Overview

overview

7

Static

static

6

fd5df6ee22...18.apk

android-9-x86

7

fd5df6ee22...18.apk

android-10-x64

7

fd5df6ee22...18.apk

android-11-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    28-09-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd5df6ee224f90be29c3ba0ee9499272_JaffaCakes118.apk

  • Size

    1.8MB

  • MD5

    fd5df6ee224f90be29c3ba0ee9499272

  • SHA1

    758619e97357a92302cda2f4cef29b58ef722131

  • SHA256

    53df442c12910331386a1cbcba0e987fc2ee93a0d661dfc8983f88dac4179080

  • SHA512

    e361c04a18e7486586b20671ff10d27da8383a9fd8d6f4c4425c2bbd14b5a5bc392d2f7751d112bd795c55381f889cbafea8c97d0f8193b500529a7217fccaa6

  • SSDEEP

    49152:JkGl/1ZhF66T3pGM0PUFaJl+q8tEr+Y5aTQY2QrIbp+J6nXcyCLwnYn4ftnH74r1:JkGl/1ZhB3pGMvw+/E35qQY30N+Jayc+

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.xiao.baobaogushi
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4252
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xiao.baobaogushi/files/__pasys_remote_banner.jar --output-vdex-fd=66 --oat-fd=71 --oat-location=/data/user/0/com.xiao.baobaogushi/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4290

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xiao.baobaogushi/files/.imprint
    Filesize

    842B

    MD5

    e11d7b1cfbdcc8bc09fce5935400afb6

    SHA1

    17889de0c82952477be519c6a9b4aaf9652d3e1f

    SHA256

    bfe9d6e62535962568718f71e6b95289176ba9fbf157e9b63564cb071eb32511

    SHA512

    80fc0bc5bd336828642060aaa7cab9660f1b33cee5d2b605745e1c5680f496577e23a9b7863c4f42cdd6e9c56b5897232b4c2062c7cb3c2c61b6523ff6d1477d

    Download Submit

  • /data/data/com.xiao.baobaogushi/files/__pasys_remote_banner.tmp.jar
    Filesize

    290KB

    MD5

    cef91a99538ee006d624fb739cc2822f

    SHA1

    34ead900c8984b777d65120fcc949e0c208b9ccf

    SHA256

    f68cd14d1c202f18825ff0f93e3095ac18cd5c8aecc3b85dff403b5851367f96

    SHA512

    36f27f874cafd2dad4544a23da6b66f2d1813e541e0a45fe1bc262c0356a903ffb29c9ae7aee027319a9321216e4c0983fc7ba55c13a20a25681bdc7d2136555

    Download Submit

  • /data/data/com.xiao.baobaogushi/files/oat/__pasys_remote_banner.jar.cur.prof
    Filesize

    347B

    MD5

    b7a914a227fe8333a2c0f29642924e73

    SHA1

    15f3f572622469f70af6299f53e48d31e319b237

    SHA256

    8323f6b970c0512e6c52003aa0f384fccf6f244a1a65b898a138dbcd957ad131

    SHA512

    d7db751a58c0a74b3c7b5fd49b9183ec955bb9950c7389f9ca218fc54eaa235cf82a642333704bfba8bb0a07d33546b9b5557a0cb2da558456d86d051780d4ea

    Download Submit

  • /data/data/com.xiao.baobaogushi/files/umeng_it.cache
    Filesize

    211B

    MD5

    7edc3c11eca645388f4cccc3097887d2

    SHA1

    c5364b1cdefa26a8caef3ae59b367a19d65f70a4

    SHA256

    3c6d6a5e63fe8b4a29db9ceee98e74f2a22257af1438191b4fcdc9449138a5a7

    SHA512

    49f5489df17e8b2b77dfb4507252d30c1f106ec884eba673a9829bbce0ad8a8273c2f546ac167973215f34f7f5d6edd72e0e3055cd026043a63d74f40c99d88f

    Download Submit

  • /data/data/com.xiao.baobaogushi/files/umeng_it.cache
    Filesize

    108B

    MD5

    b6c9df155afb5b1341303ef107795717

    SHA1

    afb0d666185e99257c7b46b2749c158f166c41f3

    SHA256

    9f2b320ad0303a261af1b97539dd4d5661aff8c8c7196224dad2c78bde3968e2

    SHA512

    5f6ec20c361674b2581d9ea4885f854deddcf4187f441f2013ae037936ea06b65ae8106a8d75f74a37417aed449cf1a2e76064bfbd3de90516987c5f0c07b3ca

    Download Submit

  • /data/user/0/com.xiao.baobaogushi/files/__pasys_remote_banner.jar
    Filesize

    422KB

    MD5

    7fcf06761ea53b4cda96823990a8cb96

    SHA1

    447bbaa18a2fe252b49da19a2e8bde77582aa17c

    SHA256

    7ac5dc3e55bc6d6fcfcbf6328d71bd2e331b6e4994e5cb4b63c418c59ea6078f

    SHA512

    cdd6b9de188964909bfd3612544d90b1f348f62c217dc0ce17fd8a922c98770d171b632821920324e3b77d54d763b2fb9fe9a03f739e57c6856f96684c3a3a95

    Download Submit

  • /data/user/0/com.xiao.baobaogushi/files/__pasys_remote_banner.jar
    Filesize

    422KB

    MD5

    b75239efbad7a78845aafcfc4f8e167c

    SHA1

    e8a5d4bdbbc14ff6901aaf90b414228686669c84

    SHA256

    e838239dcd075241939df36e97b41f149af38cc674030c0abd98c645525c0d37

    SHA512

    9c8159bc34a25fe76e9c9fdf2b8b62413b1113fb594bb55adacf74717539bc1b5417b9b4cb4c6294fa1fa0ad7ec5526d0e6a16e1013494b33a78fb91299833a0

    Download Submit