f359c2da3ee10aaccc5aee82fc8a244df7d0c73d8c7d182cd894e62076bb884b

Analysis

max time kernel
145s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
28/09/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb26f92a55f408c811952d0d9689e128_JaffaCakes118.apk
Size

567KB
MD5

fb26f92a55f408c811952d0d9689e128
SHA1

a7328ac491c52ab1873c42501e489eaf0585291e
SHA256

f359c2da3ee10aaccc5aee82fc8a244df7d0c73d8c7d182cd894e62076bb884b
SHA512

d83e3e52c35889a50d07c0dc5f7e107cd07f93ac8d4f1f067809d39d9f6a16614713a3d0401e8c8882ec7bb10ced9ebd2fc3e33a27ac6d90db6736e977dd3273
SSDEEP

12288:xpepof2E9lCLyl7tUZ4+9Wojd+QttHedsXa/csxvNX8/pB0LzhMALx3:xpepiCGlmswIQ0USN8/pBAVMAx3

Score

8^/10

discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4957	com.ted.hartford.pansy
4957	com.ted.hartford.pansy

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ted.hartford.pansy

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
8	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ted.hartford.pansy:reloading

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ted.hartford.pansy:reloading

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ted.hartford.pansy:reloading

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ted.hartford.pansy:reloading

com.ted.hartford.pansy
1⤵
- Removes its main activity from the application launcher
- Queries information about running processes on the device
PID:4957

com.ted.hartford.pansy:reloading
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4997

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ted.hartford.pansy/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db

Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
ed822464432f7799fedd4e5a67100c27

SHA1
b4471e95806b6e2b5464469a22e11184c33deb7c

SHA256
8f9dfa401a23a030f0dea8698636ba7728552956b59d51c01ff4be6c477c7140

SHA512
5bc7c19477d803ca020eb762f6aedf5067bd75243d9fe547798f218316e8da27b0743efd42366055385d6213c1aca2accbdc1f962dcd4c166e623e5dcf265eaf

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
037bf98cd8541313b3e61a277b5410cf

SHA1
cb7b7eeb4931861b1e25393273860dd646e8b9c0

SHA256
40651e634d35109802c2ba3fab68066d746d28601ab84b03eefb70f36deccdd8

SHA512
942a1946d71040c60262ff2746f59a308c914d23626adfff985d4397ee63769e86ab651e9bbb7918820c4edb5382a0ef15ad9d9ff2dc35ab6b79dc6133eb321d

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
beaf1d5bfa055eb066adbf02774ca9c3

SHA1
caf70e8ad6a85bb0584c59a7b0f7f6febfcea46e

SHA256
fad2cc9ceab0745d45760367ccd172266867dbc070b1a569ac147650d3aee230

SHA512
1411d5dd443b568b43ee90157ce91f0356f2f71bd3579e15b4e12f9037ecb5972fe2f72c1bd7be7beb3653c657d672d6254e9fcb1e250b48f4b7c565e4b244f1

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
12KB

MD5
1e5584bec8b603fefa84c8c71b8e21e1

SHA1
b07865faa0d6502917300eb951caa633ef3d5da4

SHA256
520a44fe97452e4d2c57f29bc0ef463783e03a21b13bada9f4134872c5cb22ef

SHA512
c45c69e6a500c856a870927f1b9a5352e3c8598e66d4dc266626a035f6ef0cee8e7e37400d0573dde873c704b2ba9784cb0b27557d4d307d2667caf94129d8de

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
512B

MD5
c271ad382e559afdab98ff134177069e

SHA1
034c1d40b5cc8030e9c0dc7529c8e183da3ccfee

SHA256
74ca3251c414a57e570423561ab942379bf34f232e24d7e8ce72f1fc01c56c68

SHA512
1b99300f2c81b235153effb1f7e71fa692c7c942745d616f66a2d317a7ae5cfa17a4b0345f8f84f52997261a2f4b798b7133e1fda502bc2587645a62680da9ca

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
50f42121f0580bea118365d0bf79796d

SHA1
ea4f2d671b9d9ccce2ef7feea847fb2690e6524d

SHA256
24a334eed14ec12c7a1c265963eaecdd056aa57bcb0b9789444a8cfc8342d484

SHA512
6708557bc2d2c29dd86e3eb76084a5c480622d5f3f1017079e2f4938cef8a047ab0edcc8836f080711234fba53b9f7488f2630e858d4e76f2d94cc6d8e63b5dc

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db

Filesize
32KB

MD5
38564ad4c73e5619bc2264b0c44997a5

SHA1
e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

SHA256
1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

SHA512
30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db

Filesize
32KB

MD5
45ed9d3e2b00f29cf050735c6312248b

SHA1
6e3fe04be8285bbcb8b0c5d733b4d9371e2fa355

SHA256
5d374d2af220b20db08bf9bc5c1d190e900a3f4eac0df0ea52141eccb58d29a4

SHA512
5d0a52d1abb9ec4268a57d707e0e3236a33a60e0aee71ba50f6d50f05e4f6db9c609e85795304bc929b2f776d51fc45f57114f88883be117abcd76b9d62cd322

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
12KB

MD5
3a50d5de7ff99006dddd2414d552cfa7

SHA1
1c6724de0e77732dce620a7432b26f2425fcd9d8

SHA256
c6722c043b258f40ba340518f039b3c6a4ba66a50c217265a309b645378df26d

SHA512
43f081b812fba80778ecb3832687dda6bc0a0b80ae6a61f0a248c514269bbcdf853526c2fc498ab07973be6e8ea82b9b4f396c4186a46190b387c3a1b2fe7364

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
512B

MD5
86a06720a109814bf6c498f9201da5b5

SHA1
a0175f7ca8304207e172179755a6eb4b25be7486

SHA256
b2d2fc76e4ede3edd92e948398f468555df53bdeb10eb953d5ffa1d4ca10cc82

SHA512
09bd2ab477488e95c1fa039baf04fbf5feeee253d3563eba9eeb7a4ce08980bf7845ab973d6fb4c2c3e4e1f103ed91ca7b065948c0ca1b72aad67aefe47c45da

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
8KB

MD5
e366aacd8d370f4191f21af950a722b0

SHA1
8ff97923e6a64c749471bf543a88b4245fc1c52f

SHA256
adb9bea4082cf2c4a023558893b960430182ee976dcc728e99d56596973c8b50

SHA512
74353d6283444e0e4ccf2a6d5b133dcd220a332b2d38e7a82f73e5366b1cab11f659cc49c7e6ed97794221f45dffae57d417607b9b806194f64301f24386fcee

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
8KB

MD5
a828128a0007bd21b18d8dfe1c86b504

SHA1
d88636525f45bfac0e9cd03b74d5d504d21c0432

SHA256
4b8a0752f0a5b553d5fb1dd819f0da3cfc9db4716892fcb50b157c384c10becc

SHA512
697d13b4843a035d0d45dcbd3d00f76f25635ddfb450e3c6f6affb7f2f5a45fdaaaa53e3268cfc0bb4f96a9def0a83ebf3f0e81b8eaa861923c0d23e86cf2c10

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
12KB

MD5
30f160668de60fca4a0fb0ae377b7d33

SHA1
50216ab1e8fb9820c0596de180e44d9b986f98c1

SHA256
c75af70728abadd3fad7f053f2887fa3ec33f38750fcce56b184b37d8c27d646

SHA512
b1169381f46be7f39899aeb0bab6205fe0f658c01406e5fe0c99b4a96cbf9259b19f94664312aa261ec3cc04e8ef627da0ed773a2e849cd8761005a3354bbce4

Download Submit
/data/data/com.ted.hartford.pansy/files/.um/um_cache_1727482490455.env

Filesize
1KB

MD5
b9bd8c9692735da013bfd87621fac42c

SHA1
37d6c4de9116bb51a63f58c19e3a5e7d70d98ea3

SHA256
df5a8d488eb2e5f47754bd797529e5c795ad04c8547b9bd83f5b81c6e2a93861

SHA512
78a42243ea2bc5f322826f0d7389454fabdd75126b272d503fac0195afdbc3c2d71696524722e258760d8adfbb8bd252a074b15ce1863cbf7dedb75a89e189d1

Download Submit
/data/data/com.ted.hartford.pansy/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e4a70da9afadabebedb154a95b3fac4e

SHA1
9797457b9cb4e5c1a43fc9acf1ad937fd81bdf6b

SHA256
66c5d8ab57c51285f60f1e3857827e90431bdeb8a277918aa7f3b2fc37cd0958

SHA512
338184d8705ae65d8ce0d6367cc880217b34e73a65d9127897b342aeeee246c9d22302b7a84cf828a4699a738c1b807ebad60e8a02bd29ca74890eba3a2288b9

Download Submit
/data/data/com.ted.hartford.pansy/files/exid.dat

Filesize
59B

MD5
d0a24a4c92841153b8fb4efcee4f4dea

SHA1
8677cecc01caf12c75c647001d01b4302da7492e

SHA256
bd5acfc091a0fb4c81a5f74f86770a9bc7bf981c0ea79398a11f4b102118b0dd

SHA512
662eb5a6c7b4ab25497502e4f9c5a3798990778c4e3ccc53e7da736821f0f91e9139f3911a9278d1291c3065978558bf71a7e8ba45e38d1d44ce0f6541451157

Download Submit
/data/data/com.ted.hartford.pansy/files/umeng_it.cache

Filesize
350B

MD5
467ed1773f025546a8897ab76bbf429e

SHA1
23d6f2d187c59ca0206758c4dba15205b17a9663

SHA256
a928616039c57c490b7ef9924a7b862ae75d306d30d17a40fce931b71f12623c

SHA512
0e3ed556b7b3e918ceb940bc559821261c66619d9ab00679ba70980d555499d656d0f42158588483b0a2cc3cd5255aa4622293f355967242384a944a841e2be4

Download Submit
/storage/emulated/0/fftechnology.cfg

Filesize
32B

MD5
aaba4caac616ab1241f0f266366b38b6

SHA1
05fbe744bb8ff269897c433ceb54d65bfe4ac565

SHA256
58a353e5a030331dee850bba366592462b5783a3c5409e34e5a6760bdd6fddeb

SHA512
74e8310e629c4750a83e6adcec4187fee211cb5249fbbe2e47cdc2baaad7cf067044368d770d423ba92fe6836e931aba726007b9d0c84e81282b0a22b8497e50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads