62aebc2fb59b1e46ce28045d136ce60fc8dbec495399d078e7686a80db28f9c2

Analysis

max time kernel
63s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
24/06/2024, 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0750cc709106751ef600fc63d1eb8f2e_JaffaCakes118.apk
Size

3.8MB
MD5

0750cc709106751ef600fc63d1eb8f2e
SHA1

ef4e7d62eee892c98890d70aae63a2730ed0f2a0
SHA256

62aebc2fb59b1e46ce28045d136ce60fc8dbec495399d078e7686a80db28f9c2
SHA512

531ed463d72ad7729c204e8151de8512369706cce29e1325a92331c832be893d9f6f7244bdba2d4c751045ce5355b1b35073d93fe755b07f3560a62fa4613094
SSDEEP

98304:bhiy3EqJT/9kT7gRUm/bUYkhp9cbQkZT7kZOrIR35:Viy3LJT/y+9Yvp9cE5KIRp

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
4	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.runingfast

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.runingfast

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.runingfast

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.runingfast

com.runingfast
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4268

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.runingfast/files/.um/um_cache_1719215918713.env

Filesize
598B

MD5
025eff57bb220c3d94a2024e2a2b7a69

SHA1
c6371ec80d0ba4dcc73b4060dc16155041158cae

SHA256
c8684eecc48bb265a066ae27e0e0b2688d2033dfa519decfc4f9200c0f33e3b4

SHA512
2ffdfc550a06324fea7b242862945259aea34eaf198aabd3bc537a34851716d17331a5a2078f5f57629cff8dd80e392fb1dca7dbb32361e746ebef5e7390705a

Download Submit
/data/data/com.runingfast/files/umeng_it.cache

Filesize
310B

MD5
692873af2f29136b09cd64704551376b

SHA1
98c4f2fc456ede7d2d0d1e5d09b6cb17a8153534

SHA256
1a038fa0c6ce606a3a3976956d1a7ef037b7bc628ae3bd0a862686cc0a592fc8

SHA512
d1575d9e3fcbc04d24df80a5ded810d7491206044af52f7952f0dc93773e8e89a13058ac66722a330cb878a5f0871e9386cabc4ed747fe4e5679abc3e04a484f

Download Submit
/storage/emulated/0/Android/data/com.runingfast/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads