56cd7223b0455aa168a5a5b2979aa19a4ba6be7503603c0d4c965fb67f2faaef

Analysis

max time kernel
33s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
19/08/2024, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa1799929144e9266156a68b4e3d1a00_JaffaCakes118.apk
Size

6.0MB
MD5

aa1799929144e9266156a68b4e3d1a00
SHA1

82e122d1a1f86d7fc2c35d0ba0324f374118604b
SHA256

56cd7223b0455aa168a5a5b2979aa19a4ba6be7503603c0d4c965fb67f2faaef
SHA512

4817ebd1e6067c7d7d111750f43404a6af499a086d7df10166feffd5e3714cf4f8e307ae3ce9e2fce237b4b52b15ad5f6511037cb28329b3e403e37745f4339f
SSDEEP

196608:7tKW5eQM0ET/Vyd+ho4GYEzFDyaol3M0Bz:r5DM0ETodh4oeawvp

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
9	f.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mojingou.visa

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mojingou.visa

com.mojingou.visa
1⤵
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact