77a729331ee7689b2bb589f08fc32cb674af49cba139ebe8578ac8836c7fb557

Analysis

max time kernel
63s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04/10/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13eea38f27e4a4f9e53b17887eed7b5c_JaffaCakes118.apk
Size

385KB
MD5

13eea38f27e4a4f9e53b17887eed7b5c
SHA1

4503de672b562f1cba22d1cfbdd1db998d19f09c
SHA256

77a729331ee7689b2bb589f08fc32cb674af49cba139ebe8578ac8836c7fb557
SHA512

d930bc746a8cdeab8cb20d1c8161a5af2f454086523c100df415761eed6c97c1aeda903a242c563ab8764acbe93cbe90c903c0cd09f904c30a79c2300e4212a2
SSDEEP

6144:HZQlNm3wf90Sfv+W53TNtOJdA3a57jEzugBSjSOJpBFfKYB0LLwzNFJPLZ:aDf97fWONtOA3a9jXRjFJpBcYBWSHRLZ

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
4	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fpfl.qiv.hcri

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fpfl.qiv.hcri

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	fpfl.qiv.hcri

fpfl.qiv.hcri
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4212

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/fpfl.qiv.hcri/files/.um/um_cache_1728056108232.env

Filesize
572B

MD5
c3fc4337359e8a6ee43da35bae676750

SHA1
8cd134a1485089ecf08fe1fffd7abe7dc487ed24

SHA256
de293d5a23424a9fb1a616f984c712f0a16ad217342290dc4195b402e957ec36

SHA512
569b33dffbd65c1b746090e7a1ecc0c143992cd140cd822e6b1a4854c93a8a2b28fc4b1d74e5e094e33783233d1bc740e4643a4b9ae74e8431a5b0dab5cfd578

Download Submit
/data/data/fpfl.qiv.hcri/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f1fb1893ec3fc777178e87adafc411a6

SHA1
5c84d16f211ccf9ca7515eda968c3c70e86c2602

SHA256
abe9cabd28cb6f511f1166d81494adf578a59afcd90885702319be889b2c0c44

SHA512
3a7b34d4d528f8b40aad941ecfec455895c71392a787d10fcddc676ed398f27406efcf49049cd140b01838b7a60b4d115558252fb258839304c0833bd6c9da9a

Download Submit
/data/data/fpfl.qiv.hcri/files/umeng_it.cache

Filesize
310B

MD5
c8812b7e3aedca58793a790d294ab386

SHA1
d605957707e3c08aabee08271124c7a70ea76f81

SHA256
bca8944435610bc14f6fad28b78f2c0f8063c6a274008bed1e1859ea756449b2

SHA512
ee7325a30800554d9081249d0e48470de4eba95af5d012c606f6b2cf02adbbdb8f6361ba5717a2534178f057446f338c79d582536c1f0578caaca8ffb26c57a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads