f359c2da3ee10aaccc5aee82fc8a244df7d0c73d8c7d182cd894e62076bb884b

Analysis

max time kernel
145s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28/09/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb26f92a55f408c811952d0d9689e128_JaffaCakes118.apk
Size

567KB
MD5

fb26f92a55f408c811952d0d9689e128
SHA1

a7328ac491c52ab1873c42501e489eaf0585291e
SHA256

f359c2da3ee10aaccc5aee82fc8a244df7d0c73d8c7d182cd894e62076bb884b
SHA512

d83e3e52c35889a50d07c0dc5f7e107cd07f93ac8d4f1f067809d39d9f6a16614713a3d0401e8c8882ec7bb10ced9ebd2fc3e33a27ac6d90db6736e977dd3273
SSDEEP

12288:xpepof2E9lCLyl7tUZ4+9Wojd+QttHedsXa/csxvNX8/pB0LzhMALx3:xpepiCGlmswIQ0USN8/pBAVMAx3

Score

8^/10

discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4538	com.ted.hartford.pansy
4538	com.ted.hartford.pansy

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ted.hartford.pansy

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
27	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ted.hartford.pansy:reloading

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ted.hartford.pansy:reloading

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ted.hartford.pansy:reloading

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ted.hartford.pansy:reloading

com.ted.hartford.pansy
1⤵
- Removes its main activity from the application launcher
- Queries information about running processes on the device
PID:4538

com.ted.hartford.pansy:reloading
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4584

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ted.hartford.pansy/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
2280ab9d29517a90624b24804a2be900

SHA1
421353febf6ec23ef7ae4b1c4c7a07d07b298f96

SHA256
a278d3dd27109fc306c8b55fb414adacf2da719837e4c5ee8c6e0b1ad77848f1

SHA512
6739c8a8aad35abf0ad09eed72b39e5dac5e85aa9ce1781c867caae9bdd183c91bf00a208a3dcc0b255ff6a8056b4dec55238e7173c75e6c3922c69b872060f5

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
66cad6825add44340cf891ad4e5b8e83

SHA1
056a1c6c2d07f7049ebf43e420670957a41de126

SHA256
c1aa578a0e6d900a516d0a934e0308a8044282d37018f4daacca36b212d542c6

SHA512
508579a3c044f7cf056fcff3191ee5f3d79e02315b409739ae47058bde0d2b469249525ee95f4e52eddfafe020994213075a8bb0b25f8564dcb4bb4f3f8ab0d7

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
cf9210e376ad4441f20b616cd8f94eba

SHA1
e2419ba0c847d413c63023501ca5dbc2e068fe46

SHA256
f0d79355f11957ad5cb26c9b5bf71b8c1e82db27bd795c836c5ff3cdae769a69

SHA512
6d5302f0011b3480149d5114b9fa92fd602e13bc15ba9e7524b5ddf50072ec49a77b1caf2c696c10056efb8ab4e53e63b3167241b3173f78927ff5d708deef7f

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
12KB

MD5
b88de5a5f4c4bf83ae6301a7a5ab4291

SHA1
fba08e0fad3a50dbf2c1db836c86df489eea3656

SHA256
53bb3c8d13c35caa238bde77463a727b42b8876201470e571700b2f030b0cfeb

SHA512
353d3a1f06c275c40ea8d4e20ca40015a3fa75add0f33f029f2b9eef891e6ab127e09d3031c169638216a955b1d7a5317d4fbbc3a165d64d961bd9069b32b76f

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
512B

MD5
ff846794501507533d8ab4ad1bf029ca

SHA1
a5ae5456bfadc7c660c75f65b474f30e57400094

SHA256
bff660ef343c1d89d4554586727120ea06d90a514451fe9e6080b76a4d084c68

SHA512
8e6fb0f56fcde188225aa2d5b7714be2fb87f0c4327017ce20021d0c6e99df4b611c754ec1b160bcff53ec0b8d1bd400741ff93b39c9aacbef460847c8d88832

Download Submit
/data/data/com.ted.hartford.pansy/databases/cc/cc.db-journal

Filesize
8KB

MD5
fcbb050937a2d7c1494cf8821c8cecad

SHA1
00137c0f2267ac3757403149af45948bdf3fb898

SHA256
5bbbfc9791b136276b52188a09ed8ac2837ad7a05929d3b83b86ac1428d79625

SHA512
c5cd483295ae303d73df8a2c520db038a0ad240bb68f25c5bbd32c6a6d316f9e5d3e194750c927a1d17cfa781fd52fced7c3ca16b4592f6b363dbbd3bb4254e3

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db

Filesize
32KB

MD5
4cac7d31fb94d5c9581893537f64c5ed

SHA1
96bef3288546196ac3058b5eeddbe9da1d999fe5

SHA256
d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

SHA512
0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db

Filesize
32KB

MD5
f0f3586f2feab043d29d200b11717976

SHA1
c5227e16dab29f0366084c7f0df1d1031b7017c8

SHA256
fbe36a6ce54b8f912131fb3ff688cf03abb6e1aa62cc559a56a6b4d6dfccbbd6

SHA512
5044690cd3cd500264fcf7860a86dccf8b30a5bd1380b22f1b4550f5b430692e411514515daa44f8f6362d96da8392ed7c5f62ba527f046b15baf93c66d95aba

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
12KB

MD5
aea3314bee74215c3914ef65c70772d8

SHA1
cd63dcf7d38c56267f654f7c73d82f2692b28c21

SHA256
108e97a28354cb491009af669f25a7f2b5e6411372c0ac45eff0d4e12510c522

SHA512
05bb39b7d2f16e01d085e671f24a072ad72bdc09b89f101e66928883df8e6eddcfa2885f56a8a420f825bb0d67027ed0feb36a9e0f8b75368fff0cc29712c953

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
512B

MD5
dae4d9b42ef1db81d5c25284f2fc52fb

SHA1
f991b7994ef4113544fcc1857d61143c8b987131

SHA256
f7af26c33e9af905995e3ba6135688d07c51b98da5291233e5cf968acbe7b23c

SHA512
59c94877d77ed4327bbcc8533f28f83d1f7b5f223d543bb580b360bd310b4572bcd4eca366367de2e8cedea044c388cce45320878ddb349e8e225374e9bb92a4

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
8KB

MD5
12750475049c8ad3dda16772cf6e3d4e

SHA1
0b030230e61a87e556eff760fd03d7c7602dbaad

SHA256
2560ee82bd7d917e078ee9a1cb91c8f5162c67149f5be09d693f51e18a39bea7

SHA512
691230bb8de1eb2f2e92a4ec58e10c7f38ddb3f11d83bf0e110a91439a78b75b474b234f954ceecf611ab4aef142bd665cd69e805f4607c097dca323b4e6d2a0

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
8KB

MD5
501b97551c7f364de49e4829df17d4af

SHA1
375c3135c6d20b3747603167be9a56708efc0183

SHA256
f0a6a1e446e84d831c9cb482b4e079ac3e187536794915f976cf2fe0eaaa20a7

SHA512
1776cc54e30fd880f1dc40759910337b761a48c047ccc6995661ff72452c617d58f009b66a71be198c737baa1464038c11539cfddd8e44c14b95279d5f6b9364

Download Submit
/data/data/com.ted.hartford.pansy/databases/ua.db-journal

Filesize
12KB

MD5
7f7d2115a79b5cc1b77430076b63d48f

SHA1
3ff596bea72db81392b7fe5363f9f5422ff9b6c6

SHA256
84a8990f8e6ca9016bf90fdb0871043f5ea83233362b1d938e1e3fae3c11e1b6

SHA512
9ce75719f8c094f4589220b954ee7cc5ce12f7f86e7100efe9cec4199362a1eb6b0d0b444d791e0fb0c44158612fc3293191211c396ed3cc768a47d585fe0060

Download Submit
/data/user/0/com.ted.hartford.pansy/files/.um/um_cache_1727482496332.env

Filesize
1KB

MD5
6691072f4893710dc2f183d92c915ffb

SHA1
2a741bcaf09e19096994b12fe9967bf587fcc1a1

SHA256
0cdf63ac23d47a2abb3f02d14f38b1aa1e2b89be92afbfbca84d2c541471acc7

SHA512
b2d7bc1eefe242dd61668587c07a9c7fd4fe3a1bd41d3c4ad11ca68fdff9617614000fc2d85110be1c07f926e2299c26c820f91ec7f13d6c1235f985bf2cf81f

Download Submit
/data/user/0/com.ted.hartford.pansy/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ea68cf739a2e4028185504737f993e46

SHA1
6c462ec5a99638ccfb917ca87ba27eb02e0ae0fc

SHA256
fcbbe5652fc80a1f462b2860e3b926a1f4abdc89ebbfa3c8f4f1f739f3db963f

SHA512
f3251cf69a4fc1a5621e1cb9fa03c670d5b8067a44da324c3c1c587199f2e31220f119e17acfab835266202b60d6f52ab661bc6a647412bde632f75f53f13e8e

Download Submit
/data/user/0/com.ted.hartford.pansy/files/exid.dat

Filesize
59B

MD5
d0a24a4c92841153b8fb4efcee4f4dea

SHA1
8677cecc01caf12c75c647001d01b4302da7492e

SHA256
bd5acfc091a0fb4c81a5f74f86770a9bc7bf981c0ea79398a11f4b102118b0dd

SHA512
662eb5a6c7b4ab25497502e4f9c5a3798990778c4e3ccc53e7da736821f0f91e9139f3911a9278d1291c3065978558bf71a7e8ba45e38d1d44ce0f6541451157

Download Submit
/data/user/0/com.ted.hartford.pansy/files/umeng_it.cache

Filesize
350B

MD5
beb56a7363817ebd8a17799e3fa47cf1

SHA1
712b21de48583fcfb82ade94f23846111da54f2c

SHA256
b7ee4243d0ae520830f049a92e6f039cd0c76967cb98b54b53908773b2c2da14

SHA512
a7c974854c35d07a818536c13997078d89294239f7e498c0b5ee5236f79fdf7701084833d093dc9652468a33591983c5899eeda6b862bf7356196dfe125dc67a

Download Submit
/storage/emulated/0/fftechnology.cfg

Filesize
32B

MD5
8fcab146212e313f3708a09772d403af

SHA1
630eea489467a115b94aa1c3e69abc2d2fe9c224

SHA256
1d62daeab16dff0b568716519f192b32eae2021d63951aa6f56c8c32b4d28b9f

SHA512
ef74356ae5bbd807b3cb318b93cc54031f71067fe63233ea0e8950ea263a383eea7cf638e1bca4c0b73d6f3c9fdf4c6ffbacf135bcba538e1d679576e97c6ee8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads