77a729331ee7689b2bb589f08fc32cb674af49cba139ebe8578ac8836c7fb557

Analysis

max time kernel
63s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
04-10-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13eea38f27e4a4f9e53b17887eed7b5c_JaffaCakes118.apk
Size

385KB
MD5

13eea38f27e4a4f9e53b17887eed7b5c
SHA1

4503de672b562f1cba22d1cfbdd1db998d19f09c
SHA256

77a729331ee7689b2bb589f08fc32cb674af49cba139ebe8578ac8836c7fb557
SHA512

d930bc746a8cdeab8cb20d1c8161a5af2f454086523c100df415761eed6c97c1aeda903a242c563ab8764acbe93cbe90c903c0cd09f904c30a79c2300e4212a2
SSDEEP

6144:HZQlNm3wf90Sfv+W53TNtOJdA3a57jEzugBSjSOJpBFfKYB0LLwzNFJPLZ:aDf97fWONtOA3a9jXRjFJpBcYBWSHRLZ

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
4	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fpfl.qiv.hcri

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fpfl.qiv.hcri

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	fpfl.qiv.hcri

fpfl.qiv.hcri
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4978

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/fpfl.qiv.hcri/files/.um/um_cache_1728056107591.env

Filesize
542B

MD5
5db6a65318ea0d43aee656a5b8923c84

SHA1
c17535a5e30ac751cb313cf73564cd2c976cd96d

SHA256
5063a83267e773528b68c6705c0e66f589ae5c93236f949eba8253a528458139

SHA512
9a67aacf247a89e67cbc8ea84f9645392157e10874c475e5ced9fa1fafe774f35dd083c99e1dd00453ff41193a5891a78fd7d02575f3b908de527d2fdeaefa75

Download Submit
/data/data/fpfl.qiv.hcri/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ac4a13020d672e4b7fae83e3c667aaf0

SHA1
cf2645a94174849ebeeb54afe626b795f17e7006

SHA256
3f93f980f08b35e73046cca59faccf435105d7e609c44f75702283bf3e80dc8e

SHA512
80d52e1c0776f3582ec3794f181c0962586f69db6405d7d8c49f4bb3aab07e845271b5b19ce273c86a09bf0c07ca83970ca8a373b558406456e09226976cb1e0

Download Submit
/data/data/fpfl.qiv.hcri/files/umeng_it.cache

Filesize
245B

MD5
537b0f6d7af24d9880bd36e4904a4572

SHA1
d8ac086b90b04c2be194c51f2946491b1adfd9f7

SHA256
9563c0f4c58a2d74dbba4c6301f394466b3bbe52de83fd0dc98b724fef23ceb0

SHA512
7153633b46b1b11ddb8fc2c1178527b649b9527cc76476a043f4288f90c700ec846a562d036f9a5eb62c46ffb569cbc07e014b922ce9474c6b8f417353ec7034

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads