11f447443530b52f63c6c372d51e50cbedc549b75d26ce4bf8d6b2c51e8e0fe2

Analysis

max time kernel
145s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/09/2024, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead17cd0397afa3913d88ba1d32488f2_JaffaCakes118.apk
Size

5.1MB
MD5

ead17cd0397afa3913d88ba1d32488f2
SHA1

bd7794c1ee9c9ff6f516f2140a38d7f598db9486
SHA256

11f447443530b52f63c6c372d51e50cbedc549b75d26ce4bf8d6b2c51e8e0fe2
SHA512

61cf1394e0592fde5a9949a9107cb9f86107795879ce4bf2d60c1bdc06228ca80abdb9b61730e16d01c302b945fc8ec5f1457c14aa8a0679cba6aa1f4ac24a98
SSDEEP

98304:qVCqcWJn4QtJ/9m8pBzu3gCVYpWazc3GsHGX/7h7/d3bvULXyWPsajXik8k+:q7yeV9C3NVYtQJC1BYm1C6k+

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.caiqiu.yibo:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
17	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.caiqiu.yibo
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.caiqiu.yibo:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.caiqiu.yibo

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.caiqiu.yibo:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.caiqiu.yibo

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.caiqiu.yibo

com.caiqiu.yibo
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4261

com.caiqiu.yibo:pushservice
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.caiqiu.yibo/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db

Filesize
92KB

MD5
fcfe68e1f30679a8ef686afb956b9a53

SHA1
384b6627bd483ffb87bb5f9b5064536d557fc122

SHA256
42e220af4f2f13d8ce91004a0611dd0454d8c44ef7fbc986067b3f1681c5664b

SHA512
ec26303ab5b2328d14d9c1932a8946b2f046faf94eee283e1621f4b92a622306dc019a24f3c639a1bcdcfda9e222f5ee23864af9d564ebc9b281c26c46f3c8ec

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
32KB

MD5
fa295036550006cd990276cf06226f65

SHA1
96091ed93b146d360bef27904184cdb16acc736d

SHA256
751be42dc417ce48d509747dff2c429b63b26bf58ecd2ae423c6b1f6bf10a89c

SHA512
ad634747ae9306d73df94d7f8da53a90a80877a1097eb9ab3dca3dc1f14612b6fdb18d75229e4e5fe05c16cd737d5bab34721a0c24e61901797123ec0d722552

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-wal

Filesize
16KB

MD5
9a463f4ba74730fd5170c26204b4b077

SHA1
e25623dceeba0c626cac9eaf815eac3933702227

SHA256
aab5ac44ccc31a5b1c0b93478bb77581cbbee7a630179b61cd27304241073798

SHA512
a7080bb9864f26308898d8c21ab01221c018572f179f77aba17c43bee471dfeabfbe2be1f7a4a0795c4bed302ec361f61769a9f94a86ae1ea575ba47fbf585e0

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-wal

Filesize
48KB

MD5
e49633f31de461dfe8722901b88ef336

SHA1
c35ae957c45ffa13270fd84ab1c659b33620bf39

SHA256
b4eab4a7fd2bb028cde71d3e53f53d8d40b0bf85d87020bf8c48d83e0ef4c5bd

SHA512
46c152916032fde4c8526d492cb11def690e82defbb29dd6bb58dc149004b5d3e2f06d5e9322bedd9c9bf9c3a4919286c4b7fc869155d4e32d9f2b9d4a428275

Download Submit
/data/data/com.caiqiu.yibo/databases/pushsdk.db-journal

Filesize
512B

MD5
5bf4d282890aa3d1fca0f3303129f90f

SHA1
2054772f26448fea162167142b727ab55a6649cf

SHA256
c1fb5205681ecd58dddd341095d3db8299bc0951996e2422efc0df5e37b8751f

SHA512
aff991c3c992f88bc682c8e24791aa05101db3b587cd61f36a926dfe09d0b88a6299f20ffa9818b74b3f1fefd9dcebedbb5531e89f67b68ec0bc9c74b0902b6e

Download Submit
/data/data/com.caiqiu.yibo/files/.um/um_cache_1726729758264.env

Filesize
1KB

MD5
577ea6fd9c11e28ccd5e14884f50bb2d

SHA1
70a6e75ca0ca97a9a12a3acb60225aa8c5cbbc84

SHA256
5bfd28c6e495908e75778c182e6fad148d0e6ab9b918f1d945f4a014452d53a2

SHA512
75314db1e6a42e4e7ff3ad65b0d7dc04cb475dd4c95c7787a5cc8156883978c19efc7622a923637beed9efe6c00d81adcb6085d40aab1a3ee0d65fd7d572917b

Download Submit
/data/data/com.caiqiu.yibo/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3ad76b10e9cfd0770aa24e5bea4802cc

SHA1
92b49194ffd1f9d01978f87c6ccae14241150f87

SHA256
1e8ceaa9c0b6031a40502ccf58106e4464eb4253bee7509698fa200b3abb0ffc

SHA512
0f2d69e2ca6b63fbd1a0f25c3f829bea2ba594d126bce1c5d023ef1b600e887f5d23368b40a428573e85ef9a5a13d836a95c8bb3d7dabf246fc212a2c0f207b7

Download Submit
/data/data/com.caiqiu.yibo/files/umeng_it.cache

Filesize
415B

MD5
6a242d15b66c2c77ec7f68283e61f0c8

SHA1
27befcfbb3a8b68dafbf9adc8cfb058a84ab0c3e

SHA256
ddac0ba0a6f59d627e52ff32e3a5abece6c84fd37d0f4b66003dfdbf5a03cc7f

SHA512
e0818177a9e7b6a672c895a4b982c2efd45dcdfd12f71f537f055fe52d8c6706177d65bd24fc63a2ff8783deecd88303c3e80f2b1f33bfea40e9e8afc3a46e5e

Download Submit
/storage/emulated/0/Android/data/com.caiqiu.yibo/cache/uil-images/journal.tmp

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads