77a729331ee7689b2bb589f08fc32cb674af49cba139ebe8578ac8836c7fb557

Analysis

max time kernel
63s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04/10/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13eea38f27e4a4f9e53b17887eed7b5c_JaffaCakes118.apk
Size

385KB
MD5

13eea38f27e4a4f9e53b17887eed7b5c
SHA1

4503de672b562f1cba22d1cfbdd1db998d19f09c
SHA256

77a729331ee7689b2bb589f08fc32cb674af49cba139ebe8578ac8836c7fb557
SHA512

d930bc746a8cdeab8cb20d1c8161a5af2f454086523c100df415761eed6c97c1aeda903a242c563ab8764acbe93cbe90c903c0cd09f904c30a79c2300e4212a2
SSDEEP

6144:HZQlNm3wf90Sfv+W53TNtOJdA3a57jEzugBSjSOJpBFfKYB0LLwzNFJPLZ:aDf97fWONtOA3a9jXRjFJpBcYBWSHRLZ

Score

6^/10

discovery

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
25	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fpfl.qiv.hcri

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fpfl.qiv.hcri

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	fpfl.qiv.hcri

fpfl.qiv.hcri
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4543

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fpfl.qiv.hcri/files/.um/um_cache_1728056109599.env

Filesize
543B

MD5
4229663dd74524c601d684c1dc27e3b8

SHA1
0ae9730e811fa9a3cf840ae39874703ff420876c

SHA256
b58cad3b032bfa6a779b4e8a776a078ee4448f9adcf7d971498d19d81d1526fa

SHA512
1dade99cb156a0e48475516b393417438f46dffb4798b72bed058ff9b93f4e8bb967495dd71c81669e7cada3e4066f878c9222f24a221cc1ab648dc57de28f20

Download Submit
/data/user/0/fpfl.qiv.hcri/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f231942c42c1923de45351b194bf1be7

SHA1
0d11344d7ddaeb223fcb63955ca6ad6b7597af8e

SHA256
fec74c7da3a898f46d3b281c9453918835ff3f3ccb2716e0df318e3955806a8e

SHA512
51343ba410de3468ae6a6e6f17ef72a05972feea713720c02dd9b883f0a69b6767735ef48051cd732b763c1c9622e48f369ba742d24ab05bdd340a986c2f90d8

Download Submit
/data/user/0/fpfl.qiv.hcri/files/umeng_it.cache

Filesize
245B

MD5
c44d698dc22ade6a7b1f68b112a96453

SHA1
b70adff0e99ecf4f92d15d2cdb996b9528dab0aa

SHA256
85cbf26c0da91fc6b9f978d27b2e077674b62df78d7d638c19622630c7fe0995

SHA512
46194d3ca39f300dc1bcac86879dd47b68e92a8a0bf5c9420f4e9521b20d5f1e7d2004ca549b8f3018e367a8510289fac9a0c1df26c96a0bf5dbadc99f9efe1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads