Overview

overview

7

Static

static

6

b798a64ed4...18.apk

android-9-x86

7

b798a64ed4...18.apk

android-10-x64

7

Analysis

  • max time kernel
    173s
  • max time network
    178s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    17/06/2024, 08:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b798a64ed47f7b0f6aaaa0984eba6c0a_JaffaCakes118.apk

  • Size

    8.4MB

  • MD5

    b798a64ed47f7b0f6aaaa0984eba6c0a

  • SHA1

    2fc918702133205b12090c68b31c572b28f1beb4

  • SHA256

    f3c9141f8443184d342652c6200a40df09ad1432e41327e75caa63d01c8cf020

  • SHA512

    0d9178ddb2a497ff89f1c7293b4a05537eaf93a294f82a54fc4273225e900dad269f24a896359d87f6e1518579196620bd0c590cef58469cb78fc54d51be9d3a

  • SSDEEP

    196608:QzPzIhQBebQ/T/zf4wmdpG6/Jn7+9nhQ6:IPZeM/TLf6Gr9nJ

Score
7/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.anewlives.zaishengzhan
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4200
  • com.anewlives.zaishengzhan:pushservice
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4232

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.anewlives.zaishengzhan/databases/pushsdk.db-shm
          Filesize

          32KB

          MD5

          2a8a46e60670a769606ccff1e1cde446

          SHA1

          c5cd1d21b40a6e5a73df5091fbc597739243df81

          SHA256

          309e286c73c15f89dc400c98dd99b1c5b110d18541d31ac0da807569c20fa1fa

          SHA512

          aabe6088f9dbf1c52c5b248acba77fb3a76534ae82656a994aa4c240bbbd21ce021e7d5ceb718fb50c51d5cac0ca717be1f0d2f5ee9d9856a51e9b03c8fecad7

          Download Submit

        • /data/data/com.anewlives.zaishengzhan/databases/pushsdk.db-wal
          Filesize

          185KB

          MD5

          87e613591dea0c12c874011a1cb64f68

          SHA1

          b72f1f3c22fcd5a6cb0bde395c9e2467b5c80eb1

          SHA256

          9e8ef5f246285e567d436491fad0195391659bad99b3766702ab1c2914cd9301

          SHA512

          b363a34354734e64cb73aadd2276819d9b4842f9b5f423da3eb25d3e7d8cd154d63bf157b0b5b09e8748455ee96862e02a7f09c95ac08299d9fb34a8a7eb2625

          Download Submit

        • /data/data/com.anewlives.zaishengzhan/files/.umeng/exchangeIdentity.json
          Filesize

          512B

          MD5

          c5ee06006bdda587568c5bb20c475675

          SHA1

          eedfbab774d3c028083f3083299dcee80add4938

          SHA256

          49908ab12100e5a8177b0b16359e94c4f0196c264672bb3a5405bb3f0dd56050

          SHA512

          48acbd88c92df41d77d258a0a1d0cb8a24121e28b0ab0912a589cc8b807ab650d68d7be4c108b439f5f8d07357341935204ddffbf8f47bb3b43efd7f5aa51392

          Download Submit

        • /data/data/com.anewlives.zaishengzhan/files/umeng_it.cache
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /storage/emulated/0/baidu/.cuid
          Filesize

          89B

          MD5

          187aaac741a088011799b48d472ea3f4

          SHA1

          d80d0b2f8d01579560e94992a8f7b8e8ca4fab04

          SHA256

          42f7250a4e1d66befb814b98c304920471435ef8a070f01eb52acd501bc12697

          SHA512

          cfae0d19c79be06b0bce7149bb9a291796859e24aa8774f6d65712f5d945ef9a38dfd6d4162daea6aa8cb313b20a6277c5a59bf8e79f33f2e67d0f8942644e0a

          Download Submit