e9fb62920c54a342d12d3f0336f5b44eb26a9b03d0115268dff7abe95ac9eb80

Analysis

max time kernel
126s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19-09-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacc3240988966d620d5569813aa87d7_JaffaCakes118.apk
Size

10.9MB
MD5

eacc3240988966d620d5569813aa87d7
SHA1

fe3dbbfef57d57fb1dd3e6b8d756eac3bdd147e2
SHA256

e9fb62920c54a342d12d3f0336f5b44eb26a9b03d0115268dff7abe95ac9eb80
SHA512

82700d53df245d17e859892c5192316622fcfa93958b347629a1a2a5b7e5563fcbb0defbdab741ceafb7c6edf6ebf42b3e59e28a5e898dc9c225c219e20a070e
SSDEEP

196608:2+OHyONrYXNJXuZLOt4fyXKgVJt19ErYDGqetuc0zcGGLxQRgKMUBlF2n62joXIB:bNdHGEaqeXQRdfUn/AI8WQasCf

Score

6^/10

discovery evasion impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
18	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tc168.qq16

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tc168.qq16

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tc168.qq16

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tc168.qq16

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tc168.qq16

com.tc168.qq16
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5052

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact