847fd552c6200fc9b2db5eef4704eddb518a515c9efb5d235726a9a45a3df5f1

Analysis

max time kernel
65s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02-10-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0932ab4b11dab167e190643341aec35e_JaffaCakes118.apk
Size

867KB
MD5

0932ab4b11dab167e190643341aec35e
SHA1

2d90e5eacb4a6fe089f7ecacc88b5c1aa3e24699
SHA256

847fd552c6200fc9b2db5eef4704eddb518a515c9efb5d235726a9a45a3df5f1
SHA512

7e0b41ba1d8b44e7626a50da7232337bfdee963111cd10cd3a0ed99a54739051746bf341ed2d44392b92b50acb846a7e3bf2e7b3a344eb280db7416911b07951
SSDEEP

12288:pfEljxJhIEdj2Tzdk8KIgot5mUkWAQ4Qtg+Uv4dKMKsEe00LyGr3Fs//a1X1e0WC:GxJhruzxZgC5LYQOE8MhEgBXcPC

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
8	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ssjs.yb

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ssjs.yb

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.ssjs.yb

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.ssjs.yb

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.ssjs.yb

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.ssjs.yb

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.ssjs.yb

cn.ssjs.yb
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4212

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.ssjs.yb/databases/MyDB.db

Filesize
16KB

MD5
3afa80175fc22ef5b2987ae9bc38973a

SHA1
c69c7d6d5fcd0373a802319e4be79deb1cd69f57

SHA256
fae0b02b2506445acca2ede3295203796f7d3bc15e0e064957a5e90c32226ac5

SHA512
837531363574dc2f6bc38eeb8a00fa5c089592387dd16c82c473ca4fe3ea5bfa3cd6000480a2f0df0aabb23dc31d349cf326be4a837c7afccc5871b721ca573d

Download Submit
/data/data/cn.ssjs.yb/databases/MyDB.db

Filesize
16KB

MD5
5ef4ba81099c8011cb4d043af21ed187

SHA1
e904c71ada92f69adf9da393d28a5b709f1e75f9

SHA256
5328093ff9e7c5b0624b9d88fb80fca7446fcc0bda98b7702aeea4cba7583cac

SHA512
32b3d56d82de24d802c3af73a460fccfaa72efc32d3c1348f2987dcc23ac94802ad582ffe916aaf61573718ad31c161b3ee1d56cd9b289bb757c4cc51dd86b06

Download Submit
/data/data/cn.ssjs.yb/databases/MyDB.db-journal

Filesize
512B

MD5
0caa58043d245e973351eced816fd9d5

SHA1
4012f9d9701a7dab7055ccbb10feee938e3a1974

SHA256
a1ee5ff026a4b2cf54879fac399ecd0e4fa352e4c1390588b0a20f2752c4f261

SHA512
1062796de894cc56307c856c5ff154f40c3e5b7611e3dfaa88b5a36793c4fc5685b2a812bc059faf356bc3e01a8fe1c541018045020d4421e65351e4f4617a6d

Download Submit
/data/data/cn.ssjs.yb/databases/MyDB.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.ssjs.yb/databases/MyDB.db-wal

Filesize
28KB

MD5
b2818f537fab4ca7fc8aa0b92400f24f

SHA1
9208ac2d71d3dab81866c97661444adf2c2d4f13

SHA256
0282006411891df8e3afe25a456398aeee869873edc1df0d14c04159d6cade4f

SHA512
514601aa9184a4df8dbc38feda1281f9a9b77b3bf84f93b402d9f9efb45d960005fa26e80423dfa12d3e88e2ef86ef10aeb1d2dbf0b14ae1965aaf99367317c8

Download Submit
/data/data/cn.ssjs.yb/databases/MyDB.db-wal

Filesize
4KB

MD5
29dea0a06ad6d20da8d3cf9fe4d78ea6

SHA1
a0ec2fb3a0caadf96d9939ed82cf97db5dce0e13

SHA256
a1f6bdaf0f86b04d958408ccc353d4199e74effa1308e7adb3ddf65e9c667eab

SHA512
bd549284ed2aae7d647762f70fbe8652cbf604b0553419f91384c9bbc0d4f0bb6d1ae0f0e9601ff6a380d8b34835420d724017b780340aac75d5b32491b13245

Download Submit
/data/data/cn.ssjs.yb/files/.um/um_cache_1727848585482.env

Filesize
706B

MD5
33191ddb4ba4ab61f515d956912b4244

SHA1
6cb029134f03605e7d1bf4eea73404d99f69648f

SHA256
f5c5e48c94fa06f0f9ffaf80afe1d1ff09917afd62b2d33425b7199b45708cb5

SHA512
fd54feacd87b3a27f34638be0fb12dbb6c7e38716205b1fd49a949d9fa488166fcfcfff4373685c6f6f3b117a653c5c534556c10268b356153c1f74c3898a35a

Download Submit
/data/data/cn.ssjs.yb/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
7d3c8b39d0278ba5703ce5e2f25bd2c6

SHA1
d049fb8f4b507bf94f17b6455d2b9bb7eb3416a3

SHA256
418c0ff333c959d46827b4b6c14defbea63a337d2bcc6668856c14c6ca1f899f

SHA512
05b33f101285005cd4b03e1c45d307342bbca844bf04f6719b7b887c0e61dc1ae0d36f4199b384cf4fed156670a41d6eb214d87488e3578e3e36b2f151c19e7e

Download Submit
/data/data/cn.ssjs.yb/files/umeng_it.cache

Filesize
415B

MD5
74d153abe1b44aab1d5436956ae1c1f2

SHA1
0e0b9b8b40c39d8252d69d3135f1b648a60ec30b

SHA256
efb54ac1c1c2824c5f4e07e59e4c6f7f708d6c3ed263714a2e644f07d0d16d78

SHA512
61eac84a26b1bbe15cffcc12ecd0b9cec47fa76aae543c68eae42da56c898b75a40fe556a0f86a29d8d5cc13c8f6e59b4c753ab8c807b55e3d9c22242f76232c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads