11f447443530b52f63c6c372d51e50cbedc549b75d26ce4bf8d6b2c51e8e0fe2

Analysis

max time kernel
144s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19/09/2024, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead17cd0397afa3913d88ba1d32488f2_JaffaCakes118.apk
Size

5.1MB
MD5

ead17cd0397afa3913d88ba1d32488f2
SHA1

bd7794c1ee9c9ff6f516f2140a38d7f598db9486
SHA256

11f447443530b52f63c6c372d51e50cbedc549b75d26ce4bf8d6b2c51e8e0fe2
SHA512

61cf1394e0592fde5a9949a9107cb9f86107795879ce4bf2d60c1bdc06228ca80abdb9b61730e16d01c302b945fc8ec5f1457c14aa8a0679cba6aa1f4ac24a98
SSDEEP

98304:qVCqcWJn4QtJ/9m8pBzu3gCVYpWazc3GsHGX/7h7/d3bvULXyWPsajXik8k+:q7yeV9C3NVYtQJC1BYm1C6k+

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.caiqiu.yibo:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
17	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.caiqiu.yibo
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.caiqiu.yibo:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.caiqiu.yibo

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.caiqiu.yibo:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.caiqiu.yibo

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.caiqiu.yibo

com.caiqiu.yibo
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5000

com.caiqiu.yibo:pushservice
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5055

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.caiqiu.yibo/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db

Filesize
36KB

MD5
9d7744c5eb7711d268e2c6dd394dd7b8

SHA1
c9ec1661a28a4a6c4bb03fca3e57014d6b999f90

SHA256
609318af7fc240ebfe3e3fe3269651079250c17f3792d5df180b7db9776c2a9e

SHA512
6e5fa8bdedfa20eaac3116d9c554965bd00443ff991e74e84a742671e4b807ebc34a34ef998f709ffb544af16604d8d49522faed980df9165a0a1c74b3a3038a

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
8KB

MD5
62f7f91b499f7deaa55ce74e86382e94

SHA1
e093dbe96d233053c7c944524b4efd53568284b5

SHA256
cb5352b0c749608103b3e4f8f8f37c6c69761cbfc5612b44a68592a33fbc616b

SHA512
4d03c2bf980dfca7dc651191c89f5a903cc56e1876ef15a9faa0914d7c42e06afcb9fab8168e26e638f71bd3088c2455c6b311df4ac7779d52221d8799cbfd50

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
8KB

MD5
15f0224af8c510e4f282439d9cc74aa6

SHA1
89c257bbed22e833223ebace13aebd3478685263

SHA256
ef9dbd682f6d89783e1abbb91b287c052dcd9c007e60f26c95ae64c391eb3ec4

SHA512
871cf9502b111e49e65f82bc739494f4466324dafba4a225b9931d208a3c5d4119d222501fe5d9bbbd8c2111d9fdd5166389339e16a4560ac59df5a27729fcb0

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
12KB

MD5
d0c1ae668d661abd0eb5a63cf372212a

SHA1
7187ad92bd92c4b14f8977e97a4e1c6c5aa7482b

SHA256
945a1bcbb47b81eb0a58f9e9ebc9749e0ef2e8493b65a32df6622dfc668d5db4

SHA512
5302e225d8813281edeb232cc4586f7dc3925249c4010fd0cee5b19c21277ce1a25966efdb4fcf4f70ffd3892f5a83420aa9d58bf8d2b29bfda3ba997fda197f

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
8KB

MD5
6043504d9bcf2eb15ea3ecf4e7164ec2

SHA1
ff694e406f6415a8d87ebfc6a74dfba4d57c0a45

SHA256
ce2dab959ee33458dafe0919b1118958b555315a315034d51bbf17c96e1eac0f

SHA512
acf7e12eea5229520bd46e2166ba17db1301192f3f6ea9c850d61a54e61532a751fab9b9a041c43be0a1d895b9b5dec505316b45ff1760e348291e886ed03593

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
8KB

MD5
d5f2288b40b5db784a4a7b4cdf34ea72

SHA1
60a2fc3d92ecae66808d5cd506c010ffb2039641

SHA256
09a83c610afbe135992cf182f0921542e466f88d1c5c97902fc900baa4dceffc

SHA512
2270b35b4e60f43c094af5df7db66092f3f127228a3469833b73852e84c8ec21be56114513518c443f8b25eff7d196c36c7016f494de5bc7910acfb271de39aa

Download Submit
/data/data/com.caiqiu.yibo/databases/cc/cc.db-journal

Filesize
8KB

MD5
137aea06c4c287ab5af4e349c4738b2a

SHA1
824b841878c6492d09f078d576c9fd717085bb39

SHA256
cae33e95350e4f69d9c57878ccd4d2c2257bfdcd559579b479c8c7fa31ec289e

SHA512
a3d6ea1c70a64f6b80798adbb10cd557fe9b2c9c06ce2d58c37df849500c72862eeab81135c78987858d02af081c83d4303c69b8aec9341d5244699a880fa41d

Download Submit
/data/data/com.caiqiu.yibo/databases/pushsdk.db-journal

Filesize
512B

MD5
10716e8be75073b721b996cfc5b9e5fd

SHA1
f05a4c9f2014c0704ec701ac07d2625a36af547b

SHA256
9fc2be860f57484f990b0ea2373bb7edfa7ff65c904010ba77213ad61ae10044

SHA512
cab976d41b04d209b064b6a8ae09261a20b5c1a2e03c116a4580e73962d88ab45a7661022006bf620a9518852b9fd19abce761bd8e88c4bf01df5949b7bd84e1

Download Submit
/data/data/com.caiqiu.yibo/databases/pushsdk.db-journal

Filesize
12KB

MD5
86ac26412bc5a0825763a64e3716198f

SHA1
ba5bb25007faf3e5a37326e1e3346714063afc5a

SHA256
e9bf91165bc596d5b950b771f984215a920b810f29ed64a4b83be3c1d88f12dc

SHA512
2734be9f4d339fc4dd308211731a173809584c9a1143a65bc65ee2105f8d8f975bf44ca11506020762ae737065a63085f7b606a9686bac1baa26a7ab10989764

Download Submit
/data/data/com.caiqiu.yibo/files/.um/um_cache_1726729758859.env

Filesize
1KB

MD5
31734c1a0ca847e4fbef3939e1665d85

SHA1
be71c7177d99674d2ae8a1f377b7e92572e33dae

SHA256
7e4b2a86e25ff123d51f1d0becedcae28b6fa31c876480b6b2ce86161cc22a21

SHA512
9f2fba67e5442c01f0f058a2dbbaf051400a3ff08e6efa24cb240a8f7e3fe5647abbf82d759e49c549e7706e59bfd55d538936aa95fe622650292d5fc2c157e4

Download Submit
/data/data/com.caiqiu.yibo/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
bb309d0b9ab68cae755c230176f7d023

SHA1
50950b5bdfbfb1fd04f0d61099de11694d0602a1

SHA256
eaf45db1c60c1ade97847384ad7f339730ab001726330c59e7622f6558597463

SHA512
7315370ab0c01f265948e7b60996d10b088689d0457d0679febeb6d869ad32a2a49cc877f28275e7743197a4054bcb9db1a035e74efd8c9772b34128c7c94586

Download Submit
/storage/emulated/0/Android/data/com.caiqiu.yibo/cache/uil-images/journal.tmp

Filesize
44KB

MD5
7cb110480d27f8f8aca7626ff1d53e3b

SHA1
1970354691def43059a1349caec7cf372c5fe0c1

SHA256
ce67e83b573f41a062b0ecc3ad4c83801d04891f877eb271c83a80cafba50549

SHA512
2c1bb0d283d091e11a36e7ae0f825dd7f5d1a623c1d27f84f74b9e66a314be52da81c33d06dc9074673f271d04542e6770841019650438d2238deda58f2c11f8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads