e430b2cea8fd90c8800c4d3284fa6b8ed8c2ce49ff4012c7ed3df5edb7fc57e6

Analysis

max time kernel
144s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27/09/2024, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c3a6b70be682c1f9cd0d2b5d675382_JaffaCakes118.apk
Size

14.5MB
MD5

f9c3a6b70be682c1f9cd0d2b5d675382
SHA1

7c703421cc7e5831d38f520c61df2a2f53aa7e2a
SHA256

e430b2cea8fd90c8800c4d3284fa6b8ed8c2ce49ff4012c7ed3df5edb7fc57e6
SHA512

6365e6d5e42efc15b24a03e90c518d08a983624900c8ff52abecbac2865b47600a9ab9f131fdf79ddcf41978e5adf550d9032f0a1440684dec082641060a3336
SSDEEP

393216:4UW9whLGsfUPPwRy2hKomqUlwv+ktbUugUyQSMglZ:4k8s8nwRy2kvq4wFKQQr

Score

7^/10

discovery execution persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.weizhi.wzred
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.weizhi.wzred:channel

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.weizhi.wzred:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.weizhi.wzred

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.weizhi.wzred

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.weizhi.wzred
Framework service call	android.app.IActivityManager.registerReceiver	com.weizhi.wzred:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.weizhi.wzred:channel

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.weizhi.wzred

com.weizhi.wzred
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5061

com.weizhi.wzred:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5283

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.weizhi.wzred/databases/MessageStore.db

Filesize
36KB

MD5
46c1e821d4cb9ce1cca79b4429d45e2e

SHA1
b7d2bdf5aebcdf9050a2d49c731ebd38ccf431b7

SHA256
cd29cbf12546b5a73a536c9e4b17b22a5d919f1e3fc10b226014890ee7572e50

SHA512
d906ae7c38c198d5a424978d7488689e0152a0f0fa3fc4cf3c367e1ce1a5690f2da74538843de851fb4251a6c968aa9446d5a632951ce8d5e0d27f09603758e1

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
12KB

MD5
1fc522d953ae5cb4579991b94a3bcf71

SHA1
adfb4a4120905349476a0d565f329dd3284ecc79

SHA256
2e5ba143924309979632006c50a7a86b107e725e04b452cf3c81ce93aad8b455

SHA512
a9bcb8fd341f733bc46be134d4859ad7b210f530057611e78b8be9729cd970612e0ffc025cc6f0c53c59fb75217739521afd408571ae73381de303051d17fbb8

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
512B

MD5
d4e7c7dd6e87f4c39f84d255edf7a743

SHA1
fb0ac4a9add8be65608794088a83c29d71bf1d49

SHA256
624b080394c4e454be731e5141691c85917c069f1bcc8ec83bf278db5de7ac27

SHA512
eea95075fd82bb172c12f1bdba41715d7434399fe321bb720bb86cae06c67f90fd66fa55b9f503820864810dec37c886591187bbbfccc6e399b61a3819d03347

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
12KB

MD5
0442538c23133a2b14322c9589790b91

SHA1
4bf6f522f5f18bc992688979b1e6b944e8fe07fb

SHA256
8bb25dcaa23f8da4d2d368a761f4291436df6543878983f120733456b1ce70e8

SHA512
7355957d277555d6dcebdb4f27905ec069b3233928d19ab15b5beba1cd7f1b1408fdcce86235eee38034bb2c07e85e1f5900081b923cad854fcb00911e540073

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
8KB

MD5
f61fe05519767b9fa4bdff59496b1d27

SHA1
468aed95b0a043d8e96e7d20a282faa1d320616e

SHA256
af6bfd0fa14c12257cf278108fb5b05ad68b37a48971983bb99038367d0ef530

SHA512
27f8e4e8f2907c8229d372c6887ef59025e0c136431913d77e6a1d4afe413a14e17889b35bb9ceb3f3e62127ef608c930d68a489c009bf3b5686e993bba24dbb

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
8KB

MD5
b9101a6aa0c8e2fe6eb11dce0cb09023

SHA1
7a9ea77ff6cfedbbbbc8f99797ee8d2be547e43e

SHA256
c1228ffa044e8ae70e2432549725a3506f9a1fa818bc32cde2ec94f34687e9b4

SHA512
a11be23daf2d7b94d5dfc00e6a8e1755ba4789672b22b28f6e1efff62fd4405707bb4dd0119cb7fdec9eef2872048b6dbcffcb7f96379c47a1d54a04f14c0adb

Download Submit
/data/data/com.weizhi.wzred/databases/MessageStore.db-journal

Filesize
12KB

MD5
c2bf01282b87a7f74d290a929e356cf6

SHA1
4f798832b103e55748f90b72343f2d9648d1cfef

SHA256
2ac39fb07e035685b03eaf03f15b93c848449a6e46ae5b592525bb1d33795605

SHA512
0d356803f7f01d029b314e9a70354bc0900b7b51a2ea35c8adbf04c2a41bbb8cf016999aa74c549cf529a8b8a3bcf891549813e9599adecb75fca923c174be8e

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db

Filesize
56KB

MD5
0319f1e3b231fc5e73b0faf370108c9e

SHA1
73741a5cab5a0626dfd097b26c3889a79c2fc685

SHA256
c84271af121e4a92faaa2844c13969392ba1a0a0bbb49be2af0ae6953286afdb

SHA512
6293d8990be0dcf10621109e76b5a6868b057f08387affcc8144e1dd7da082d1b734323416bd0fb04a4be49caa4941ccaf89c7fc9deadfbe9e1d46f0ca2a2cd2

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db-journal

Filesize
512B

MD5
13f43d0d8a7a9ce7fe6d465f46d4e6cf

SHA1
ad12c3d5badd4ea11fbea1fe6ee668456fee38cd

SHA256
8c411719d98904d69d1369e84a3fc460c0520615af52d318c2b18687dbaf0078

SHA512
5544fb72509b3a6ec4c0258b003c4ea3609a21c5b7cf53d135720272770b28822f2350f0ab2d2f902f975ee896446085b87427e3ae00a9d3808dd2563135ce97

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db-journal

Filesize
292KB

MD5
f82bb996bd6aad579e89deed176d3eda

SHA1
98d80799fe12b53060f0e74bf898da9a282b1a26

SHA256
582661fd7bf1234de481298fe5dd8b6749b8175e824751feb505228ed9a49d20

SHA512
af6d0ce5eb7f6ee0e3cda367a0e35d54c30acfe81c0f3afc6c9ff0174ac8d5835f193ecc065d422710ca7b618bb06f87c9258f3af49b576f37be073653cb3e0f

Download Submit
/data/data/com.weizhi.wzred/databases/MsgLogStore.db-journal

Filesize
36KB

MD5
50f3d63f4b9241e212be8ec20bf3e374

SHA1
10353f506f0aa9dfab398275482eb42da167232a

SHA256
be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

SHA512
dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

Download Submit
/data/data/com.weizhi.wzred/databases/accs.db

Filesize
20KB

MD5
1f0f625373d163b2f52ee9d11c155e04

SHA1
a4fde27338343392fcdff75ff4902de0500736b9

SHA256
f063c63db867155a7daee51b87e0341c7264b9d267fdb514f06575d791d9a5f1

SHA512
4e77ebcd61c46a4102c576ae1869a2bc28f1907c424c630446bd15e39f346a47d6c2ace0ded984353c9ba361d9ead5e30943bba112e9bd8af5f58f4217464bb7

Download Submit
/data/data/com.weizhi.wzred/files/.um/um_cache_1727413552972.env

Filesize
545B

MD5
efadc9e9632fb99279489a1acbcf2e34

SHA1
b3f94637e68cd07dd39de5d2e0123a8a09633fca

SHA256
c392d8f05cf41dff52df1b08a67b7ec7e5aa3d57b6df7aae538d91ba893014ed

SHA512
499b3f7a9058526e51b47f165611474a206e604dfd5216a6efd7ea64482414b9251a3f57bde157ae527334fbf99947f3188075573656ae1c15aef55f3b7de20e

Download Submit
/data/data/com.weizhi.wzred/files/umeng_it.cache

Filesize
245B

MD5
a3481ee5e6b96c82a0f501599eed33fe

SHA1
ba6c201f7e772e741e1d85a4af84e271a8ae3faa

SHA256
97652517630994c33caf580a0d6417580662b4ca496a5ea69f49e4731b7fe4b9

SHA512
6266e9c1a3d22eaff8715707254dee09ef814bb778b15663f8de4c52de704d1163510c9abbfa5e398cb29143074ede41c569d0bfcfaa68c8992048d17dbd127c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
b7db26208b25dc9c16a3d806f652436c

SHA1
35a91b9b6bbf17c6bafbe13853cecf4b08656fc8

SHA256
bdde2c5d11cb1df1a7ebb9a1c68678507498db4c62f69f07d1af0f890bfa7e31

SHA512
4cfb5951980be4250467ded700f16acceb86c9762a91edf936e20c19968fd660d197216e0b913dade640d296c2df709c8799def8b34dcafb273abfd95eb8c4cd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
e47ce37cfa6b19dd1112c47706a76d14

SHA1
987583dfd77690d7431b9c7d4c04703476582d3a

SHA256
ab047e413766e79601b408ed2c8117da4dd8cd5953c277f05fc2e5717e15e7bc

SHA512
f8ae13078b9c6b16430cdc100fddc720a9cf0badcb30a51f8353cae00345e211bcf881cba2645929683e9cd258f46266c790c40766fbf4bd48fb07c9884ebe2e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
4511cca6a4c48a4db177d117e8394cf8

SHA1
b35757163f810e3eacfcaf3029e0fa6319b14fbb

SHA256
f26e1561f94217bc014557ee2160ce6dc7944d1d20ac3ff14a4444264df401a9

SHA512
488fac47d672efa5550f928c90c65fa0483a5fe9761a84a2490b50ba5cde2029f36de99f227f407cfc98cdff8795af6e567961c81397231a69fd21f1dedfe4dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads