33913e647ef5321756fc56957f857ee93ec0183f8982e4905eb2a614ad2a500b

Analysis

max time kernel
64s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
30/09/2024, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

027d7d0bf461f5681d342298d882af88_JaffaCakes118.apk
Size

12.0MB
MD5

027d7d0bf461f5681d342298d882af88
SHA1

f0b3abd97dada659a946afa0e62d3b56afb38660
SHA256

33913e647ef5321756fc56957f857ee93ec0183f8982e4905eb2a614ad2a500b
SHA512

8536dbc90a185be6d4b2d5840b57b34221b8d633e3d09623d90fcc56a43f5a93550b27deaad01749432af5dd7739b9e8f0d6186dd13067074a22467c2da09e57
SSDEEP

196608:nY/mt2v+VeIiaKX28CcDfgtWyCmaGt/ANRR/Tjw+CuaApyf79T6TeUiHRb7LzXhS:vU+8IfKGAJyeGtYNTvw+CuUfAeBHR3hS

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.petroschurch.petros

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.petroschurch.petros

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.petroschurch.petros

com.petroschurch.petros
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.petroschurch.petros/files/mobclick_agent_cached_com.petroschurch.petros

Filesize
197B

MD5
ac7c8854b9d1e42a811589b61d3de05b

SHA1
33f3a7a57904270a0da98aa8d1252c92e6e9e8e5

SHA256
fc59933917af121f9e7570eb81d970f772e0cbdcfa753db5bee8089af87909f1

SHA512
69aaa4d7940c581b5906bf4da7d3a8c8e7b1680e240e701af5b2ba85dc19540192362749e351ec1264ee28d7a086e82d02afa47d3a4e16501880bbf1708d0e30

Download Submit
/storage/emulated/0/petroschurch/petros/content/petros.db

Filesize
35.4MB

MD5
35da04b712f495023803408d12c24650

SHA1
0e92a372547d6bd3a12e9c2baf99225e11cf687b

SHA256
3b172596f9413346ec9e9c361598bebd16fe7d887c7af23a62412904cbd1e321

SHA512
95016e604ddeb7724b930599225bdc82eddbc2e8a6c04f93e3e8fd5f47a7466595754cf58da4d0792b58adcfcb74edf4c695fccd5812da6220be908a47c7d5cf

Download Submit
/storage/emulated/0/petroschurch/petros/data/data.db

Filesize
28KB

MD5
ac542ee2457b12d8675e3d2d3cc48cb1

SHA1
c8ad03c563278fe38de695bbdfdf8c22fbf0af1d

SHA256
b85e5e503a094e07c5f928cdf6bd6c7766fff91881bcd28d3b2bad7c3dce3966

SHA512
ef242d799f45b58a12841fc6aa6e6fa6d12a055ab20fa4ffe8664a8cf6e8b490fcf4af8618701aa10febfffbe2aae16145eb96ac4946e272766bb747c910340e

Download Submit
/storage/emulated/0/petroschurch/petros/data/data.db-journal

Filesize
512B

MD5
f65a64f5a2981e2b0b9dd82c78e2e264

SHA1
64b2fe7b2e8d453425ab9673896869c8229e5854

SHA256
2525cfc38825972161a0dc9377e2148359b0bb57068c708c975cb607d2981eb5

SHA512
92672cf1745dbbd174a56321aa9764d977d066c324da3c7881aff0b9ebfa6bb79362a09e8d4dae0aaa866d169336ccfc774c8275bdd29d09b4f148d402cb9b9f

Download Submit
/storage/emulated/0/petroschurch/petros/data/data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/petroschurch/petros/data/data.db-wal

Filesize
40KB

MD5
c8e1998bc00159da9aca4cfb40adf9f3

SHA1
b98c070ceda1a656e9ac1b0f653f04914ac3af84

SHA256
91cb12acec9bf76df700ec4033e981090ffe100b3b546a9d3f94174e09fd95dd

SHA512
9f0bfcf6386d27e816a35bf9a1f9723b790a48130d7fab064f9da126dc6f35e553fa3aded37216474c5570e561a40c667db449e6e1bcb3cfa7ea39879fe0f49e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads