ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8

Analysis

max time kernel
91s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
11/09/2024, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daa3928804d44274b39ab59a0cfc27ff_JaffaCakes118.apk
Size

4.3MB
MD5

daa3928804d44274b39ab59a0cfc27ff
SHA1

c0debf305aa2e23316f4ab7c2417e8648f278efe
SHA256

ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8
SHA512

4decb4a3ef995cd3e84767c0fdfb84912e1d9634a5e6ffa539928cad407951fe75a0594eb96b02fddef8dac4f291431e2e292b631d1e94e5bdbac7013d630f07
SSDEEP

98304:qYWeoZRiyP9GEQrwM9yi0XN4+VO4GGjXmsbfD/+A8Dy1ZU:qv1ZRTPJQrw7i02+VOEjWyfCibU

Score

7^/10

banker discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cnw.fyread

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cnw.fyread

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cnw.fyread

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cnw.fyread

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cnw.fyread

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cnw.fyread

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cnw.fyread

com.cnw.fyread
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cnw.fyread/databases/nfyReader.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cnw.fyread/databases/nfyReader.db-journal

Filesize
512B

MD5
170901c4e9e94224b113861d3b6fbefb

SHA1
3ca4e46c91071bcdebd0158e6b6410de26278fea

SHA256
b50afd7261acac742ca5f362e46ede4d278bb8ea2a66c8d202c03d3b3fa8f9c9

SHA512
ec148c1290b8624ef7918515dd0fc6f9f626e1338bd1b085f42e8def528fbe548e29093e174ff6f9dc20874d76467967e4e8c6fa5a69b365050e148720b227ff

Download Submit
/data/data/com.cnw.fyread/databases/nfyReader.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cnw.fyread/databases/nfyReader.db-wal

Filesize
104KB

MD5
3b5a351c206f2e13ee01a27ddf7f6be8

SHA1
25410f33d962d4bbc9447e95f21a6f0cd528873d

SHA256
5d5a7792f632072c75efcf3d81830c76cceac59e497f05c2fdd1f58064e20670

SHA512
5e87a3275bdb2784a9cdcf57f758c663cc9391c9dcb4be9e4aa6ad0bd52adf4dc132894626cfe706aaa0e7916bffb6cb3df81eeb9cac26fdfd3f7ba4f486947a

Download Submit
/data/data/com.cnw.fyread/files/mobclick_agent_cached_com.cnw.fyread

Filesize
197B

MD5
4b11c9aa078173e8cb48649aa4a3bf2d

SHA1
f3931515f5098b02f3dca1be347ecf5a42b1f180

SHA256
ad427bbf2c045637dd08cf850259c8ee5dce002ceb4149bae1fe73d7088a53dd

SHA512
32f3f577bf3e2ed412fcf741f8f3bc5ca390d1a3f2c5a282246e4baa267693e912416d855c0c6d31f27084e185f4c2d09f87979dfbe8503bc589e0bda2e80cb9

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
768c27980b647dbabccc637ad8d5927e

SHA1
2ee46ed9ead86bb83ab05597d824e0bebca54611

SHA256
eae76e309d4b9bd2b0a5cedb6627b03fc3c317f96c435d42cb79ec99e5cdcbfb

SHA512
4c81a8126624e7009d888ed3fb63cfb183c7ee10247e3e79044aeabc185f5926c09edad903abf3526a0ffbf2282dd4c42460624fe8f90c7a8455b1bdb0c2fed3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
cd9e35a2869ba96efcb1c879efd70b76

SHA1
5adbffdb3df93a99c12d4122193c636e4c26ed22

SHA256
873cfee34095cb1b09b858f43a1ad8c2966d035d9c5c635e0c35c31b584efac2

SHA512
e673e021d2fcfdd968fbb0bdf22dd5bb9ae00898200ff919ebf8be1daed9628717aeee58b848548497463d4727aa9928df459fc0ebfab01d2efc4499d5d93c91

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
40a345824881c0ac423f29ac984d2f61

SHA1
11981598e5f8cc206e1f66815a7bb5fe2582a61e

SHA256
6a7448104616e033a4dfd287ad0e9532333b8f46b437ff1fab6e23af082f98b4

SHA512
17eee9148be73f8ea758ba344124f80a00c7af3bde38f3bc8744097fcb8a8c3b32865477904a6668fbc3b3d6146947605ed6c1bba9b10d3899dd8aabd8167c1a

Download Submit
/storage/emulated/0/fyReader/log/fylog.log

Filesize
32B

MD5
cb79fb94fc8985afab957d0fa0183095

SHA1
013bc0b4cf1dfbf90e0a96cc838591a3539ad0b8

SHA256
5dd876215973cbdb38b489c51f4cc00226ce604cc2d97c69f91e0689b617eb90

SHA512
de2b20604361d687c5859f65aa3f66ace9a4287d45fccbdb85750f5110351b5cba0c1c260414a7ed36cbfeda6281cc5f701f5b449fcdafa2d711b3e467794778

Download Submit
/storage/emulated/0/fyReader/pic/20010.jpg

Filesize
38KB

MD5
9dbeeb59ad0ce1472be706f204609516

SHA1
3ed1da50a07941b6c90655353ec3b69a3cc7d5b3

SHA256
62845c4f9fbf128ef9ced5973aa15da0d26ccb8ac7b23fbe8acfd4dd903666b7

SHA512
22cab9f7abf6bc8c59df685db288dca98490a6407d3dda93b6d3e973ce22eaeff384d63aff453ebc172d1c609557845c4841770e08b293ed4c704c58616ccdfe

Download Submit
/storage/emulated/0/fyReader/pic/20042.jpg

Filesize
41KB

MD5
81b4a08c2b4e1b3cc35a647188c6c3ef

SHA1
d23068c8551f117f059d4ac1db1dac7fad3c6bec

SHA256
a3be5c50f20f0d43b19965c6d605d3e610b80e2b49df0f8ca20e84a0196f4047

SHA512
f46d5d8cba4249fbff43539657d4faf0b786a40564f5134f06f18482a6479a6b8e924a5231bf1f4c789bf441ad496ef3a0df0bf8689d7da1d53c81a227259018

Download Submit
/storage/emulated/0/fyReader/pic/20043.jpg

Filesize
41KB

MD5
2807687aacc6585de58d779b7d804138

SHA1
6322241bd7bfe2f5db83e773850fe4f6cfcef6c2

SHA256
a8b5493634d9a17ff01aac58e0ac3b3d43b8cbdff63cb7aa72c070183ccf28bd

SHA512
9198d7accd7cc8b4b4bd0910db8373f3b6ca67b2c0fb8d56b7e56719ce7036e1632579ad27f4bb3db9856b36846a8d820effb75b9633f530ac657c30f7c9ab65

Download Submit
/storage/emulated/0/fyReader/pic/20064.jpg

Filesize
37KB

MD5
514fd5f858b0400718b953c9bf5222dc

SHA1
6d565a25e6869f01ab309ec98876d4cc8804bac0

SHA256
d81cdcbf47dfd75844e42096f09bbf74a1299e40baf27f75c7444c7af646b9b5

SHA512
68b917ec701888b0e8b19dc6fd2e3b3a272ff02d1da5c36fb38c2ef292d266df7ceb1a2978e660d928ce6131f0bb1628b7c39f567586de62f54164ffc302296c

Download Submit
/storage/emulated/0/fyReader/pic/20078.jpg

Filesize
39KB

MD5
3c060e7105783594c2bf486d8fe1b702

SHA1
17fe9d7b91a49c1856484715658658eee183bdba

SHA256
7844415543252dd4de154422dcfd693fac466b84d12a85d4eb006d42e362ba94

SHA512
76d160afd434bd71c94ac1ead9ba88c549b760fa994531a04f0613f6077bfbe5f1083a251a00e9868049cc4415f44d5e32253bf26dbad01cc94d493254bd21c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads