f4d84056a1110b11cf8f674437b4b9ee6d9fdec6792d4dbc70c64db9c6782ee8

Analysis

max time kernel
76s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/10/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ed0a271194762dead977e5f02239722_JaffaCakes118.apk
Size

894KB
MD5

0ed0a271194762dead977e5f02239722
SHA1

fa568481185c498b129b4ca0b9ca5cea9c6611ae
SHA256

f4d84056a1110b11cf8f674437b4b9ee6d9fdec6792d4dbc70c64db9c6782ee8
SHA512

10b82de470fef8aad57577c00ebe1fdd5a07623cf94c45bfbb53723e39e5f54574a7ee0490352fdc361d7edc5c93ae35d6a5cf79e0047671f4393747d56ed384
SSDEEP

12288:oknWyvViy/8/nFUz2Y1WcN9APmlTHIIzWDtSrguQvg/CViEbIP7UF8w7tYnT3tey:jpveaz2bcN9JBoF80BvgqVfI79p6Hu

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
7	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	udy.ekdxl.kxyy

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	udy.ekdxl.kxyy

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	udy.ekdxl.kxyy

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	udy.ekdxl.kxyy

udy.ekdxl.kxyy
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/udy.ekdxl.kxyy/files/.um/um_cache_1727944845810.env

Filesize
613B

MD5
c2446ddec170f7eafbf0dcc99ce15b78

SHA1
87ac4dd29b0795d5f32cd012e559a2291ee11de6

SHA256
435c5a6f404e14ea917cae60882e4ecaf2b32953c58d037a04ae26c867f70632

SHA512
36cf5cd04c879184953b54425057369540a01241b66a42d30338470eaaecd792658e856b4a3a7ca7743ef5be4dc5cc4a0aabdbb520cb45a49766b0fcb6165df8

Download Submit
/data/data/udy.ekdxl.kxyy/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f9c61c6db87c52875947b954c8f7ba5e

SHA1
8062224b5c78616116e9225dc5363fb99554e062

SHA256
9b79f36fabd0e6222a7d064e690684d7951b94780d5859443850cec8d487105a

SHA512
4cf40be5f6810a23272776f0f2051c6c32fdbc5430e76607f06d543e726f9d4241421c575e241ef241a32f10eba173f39e0b3449a7164aeb775f58684959ddea

Download Submit
/data/data/udy.ekdxl.kxyy/files/umeng_it.cache

Filesize
310B

MD5
56d7b36199742b19751512f74906813c

SHA1
b22e6f8597b0497ee67343837efb4ea3124df406

SHA256
9c6fb2abf0f6c028ce41b74da03f7374197f067851f4ecbf6fb7d876a4a53a86

SHA512
76fccef6605f405a5f3534a42440b983c6f04b31f54f1a419c4a9501bc86728315712b5c26be5b9f708efbbfd3800233e2501bcbc299295a15cf02af0677afca

Download Submit
/storage/emulated/0/.yylog

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads