0a0859bb1c8d468ae38325bae4fbe939a05d2c40bab20cd4d24979d1483e908f

Analysis

max time kernel
65s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14/09/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df39e1bca46ff9067b170af3b2f005c3_JaffaCakes118.apk
Size

5.7MB
MD5

df39e1bca46ff9067b170af3b2f005c3
SHA1

f30c640cad1168f315644707f238c642dd3d7fe5
SHA256

0a0859bb1c8d468ae38325bae4fbe939a05d2c40bab20cd4d24979d1483e908f
SHA512

04c673038277711f3e9e499537dfe8cc87b3892e26aaea5050802c7be26cbd00b5e9b59d4f836164e3cf60daa63490f279430b773b76a5915eb3f5780cf81d6c
SSDEEP

98304:gcpk9rV8BO3BLVhmwCsqDylf0AWgqPBUqojPW33tvpmGJ1DQ4GvLW87C2iWR:gvwO3B8sqOt05gqPBYrW33tIQDQ4QW8D

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
6	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gamebox_idtkown

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gamebox_idtkown

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gamebox_idtkown

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gamebox_idtkown

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gamebox_idtkown

com.gamebox_idtkown
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gamebox_idtkown/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.gamebox_idtkown/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.gamebox_idtkown/databases/cc/cc.db-journal

Filesize
512B

MD5
4338cc6a8d2b9656be995983c76418dd

SHA1
c383712bd1e7a41ec89070db9025c4543c6f44da

SHA256
eea52e0ea490bb82cc6bf6dd4b70baee899cb4b3d96f58e304175039cba073ae

SHA512
f972e0cd82dfd56f734f6c1ac361304ee65ba20b4669561924782fb9b65d94733a75ac7ddfb5514563674c4a0f314b9098d6eaefbb25af0256cf5775597fa098

Download Submit
/data/data/com.gamebox_idtkown/databases/cc/cc.db-wal

Filesize
16KB

MD5
e4b5fcb19a28df31cf9521cc34c960b2

SHA1
788cd0cbadcd073d1106624ef283a71edac40b6f

SHA256
63ce79d098b762015c2e68626c5b86a40bbe3c220e2335240b1451f792a0053e

SHA512
70764ec2a4d6e3351057fe0a776effec930938197cd328f6b51b846deaf395d8fc6ba70fb2598a777e4c1cf30f90e28b687290a7d4ed888262b96e6b2edd7e45

Download Submit
/data/data/com.gamebox_idtkown/databases/cc/cc.db-wal

Filesize
48KB

MD5
dbe2ef31e83e13f6236277e107cc4442

SHA1
26d752842ba2c891765a69e0bc12e9e34f5ef74b

SHA256
f0bd7c39256306684ea405e24d9f83c63d2721ceee1767fb8b7bf40d07910db3

SHA512
b6eed55445926522f50a2fe4c8822344e68cfd753dfa7b744ade6064710f700b4fe3c11f6093f91b674278d91d72edcf5aba5d4b61d97f37e7365eb86999e8fd

Download Submit
/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-journal

Filesize
512B

MD5
33d5eb8ad8f14694dfa02fcc7fb0d503

SHA1
0be900a3008f0848e30af8e66e917c673b705cbf

SHA256
07996a429ab7add13a9dce8f901ac0e3ccf1cd433d71f03d0670e0ff21fc56d3

SHA512
a3dd5dddea1582e5ec3fcb9434f21b2db81e5b56831f3b514237c17b1ff805aa6a0b63435b41ace98cede222987c7c8bac1b1e4c8a6e962e471182083261b259

Download Submit
/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gamebox_idtkown/databases/com.gamebox_idtkown_6071box-db-wal

Filesize
84KB

MD5
24be77fdb5c505ade6d585bf1e5efcc4

SHA1
642e940ef8092ac1aa83469d327b21151c1f7182

SHA256
a76f3ea517702739a298cfc1e0abe019b72501aabd77225f3d2bfda178a6d8d9

SHA512
8e80062e7102cc7516b2733c56a0dd434cdbee5c82b3fbbdece07161f6900c57d814b0fd7315cdef7ba12ed1a60bd9b96e1059767a991d7b58fad6aa90533f75

Download Submit
/data/data/com.gamebox_idtkown/files/.um/um_cache_1726276430244.env

Filesize
1KB

MD5
b260f3e55fcc389bb4cf517bdb5a5128

SHA1
52271d4bb871384712158a1569d87b4a7dbc46ef

SHA256
64e99535837f4ed3bd178287c44834679db11c34a7b78f5edbea42ef2faf8556

SHA512
7119c09fae3cb8f853130e47ed470fd767fb890bd26c6589573f40939f963a500a85427031fee68fafe7e2560fc0ca0de6f1c9c3d355dd1c19f2fea2d67c2209

Download Submit
/data/data/com.gamebox_idtkown/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
0dc7822471f15e8fef16fa39a03e0f7d

SHA1
92c0591e91c686d1c19a53b30c85b217c76efe95

SHA256
d963bc7277b75e92558f97ec826d8bb02af284bd43e56da3c071ccac9b636053

SHA512
dba480581a073875d92784afe3b85fdf51728bd14be4916bb270ae2e6a0952a27e1cb4924d3febe9d7979ad3f4c928aefb6cb8af7c52d062bfe72c55b090f50b

Download Submit
/data/data/com.gamebox_idtkown/files/jpush_stat_cache.json

Filesize
138B

MD5
f3a5a49228c9d867da74d75455348c34

SHA1
4adbb1d7dd554f7dfe9bd4db7dacb6f1c38d33eb

SHA256
27513c7aef3973de06608df216e4887b6a4a600582c51aa6227427443a61ea0c

SHA512
1764b2d035f4a568b8fa55a4ff3e1826ff9b9fb364109efbdf7b526f4d64624b7bcd4668968f3b31fb11b9b63a5609d9e0ed40b5faa8f7638782a3e8342bbb57

Download Submit
/data/data/com.gamebox_idtkown/files/mobclick_agent_cached_com.gamebox_idtkown114

Filesize
2KB

MD5
fed67c72b92b6bd56814c36f318b87e3

SHA1
2b71b96185d6f0e1a8d44d4ff20f436d79b7a5a4

SHA256
f36e1af3e8d69eeac38f741de46e227db0b3a29184cc8e1a41664469be8702fa

SHA512
d9c15bd1059803ab63f18f14d0c6cb76d0051336e1a71cb9c3c39e013cd15769f18ed97bf5507a0318e26c684d8eb4e8d74b7548f2f1ea89d2aac81ae2467d60

Download Submit
/data/data/com.gamebox_idtkown/files/umeng_it.cache

Filesize
498B

MD5
0605fc8592ef3bc169c8ca28c893b257

SHA1
74005ec6cd391ce949e0a3eef78372646fd5eeab

SHA256
e1ab9228e77bf8b6695f74790a4748229a03fd94ce668614e6c0b930963cad6d

SHA512
6053dc5883734940247b03bcb1eb689f7b37cada8a9edaadb0058d6c6626b417127113810762cbf67b1a4a3de69e88b69d501040dbab362be15c45a27ca3cd3b

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
556ce32f2e2ffa8d6908cf49eeeb6b66

SHA1
10c4b295085b11564398debbfcffc2020ccd0a60

SHA256
ca60c794a096ac210dd82626ebcb09464475ad58a540ebfcb927b44b63f4a100

SHA512
f5d1a6054e1e5ba65a4c6b64e0d86ce71a8e9255a9a83d0f18f0c52161149205db4b93c2a1e4fc0f090f50ab06ad20e2144604cb53cf8badfe290079d08c86f1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
56cedfebea8281d1ad3a2766f752e35e

SHA1
78a87df7c16ef5124cd6265bca8ced9a213cd81d

SHA256
8e9dfe1efb99b9330b525b4bab113c18b242393d2d83a8ec0133d41233ba31a5

SHA512
b3b2b1c768793de6dd6829436f039a3c7ce99abcfc22476ce80e2614dafafd062a8b75cc7878eca63373be3871197228581425492693353eafceda01c376bfa6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
222B

MD5
703f43994f893dbf3043b346b5b332b0

SHA1
638ef4aae468c792ac49c9d6d93b12173f3e184e

SHA256
6db63a0db91470f4e0984f76f8db58e6fe6b071f788a7df62a649b0ce793cb3c

SHA512
9b96d5303188b5e305a1d4782fcf990b85bf5464a5d31445230f0f000297effc62256743da89d94bd423e7dc7f363cee5002bae9341e1c53fa8ff8c54e1fbac7

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads