35d2c832f0b39c53ffb9d4a7bb8cbb65ffb5748627305e5155b7e78e8aa3d0b7

Analysis

max time kernel
135s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-06-2024 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e039b35a493f294bada91ac6aeb7e84_JaffaCakes118.apk
Size

9.4MB
MD5

0e039b35a493f294bada91ac6aeb7e84
SHA1

fbee126057736d5ec825284cb80683b23e99356f
SHA256

35d2c832f0b39c53ffb9d4a7bb8cbb65ffb5748627305e5155b7e78e8aa3d0b7
SHA512

77830803584b71780add7f05b9853fc09c076de7685bcf27be5999f57498b5120182eaaa90f2e501b9abee7934403bae9063bbf476a11295653ef19635a0863d
SSDEEP

196608:BVstelYNt6k7fLM0tEtkZmNS47OIpgUj8n4LZOdboUgFwCxu8Bx+5myGeJ:nsN76KfLMZ6ZmN3hpgUwn7bKxuC+5my5

Score

6^/10

discovery persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
8	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cgame.cycck

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cgame.cycck

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cgame.cycck

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cgame.cycck

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cgame.cycck

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cgame.cycck

com.cgame.cycck
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cgame.cycck/files/.um/um_cache_1719317398188.env

Filesize
598B

MD5
1672a722f21dcff85ff79950aef0f123

SHA1
f2ae94d703da1fb0778f9707bddfa7f12cef8102

SHA256
1a249be5fe765f28ffa41bbc037be29ae04eee8f7353fb33efc4d5901a17c76d

SHA512
8f1777e56d8f0189faec3c1bcc7311d060ae4dd8e0656d1f0635cb45c6da4bd9a09a0820ccb6c437dbc04ec04582739de986fadc5973f40f95866e5cb52ba43b

Download Submit
/data/data/com.cgame.cycck/files/umeng_it.cache

Filesize
310B

MD5
3f7915508cbf8925793a6650ccb8b8b5

SHA1
e870a367559800ec25c906224220084efcb92af4

SHA256
ed314a9a5f66856362853ca226d9970f8877141eb7a0d004165611dfbf6aa6a2

SHA512
8849fca4d28622117e7dcc239e60b4142dfb9896fb3760a8d668eda407bcbf08fb8407021b885c1daf659be524d6eff9605ecb653c90fe3fa5dc681c618da122

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads