e430b2cea8fd90c8800c4d3284fa6b8ed8c2ce49ff4012c7ed3df5edb7fc57e6

Analysis

max time kernel
144s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-09-2024 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c3a6b70be682c1f9cd0d2b5d675382_JaffaCakes118.apk
Size

14.5MB
MD5

f9c3a6b70be682c1f9cd0d2b5d675382
SHA1

7c703421cc7e5831d38f520c61df2a2f53aa7e2a
SHA256

e430b2cea8fd90c8800c4d3284fa6b8ed8c2ce49ff4012c7ed3df5edb7fc57e6
SHA512

6365e6d5e42efc15b24a03e90c518d08a983624900c8ff52abecbac2865b47600a9ab9f131fdf79ddcf41978e5adf550d9032f0a1440684dec082641060a3336
SSDEEP

393216:4UW9whLGsfUPPwRy2hKomqUlwv+ktbUugUyQSMglZ:4k8s8nwRy2kvq4wFKQQr

Score

7^/10

discovery execution persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.weizhi.wzred:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.weizhi.wzred

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
11	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.weizhi.wzred
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.weizhi.wzred:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.weizhi.wzred

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.weizhi.wzred
Framework service call	android.app.IActivityManager.registerReceiver	com.weizhi.wzred:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.weizhi.wzred:channel

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.weizhi.wzred

com.weizhi.wzred
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4258

com.weizhi.wzred:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4392

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.weizhi.wzred/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
512B

MD5
aff8f15e62d9fb3aca56bfd8807354c5

SHA1
c98ed9ce648a27a63738e9e8ac930e0918da9390

SHA256
003c6b42bb9c8b37d220a8323737431947006aec90bd43b3c908e0d93a2d56e0

SHA512
78e6d56079756388bb8b9e336cc2c240064efec8d0e37b44d943992bc9c9c3491c3a7f9c72aa4e823854a191fc378d83cb8d030861d4c9cbf096aba6da9dc8a0

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-shm

Filesize
32KB

MD5
2ca2be288d615eae4701cf4632be8f6a

SHA1
285364c33ccc6e48953ffe3d91d5ff473c62b47c

SHA256
ddf9d9a50e5b4c58fb39f6e4670c3583f1af9be5db794e6779e969088a7c3191

SHA512
d5c02421b9516e972c5b034947aa4ebd8fd1ec40a02634695a86ca1c4b1665e599b53601d375488352a328943bf3f27e10157f367afbe69accd726020317cc4c

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-wal

Filesize
76KB

MD5
3362dd70737fe79e62b3b7d75674f4de

SHA1
5a11684de5366fdcd5b09cf3d5dbadc9e090a6aa

SHA256
0030cffbaaf2f7651c9aeff359899aa10178a02d9bec2486587c7fad8f2bf6c0

SHA512
1be8db7ec1794d836515c8fcf87718a6af91cb93b23252fc717f836ea609ce23bada676dd4a3c8cd640ed79d8ff73ae748e0e7021a4035c27eceefae5a87b8d8

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db

Filesize
4KB

MD5
c84daeaa4365319e56b111b9df4e9034

SHA1
ae69c51ee9f8bded2fba6808890a59bdf76bbe1c

SHA256
6643ff3afef6f1458757623143a6bd7a08f6dedb4cb986d415ca8eab7c3841ed

SHA512
663371adc77c3acc780882f9542694c3d3c6f3562dccff6c168646d98d1e990abfe19711c821571806e6a52a8b7d2fcbe2991fb5ebb0312157ab780f69ac160e

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db-journal

Filesize
512B

MD5
0f500c157632a8653f8f275c285a2f5b

SHA1
2349aeae959d1699cc8c995f8789bdde3cd4196a

SHA256
db5e9dbbd84b5ea4383e2954c81f9bdae5f04bf250bfc11d24f24f81de58572d

SHA512
bff113a92439c43290b4d5addc4f3f37ab019cc8c46828c5a40824cb4d667cc1426ac0fb743fd5e5b4595d49d6ec30661c9661a442180df1a91472d7ff41428f

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
48924c460da40ecfe7a6f56935b6ed03

SHA1
df273231bb5a47856dd2b2a2c0d1072292441faa

SHA256
b5105185bea701b0ee972c03b78566cffb2256bf1725a76901165fbfcd335c88

SHA512
2c58ee41f1bd1cc8621c4fb98ef049e95f7071ad8f46cf548f65d492bcc1c8cc653f4b6bb2494b21c2055d9e290311e00dffba8a2f30cce3775e15928d80c113

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
a0e6f8da4fba73af471683843c97c745

SHA1
ce5a28d3c0985d3c0f5a66a94f2cf328324e36ca

SHA256
c563ea7b383b2a1c22300bf413ff9014f5fc99e93f087203fe9333a0c10433f5

SHA512
9e7bdd5ae75dcd489e0a4b83f4faa39872e6e5333209bdffd76b8835d74ebe39bcba386c671413e23146b14500beb837fba1f0eb6568d74fdf5946dc48d41ed5

Download Submit
/data/data/com.weizhi.wzred/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.weizhi.wzred/databases/accs.db-journal

Filesize
512B

MD5
4ad09fe87745b4da334a9ce3d36f5bb6

SHA1
b151276a042b9bd47f40c1a27a7b52cddd4000a0

SHA256
10c58258570567a7b474e6bcd6a5dfba9354ad7848c241e1ad9cd9a85298c581

SHA512
374a13561298f76f5494946a9192bad9ef1613d027ca98d251d4e376b940a359def9d169b79762e92315613a3f558627e5f2a196c73cf117f829d61fe2d1103a

Download Submit
/data/data/com.weizhi.wzred/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.weizhi.wzred/databases/accs.db-wal

Filesize
48KB

MD5
85e3d3cf6b541a3246fac691c91e7bae

SHA1
3626cbaed93bf582bd465aef59fd4cf68f9d79e4

SHA256
91ebb7803b5521fb39631bef2a759f17c13b23cc61b7a3e12265364d75831d9a

SHA512
0f535de8a11c9af0d5fe491eac1f9c69ff6989a2335604300dbfaaa91610b3511c9ee07e5d2b8278c70efa46a289602f382c2e7f90e597a7611831aec30ef092

Download Submit
/data/data/com.weizhi.wzred/files/.um/um_cache_1727413553484.env

Filesize
567B

MD5
09dee49c26e409774e235e9057d0f58a

SHA1
3182742607146fbc4c470006204c03d87300e17b

SHA256
10d6998dac202633946af099879b86c69a86e60e15aef2099c9949bac8131db5

SHA512
d86b9487d8c5c2bc37421de5a4a001fcd05ddea1f832c7d212642c4831d152d4d5b242c0f51b98c31ff3a16363403e3b9c825f77acc42338cdd33a6975655b65

Download Submit
/data/data/com.weizhi.wzred/files/umeng_it.cache

Filesize
310B

MD5
3f49a036620ab4cf3a2565d682c41bba

SHA1
6aca4a74dc825f9dbf37f77c62874b628961452b

SHA256
db6fc8a3e70bcd03796f574bc2c18afa0746ea13da846f8e784348afa50962bd

SHA512
1c727a370e95772b039c8ab3f14b64ec02ffc9758ba09f5d37267ecacb8b31dd945ba9728e02b0c00345fa43e16a677d0c9f8b48d316b528e83aa122e440d781

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
fab0f6d76c348fe929d7c53c6fecfd9f

SHA1
82960cbbc991aea21a23137d093095aac5b680fb

SHA256
eeb709d14e2f4bac01f5777ce6b0b6de5bbf71ecb0de963beca2c66a05ab90df

SHA512
6a7abb5c3b95b3adc8c464dbad5394cea09f2efd65dd84ddf3d41868d1989158cfb930c1fd8930573c3ba2e4f1d192da25ed3d1284bb0f8ab0f53e12f7e3c8f8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
9b2efe2758c36dd8384217bf347913d5

SHA1
657fce077660e64737a2f1358c0310287dcd555f

SHA256
f07a52a447ea99361f16ed26427887eeb5990c08508ec549a9492d5be050e7de

SHA512
b21edcfffe069bc6c6ac44f92a8a10c4a92684356b5db8352b2c81e490670e32c77d2f9e815e717f43a4f2f024d80f61c7e935566306e606b6d22d125d5dcfa5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
a8497b9c7a1dde833ba115c0f47903c4

SHA1
016d79e2810f5eb09d64a5bde8745194de7e780d

SHA256
2b633e03c5486c455ee8ec01d0b54ef818e878ff5b38ba89474d1d12f884788c

SHA512
e475e09d4021b749ea4e7c7ef19d23e79789dcbb0f180a45766bce87e5bfcd7b09f90a71fa2e0f68470eeb550aedc891f677d99fb60d328fbf08a84c8506b9f8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads