f4d84056a1110b11cf8f674437b4b9ee6d9fdec6792d4dbc70c64db9c6782ee8

Analysis

max time kernel
71s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-10-2024 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ed0a271194762dead977e5f02239722_JaffaCakes118.apk
Size

894KB
MD5

0ed0a271194762dead977e5f02239722
SHA1

fa568481185c498b129b4ca0b9ca5cea9c6611ae
SHA256

f4d84056a1110b11cf8f674437b4b9ee6d9fdec6792d4dbc70c64db9c6782ee8
SHA512

10b82de470fef8aad57577c00ebe1fdd5a07623cf94c45bfbb53723e39e5f54574a7ee0490352fdc361d7edc5c93ae35d6a5cf79e0047671f4393747d56ed384
SSDEEP

12288:oknWyvViy/8/nFUz2Y1WcN9APmlTHIIzWDtSrguQvg/CViEbIP7UF8w7tYnT3tey:jpveaz2bcN9JBoF80BvgqVfI79p6Hu

Score

6^/10

discovery impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
32	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	udy.ekdxl.kxyy

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	udy.ekdxl.kxyy

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	udy.ekdxl.kxyy

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	udy.ekdxl.kxyy

udy.ekdxl.kxyy
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4486

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/udy.ekdxl.kxyy/files/.um/um_cache_1727944842578.env

Filesize
578B

MD5
e9619d3d347e1fb7cbc8699fab57359f

SHA1
dad74037918b90ad04a267e47f7cee734d173e59

SHA256
041a67b688a5b2e778349391d9f18178393299e74e0a5d1ada0518f27ec87151

SHA512
cf40bc3ff75b3830e52d0d7b3fbaeea0bd81b0c15c39b5660d39af19ab9ef08378868d5b3b5fcd98eaa0f87e1f75a77f6a675d1e33ebcfc7a1ddcf7034f8f092

Download Submit
/data/user/0/udy.ekdxl.kxyy/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
444738b91a95ffaa236b4c04532b9b02

SHA1
a15c7ab910155d4df1ae198636d3518fcd9758b1

SHA256
9283d235d33c6611dfcc0406da78e851181dbd8dfed73bbc0db3f956f067e699

SHA512
edcc896b1bd7d1f28ff654bdab3dd2eabab566ecf0a5c88af109cd4b8731e9016fbbd12eb8075a0c4465022a4bc5698f19be690a3b7a2f353a2d8ffc22789bad

Download Submit
/data/user/0/udy.ekdxl.kxyy/files/umeng_it.cache

Filesize
245B

MD5
5f86f2c49d89512e9741f8c233a2e544

SHA1
92a2ca7b94353169e7811a0ca775f54ff9ab41d4

SHA256
6915549e1eb87bf7e54cb9565b24028f11d3c49a8945a4708fde010c92ab1a58

SHA512
0fa3698907f58498a938b481a5a4371d41a6e659f3d84493c270001aea43916113fe0f469db4d055a58d25ffb3027b2daa63ccf70234715fb861ac6a03c26e2f

Download Submit
/storage/emulated/0/.yylog

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads