d4265892e76c9b67e2615fada900070758b341321ab3942766bd772bb16700cb

Analysis

max time kernel
148s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
28/09/2024, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd63b4bc204a48de9571567c56c84b7a_JaffaCakes118.apk
Size

17.0MB
MD5

fd63b4bc204a48de9571567c56c84b7a
SHA1

7edcca04f91b23d060a57a2973c78319b7855c89
SHA256

d4265892e76c9b67e2615fada900070758b341321ab3942766bd772bb16700cb
SHA512

beccccea1b7800f325632608b1fa4640f59452d45ba0c999c2badccee46ab2fa7f2c174b47519f7ebcedfd3e861c680f161c7b02219c7d92a4b34e028120d23c
SSDEEP

393216:76rrO8N8FiT1Lsz5yCPEgiIwyPdeRvdho3S:2jm61Qz5yCPxwadedz

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mallestudio.gugu.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mallestudio.gugu.app

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mallestudio.gugu.app

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mallestudio.gugu.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mallestudio.gugu.app

com.mallestudio.gugu.app
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5051

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mallestudio.gugu.app/databases/xUtils.db

Filesize
12KB

MD5
6da302a2e5fc0263420684f38a00e3fd

SHA1
9e1c35e91c3b84600dd8ebc10e072ccb91b5895a

SHA256
a9b2f6227429fd83edc4db9e62c5e3f8c45b55598f7b10c3132d6b339283c8d2

SHA512
6e91d3076e4f382a5e4119e6429b90bd4d604c858acb4914e8b67226f4ad0626e29726e09d12965f075ac6aebc49eb22faf0f5c6a286913aad9515887f91fa1b

Download Submit
/data/data/com.mallestudio.gugu.app/databases/xUtils.db-journal

Filesize
512B

MD5
e87fa99dcf158f56c2e59c60d0753b80

SHA1
0204f2960828cd4e2764c380a57ef7eec214db42

SHA256
9193c1c8e8dbed56a99faf0afea2d3320dc88f0cce756e15a6e63f83035724b7

SHA512
4d107d24b9af23d00855f92a54813638e338b75eeeb831e52e595d6d3ac70fe422b7052cf30d6b07eedbaa0c137ed9527745132b26116af2666ab39262f83fae

Download Submit
/data/data/com.mallestudio.gugu.app/databases/xUtils.db-journal

Filesize
8KB

MD5
9865cb79311dc27e5916ed4046fc3e36

SHA1
8489eedbc753b9877ca067353fc651b7f97ffc7f

SHA256
1b29f8a99f4ecaaa06aa0d6356409667dd3a4c82f677c661aa71709545d55139

SHA512
b811ab8d13dbd7828ddc2df33a3a5922654f4fdac21e702a395b9d5b85c26e71f68c3a832afeb2e8ffc6f34e1404475d5ef412f36e8a0ba9b69538a9b4bd5b31

Download Submit
/data/data/com.mallestudio.gugu.app/databases/xUtils.db-journal

Filesize
4KB

MD5
fcbd719ed9c796a86dd43b8e345d7929

SHA1
9071da39ff73055e77e07b07388db5bdeb7afc6f

SHA256
4954e0fc5faf78495eccb20c65b2fa36f73a139c9668c43f0d84891fb85fabfe

SHA512
1ebc6f86608691193e3c3ca2046531b987392b5a3b82c11fe896095fc27c804ac0778d7bb53cd2d0dea6f1a6da02a8f6bffb06aad3b9d6a584961ffb4615a5a1

Download Submit
/data/data/com.mallestudio.gugu.app/files/.um/um_cache_1727567522501.env

Filesize
566B

MD5
1411089a6fa42b722655301e41601a8e

SHA1
fe33319ac03895b9cd4eb4c25277bf99abbcfbb4

SHA256
c0ea167c1af6bda89e61f66e075403761dc2afabf569d80f794237a18aefad3b

SHA512
216b9b924e4b99105cea6ec7d29fb403e12f0aa72ccbe99c15d5886e0dde34fa6df7424a1ff99a7c613546dafea73b5c6f5ba840f38e464f7ad50820ab5eeac9

Download Submit
/data/data/com.mallestudio.gugu.app/files/mobclick_agent_cached_com.mallestudio.gugu.app8

Filesize
861B

MD5
673d2dcb783f124b3b2a5b192ea2f080

SHA1
aa6062ca944364b7339956081459447b2f67d0d5

SHA256
d3f7e67b07e9a5bc41ba72388c43d5f4bee33c8bc6c924238c5a38ce0bb8677d

SHA512
d385596dd3aebdc949462f33cf08cfda63b49df3588b62fcffeb71c7188cd006b81fe0cc548cd356370d55a968ea3232a20c788ac4b4ddca27230c08386cedde

Download Submit
/data/data/com.mallestudio.gugu.app/files/mobclick_agent_cached_com.mallestudio.gugu.app8

Filesize
1007B

MD5
cac7ab123fe81e0279d66a9fcccde080

SHA1
e5248a55e6b875a71b4e7b528f17ffbf984dbe5a

SHA256
cd7aef83e94caf7bd39161b0cef16f818782aa0217283a08cc5650b75d312513

SHA512
131af957824dfea5db8d88dfdd7d246a8852fb2962e61b216f9230cd9df78cbad25c8ad2c0cd286b1205ce65d0da4576a9f12e07c9f156f188138d9a238aaf8d

Download Submit
/data/data/com.mallestudio.gugu.app/files/mobclick_agent_cached_com.mallestudio.gugu.app8

Filesize
2KB

MD5
5b84939ea3894d8d46417ac1890f8ecb

SHA1
677686f17584838965e4429d4bb1e83ec5593e6c

SHA256
4a630bc3de1ca0680dbc89702f9250ec59995132d9dc3dbd1bb38d8de5d54fcb

SHA512
31528ac3186fa212f0f054073fc22d4c4c189ffaadf4be5da4c622499032953f3b7d6c43001d927838afd2a04ac3ab6d65fab05ec6eb2643a283475265118b8d

Download Submit
/data/data/com.mallestudio.gugu.app/files/mobclick_agent_cached_com.mallestudio.gugu.app8

Filesize
642B

MD5
577e8bc4255c60571723f1c64c4e5b7b

SHA1
bfa2e522898a843189ca77529d44f49c13882c0e

SHA256
f4406d6c5a0fbcbffc7ff5eae0d6cd839ec744335582cadb3abc33cf89eb4120

SHA512
fcd9c74f676039eb2420f55ee8a0fd7ed996b59c8aa806cf49d92b6cf31ff7ab5dd1e2bbf2d258445017a2c872e0f389d54ff8e074a8bf517ca46855918aec6b

Download Submit
/data/data/com.mallestudio.gugu.app/files/mobclick_agent_cached_com.mallestudio.gugu.app8

Filesize
715B

MD5
a0f29659989af61e51401dbda862ebdc

SHA1
88597ba0aa778a5bcd82cf9b772c3134134fd4db

SHA256
69c7c69288d3d85ac1d62977d46e184be65f3a3ee45b444b9c2aecf5d7567b44

SHA512
794a6ec0895c7ff23fda627a11ca79db0a6792726e320d785f293ce5d0aaef39b1881cc64a524ed9ac7b169fe330fb290553e4a415297c623b471dcfb4adba34

Download Submit
/data/data/com.mallestudio.gugu.app/files/mobclick_agent_cached_com.mallestudio.gugu.app8

Filesize
788B

MD5
fb52cab8dd2c0d7b367c47c9dae75ffc

SHA1
dcccc2119ad3bb1ea95f2eebdcb94a9f9cd8ce07

SHA256
e953ee6d0229936e28c0cc946df79f44dc5a11939c90a298dbb38bb33ca541a6

SHA512
a66e3a9f207895b3a85f6058b366e497d6b36dcaa56ab4e8e05b4cff9e570d4d96f8c14d16efa195a5c4d6b963ec07dbd44186f3465a232e6a7097e2a314d5a9

Download Submit
/data/data/com.mallestudio.gugu.app/files/umeng_it.cache

Filesize
245B

MD5
0f8568e3a320da7fc8349160a4987f98

SHA1
09a4ef577b31410dfae2ad56423bb7a3c69719a6

SHA256
755c02c65bdbd18f255c09d8803deaced959212535a62be39172cc6fab1af37d

SHA512
fe65cb757bec23190fde1629d1d1b73acd8e735c940cbb297b61e0df9b0ce4ff519bb0ac75772c69557b18f62af614eed51681c3250859e4fea3112e46c543b9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads