7e25def81d58562012ca14747eb3357b414cec44bdfdfc1edb2027838b05620f

Analysis

max time kernel
64s
max time network
162s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09/07/2024, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f041762fdb91537415151d0ce3683c5_JaffaCakes118.apk
Size

12.9MB
MD5

2f041762fdb91537415151d0ce3683c5
SHA1

1f49ecbb2e7cd116e113bcf36e9b327f59612264
SHA256

7e25def81d58562012ca14747eb3357b414cec44bdfdfc1edb2027838b05620f
SHA512

256c53cb8fc285e5e94ab29bb75ae706dc309527128b4b92d2ad804143a74b0c3998015ca01ab0a22c02e45e053d70729c3bc9fd152fa35643438c7aa7e222c2
SSDEEP

393216:JlC3Y3paiZIRjd1mZVEu4PNBfumsW1sL5F8:JlC3YZaMIr1gOzNpsWEy

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.xiaoma.ieltstone/app_push_lib/plugin-deploy.jar	4490	com.xiaoma.ieltstone

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
25	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xiaoma.ieltstone

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xiaoma.ieltstone

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xiaoma.ieltstone

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xiaoma.ieltstone

com.xiaoma.ieltstone
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4490

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xiaoma.ieltstone/app_push_lib/plugin-deploy.jar

Filesize
213KB

MD5
e70723b8f6c4c7c09a6019733022cf53

SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

Download Submit
/data/user/0/com.xiaoma.ieltstone/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/data/user/0/com.xiaoma.ieltstone/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
1ea8459a688352c3573a8e80727c2644

SHA1
9b47864e96eed98798a6da2b8860c8f8a68f089e

SHA256
be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093

SHA512
99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

Download Submit
/data/user/0/com.xiaoma.ieltstone/files/mobclick_agent_sealed_com.xiaoma.ieltstone

Filesize
533B

MD5
59e1bd2b9a9c34dc6bacf02d41c01c5e

SHA1
d4b3d395b8459a884d3b5d608953fd7e0e2d31cb

SHA256
311298ed324a20503af6f19d99267c348102db229691792951a60ca3aa8cbfcf

SHA512
d449c5969d5136b81b10943dc9ba23facac49fcaf419dffe147152e1cb34a8efb03797ca45c19715466e9ab9d66f93cd2cd14cd386aa2910a77a2ac1966a7a0c

Download Submit
/data/user/0/com.xiaoma.ieltstone/files/umeng_it.cache

Filesize
148B

MD5
f3a0aa6ed89bc79281507e7f5aa757a4

SHA1
dba5fb6aa542d7edbed2deabca7f25ddd1a00f4d

SHA256
f3f494abc75e1e303fb5ab78bd3667c0ab618eea867cb97104e1b67f115f8efb

SHA512
15f67ed802b55565bfd93172de9f3786607f94963a857271e762d5ce700eba88430354a6f8567555c2f15d3fd461476534239b6ef3e771c239ed17eece0ed95c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads