65e854230c393ad883ce4738200f782ada6be0d2aa688df31fce383f3eb9fbda

Analysis

max time kernel
138s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13/09/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd509aed805917033df1a1ed24c47bcd_JaffaCakes118.apk
Size

31.7MB
MD5

dd509aed805917033df1a1ed24c47bcd
SHA1

554fcd233153b83b836143b2390e0597850e16af
SHA256

65e854230c393ad883ce4738200f782ada6be0d2aa688df31fce383f3eb9fbda
SHA512

f2e466c338f90a89df6d5915ddb47376ce2054a3031b8716eab0162a5c3c97b9ad370965213a16a5f07fc434cf7acacd3190943ade92211041559d847ad9d709
SSDEEP

786432:nc4X9uGtUXzset22HP40974651BGHbOteLZE+A4+JJX9xDxndb:nTXUAwzb2+4A74651BKitetx+JF9pJl

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar	4327	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=88 --oat-fd=89 --oat-location=/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar	4248	com.simtrons.dance

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.simtrons.dance

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.simtrons.dance

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.simtrons.dance

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
27	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.simtrons.dance

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.simtrons.dance

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.simtrons.dance

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.simtrons.dance

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.simtrons.dance

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.simtrons.dance

com.simtrons.dance
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4248
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=88 --oat-fd=89 --oat-location=/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4327
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4447

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
200KB

MD5
832bd7a96ab6265b880c73f3fa3ab555

SHA1
8705bc41b8bbc5cd8153125883d148c6ebd03196

SHA256
cc770d97d711e12e1c5c954defb09872660dfc626a3ec9bfb9fec22a91877c3d

SHA512
2f2d921af508a6ccbe4f1c8650e6d17ec00adc224570c697cb99f05f617c03c9c844d40728b4d5c32e1ec51b2b17a1b962b0952df4e197d1060e6751c7858bf9

Download Submit
/data/data/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
c824a31a320ee9413d7451f81b1b3c2d

SHA1
f22b403463fac48e79e968e29820d9848dc5dba3

SHA256
b29f2e2b4b3922800b43814fd12236646babb24575deec3eede4bc9bd543c075

SHA512
ba7a7fbc84bd7a3a0c89be406ec6bd4c7730e943407abbfb855738295dd371156c3461b19663a3a14898cc0e537f463e8c9d602130668de152bf652530f56afa

Download Submit
/data/data/com.simtrons.dance/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof

Filesize
597B

MD5
9e232ab1866b459b50184b5c4cd6079d

SHA1
e2d9c7606be7e0f433cc567f6442adf3511f49ab

SHA256
30cc156ab5760e285e9fd7741b2d87fc8d8932c147946e803558a613cdad1237

SHA512
9b76eef1f83380c13ce1203deeeebc650b63b422a4533ba210de9f30639d6315d8d96a371721430f022d0cf0f44a71bf99e0c731bd840b2541ed02f38ecfcf0c

Download Submit
/data/data/com.simtrons.dance/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.simtrons.dance/app_e_qq_com_plugin/update_lc

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/data/com.simtrons.dance/cache/Analysis/avoscloud-analysis

Filesize
408B

MD5
9eef23371f1140bd768a3a4f433bd815

SHA1
a9481ed7dfa9349ef99b81d71aa4d38e4f2e90b3

SHA256
cfbf7ab8b134e804b35987f9c30ab355eb639bbe72f4ee70578898c5f2e6cadd

SHA512
349ea8059bcfbc5bb3b1f2d9d5186043f9675021921600a339ca9ed6d56cc04901aa66d21b8290c0b5c3b2e29e5d9f540abad73229d3e03ee3d8da403b57defa

Download Submit
/data/data/com.simtrons.dance/cache/CommandCache/89a6627b46eaad5ef818a14e648415c2

Filesize
977B

MD5
5c652072fbc378aaf1c353e64fbcab80

SHA1
02209f87eb8e0cd43913198672896f7291ab3474

SHA256
ebf9f98aeb74dad7adbd5c0eb03cfa7a8f230731078fed05d49fd15826cd2719

SHA512
32feffae62dff7079febd3ade4be0f07fc8616f2c613de61a83bf61dd983ba2ff42aad89671b161c6876fe12ca34a2c1f0c309912f781c28cb21cda465a18929

Download Submit
/data/data/com.simtrons.dance/databases/GDTSDK.db

Filesize
24KB

MD5
755d1d1b0599d7be973031b5a9ed3373

SHA1
3b13cffb97005729fc20cd9b9a8547e0fa32632d

SHA256
90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

SHA512
afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

Download Submit
/data/data/com.simtrons.dance/databases/GDTSDK.db-journal

Filesize
512B

MD5
044e8caf37158c2ff763b5c4b0da506a

SHA1
baaa7aa7c7e68af5d49017c4ffa522b767281486

SHA256
5e005964b8694acc29cb89cff22e48c459c68573add56bf2eecac2f2e6b0d3fc

SHA512
ee5129074a20fc9f18faee47601dcad5b2f44c14c6c841d50f176b4ef21566ca1dac9da0017b9a4ba358fa3a05f46ac91968366d3af9930f956f050aff2353a2

Download Submit
/data/data/com.simtrons.dance/databases/GDTSDK.db-wal

Filesize
36KB

MD5
f71cb50c000e617bbe054eff7e7d45da

SHA1
e8448672553caa6bddd49424dfd57c51a08e8c02

SHA256
bc9db0c117bd3cff3943b62eaba1c764be50d1aefabc4d6a8a844f22e4d333a1

SHA512
89bb156e2cff20fb4a9fb05a18058a7679efaab84905828c03f3e79fee019ec4e5edebcf8bc321bce0b8ec326fded8c1fe2843a1d3a93fcf1329281cac7b29c2

Download Submit
/data/data/com.simtrons.dance/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.simtrons.dance/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
8caf6910cf085e6a8aaa8324462b2f64

SHA1
6fb3f2f0ced7b37fba86af6e4c42c647210a59a6

SHA256
da9a6f8a82410366b94469d9e231d689c0cc2189cc5548e0584ade332e49f1c6

SHA512
3e3c95eff54471ec87a058c1b1d1b156d979840bc0a2fe18b3a8d2c5f643267284e687ddde2ce4fd177887ce8da67790128a4ed2652a7de6e826205bdf8a3875

Download Submit
/data/data/com.simtrons.dance/databases/ThrowalbeLog.db-wal

Filesize
64KB

MD5
8ab50f9304678c526a38ee6d5834ce2f

SHA1
8df345bfa9921bcd7bb49a0613fdc188b115d0c9

SHA256
5c268434947392c33b2ef68025d0e4907b2d8da9d6681ca9dd32aa336c6f90c7

SHA512
6192a7f79df2ab3ce7b5de749b5fc0a2c34f61262d3e3c8470924dd8490d8e4954afd53da77115bf2f481283879c63a8f0883eb95882fc4b3256ae9409575b7d

Download Submit
/data/data/com.simtrons.dance/databases/_nohttp_cookies_db.db

Filesize
24KB

MD5
692957a8f6be4a25986a068c449b83ab

SHA1
04223c8cbcf0032443488e3f5f9bee9f91eb5f7d

SHA256
4895bff14c71a617ca75f6ce7933b28332ee06a1b2aa431ee3e108db693cdf0a

SHA512
0617a88df6a60252050fc5403f6d01936bbcba961d707474d62bf97cf1e2034999befd13fac5e58d430ce43dd45dce8e2e6c8b6b125ea53dada382aebcfa3742

Download Submit
/data/data/com.simtrons.dance/databases/_nohttp_cookies_db.db-journal

Filesize
512B

MD5
c28159ba47803623ac891ebba1d1884c

SHA1
3e43b3cd2d8c3c9c25adab4e4e8706ed8d7584ce

SHA256
dacfca100c5c1db573cbcc421baec1f96d8034f903ec1bf12a90386909132d70

SHA512
443019e35c870a9838b78fdebad7decfae7375fd37a8a9fa9c87476bebc53121934524bd9f547dfdaa13fed22ae2e49feb023f0870f21ec7084999f9673f55a3

Download Submit
/data/data/com.simtrons.dance/databases/_nohttp_cookies_db.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.simtrons.dance/databases/_nohttp_cookies_db.db-wal

Filesize
36KB

MD5
f55661cbbdf44a31ef6bffd316531871

SHA1
2ac42efd623303d5470231d0b3ee85aab0d7a643

SHA256
36c4cdc12000957a5f1275e587351995295682dae55fa20660fcb89ecae6bd97

SHA512
af11e18f0d62b59fb9ffeb7088fdafa49e53a6f56c4fc3d07bef75a31ecfc8e78616bed0c5fccae029ce086e7d38b00ad375549c3ccc37d7886ce78a8c75485b

Download Submit
/data/data/com.simtrons.dance/files/.um/um_cache_1726187085499.env

Filesize
576B

MD5
79e9c58bd818ee3c5c09e8918c952f1e

SHA1
83b9da19f619c43498ad6744ace0448bc2a747e7

SHA256
94b7da0f4b48ed3cd6d30fff7502ab06847d161225bedf4c6d2da558300dc7ec

SHA512
e16fde0971d72ce8687b111d3402094e4726497858ff67314152f50aba76a1fb5820bc8c3b65398b6134cb536a426a7a9ef754abe9213e2ea0452196c0ddb8ad

Download Submit
/data/data/com.simtrons.dance/files/ffmpeg

Filesize
20.9MB

MD5
bda12e3dfe8b6eb80c662070772c4ac2

SHA1
0dd4dbad305ff197a1ea9e6158bd2081d229e70e

SHA256
c503796d94c4290e06022d96b6a1235cef8da16a7912e2752f91f9a7b2550a6a

SHA512
52ef632bbcb066a9bc0b7ed40d58bb714a44a48dd8646081efd8c7bd2ad3e26b09f71e5f6f9a4b602057f8d183a47c69e7b549d01e5010db431fee6a3aa1af1b

Download Submit
/data/data/com.simtrons.dance/files/installation

Filesize
446B

MD5
12a4275fc42be742b9ec43019b936935

SHA1
5831e065b564b9e5e670d3c8d17657c28b2a92e1

SHA256
1846570abf5ba23b2362bf589adc68cb7a42145e85795712acc0d29c09d1c59e

SHA512
e110d266cf78d029defe5f2ba8c7d80aa9c238316db41bfdcfdfdc316de289556d1c7529b7ea3c477a8c2557a22ddb7515d48a9903443948f72e05e4524c32d1

Download Submit
/data/data/com.simtrons.dance/files/umeng_it.cache

Filesize
310B

MD5
e1096f24fb21dfbe9856a19866e1ff43

SHA1
564aeae18c6155525b9dc23684b93dca2d0a8c4a

SHA256
abc70dc0b036e37f8bdee0b56ffce146211f4f6bf73b686eccaca47528203696

SHA512
10beaeae59e74f06dc0e7eb9fc8c5894b73c379b21932b9cc6fe152215303ec9444451c3a7387e78a352af76f873ff56479463669db0372933a2712c6252faf0

Download Submit
/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
447KB

MD5
18d993488057e5503dd41773b521d1d1

SHA1
641d0403573ff6c9357baa8b65af1ac4730f7ab6

SHA256
fa8399ad7aa60d0d81cbb0a238ebc165353ebbe2f1954435a67f50269a07e1b8

SHA512
7e85d64667fb9a3d1f47e467843926ac001a4285db9a4ede636d7035d08976c0a369d865af099f7108a332a098e86871b47d0d536b86409cf1fb3e8be1cb4f03

Download Submit
/data/user/0/com.simtrons.dance/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
447KB

MD5
78e63f35801a4158ba942363d57deed5

SHA1
9c5840fbef9a6dfa9e023e024e7463f847586a88

SHA256
6f7f78a6e902a439ef058ab59f4c57415c44150a1ee01ca51a8a6915f11b0ac0

SHA512
9f08440992df14d934c735e2a6daba56b3c6d4da330b79bd4ca179746fbd8e63ea15ba8853669e5fff919f3cf4f3c27108c27b920432c1de3be32dc985707caf

Download Submit
/storage/emulated/0/Android/data/com.simtrons.dance/cache/newlocationCache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads