e5c6f8e61b90899e832b6766ae55dcac3bdd3bd838f3462eda8fc48793fb4986b08bf5e8b3af90becde27d95a59e56ce73baba744c45bf6862d7d9bab8eab9
SSDEEP

196608:CX9ruPwaJaq4e3DO6DDALAQu8oNuSYBMwo48717qRe4lf0VZjG1C0QXuZLOt4fy2:exq5DOybQGNeU4RYw0VZjGxyTwIQ

Score

6^/10

discovery evasion impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
13	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xg128994

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xg128994

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xg128994

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xg128994

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xg128994

com.yxxinglin.xg128994
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4171

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact