1ddf4fafd73ae70d3d0294ae13e21d81bdc06ad2ce23c51a6b61be4d9a348b21

Analysis

max time kernel
146s
max time network
158s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
15/09/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1b888805eaa881a0ef880cd0a55f5df_JaffaCakes118.apk
Size

25.3MB
MD5

e1b888805eaa881a0ef880cd0a55f5df
SHA1

95731d2eb7fc7f1e51badd2bb331e98b948f722f
SHA256

1ddf4fafd73ae70d3d0294ae13e21d81bdc06ad2ce23c51a6b61be4d9a348b21
SHA512

a7c175b33a560323fda85017a6b458895844c564cbaf2658436a552c78be41353b8cf1e237e2b6b6e5c6d561175d446017a35b3fab1cf5c7eba4f83bfdccea46
SSDEEP

393216:o8A5eHofXEEi45seydm0SvAvwke55htS7dBe55hCKT0vydktSDQIBisfXae6C6Ii:OlfQUzwc4vw95CK5UK9xMsfXaej6Ii

Score

8^/10

discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4611	com.xsteach.wangwangpei

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xsteach.wangwangpei
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xsteach.wangwangpei:push

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
29	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xsteach.wangwangpei
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xsteach.wangwangpei:push

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xsteach.wangwangpei

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xsteach.wangwangpei

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xsteach.wangwangpei

com.xsteach.wangwangpei
1⤵
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4611

com.xsteach.wangwangpei:push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4673

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db

Filesize
32KB

MD5
824f737d8e89d132c61ef666ef39f8b3

SHA1
16cb6d62a72598412195027c5050223ece1b0510

SHA256
fd28f3895f0af66d8577a12c321435a90a20135c266d785ebc5a936363ddf7de

SHA512
93f081a2dee4fde00997776a49f0eaa965e0ce9ef42f73a8ad57fb08d84d7c3c09f0abe232310cfc9fbf5da9acf1d67e2d9e9cdf6ef4b6f0664387fa84d621a4

Download Submit
/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db

Filesize
32KB

MD5
4cac7d31fb94d5c9581893537f64c5ed

SHA1
96bef3288546196ac3058b5eeddbe9da1d999fe5

SHA256
d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

SHA512
0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

Download Submit
/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db-journal

Filesize
512B

MD5
298610c5126c7db221a60c3ba1890d9a

SHA1
079b9d9c64ec6d7b4feea75bd5704685a44277ce

SHA256
cf38780733d2e500d33b85a365cef0a9b5364dea5e9690509c6f0aed84ec62bf

SHA512
ac3c935efa8098d2107c8ef0273a3d02a1145b447f6487c9b55e8c5a50041e4e926b58404638ad22b555b518ad61e27ce2b438191c1e5126840f08cdcac256d4

Download Submit
/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db-journal

Filesize
8KB

MD5
89850ba9bb7468fe8b9a902a14061e0a

SHA1
dbe91ea3d959cd104b24c6fdf05d403fef3d9410

SHA256
36b233eedef1edf29b8eb9fb64d0d5a067f44712aa592c08058c8b401da19875

SHA512
94f565703355816d6bb0a724792fda9542f08937011f9c9205b71b466830d3ed055bf441da81177635b603c90d403e39f508d38259946a5072303ea8808f57dc

Download Submit
/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db-journal

Filesize
8KB

MD5
76f0c76974c543c677e2aa6bdab85efd

SHA1
c82f10d03a6e476b5eb66b1ab717d58ec0f184d5

SHA256
5eaf647ce4a83d076ed6e62f927bb2e0a043465d05abad49976986f6c4fc5076

SHA512
83cc36bd2ffb5189eab57c49c46b70dd2aabb74467b2909291561a411ce7969961daed1018a45320e8c380f9c75d0d2c071972fd8d663090c90eab2504ed814f

Download Submit
/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db-journal

Filesize
16KB

MD5
28916d075f1f3cd09f3a71ff4925ef48

SHA1
8921a566db6e7a641d57984e320e09c08eebc46d

SHA256
9390b1eddf66f6322a253bfb203e1db3d0074f6cf80eac199dd748a197a3f80d

SHA512
c16063590e169be52d6eab2810f95b6a16e49ea563221f2fbf488d3082b133f8c749c947e90bbc21d07c5631207348304ab90d5461524ee0cb0fa055d6136d0a

Download Submit
/data/data/com.xsteach.wangwangpei/databases/.ua/ua.db-journal

Filesize
12KB

MD5
973027ff3092d5241084fb1246d2d63c

SHA1
1c0028678ca1051c9102ac3508cdd46978f48426

SHA256
dba13ce56adc1f0c1f3838d9e0e7fcc13d8ec3d35fa7bad895f6b536971c5eae

SHA512
332cddc79c52fc32447914c8480b643b19651f6f959a24fa2d4b994f2e24bec00a34d7cee8059ec446f9b48757894a94113b9839e9a8af3d27f80f3f68008140

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db-journal

Filesize
512B

MD5
d8fd910f5e1dfe54770fe8cf507b70df

SHA1
b52940e338b51a924eb500882ec97f29d76e1efa

SHA256
a4e918def35d4e81ec24774bb3a330a2bbf4af332c04cc58948d868c46286e14

SHA512
551ed449ee942c6c9c020ab68f6504ce7dde174042a821ceb53ec5ac4c4dccb446f78acac21333d2cdf692e821bda55ccf1ad76e1b463841cd09ea94be4966cc

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db-journal

Filesize
8KB

MD5
7690f74bf03e4e41133e57a07c447954

SHA1
1ceeeaa7e72b37c26e84c94b59f25d1571c15cfb

SHA256
5a04f07f7c661e871caede8e4ea28eb6ef6a7597e36c32e86b350441e1d904da

SHA512
44dda8366928ca6490c34cd5707beec8de5cdf817762e139a38670c20ee990bcf1bb18bdfeae0e5a6faa63801b009fd194d22a2787425a22cf992ad2d9f0e494

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db-journal

Filesize
8KB

MD5
27749ae8a8e9910e050bdccc41f711ec

SHA1
edc09b6abcdeb3243aea01bff909272051412c14

SHA256
3532b3978be6e7ccd0f0e765cee6b76af1e1dcc665e645150e721276393d5a97

SHA512
d425219675838cac782abc753884e518eac2c0a0278da2ac2617794f590f030607087788658d488b6f4613b405710a06f73d44a989fcd5bea846dcf06b486a89

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db-journal

Filesize
8KB

MD5
63571f01393903cbbe8e37795db9ecd7

SHA1
514367b19d27c3740d469b5015b8d16e48f96658

SHA256
d20112034e20875470262604c63dc48fb8f2e4466799cb951fcf63888ab0dd08

SHA512
58de59d4d13de24634fd5665255211ca13ccbf58e6c1808875175db39037da0f022811dbec76702893bbcd40088aa323b64f06da370b799ec0aa3520c60093ce

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db-journal

Filesize
8KB

MD5
d286ef32241c8f4e60bd9be532a1e411

SHA1
7c4010dae5396b4a33a94e5016b1aa4c639c9b6e

SHA256
13308d67854644837faea28ed65494a70c5db9af602295e507f342c70d751642

SHA512
a370695ef58945a6d7defaf1bd21f4865065a3d3516bca5a61a50a2c3977e5dc5c94359aeba24c20546ed0992a08ae6c8e4d0ce5444c6c23a484268f4290f057

Download Submit
/data/data/com.xsteach.wangwangpei/databases/cc/cc.db-journal

Filesize
12KB

MD5
c3fecf6b303d73b1e7f8dd8128e9099b

SHA1
69c1b445b0f3d3f5a5e587e78b44cbe3f56935a0

SHA256
1894b68862eaaacb2ade72dc68e27098f48ae45ed88f34e9429c9c29c3094680

SHA512
1e777522a49b0f8084fc72c30309c9b5af38e480be160d9c7a0ecb6225a138d0bd4e8888aeb78bf042b3b01e17ef2b3fa57e43aa368064b096cd63262beac46c

Download Submit
/data/user/0/com.xsteach.wangwangpei/cache/com.parse/applicationId

Filesize
40B

MD5
a689895f98eeba3ad54c857fb7d3d491

SHA1
7b4bbe717287a91a5a6ab19a0bfd0a314fcca556

SHA256
898acf5a8ab518b0b83c6df22462def9085de719e0f25dbe6097acf4fd140206

SHA512
6e3594e8dd35521f5b8aea180ec54b6a09365a5f418241a0eacbd131cb41883b3a60f23fe0cbaa216ade13b29e73a35283ded1c5c4330c07e85068af0e17b803

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/ParseOfflineStore

Filesize
32KB

MD5
4b4a78bd7781cf85feb9626cccfeee33

SHA1
1250d2e555b9c1bc95efb40020d2186d46c7543c

SHA256
1949c51a6f4be2df469f6e01531e6fe5ea17be5f0a86d860f662dfda9a3a397e

SHA512
04cded8008fd55d786af92186ce2128a323bd083774641a681cd616ab0a293b3d1b9d6873619c31e52901e9d54c3756bb9020edc8b209bf4fc79b11f3de563c3

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/ParseOfflineStore-journal

Filesize
512B

MD5
fe130c55e982a3c15d170ac89dc02b2f

SHA1
d3ae20605098ee2c54bc4b4023d9882ad948d59a

SHA256
123f47bc83f75be32f5fe2c74daa88d738dcdf9ffbdc69572c5e8115b5f3c18c

SHA512
210441f6eccc00f3e41db8ff9bcc21d7f54a01fc1cc23f42f1f06dc75898afbb63f84c2eb9331e6fe1ed571ea979dd404cecff9f6a77f91b677d18f9e4a94ced

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/ParseOfflineStore-journal

Filesize
8KB

MD5
aff132a812cfffae9f141d28847839df

SHA1
f7a241e2fdd5b8fac6cac62a08d6151c56a6c457

SHA256
411cc4a6f3a984a9999f4ea35ac68c22ed5c3b1fe2557a95a5792dcd8d126714

SHA512
7d782ded920904b093f8845138012dc3ff1ce938fa2e27760a9b59ffd12d32a79f83718566be5c14ae239c3aba802da84c00adb238b1bac4203f32ca2e40b1a2

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/ParseOfflineStore-journal

Filesize
8KB

MD5
0417b5377389076154db4d2d2f0e892a

SHA1
4fa76a9603c664671a72df9d050a1ecb2888e61b

SHA256
f4d836fce63d852b926f59a2b385b729fc03e803b0213096983a07875cb3b501

SHA512
1025a2166d15a41e5657a4e357ba61fde93370d5fb57e3ade4271efa4b79a46c5628834239f122d042c133871ccf776137f30b9b438352ae5fb9a52faef1123e

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/cache-db

Filesize
20KB

MD5
f64abcaea5830d63bb9f95de38842f72

SHA1
64ca2712ec8e318be174e79419f40b0ca7ae01eb

SHA256
c8a86528de0381be797654feeb57e5749051b64555c808f5cc2b78f66c70310c

SHA512
5fc7e0497bf5857f6dd8d46857e07596bf7dc261522ecf9266f57973157de0a512027524d63aeab0eb3c43bce05cec38f1b5f000c353300637e21c12841e56f4

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/cache-db-journal

Filesize
512B

MD5
c341be25c4dbda249b627b925176d54a

SHA1
bfc53b071cf129443c07fd76440e37bd857ec45d

SHA256
3d8d12af1cf980f87d8f8314c1e3836d51a377caccdbb9d192578781bf3e91ea

SHA512
bedbadea5ac9d7d122d55e294168f1394be71d779da9961439757111e83ebcfd4d0d98b5b82a3b2ff9624d2243cf877ad0ce013f4119958c6db0494b9f857dbe

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/cache-db-journal

Filesize
8KB

MD5
131e656b6839289098129e5442ece473

SHA1
de9beecb71769ba5bafd53f2676e15f0ad8ac4e2

SHA256
4b931859a8355b79969ff3ff3a0fd20f299414aaba155514ae176d1cf01c4d60

SHA512
ec5fb3ec3d837d779aefc6e6ccd6c248e06ab20e7e2e0cb44cbd1697a7dd477d52559715bf1a8058f172ddd25498ada5203a0de68d3e3d03ae05615816bfe7a7

Download Submit
/data/user/0/com.xsteach.wangwangpei/databases/cache-db-journal

Filesize
8KB

MD5
668727ec880e101d9fd0fe87245263c3

SHA1
03c91cf72a7e539de876206ae6e1ad9e6e3c8e68

SHA256
38d1f052ede77a15866a89fe1fa7a3b22906309a017c12e95496d7b3be686fd5

SHA512
36151e2c64dbcea8ee48a841d6762aa2a8ce82088d82a2ab34911961481440ebb51547b59d774dc41b0d769e4df72c755a6ffc0cafa4c3a412d532decbf86e89

Download Submit
/data/user/0/com.xsteach.wangwangpei/files/.um/um_cache_1726375390851.env

Filesize
1KB

MD5
24cba5e2136ad857fd2169049539b2bc

SHA1
2d18a9982551bac2dba674f8b54816918e5ef65e

SHA256
b489c0483794a778ec7cbb38134be0de343217c108a8f4e962472db49b32b690

SHA512
fe77c7ea59ad5544fae939bf9581a273653fc1aa88bb6f74edb07847e6ae4c04e8d45a79b5a89c5dcf768048330332b2cf0bb92c4ed12a4e7c5b95ae7d07488e

Download Submit
/data/user/0/com.xsteach.wangwangpei/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
efb6f6dfca9416e20e9402923a2f84ef

SHA1
13adc926c2510178219a2266b0529a63ea098655

SHA256
89c21a726a2c909dddd85f80a12cf5c90c4a292a478d03de49fc4cbeee91be40

SHA512
4d07aec7b9b016d22dedc1c786bacc922e5ecf685eb8f0e5f18ef41b054bb02f6f5774d7f4972af4bf865abed74b4b2fa91c685cbd8bbad0edf06ebd01d55b36

Download Submit
/data/user/0/com.xsteach.wangwangpei/files/exid.dat

Filesize
61B

MD5
bc7cac28806737c2f349e498cc5c4511

SHA1
e93236cf7592eecce761546abdf40beb783e959e

SHA256
f97a947e63a3598cf4aa9e7fd29eb767ceee8add87f626b4822e75b2f2efbd34

SHA512
548fa869152fda92c55d9126d3a5db6ad40d608676bb54fc44aef25f3efc41bc9891ebace1b6918749bec6095abd90c4e48a5dd262e01e4622148bcd5aa0265d

Download Submit
/data/user/0/com.xsteach.wangwangpei/files/umeng_it.cache

Filesize
433B

MD5
ae8fc0a699b6a66d6b4b172de4611c6f

SHA1
83f66baf81e0bbf73b661134a11ff9b9bbd7506e

SHA256
a1f9083f84085c6d4170069d7500815b231aaac2364ce8da658ca4ce0e9c4a6d

SHA512
008f1dfb53d387b6edfa268f43247ad1acab68eb60f27f19b7ff7059c43f29e698df78d4559a9bdcaefd4a1bc68ebc01c22b1b3c63d749fc348b48a689c28d41

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
30ee57d401a24d1a07ab5f0f36827645

SHA1
f3949b263700b50d534c8bcf1ba449f007910939

SHA256
5091ac972f42fa251b5a07a65fb0cf970de840219a46200d6ed6928c5b0a1fec

SHA512
9332067cd29e19a7e7eddf1024ae9187f542ed6b2e1ff88a9028a458807202ca136efa42ac28258e4628efe5d8ddcd3eaf5fb36721edac2070b77b9e5da3fefa

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
1804a7d9bb424b59887069db48e0050a

SHA1
a2b2ac1148b55ea0fc45bd2fd6b24e99ee4548ab

SHA256
bdc8b87e6d2b66a374524fbbd323bfbe759c68612d91009d19febdb9b23cbb1d

SHA512
3438709943b8e1446763d460c249b7c09cb8c622389bb032fb13b5f829950a4fff275ed3046e78aa59a1f695ba09241c565a09671d15f764d9a3e6c375590919

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
222B

MD5
17e005b92c3311b6c3798fcb4af61086

SHA1
72661fed809ae752b061d48f508b6271328d2895

SHA256
4312ce57ec4a49b8d746383e76f76b32c2d48414725d0ae0105f7a7061f9a7e2

SHA512
ff59a43cca052fd8cb6dd02cea8ba914b8d0f9958d06f06aedb7383e91b98d5e05c5c8d2c215583445d23763ce6807a67578af1d0c7e83a9fd2f4c73f765dec9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads