edcf390d0c4ba8143563d65a2696c7e2722027f0d009d75f69660c82f03b32de

Analysis

max time kernel
64s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
22/07/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03eda7f7ecaa6425d264d82fb22e7b7218dfdd17bf9d5bbdd70045fecb3eb0e5.apk
Size

253KB
MD5

e494f6b0621e2b7ce14c6a94cde32b2b
SHA1

0f0654f0de23c3efeae3a3cf8bcdd8346a8cf280
SHA256

03eda7f7ecaa6425d264d82fb22e7b7218dfdd17bf9d5bbdd70045fecb3eb0e5
SHA512

e6b7ad6c474b7c2cbcd03b0d23cf86591adf85b51498722f50c85d6ae42ddc032e9381089582b842c025a28f9f4b2a2d3eeea71faccc997e8ff8e2036262d914
SSDEEP

6144:D4l3ediHC/OqpsMNHRjmEFHO6s7hgiNlzlAI:D4YgHCYMPfs2i7lf

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
23	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.wp.net.log

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.wp.net.log

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.wp.net.log

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.wp.net.log

com.android.wp.net.log
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
- Checks memory information
PID:4426

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.android.wp.net.log/files/.catr.apk

Filesize
9KB

MD5
9cae8d66be1103d737676dbe713b4e52

SHA1
4154198086ad3ab6e8a3647197669767bba8b53e

SHA256
be5668871072e890e765e0841dea45a4ca90ad74ef76b32a39e8736a7c149108

SHA512
5fdbeb5b275b54e3435f05b579febcb13ff1e12f78563d2fc6eb1b192026e77b6bd009df676296c83a28311d3095d298d7c6c791d9d3bb63e455d8ccf4bc4a65

Download Submit
/data/user/0/com.android.wp.net.log/files/mobclick_agent_cached_com.android.wp.net.log

Filesize
122B

MD5
ff61dfd509729badc22f24772939806c

SHA1
16bbcb69d93f0ef0d012221c1a1f1e3f4446dd1d

SHA256
98f4df51f8ec3f76336ff726e227a5b8f1f55aa6b11f37d34417d7a027d177f1

SHA512
a4e898755856ba32457f74206f3bd4fcabbbe57d409046b1cf811ecb87c633a10d7393a321965298ae3e78be760d714b934b69feaa0b4140795cab099731efc1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads