f359c2da3ee10aaccc5aee82fc8a244df7d0c73d8c7d182cd894e62076bb884b

Analysis

max time kernel
149s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/09/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb26f92a55f408c811952d0d9689e128_JaffaCakes118.apk
Size

567KB
MD5

fb26f92a55f408c811952d0d9689e128
SHA1

a7328ac491c52ab1873c42501e489eaf0585291e
SHA256

f359c2da3ee10aaccc5aee82fc8a244df7d0c73d8c7d182cd894e62076bb884b
SHA512

d83e3e52c35889a50d07c0dc5f7e107cd07f93ac8d4f1f067809d39d9f6a16614713a3d0401e8c8882ec7bb10ced9ebd2fc3e33a27ac6d90db6736e977dd3273
SSDEEP

12288:xpepof2E9lCLyl7tUZ4+9Wojd+QttHedsXa/csxvNX8/pB0LzhMALx3:xpepiCGlmswIQ0USN8/pBAVMAx3

Score

8^/10

discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4252	com.ted.hartford.pansy
4252	com.ted.hartford.pansy

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ted.hartford.pansy

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
6	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ted.hartford.pansy:reloading

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ted.hartford.pansy:reloading

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ted.hartford.pansy:reloading

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ted.hartford.pansy:reloading

com.ted.hartford.pansy
1⤵
- Removes its main activity from the application launcher
- Queries information about running processes on the device
PID:4252

com.ted.hartford.pansy:reloading
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4287

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ted.hartford.pansy/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
512B

MD5
0739830fc41a807979ea02dcbff9a359

SHA1
851a0c403e7dc8d1f94cb98479d7d85ce33e002d

SHA256
3faf073849c33ebc7f900a7f870a60e292c01aca88389afa629b0f97c6d2b8d5

SHA512
8a9bf40edf6a132bd8bf03e3f7643ed7acb79f5b838ad791e6423b6423831cfa3b25b529d9340d0c09925344540100393ee2eaa8bf015f9a8321fe1ff1edf230

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-wal

Filesize
16KB

MD5
d3127210111d513f7e4293694fec43fc

SHA1
7206cbee9c5c0d64f6e3b636aaf5f25b2ffe180f

SHA256
c107e33e90f0d923a1bef3bf9938f8a5b5178fd7989b4c72f985d1d41b2780c4

SHA512
08693081f2ad3df0827fcc72a3371686454e1acac50c7e914c926de4ecc6e76ce9aaee506ddd67dc28726c543cb76c9ba78ba6bff11b323517707e86665ce4b2

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-wal

Filesize
48KB

MD5
a2250c8f134e0bbeea78c91d5a2477c7

SHA1
680dce8953a1bf1ad3dfb28e76f7ed64743b8e71

SHA256
945119a1eaccb7ac7931f2238b3605190866061d230e7f01e9a3a19268005ab9

SHA512
a4e51fbe44aa659aae0ff65189e5fee768a32295a28f2902b401b2eb1b6731630654c27c54d2cf558fe8c75c98cb8e7061a45d11bf5ab071c0ba0f9ad34c68df

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db

Filesize
32KB

MD5
4822e2445822e8986e32790216fb2201

SHA1
dd3d97c8cb792a8adc6bd3723c68554c70f85690

SHA256
9273753e54191859e80832e3e7e189a2fbeab854f9a20961846f8453a41c815a

SHA512
0632d81b503f6757ea4abf416f8c7c51aa7d30c76c1387dc628828c0abbd41bf6b13dbc6ef2ff14e1193e20e62747b8baf931d070d78a4c2bb42769aa1321318

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
512B

MD5
7cf9e766db34d0317dd5bdc8c8044688

SHA1
bb27df0a7532be93dc756536ad5f0ed106a9a51d

SHA256
19f7f34de2a23db89a87d92c5b19fe66d138a84a31c37453250de7be9383e49e

SHA512
23adc480ac8f59f08069d5929dbc639d9ece9757eaa22a9037aed1a8db54bc1a8d595f6acbb7480d2a3667003df537eba0f36767822ce0d8903dfcec12d6d598

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-wal

Filesize
8KB

MD5
9c0124b391c43f6e8221eacfcd5a342c

SHA1
300a222559dcf4a07c03340820167739e0b9a18e

SHA256
2c37a2c4810e61daa0a2e620afdf6f009ca6df6920b5a0e409e559a11137ab94

SHA512
7837dc88192201e9003364839a06f2ddf6a12f69d89035617d95c33b29258bb04103f106325767966594fd961290dd46c34ea2676a84b1c41f374a0618a0f592

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-wal

Filesize
52KB

MD5
802066f30a4d07e29499b9fc62943981

SHA1
d73077f96805236aacc8a3b330c1af84eb9167c2

SHA256
4168287a97f7868889efe1b7b3d459caed6e98b626aa437c79f7e790fb1542b3

SHA512
7c0f5730ccbfe3a13a6a281446521c2e318264df3040611c009b802a5ceab7e7ac6404038973cce7cbb47192a7958fdd7ad0b32d2175cb7c16a93b7fb0354006

Download Submit
/data/data/com.ted.hartford.pansy/files/.imprint

Filesize
1011B

MD5
96d7337d39b99d81737f34d7a0924cda

SHA1
eee6b638f6314e4b277918adb5aed33cbcd4bcd6

SHA256
43568a3cc11fb883792aaac3a97a56289fd64a7ebb0059683019ca470e8a9735

SHA512
d87591c64464c890b21b34918c72805c9ffde8660f85ea84d70390028540dd50ebc1871f28e5ec72a37a2368bc40d54ed95c6b4cc01669157ea040d1e2c6ef28

Download Submit
/data/data/com.ted.hartford.pansy/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e2a78917780076b0250f5be5f7ae706c

SHA1
21d2582e5150ed34de42c76c94e7bdae56052b4e

SHA256
793cb5668e5f2563646e6dd66d1e785c6179f7e9a9cf7527ac965955221e6641

SHA512
bfd1881b1b16085876ebbf7b4169f354ff1d215f037786fb5789f0400ca99ea4ec64391c647bc0b31bf405408c89e1b75138711b8758a452313bc50b4911b9c5

Download Submit
/data/data/com.ted.hartford.pansy/files/exid.dat

Filesize
59B

MD5
d0a24a4c92841153b8fb4efcee4f4dea

SHA1
8677cecc01caf12c75c647001d01b4302da7492e

SHA256
bd5acfc091a0fb4c81a5f74f86770a9bc7bf981c0ea79398a11f4b102118b0dd

SHA512
662eb5a6c7b4ab25497502e4f9c5a3798990778c4e3ccc53e7da736821f0f91e9139f3911a9278d1291c3065978558bf71a7e8ba45e38d1d44ce0f6541451157

Download Submit
/data/data/com.ted.hartford.pansy/files/umeng_it.cache

Filesize
413B

MD5
cb656796766142177b3916b1d61c096b

SHA1
7eb0388bc2b2ead974d8120ed2731cd042de99cd

SHA256
e95734103be70f10b826cdf41f72cb1b293191d4d545dc53f3d29932dbc5f160

SHA512
6efc5b57c71dc90052f769282bdb6be869ddbda1f76871b05afb0b05e391e4c04369613d4e93914649e8684aa0bf6aaa2a68499664b8d5c2c9e7c66bf92c4b1b

Download Submit
/data/data/com.ted.hartford.pansy/files/umeng_it.cache

Filesize
210B

MD5
7133538c9dd8ab3253dbf1ebb0f2a86d

SHA1
5b639ce1edd3d28d94d68ba2182d4407d90a4765

SHA256
44c4b8ff98d02a77ade648e0f56721530043efab964a47e620a894371423cf64

SHA512
416239a94ff82d5fe1d6ab7e4a572a9ffb271c06f4fa513ea95df8966e26707a2471b25174fa46a606ce7feaca22ace9ed80e89ce2d3625445b98353c1dcdc38

Download Submit
/storage/emulated/0/fftechnology.cfg

Filesize
32B

MD5
d4a8f39019f4d4f6db3806b9d8dbe523

SHA1
676569c6c94412a66e87f9d4df98c5e3b2791162

SHA256
e31d937be160317c324560e3d208960ec5479ca4a10735e2f3feb15dc225bfd1

SHA512
8b3bcea6a5909a3c0261318636629667a324d90c978f602f7ec7301a01f24f667e3cb989465050f427073f34707ecb282bcbbbd25452ed8dba7cc4e59fd7281b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads