Overview

overview

8

Static

static

6

eeb186fb7f...18.apk

android-9-x86

8

eeb186fb7f...18.apk

android-10-x64

8

Analysis

  • max time kernel
    60s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    21/09/2024, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeb186fb7f460a58826841803875b152_JaffaCakes118.apk

  • Size

    10.4MB

  • MD5

    eeb186fb7f460a58826841803875b152

  • SHA1

    c8b1d7510ebe073bbcf4f539715439567380370f

  • SHA256

    96b7794765a4d1547cf3d288da281b0c9653acbf4e5d0bfd61d0247c19e90fb9

  • SHA512

    57ff482b559682299845ca2da8a0fb385d8dd29888780ea2c0e521c86d92e39f2836774c233ff779f7a3c061c58f017870d9b9b204cc679dbfdb463b83b92446

  • SSDEEP

    196608:yso8Ykw/8Kb2hR7r4yWbF43S8yKNbtsYcZxUmjAoP3BB+I8BBdBB0S9BwB0YPWlS:yshLw/tcRr4yOS3YKfsYcZ1jJPBB+I84

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 8 IoCs
    evasion
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 4 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks the presence of a debugger
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
    persistence

Processes

  • com.weyao.littlebee
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4253
    • logcat -v time -d 4253
      2⤵
        PID:4340
    • com.weyao.littlebee:pushservice
      1⤵
      • Checks if the Android device is rooted.
      • Queries information about running processes on the device
      • Queries information about active data network
      • Queries information about the current Wi-Fi connection
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      PID:4282
      • logcat -v time -d 4282
        2⤵
          PID:4396
      • com.weyao.littlebee:pushservice
        1⤵
        • Checks if the Android device is rooted.
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        PID:4526
        • logcat -v time -d 4526
          2⤵
            PID:4583
        • com.weyao.littlebee:pushservice
          1⤵
          • Checks if the Android device is rooted.
          • Queries information about running processes on the device
          • Queries information about active data network
          • Queries information about the current Wi-Fi connection
          • Registers a broadcast receiver at runtime (usually for listening for system events)
          PID:4663
          • logcat -v time -d 4663
            2⤵
              PID:4721

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.weyao.littlebee/files/fileVersion.properties
            Filesize

            51B

            MD5

            d6aa6876151f447285eb5aa9543b94e0

            SHA1

            453c321b309d38e3457ac192c3b77ebd0d33f4e1

            SHA256

            c995d476ad18056dfd3cbf7ed2123b1ece920649c81363fbdce952cbcf3d3199

            SHA512

            5a97749f80ffe31874a9f10167364db6dd9202f6dcebbf6e95cb2df72c78be9c20f590326910c3f90b167f194104c64bd310ac62981fbc06ff22870cf0ee7e1c

            Download Submit

          • /data/data/com.weyao.littlebee/files/temp/test/index.html
            Filesize

            217B

            MD5

            59843b1289139f6c97b1e786a7c49668

            SHA1

            6ada39634d882970bab3592c1cb367f9fed6ad04

            SHA256

            98e5192c77f1deec1acd3caa31f0ae02b16132ce1fe9664a6dd7265296ccbdc7

            SHA512

            c7e4dc1c2e28067c94d40fcc2b9d78e43968a63e39409f185885c9d9640213eac70d8c71151ede34fa207760567d3dc499ae1c7f0151608dad77396d463c8678

            Download Submit

          • /storage/emulated/0/youyidan/crash/crash-2024-09-21-00-02-16-1726876936618.log
            Filesize

            2KB

            MD5

            9970007f3daa682a4c8e4793e76a760e

            SHA1

            01c2508f1f5f2ae22f03ce83cd73e7b935905dc5

            SHA256

            b81f4b6e2c4ea095520f803b04cd0626f5e4c2b0e1907e83d5646e310366f7cf

            SHA512

            828e3e186e4e98d073dd6f92bc6c88c5fe144103e6584b400f5d3c6038df6324ca8bcd3fd51ef63d3b84ae34c45d8ad02873eadca1d72c60cc41936e704f9e98

            Download Submit

          • /storage/emulated/0/youyidan/crash/crash-2024-09-21-00-02-17-1726876937573.log
            Filesize

            2KB

            MD5

            72142746af4c6c4c11777baad93e102c

            SHA1

            b9a755ee56e09a26edb2df57ff8c2ff0fadb1b8b

            SHA256

            28ca8a798e8d8d23c9c504f7f342a0fae7ab4d6f10ff9570d3027da5dec3e8de

            SHA512

            5fac998262ee701aff0fdefa893498f9f1b0cc9f47f6d1f6fdc443dab18a477333091125a687e8b257c56cc65fdf8be2335dfa59d6c90156c6123bc447fc1426

            Download Submit