4a847e0b1d6412fa165f3adaa4caf7d2579fbf2ea5269e11258c83302f53b0c0

Analysis

max time kernel
6s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25/08/2024, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c001ecfb382375162336eb7de45c55b8_JaffaCakes118.apk
Size

3.5MB
MD5

c001ecfb382375162336eb7de45c55b8
SHA1

7c50fa459c544082733c815c10628335cb949b3c
SHA256

4a847e0b1d6412fa165f3adaa4caf7d2579fbf2ea5269e11258c83302f53b0c0
SHA512

b76347059548ba3d8afe2fc5498ce817d054d67593dbfe6f364e1e1bab8e602c47a049ca19ae9e3f4495423257cefb76b139c7061a23af68d4fd424a3295055b
SSDEEP

98304:8jydfJP1Sewf4w9kWvVfm3ALsifcPjEhVSk3HszAY27Wtz8nkVP:jX0ePmVeTif0EhVSYszO7W58kVP

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.Apricotforest

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.Apricotforest

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.Apricotforest

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.Apricotforest

com.Apricotforest
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4219

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Apricotforest/databases/InitData.db

Filesize
12KB

MD5
ac5735ca3c01dd053bd0a9c4bf629235

SHA1
a08ef01b579c448aaa2dcca28e98a3404eee1ba4

SHA256
daee5033ff0c95bbd5d6299f87ea8935e7627df1e2f53debeee452cb15aaefe4

SHA512
431137593afc5b31714ea7f07af788b0ea895f544618bac6e583b542db0d3f5524636cb0dfde060b4353890a82425b78c70a5e2be5e26be0aa0df442f7b4e75e

Download Submit
/data/data/com.Apricotforest/databases/InitData.db

Filesize
2.2MB

MD5
3c0d10d68ff4a2a0ac953d6f79608f57

SHA1
fd4bd8061a8670637edf064fc6c9c92a9049292a

SHA256
f0a64116e082195c7cc40bd0a32fe50f5cb3522b207a6c0d3987144c2acbf62f

SHA512
b85ea9ed9c5a5080b290134f72345db6503daf892b1c12c8960a14f0330eb9b0ae40b4ab838a24c7216fbb453843f6e90f9363a08988f375ccb4f021b0299bf7

Download Submit
/data/data/com.Apricotforest/databases/InitData.db-journal

Filesize
512B

MD5
fd9392053d15b8847726b69f8ab99ea7

SHA1
a6a926b911aadaa7ea14ac3e5fb99731a63f68a8

SHA256
b0dc8ae293e557e0e6cb50cca9a5b90492644300ff50a576e3c3d73cfa3ab477

SHA512
fe0874a4260089e15265c9ef9c3b91b5cf1b0b915473cf802decbce723cc32dd726134d9056ce0eb58566f77cd2adbe5e1590a71e44393a1e801d9f38727c7b0

Download Submit
/data/data/com.Apricotforest/databases/InitData.db-wal

Filesize
20KB

MD5
c243358368d065655ac912c51bb29535

SHA1
9c2720bc379090329f03fb84b5946541b97e22d8

SHA256
4943fe82c4f9c13a0e74253c44bf6d51bb518a3f341c91129a540da6c62d0f38

SHA512
abd74d36b515d6e15b77fa1815b0a6189bcc8c03ed5ff7b76e1d99b82b0829cf6e0d9f788273556d42506e7bf45cce40f7799d7f8074b1a233132f67e0fe810b

Download Submit
/data/data/com.Apricotforest/databases/medicalJournals.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.Apricotforest/databases/medicalJournals.db-journal

Filesize
512B

MD5
49e1a92cdf0c8752f423f859b21a603a

SHA1
1d9d4f29d25e82eba9cfcb79fc89ee9c5f49fa19

SHA256
790c99f922b1e6481562cbf0aeecd15460ae0ad64fbac5598004f3749ae426df

SHA512
9d139b02683c6910af727201013da3b0c7a8c5536dedcc0d630a46725571b640f4015dbde8965267c3fb3dfef7f8d460e4a692f40e3f4784aead7ad02bf9b590

Download Submit
/data/data/com.Apricotforest/databases/medicalJournals.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.Apricotforest/databases/medicalJournals.db-wal

Filesize
72KB

MD5
ea3063b03e8a2edf9efc809f8a49f6c8

SHA1
c0ec82cd6341b77f1ae0bb86ed3a717f503e60d8

SHA256
198754100b224c66eeedf860c67f5abafbb30a8bd50e030536ef662c6d585486

SHA512
cf07d91cb383c5f130c164cdfb91d272f283977cfa550712d4ba41f3bcbb1ff818333fc15c5c15b77685caacc122c7899794752fa55aaedd78985e502a6bf6af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads