dcfb80c992482e311be51eb59f37e2cd64c90050ff6e8ba3b7e35d2ac952210b

Analysis

max time kernel
14s
max time network
147s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
17/06/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7e7d60901cc63f86c3cec1f7c1afdbe_JaffaCakes118.apk
Size

2.3MB
MD5

b7e7d60901cc63f86c3cec1f7c1afdbe
SHA1

86294480d19189a09dd0a1bb22aaf5c0c043da2a
SHA256

dcfb80c992482e311be51eb59f37e2cd64c90050ff6e8ba3b7e35d2ac952210b
SHA512

5f2c56f6841b8b805cad175e619ca2152a9a546c57b493854576cf67f23b0daf2e1bcfe1af6ec9edbad29e3cd8c732cfa9590a474f6e50f2eb9430955729eb80
SSDEEP

49152:BuKLFsUTPxqzcAuZzAnB/doYiJiPKHuyucEGiNkvOccknQ:BrsUjxsGyerWKHloN0Q

Score

7^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xunyou.xunyoubao

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xunyou.xunyoubao

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xunyou.xunyoubao

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xunyou.xunyoubao

com.xunyou.xunyoubao
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:5163

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xunyou.xunyoubao/databases/xunyoubao.db

Filesize
24KB

MD5
47866150886838dc1b3a54e72a0d4fa5

SHA1
fbc3428fc8dc67651eef7ecd412f8394e2e4c027

SHA256
608b5a4bd42c490d73781d6862d6437979cf35f33a6b3555ea220bfcdcb836bd

SHA512
b4b1c5a85ca6577874f41a7a6601470d66f8f844a61d68d364d9cbcc98cea74ef14227fc1aa283e21052682b10b6391f1a4203fd1655945a1f72a3417594c690

Download Submit
/data/data/com.xunyou.xunyoubao/databases/xunyoubao.db-journal

Filesize
512B

MD5
bad36484099f30c75d0177e6512d670c

SHA1
1f3840159b84993235c337b347142fef99840aea

SHA256
f3e1eca94cc62e766e63d3276f78f46efad4e7bdb35ea46c753d2ee84fb96260

SHA512
8abcb49eba15b27aa7bc1f5a6c4bdb9a20d0f80f0e834b9b3fec183d2ed4921e9619d08f15f134c4fd57e23d97d70fc3379ab265cba2cda4555457be5b9d6437

Download Submit
/data/data/com.xunyou.xunyoubao/databases/xunyoubao.db-journal

Filesize
8KB

MD5
0a7e93d43676d02412886435b142de90

SHA1
1da647af1958d2d0ca1729981d5620b5d684d2ae

SHA256
e6d177308fc9ed3e5fdd675f64ee47f306a595e8c8e6520d63ec8f29e79d02d5

SHA512
24840d1c86592a930c40c9a8e5bc1a66591b75dfacb742b48a3fdf0c951870a7a39f9bf92f520538b2b961201bfa0ff68cfa8c3f39ce59e3fdbaa77b0e0cd3ac

Download Submit
/data/data/com.xunyou.xunyoubao/databases/xunyoubao.db-journal

Filesize
4KB

MD5
51e7bb2a82213834d6339c4763ef354c

SHA1
23b600ae22d47737b4298874629fbb99698b0044

SHA256
29d1454b6c017be23914daf2f1d86e27f603b3b744ab623a33eaa9376415daca

SHA512
f12c85aa566c3a8cee9b0507ffe7a88399951e52178e60a1be059621e7cc3c2e8a3b666308476b48994fb8eab491c9c8a4ae9dbb96b46437b229f101d3b1df71

Download Submit
/data/data/com.xunyou.xunyoubao/databases/xunyoubao.db-journal

Filesize
8KB

MD5
43a583662265a4ef632691e1e407d430

SHA1
e8c090a6404bf8f4170905d37b81516e2bae5169

SHA256
0dde5052df8b86ff1738106532728171e32904083abbba2399359c655059773a

SHA512
9a3726df1706540297e2b58b357bad01fba94e8f97112331efd26b07cc4c558d2640dfd12df243bd17c87d871136c3d84b065f88c1f5227fa42e6e10f0b5ce4a

Download Submit
/data/data/com.xunyou.xunyoubao/databases/xunyoubao.db-journal

Filesize
8KB

MD5
a1cbf0cca286e21e38dfdae4c6ac704f

SHA1
560c6a3fbade0ef2b0a90bff02e194ca01c74666

SHA256
1c9882cd78f550ce92c86cc2fd95b0aefce31715e2e931f13bfa88f69dab2940

SHA512
cf0f60ce7dbfaee6a4d81f9446db1ff4e195522bd71f36aa99df532ba47c21ddeeda331fcf33bd366eaf01157744134a2499546a75f24b5d2c4415d1a4a632b6

Download Submit
/data/data/com.xunyou.xunyoubao/files/.imprint

Filesize
803B

MD5
4ed3923aff565ed7ade7beb46a890508

SHA1
0b7645d7704e27661cf4944b6604c5c51ac6f950

SHA256
40afede36f98e30d381a6c7451bf5560472498ae819e30c8e08777c654d9a7cc

SHA512
1819f530a1dccff020eb98c5068d8e11693c25ac8346aa0ae041fa516d8551f6f1386c1e49dcf47b1913bfb0dfbbccb1e56d8bc33f285e837d693c7b86b39ef6

Download Submit
/data/data/com.xunyou.xunyoubao/files/umeng_it.cache

Filesize
148B

MD5
6ac81215f0414108eaacaeafffc82269

SHA1
9987f255f4bcd849c7cf8b4100c80edab1e1c2c0

SHA256
6d7f83955894c57f644d54f6bc5465c9a523008e8bb3cf6b9ae17ba7677dce23

SHA512
8ce55143b699640f86c58534464ecfd8336415cfb5a7e1693af6b024199458d74de84c16ee973a4f6ca2240a1738a9182d075862b2661d74105d8f31f9d7f3ff

Download Submit
/data/data/com.xunyou.xunyoubao/files/umeng_it.cache

Filesize
76B

MD5
a1ca6d36cfdbeb1f2c63b3a906c3fde0

SHA1
c5b6595be2e460dc33b6691124b880c2dc9ba1dd

SHA256
70dc731b4b6d5077911229e63fe4060cb7d1dc54bb14b7c89397eaf31a021ab0

SHA512
11fc18a3639e8c35e2e356c8cc67017c023f37bc16579a00d205928ce1057e4c19a7f168b8f8993a6e2270bcfadd969c4e37251d197ba7670534b45bdc690c0f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads