7864e75909fc3364344d2221e400dde275e1d0f0b2dc793320fbf6b4ba26f90f

Analysis

max time kernel
9s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
25/08/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0e6b97e5871df387978cdbba753f81e_JaffaCakes118.apk
Size

4.8MB
MD5

c0e6b97e5871df387978cdbba753f81e
SHA1

dc9c0000d4b8c9a2bdbaaf1083c73113123aaff9
SHA256

7864e75909fc3364344d2221e400dde275e1d0f0b2dc793320fbf6b4ba26f90f
SHA512

dd4d7b8bf98821f8cb723ebeee6612fba21f93410f99dce40c7c69bbbee1b06b25c85ae8939a731c66fb4d1ecdc8785c90b6014fb154109274d11e230c8da9a6
SSDEEP

98304:z/XOOeD6u5pmrfEcTo+KWrS2jsHlBE3zVTDgnnfEnjBfZ8sJVcGfa7u/q2lm:7eco+ETyzVons8wcGfaP

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
24	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gunxueqiu.activity

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gunxueqiu.activity

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gunxueqiu.activity

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gunxueqiu.activity

com.gunxueqiu.activity
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4628

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.gunxueqiu.activity/databases/reportinfo.db

Filesize
32KB

MD5
122b1f4e37ddf0cbf837a273f73b32ab

SHA1
87a5a5c299c2482e755b2654b8f2900e4333b8f3

SHA256
e6d1f39d43fc01735f6a729534395a7ddd1a124a171adce282fedf23cc5121cc

SHA512
0b29e446f8b06545d01aeb3a19318b1126d09fd20f8fd5b3321a1717702fb4bd67a402fe9bc3472b23f367bebe6bea2f17946c933a9d910411fee37d76112f3a

Download Submit
/data/user/0/com.gunxueqiu.activity/databases/reportinfo.db-journal

Filesize
512B

MD5
6dc41ab20d8cd19822241d66a79ee08f

SHA1
2679a11d7fb575340fe7c7db3d952e28fb5234f7

SHA256
c57cfd544b90195d6f936d67d008fa8ccbcef938ce3705021d752937aa2de8d8

SHA512
8ae2d19ec2b071596b3b2bdacb1374097acde2e458ad1e9826bf7c1fea8f2fbef392206f4e516d20b89402364a1f613f0c52ad4ff0966f5acba2a474f0146a1f

Download Submit
/data/user/0/com.gunxueqiu.activity/databases/reportinfo.db-journal

Filesize
8KB

MD5
f84656fb07607434e248f46f7faf9cf6

SHA1
a82f6d90a67c6f11e5f224addd4ff35c39d8bf0f

SHA256
d2395c4baf3f760eba378520212dfaefc32b72eeff3c7d134f3e447b1777da1f

SHA512
e9cb748bfb564b654a74486048976897255835356cc4ba46776c0fba6d4eb54241b2e9a05b8d17754df9a4e19934b209ac53a33b7746796de05643b0cf512e0c

Download Submit
/data/user/0/com.gunxueqiu.activity/databases/reportinfo.db-journal

Filesize
8KB

MD5
0339133822728f9d3606ee15a2497580

SHA1
97ed44df6db7e54a15ea853209e8eb0611ca51e2

SHA256
5e0d0c4c7fc590f905243faee4d44f8feada4f6464ec07b47ce32dd1521ad3bf

SHA512
623a61147223e76f73277387616e7fb6eca2f56fa224180e8bd4a2f9e5aeacfdd0d4bc6b41278ba2de4a3094561bcadfa67e5afef54dc4d1ee3609f091f23e95

Download Submit
/data/user/0/com.gunxueqiu.activity/files/.imprint

Filesize
777B

MD5
03ed75d86014bcda10e394e77535a6ef

SHA1
1eb2f252306d2f2bd6cf8cb0b633720fb21c3d1b

SHA256
82bfe0802668b69c6165db77f7ab29f85c81b7b8cbf1ca2fb54a8d9deee8f056

SHA512
b6a166a42854a3cc428ef9e1e1329f90e350555ef9c3f87313a1b8f7e33a3b0595599dc3c9622a8d3bf928082762555c85122da2dc81d64ddbab9f49d5d895d3

Download Submit
/data/user/0/com.gunxueqiu.activity/files/umeng_it.cache

Filesize
148B

MD5
40b02670db66975b07b45b76c06914f2

SHA1
0dec9d31a913896ee77ca64859aefa7aba70655d

SHA256
7b625c30cbfb1e8b65a4c4e826b6673746128643ae68374cb864196a73605a41

SHA512
219e67f05d17d3cdb77086bff6dd5e379f7ebaac387c2f25c723c4d229ff659859da6ad3802ebd9f57afdfc2a6d5190011221987ba9efb34b3e543e13f5ae56e

Download Submit
/data/user/0/com.gunxueqiu.activity/files/umeng_it.cache

Filesize
76B

MD5
c27542c26ebb709ed7cd67c8f34c1233

SHA1
45cad6098d9acabe07a6e157a7c8b24c17b589ea

SHA256
118431f482bd946efb1d7ebede61408e4a626bdd257044c093ec4274228d40ff

SHA512
eb0b3a260d32954b458cce3b6b2a7a8ffb3b6939c9ec44f5fda4790a7b146195cb5f84af91c2e63a65d84b1ec03e10911285ce2c7dcc7984d16420f0a4807f1a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads