63eec91e34b202ee2f9e54c7902715f5837e55859d67c150dd9e5976139b62d8

Analysis

max time kernel
131s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14/09/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0d83b5a8506d10811524c311ecc476c_JaffaCakes118.apk
Size

10.6MB
MD5

e0d83b5a8506d10811524c311ecc476c
SHA1

05acd313f3428f8395c493117edd69093933a4af
SHA256

63eec91e34b202ee2f9e54c7902715f5837e55859d67c150dd9e5976139b62d8
SHA512

a99fb0c62e07c8cae68490da4fc28b5ae1da20d1fb196f9baf69d078066d0f542059b618c1b8ff455002c7c6a064e5f528774744807606999bd27f5e92c397d6
SSDEEP

196608:SsOEwis1RLWy/wOQOk5J5EhU5TlQZGBWk/02hwSxiIht9HrrrrrrRI1IkTv2byk:RwisHCaKOkS+HDRri2PHrrrrrrK1IkTk

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	cn.trackview.shentan

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.trackview.shentan

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	cn.trackview.shentan

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
37	alog.umeng.com
11	alog.umeng.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
5	ip-api.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.trackview.shentan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.trackview.shentan

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.trackview.shentan

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.trackview.shentan

cn.trackview.shentan
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4241

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.trackview.shentan/cache/volley/517649997-752217845

Filesize
826B

MD5
6388de4d26f7431f9d522a725463fb59

SHA1
408809e8997194dc05769d25beb9d2cb8c7c0ef9

SHA256
c26512b91cd619d02e5d2439158904162964f4d6300257517421d76dbfb0fb5d

SHA512
7625bb12288d3adc107ac76116572c138fb675f28c742844f4d5a36f5475b90a483b7123833fdfafe09d123698148eb6ad313a85670482efcd671c4496e11472

Download Submit
/data/data/cn.trackview.shentan/databases/.ua/ua.db

Filesize
32KB

MD5
38658f18fdd8b0c7ed978e6a56e59280

SHA1
fb72ebdb4842b605f83fe8021e352086fe42e7ba

SHA256
391ef4986eb7b1f11f65008d1353edfa7444dd62bffd6806c6fae3ba832656c1

SHA512
494b98ce53eaf907cac1f709bf6eaf5c644578679e8092f0bd93a1660db167990bcb279fb5f65c0d9d99a434619cd6ce549b4d79d3a2ebf734577a6921195202

Download Submit
/data/data/cn.trackview.shentan/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/cn.trackview.shentan/databases/.ua/ua.db-journal

Filesize
512B

MD5
56004d567c40df79e0de15cd584ab557

SHA1
27d725e9ddd4afcc5e2901e317727d7831a76d4d

SHA256
f9e0d890de17d67d899d664ae4334c605616ca6037387ced63761fc6a39cd9dd

SHA512
a2ba3e30e6c4e17ed086ce8a9db7545325f714787e773a53dd02aa275f5b85a0126bee518e52ce7df869ab988a8f9d3a51ebce47650f46c5befaddd147090b09

Download Submit
/data/data/cn.trackview.shentan/databases/.ua/ua.db-wal

Filesize
64KB

MD5
3cfff84ead66c9c735ccaf79f21df3a1

SHA1
f669fe547be5e2e18ff27098a1d280cad962b34f

SHA256
196db116b23feff129bf0d51e82ddd730896cd7e1971d9e375c8a10f1c02aa3f

SHA512
7a26319328fa3d54f2d8d7575cace12c3e246c22634c066307e7f53724c70c05d5345d1cce9cd8f499ba5123f53dc81fe8ec88298df281ea466892b15d54127c

Download Submit
/data/data/cn.trackview.shentan/databases/.ua/ua.db-wal

Filesize
8KB

MD5
90e719274af7f30404683ef6b0af72c4

SHA1
56195f1e185f1f63bb270d5a94ec15c3fb0d93f0

SHA256
ff5a002095ba2e5cebcf96f250d3aec371afe3555fb89f35a8b9a18e9fdf8b94

SHA512
b64c86066e57d760e641df17547bc157a33054531db408ad869bf94b18423434c1f37683f644c55598f91f33c4e2acdb7dd35765855b4a2187f68108847ff0c7

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db

Filesize
12KB

MD5
2449782146ceccba98c312cce3792ac2

SHA1
59dfa11a8520ac290102c9733475da74581630e0

SHA256
1459e2ee8eb44caed519a52e8cdf762dc881498cf79b43726a3f226f73683b00

SHA512
92619d3c062b0614dca8d3a864a47cdda79b0969f23ee8f3b2543af599370797f48c0ff565567023e222940169a685bf751f0f9fe6c29a5f9464a08907f54a28

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db-journal

Filesize
512B

MD5
e3d7c41196a3daf4d441f2d0874bcef2

SHA1
5439a759f3fcd43151e3c52bf5c6abc5a9881448

SHA256
ba11a3ff4bfe8f1447a6ee3e7750be36b4cecaa5ca11eea98cb0aa6326ac0809

SHA512
e82b5599fb9eaa878436f71b3d70d5428fdf5379b25df056455464859f96c93991962a80840a555c7e86fcdb1836e0f3785bac4cc9bb5f9e46994a7175473739

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db-wal

Filesize
4KB

MD5
0499c29d43f5f43c66eb0d0dd97b94d9

SHA1
4336daaaa2f1f8311d0675d2740ff74ecd8091a7

SHA256
29a86d08d432c42a8cae332f681e26f5104221917cb83a991508cc9946b2353d

SHA512
434bb53026e1a92abc7ff05d1544686f00a695ba6cd4edb5643fce3635e09ce28582af2647c4dd2f5660335883ee52ef8dc84ab013c6af6e5cd0eb6c42bf0266

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db-wal

Filesize
16KB

MD5
ee14ed7ac7a63cad75e40c0ebc417f5b

SHA1
3825e462712b54c42b20a9b51730713d30981673

SHA256
13f30a027dfa39cff264acd6fa2c3077e3b7c6a2f2457652349cd76bc75a3ba3

SHA512
d0709e6df48f19e0e18e4d1ed318fe5d6e18084fb832b1f468e7a34ec28c1981bf8d38445b521ad98fb18718c73acbc8cba8f39996b7b799783a664f3f470304

Download Submit
/data/data/cn.trackview.shentan/databases/cc/cc.db-wal

Filesize
48KB

MD5
8c5f6f9a06434634f9a7c343cae6f794

SHA1
96fe8ac2d2900fd110042ba70a0fded74e00e0db

SHA256
3d89ef7f15ad5fc771361146d5005975220f3743492819db48ec18806a11cfdf

SHA512
0a3d8bac1555bcd5a2d130ee4ea645d0715634bc851f9978182d97ae8abdfde431ead3aa0ccc9164a9309d172ef5d0398cfce1c92607efba3b3109bf3433c6c8

Download Submit
/data/data/cn.trackview.shentan/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
5037f06035086e3119e264ffb0404308

SHA1
47a0e4ffaf4d554564fce02e7ee74aa1aaf3be27

SHA256
7314146126ff89c7fbe12c42795a0e46a33cb8d3c82e924663bf874e944f79be

SHA512
6f7e124bc71e000fb0a8b156ba57757a9ad07db55c88cd590d4c02a2439902ebebf24c9277e05669bf908b00b754217408cae9c6fac643b8a7c112356b5a4f92

Download Submit
/data/data/cn.trackview.shentan/databases/google_analytics_v4.db-wal

Filesize
60KB

MD5
21cc2c33dcd6ec658943e1b782fce9b4

SHA1
2ee8c98a4b20393c44ee0f9313393e95c38be72c

SHA256
16760f8be5048cb4bc6d7a0f05a9aa80fd4be60a0992a29b8e96021533e83b36

SHA512
5ca10250d9c5b1836e716c98befb48679e73436b5b08c3e16b2fa3330c5e1f4d568cfb0dd89e0100ac2d5270bee8cad0e135acf352d9d0089bf914ddc85c2bfa

Download Submit
/data/data/cn.trackview.shentan/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7f4015bd05fb086e6ac294bef6d0673a

SHA1
3fdacafdaedb36721c6f5edafed809aa3d301a5d

SHA256
988f0a2c0c73b77161f4f2cf574d83566933de2b7e495f70352fa07783c6f821

SHA512
0919ff79b42c4ac76bb3b86f2e59c8d9be519052ed88c32279be15fe4f6d2baefe2de638c720dfa5c1632ae52c16d8a1a58b6fa12d599e232a749fdafac8af9b

Download Submit
/data/data/cn.trackview.shentan/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/cn.trackview.shentan/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
89bb9f4f2648155c77603c30990ef5c1

SHA1
3d9ea954905b997819bc4ba7f99bf15652099631

SHA256
5c08952071489ead62f02d3c6180258b071df48eb982afdd3339af9da5e0e782

SHA512
b6bdbdcf5a0a52a93504cd08ce2e0363ca13602d4159e49036ac11f5384df8d77b30f6b7fbde3b663c0991cb4eb241e2d5e55147b5b0a5b53f2a0a2064291189

Download Submit
/data/data/cn.trackview.shentan/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0ebc3e8f5b8375c3e2c350d99e9614c7

SHA1
bf6a97c21e9ef505400fd1732765d5f3892bf0ae

SHA256
074251b2e15c72a9c155aa151ad3c8cbd7f1a3ab65f3eb53b8961d59f680aed8

SHA512
249226378f81872a9f2bb42dfe046d4e570c1089ef8ed3474ac6b4809e8ec8bd0d055f84eb14c8246dbb4d2962efb01e495b80549df58690052d9c96b58b02a3

Download Submit
/data/data/cn.trackview.shentan/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f9f6ed568523cce8bc666179e3ad7f35

SHA1
eda7ebd86277aa11449db33141032906acf2dd69

SHA256
47fe714219eceb333b8a627583b15f4827f2d56de92be1e8f56436a2ba664d4c

SHA512
5d168b4ac6fbd7694c95e8f0d4c51e902889118a50b5c4d9d9037caeb5eb3376d618f82b73932d9fa00ec701412e723298dd8328e6c541c0e9323e6ae8445301

Download Submit
/data/data/cn.trackview.shentan/files/.um/um_cache_1726341018443.env

Filesize
1KB

MD5
789b85aaffc4d03fa7965c6a2598872e

SHA1
854ff5fa69f266e33fa26b6c672e4084ebcaac4f

SHA256
8bb4e2061221b6a8d6fb8911a992f1d8caf6e24ff19aaf7163aab5296352811e

SHA512
cb4778c4a74e9d794d6e6d03525276c8ed545eeccf65533f2321150b3a1f1b1467d82df14c6e4900d67c662eda78ca2c000e9b46313ae997a5f7fee12b09d914

Download Submit
/data/data/cn.trackview.shentan/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
bfc25bb518ce71e9d8208b97b4bd5734

SHA1
b841981390f84cc64b0c7d089e788ce9d31e9301

SHA256
2ab11179f9fbb0a24c7308669f3a325d5eead75b05b68c0e3f22c4e19a8960fb

SHA512
86b27439b7fc22ef0c0cb1662d8e8c619ead411577d7e2b86a4f3f87ffb3f2d7593a32f8444306055ff5d2bcafce168a7c6a0c5f3bcf4b68ab17d01a9bf14797

Download Submit
/data/data/cn.trackview.shentan/files/data-db3

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.trackview.shentan/files/data-db3-journal

Filesize
512B

MD5
8b0682eacd27402d067cd979e1e1258f

SHA1
d7c2121acba6f4a08484ae40a93da774794d3285

SHA256
bcffb594abb0c2c93ff53d855deb93ed8302ddeb0dd2b93f279ab5e8b0fb70ee

SHA512
42e1650410c6305848f310333174fb88b5d62138734af49433d33dccd37e3f11ca758293f1c2715bdbbf0539b52d4653bc9036f11ded7668b9c7b0401fa6e3bb

Download Submit
/data/data/cn.trackview.shentan/files/data-db3-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.trackview.shentan/files/data-db3-wal

Filesize
36KB

MD5
fb8d0d59306902032b17ade8570d930a

SHA1
a8b2ea59fde569989117049c430572f2f427d383

SHA256
318e5eafb95504ff5def108200df273efb758a4d636d2ba243aca9cf1b377480

SHA512
2876542e56db2bc401f29c29aa9a5676886f76aca7fdeb4ba52193362dbb050df48c0cdb2c0cf7664c77b39427414a594f114d60458413cd95c9405a3ead1e7a

Download Submit
/data/data/cn.trackview.shentan/files/exid.dat

Filesize
52B

MD5
0ab3c7e01280c5001b1645ed09396c81

SHA1
2c2c0c4ef150e12351bf0de480b8e891576f11e2

SHA256
86f4c75bc8f1f4255118c98cbfe4ad9b9475ed5e430906ea581286ebe6abd9b5

SHA512
08cc2de321019b55eb79145c429848136046770ac88b50400e4c191e7cd9a1327065ad6a9cc66a75658750c9927c2227b35e41f9f89512e5957ce5d7f98fd03d

Download Submit
/data/data/cn.trackview.shentan/files/gaClientId

Filesize
36B

MD5
1e3a903f5fc7bfebda691a6d0ac10a9a

SHA1
bb260d010ef0b50b7578eff916cdf4419dcb63ce

SHA256
ffc7d3b814b397352449d3c61addf9fcf766168b33709f412843f7520b529833

SHA512
3757d0d0574526bafa2bc84370de2096060820e682055d7349a2418307d0776314d287eb9512855355a98603be5aa711e3d3920d25dd55e49e0067ffb8ae84b1

Download Submit
/data/data/cn.trackview.shentan/files/session-CrasheyeSavedData-1-1726340910025.json

Filesize
493B

MD5
67f388035cd8f19031c4d655c2f60119

SHA1
6e062018c9731e41ff4b53b8db623b72392cd6ae

SHA256
0e2bf2fc0b0133f14f9273c786a90b2419cbfe3c19c5aa61485b3120506d6a80

SHA512
c68136f65738c24ae9792e0f78569b69b03875344c1fd89c6ee092844989edc38e2a34738f6029ea443d6c2d4ff58e23967f111c16a746e16775415bb746b86e

Download Submit
/data/data/cn.trackview.shentan/files/umeng_it.cache

Filesize
415B

MD5
d9ab14668910bcbc8e22f6aee4db1c7c

SHA1
0f0d1f3b3b9e8b092b3bd91bf7cfed0958575e70

SHA256
5cf5b3b0f3d30bfa96a128095139f52d06db3a1dcf4e587d4c49824e91f12493

SHA512
0e5fa282643ab4370df3512253a6b1f905cc9ecdd160ac817d8b03b33777976b6aaaa4ddd4eed1a9c3f66e87bc1c5aead2374d33b60e1b47131b6a188eba70dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads