1db2bd0d80674f8e85f3deea261dfcca65ed3f37ad5e8cda9da21b522ad28b43

Analysis

max time kernel
132s
max time network
175s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10/08/2024, 16:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

86e270048f1002629f25310a6928451e_JaffaCakes118.apk
Size

10.9MB
MD5

86e270048f1002629f25310a6928451e
SHA1

0f3e0ca9f47ae3564c5ec66c9c54510a911ec237
SHA256

1db2bd0d80674f8e85f3deea261dfcca65ed3f37ad5e8cda9da21b522ad28b43
SHA512

43c8aa6f36620a84196ab4111fe4480e320aafcea8beeae5b2218b400bbe780c7bb3a28e087f282c0f41c6172d28348a7e104b01945b5bda9b0accb5ccb9ccdc
SSDEEP

196608:PjPPtdbTOC9YAPX7+6LZYYqRYRsqWoSVIqpu/Hoe9nlKBJ4miL4y44mPPkyVL:DtdfB7+6LZt8iAJe9nlKBFkiHVL

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.ansrfuture.choice
/system/bin/su	com.ansrfuture.choice

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar	4629	com.ansrfuture.choice

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ansrfuture.choice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
20	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ansrfuture.choice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ansrfuture.choice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ansrfuture.choice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ansrfuture.choice

com.ansrfuture.choice
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4629

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ansrfuture.choice/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
8KB

MD5
b022a6a8c97030b6b7a0bb356a331d81

SHA1
c6819a979a424d50afe792197a37249f706a164d

SHA256
38ec7f99d0fe3e380c3024f81ba38a95884d372765cc15d54c1fd66058d0c354

SHA512
6dc2f3529a1d8fb9f690601e765daf27f38811edbdfdc04dc00201191adb0432bf2fa66d1a678f417849a71e801506080f1370af7bc6d0a163a975cfa4301883

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
8KB

MD5
14bcbbf0c41c7ae0935883af653af1af

SHA1
b763bc27eb7ea9648462ab748a937538f2da8ffb

SHA256
88692552cee241724b71fd3085301fa2a2e6835ea0ad0c23c9b85739495a7952

SHA512
edd7c0a9c5271a8a6e08cacef16afa92b3549031ecdd962e35b38fb8bb379ea5b8394fb75481492a7b9c62f088889077fc27c28e67bb4510a3666e8c92e9e01d

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
8KB

MD5
5fd354f1db3f8b914a4d4a52bdf03f8f

SHA1
804d2250e958b72c5a394131a260201eb47e0bdb

SHA256
3d2d3691403c539d7b25edea8c01506efbee4ade8abf555714f9ef3d13ea5e25

SHA512
fd0a9b311937080e07b09debb804884844f7d4f710b658b347b54ebf537005143c1d2933d608d3f5d2b61a86e2aeaaefdd678e383ef9b5384c703f72e8c0327e

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
12KB

MD5
ead3d8e3af2962a9313d5d15d54a70b5

SHA1
4b549dc91a9b05db0c9ae54f9552ef56b2d0dfd9

SHA256
a9c9174f2189031c0a68a7a763e87e549f0884923f1e89137816690e10bba5c6

SHA512
294c238ebdc16ec4b38ddc43cac2ac0abf419447cffa951e5122b4cfe8d37d9aad34761401675263cf6b761b334ec5a79b9a99ea65b1aec31a7e1afd0d8391bf

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
512B

MD5
188350dae35d76dc94fbd829c5afb584

SHA1
da72bfc4d19f9f9e667e1735dfc6e9d8c1236f48

SHA256
b952ce19fde999029eb7298fe54207f5074e9e7e98dcd4d2eeba7b447506952d

SHA512
eb2b51ccabf74a54ed2ad2876ba97c0135511c0a748b3dea7feb26a1c383d44000351bbd94d92bc567387597c3cd8fe1c088fda91e4544f8059d980ce276a567

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
8KB

MD5
66f4aaf9c51eabeb0ca2e065a09a8752

SHA1
908f22e448681ca9bea34ed53c89e8512b30d89b

SHA256
055fff2234da1e5a5688b45887425129f8ed6388a06d6be3f70163da9ac0c2a6

SHA512
4804f172f94a7cce5fad7c22a76298a0e14c300ba08125f486ad7b806069be7c52c9d28f2d321c5fe414ab7aa45906df6b80cc662709c74034c53db7ced691f4

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db

Filesize
32KB

MD5
86c58f0d56ff1fe9378e1bc5deb686c5

SHA1
c0ed657da1b32cef52e99c6dab70399c3e549bb3

SHA256
f5b6044cae92f4c298cdfadcb64599c30c7603892573c1cc9858e16af9193857

SHA512
7df6ed143ae4adc318509b0e88958a113cc9e4afd9a3c3151cba4c0148b4d248613137db5be180784b11ae2e9731fa8b2b972d2907b599394032b106cb4ef0dc

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db

Filesize
32KB

MD5
4cac7d31fb94d5c9581893537f64c5ed

SHA1
96bef3288546196ac3058b5eeddbe9da1d999fe5

SHA256
d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

SHA512
0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-journal

Filesize
512B

MD5
dcabcf1532ddbd9e6d9ffd88b416f65a

SHA1
cd1b94a025490df08523cbff62a7dc532fb62d6f

SHA256
d08af4fccd403906e1317f08b9178caaeee7b964237cf13bae07830e635528d5

SHA512
187df742f347c82ee77bc18ad92db283807b7fde1b7cd81358a0048417afda8c439c1627fa37819c199f93931153afb3c376a69457dbe556784b0defded304e8

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-journal

Filesize
8KB

MD5
14e5d14b007ce8c4dbd310c735c92ff9

SHA1
3b6448cc01fbf6305eda77e4710e0a589e3b42ff

SHA256
7aa53590935c9b6ba42e64aea984a3672279a7595fbc3792e4cf2b9ee26b6722

SHA512
675a1b1b3889a14dc9491ef0173746f3dd7820b6c753ebc792f5ed859b96c398d629e635e8eeadc3f1d0961eda63188d85157f0672164db6be40bc4d6d0be73e

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-journal

Filesize
8KB

MD5
024c1ced956c27f4fa99ec60f31ddf08

SHA1
72f0da35477b252d692a2b4fa897a428058c542e

SHA256
07a4ccae565bf2629fd1ef170b9ea17a1d03ade6cd613b702c721eab5eb71dd6

SHA512
4a86df2d17e5384f30085127ba54f8bab99f7268ac4250c8d1a21d15d4e925215fbe3468dd1fdcc51811554e3ccbd482f5e33079e65f421dc15dd3fa6e889294

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-journal

Filesize
16KB

MD5
a4f3fe0d36b768f4a4868362e845dec3

SHA1
62a0f452a4462297e520fb095c4d3f71c7369234

SHA256
7281913c36c3ecfe715f3ecd658ab38e9fe30a64fd06b48267d2bc916ad151e2

SHA512
57cf81d5ec940cdf554ec10236ba6a46517caadaa8ca12e5d9b3ef94d61ff2a251cfc25a98905f472f68c25eb4f001f6b0be0e29d065c27d586f4e2fbedca471

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-journal

Filesize
12KB

MD5
c8de3c0b5ef1bed1cb9d7868643a4328

SHA1
a09c67b4d2145a27b95b64b3f29d6fa78120d68c

SHA256
5e39a8fac9fbb2a3f104fd0253263c5657c88cfebd17cf7d604c91fd71b5876e

SHA512
bdd5d68fc6fb6c895d99c06dc0634a9765c88352d7e8da6fd7cf01a3e836acd084df0026020cc2e08400696f745e3484f399a4a75e48f770114dbc767ef15a5d

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
393KB

MD5
0d546943943234cbe0a8b132c4d65bca

SHA1
11c36b9ad64cd3925c449e9a794a3613abf33c4a

SHA256
9597de7943e30d0ed1d6a128b18111585ce0dd36af66502638d57b470fbbb6f3

SHA512
096f35cc60239a9412651f9b0607e30ef57c3fa0628904b5a450b08c71534323cc66b8d506c19da8fef9d19dd8f0888b19b7efce66463becfaca5fbef1ddc4b1

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
668KB

MD5
a6844e579b8045545bff5734f4d5efb9

SHA1
107d7370e50965edcea0dc76a18295725b8753bd

SHA256
63f00b1eb4717724421886628e1e1d86256d4d1a4f0384c1aa7e8c9074bd78f6

SHA512
adb3dd66588423d90fc4d997d5b30c220527f5a68507c416345672ee8ec230943dac8a5d95f37fff523f2e930691c6f689a5e10ee7e4a2f7c750645cefcbf846

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
72a35623a7ec98c621abb05ef1ed45c7

SHA1
90d548ed43b4acebfec22fc7e8c86ec6c47ab046

SHA256
9bb6aa039d8d357c21d7357782f47bf9871619c77fa8e524a93be24e3051ada9

SHA512
f8aa202e2d0008282f224165aa6825204e9516121fbdf607d79c56860485a2d1f2598792b35c98e29e873262170ca772f91ffe5c7ba65b288d3550918a3d3e16

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/update_lc

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/user/0/com.ansrfuture.choice/files/.um/um_cache_1723308977482.env

Filesize
1KB

MD5
eba3223aa88c8d086fcb3e64d7bad5cc

SHA1
011a9aac7ec4354f8753cb100e53d684b1b1adc1

SHA256
748637f1147e7d5fe3ddda416d51824402f0f01631632e3bda64fbd9a1943548

SHA512
bef1bb059f91a1d5b412fd600281811dc3ec3a19cd73c186e0b39c5acc5deb2d0a2f3853c12e7da21c62aad38bfa052d4088b293cf6208818f18b95de9e07307

Download Submit
/data/user/0/com.ansrfuture.choice/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
12af31b6a28edb6d35f76975b03400d2

SHA1
75122161136a78c4b3007b1b2c89eddae68369c1

SHA256
7b965d3efa5274e63015d83f347b0fc60b6c72ddb3ae5884d289697b66708d14

SHA512
d4ca2c84ed6953b96bf1b61c8036f927082199962eb6bac01f17b67aa96ed67d90dd579130211f2d96f05cef47f7e125f50022d14c72668ed372ca6f877f6ea1

Download Submit
/data/user/0/com.ansrfuture.choice/files/exid.dat

Filesize
56B

MD5
06278a4a5eab1d45cc2256837c81a74c

SHA1
f95ca5501153087293f512fd1466d2370e513efd

SHA256
1898268db707b1e3eeb295d9d0b912b994c8db3f936a7f6615362804a58570ab

SHA512
83f5ca3fc6111143a3a124220d49d83119b991587228bb612344847b9955e0a6afd12b22f8ba80e0bead7a934ef3bdad71da79f78ca6083524b3073fd60d5bbc

Download Submit
/data/user/0/com.ansrfuture.choice/files/session-CrasheyeSavedData-1-1723308867647.json

Filesize
513B

MD5
c9af1cf1d447509ef8db862f1e91f96d

SHA1
ee32968489d51906766e1496c08b16603979326a

SHA256
bc373e5f592626d8fd6d114b067223a30638166a98355f8282e720b9d114be2f

SHA512
e1c6fc59c191e31e4e10fd9f8fcca09dd5e84602f22f25b88cbf1aa5db4c19394142caf6f6e0ab6a77bcf2279c2a73e2c9e1aeb8bf746d6337be2ec6df51c717

Download Submit
/data/user/0/com.ansrfuture.choice/files/umeng_it.cache

Filesize
350B

MD5
c7c3189d90fbd3f8ed8a0f297222be35

SHA1
4281748548e1026c88d497da7c644904bb3fabb0

SHA256
47dd2f560d458e1b403ed1f7072d653e44d9e73a6c004c13c3b2b5fcb434f8f1

SHA512
00beb3238f3c801c3e8a485342a368d7c61b1aa59534906ece8361896e574e89c11efabdef1abf1f559841ee9ddb7798b0dd802d2ea4967b91bfc9c3c2536c9e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads