61e511c90afe43ea10459672ee549ac7ee4b6aebc1b3686a228679eb0770f9a5

Analysis

max time kernel
63s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-09-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaae8d5d7bc134d8fc2d11df8e45c33a_JaffaCakes118.apk
Size

16.2MB
MD5

eaae8d5d7bc134d8fc2d11df8e45c33a
SHA1

532c4dfa1757ffb867cc01380a5dcadd21868d0d
SHA256

61e511c90afe43ea10459672ee549ac7ee4b6aebc1b3686a228679eb0770f9a5
SHA512

c4eb69f3d014385d6a7fd867f9cf78223abf98d0a42012ed2d50eeac446c0fadf1361da808742aaa9a97f9c7539d12016e8dc0acef2761cb714d2544f8569f25
SSDEEP

393216:at1ol50pcOZu9jguZUIv9kD9nOzN/NvRT0H0hYVUUy:cSOZUjgu1iwpHYVhy

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	maxstrom.game.finddifferent

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	maxstrom.game.finddifferent

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	maxstrom.game.finddifferent

maxstrom.game.finddifferent
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4212

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/maxstrom.game.finddifferent/files/mobclick_agent_cached_maxstrom.game.finddifferent

Filesize
201B

MD5
aa1de84190372f4753149d1ceae7089a

SHA1
1b7539a4b8b41779c9f5ffcdcb6b2d79cfbcbae4

SHA256
45aaece8f7086a3a0910d0adb7cc2606e21c686c869594aec8b042f3e28e2764

SHA512
55fbcff7746e9abe872ca7d7ac58becc3c541f5525afc6c4fe96d33a15bb70695f14d85c788359eb5230382484556ef2df91afc0b042fe9f668b3d90cf40b8a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads