faf480487d2c82539f16b5444bbf090602d5178faf0faeb74d91bb64f9304264

Analysis

max time kernel
74s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
06/10/2024, 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

179d2d01af28b90e64dcab5ac82567b5_JaffaCakes118.apk
Size

5.2MB
MD5

179d2d01af28b90e64dcab5ac82567b5
SHA1

b81ad0ef311ddeacfdd36f9afb4dcb4202848f2b
SHA256

faf480487d2c82539f16b5444bbf090602d5178faf0faeb74d91bb64f9304264
SHA512

3c3c9719d7fb1884c259b6cb1b19fcfc67daa755e3b7781886c594e55af434316e2fc312ca83de3439555599355cb67e77c2c3ab0fee988dbf235a018643b423
SSDEEP

98304:KeR3RWiAFUO5WHS92BLh9R3qltd7jNGPlH0DFPOQKZZThVn6n9eBvgBwIo:KosiAF7eS9+lbalrNiFUOQKb6UBv7T

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 3 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.serialno	com.mgyun.shua.su
Accessed system property	key: ro.product.model	com.mgyun.shua.su
Accessed system property	key: ro.product.device	com.mgyun.shua.su

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mgyun.shua.su

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mgyun.shua.su

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mgyun.shua.su

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mgyun.shua.su

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.mgyun.shua.su

com.mgyun.shua.su
1⤵
- Checks Android system properties for emulator presence.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4253
- /system/bin/sh
  2⤵
  PID:4282
- - chmod 777 /data/user/0/com.mgyun.shua.su/app_lib/libdevhlp.so
    3⤵
    PID:4309
- - cat /data/user/0/com.mgyun.shua.su/files/flag_file1
    3⤵
    PID:4341

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mgyun.shua.su/app_lib/libdevhlp.so

Filesize
37KB

MD5
e5da49efdf2185601e4b99b231ed60b4

SHA1
f694299e99e7e2a5709b44be7a7c1e46de321d7a

SHA256
2a76bf9d198671bf3f70ce17b47769be7a8e4fb145cebe75f98c165a7bffa215

SHA512
d39c4773604175f338ecfac7ff937cc12857936af8123bf12db40ecc0c105cbe32ea62cefe1739f2412bf51fbb73e8d1ff86d834edb07f9cb477c5e7538dec16

Download Submit
/data/data/com.mgyun.shua.su/app_lib/libsolhlp.so

Filesize
21KB

MD5
718e3d642f74b80ffe633a45114025f1

SHA1
4b0dbfeecc96382c5f0c6d2f67eb430829134458

SHA256
32cd907d3343c44180294a7c279c2a5f139a6ee443cbf443eb2bd663bca37c6e

SHA512
2af86eff8115aeccf89fe12c4bfdbfcecc6168cb90edfe005a209a395ec563f0fb9b2f9db4324a296b042d71d7415da1254f4b67d9c3f212f179b156ef2de5fc

Download Submit
/data/data/com.mgyun.shua.su/databases/download_status.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mgyun.shua.su/databases/download_status.db-journal

Filesize
512B

MD5
9cf1074650c7fe4ee263b3f35b22ea58

SHA1
97a492aede1cd8e184ce9a740bf2b02971825683

SHA256
52de7851f306bc87758734b250a2da2dac118ab220bc2ecc00960d10150ba941

SHA512
64d2479d143125ca300dff495dc3ed7aa184f85a19d262f97d0ece09c5cafb19b98b39f3bddedc20fd50c61c33aa41627bad49a780bbfb45dff5d958d4494fca

Download Submit
/data/data/com.mgyun.shua.su/databases/download_status.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mgyun.shua.su/databases/download_status.db-wal

Filesize
32KB

MD5
e95aca9e2519a3775f56f1418a398d6f

SHA1
d013be1e97581d41bbc6e57346008c1ce873eb09

SHA256
bc2a8c503d956d9a1748f44b90315748052827d55ccee7561fdcaed23cc4f622

SHA512
57bd2b10f5610632cdd558c7fad1f71869403653b7ff8f280a023cd811b77c73e2c220288d4caa39e5a09a8e806e1149c29d1e273cb98049385690bc9be3b28d

Download Submit
/data/data/com.mgyun.shua.su/files/.pro.list.rootmob_indextools_en

Filesize
4KB

MD5
20cf7c7df6ad8ce3feb797abe7a9c408

SHA1
d9d41bbcb16bfe62716370e7e5972818305d3387

SHA256
6647298effcb3e1b50bcbb40767a731ea62306c7e23b154aa77d2d001dd06916

SHA512
c0e5620d305a2ad7c09ad649d8da9648208190317ef0e3a69bc3816a9abf939b39fe163e55142f9f046c6c321a4e2dd99103fa03d00981693bc7907190423a0d

Download Submit
/data/data/com.mgyun.shua.su/files/.um/um_cache_1728208633180.env

Filesize
655B

MD5
45c9a0d9e2159422363726c0bb9ed92b

SHA1
5b28bd4c19a167b0976f4ebcbd9d9ff33ff628b2

SHA256
c6b100a486e568c910d766b925208a65ab752eca6c18336e86ad406ca2a083b3

SHA512
e7485e2c8e89a1dcc8476fc21cbef9c62c99f234cd4023b7a1769524c387b9f81748fee41df19957125b93e4b85284b46b6839a7dbe9d4ccb60898a1ee4bc49f

Download Submit
/data/data/com.mgyun.shua.su/files/umeng_it.cache

Filesize
310B

MD5
2adec20fd607baa31cc78b31593ed580

SHA1
0c4607f1b976cc30e73e3b38dc27256ba735e96e

SHA256
6688ce4addb76c15e87c8eec64634c21b76d46c32b391a031f81165c1037dc8c

SHA512
b421d52c1c553a61a05ada75348a2d361eefadfe54489b602dd62f5c440fe1854d137403ac94e3a8d66886f1d2cd7a49a12836ce460bec12aefc8f2bc71c7231

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
2343e5f714dda21cd0464f32f58ba29e

SHA1
3bad78d389e57989ffc9eaae93de7ee744761fcf

SHA256
e1b3ea1cad9cf5598832ead322175d255a139b09afcac481f6a45662b351aba9

SHA512
7b192287c85089284a6f740314097cde6ee321817949601b4c0671a5191ceeca058b9c0b023881ea79f403c17ff1a25aff377ed0fc81d86fbf9b08f3678ffdfc

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
5f42cee08ede4d736f2c6b303884ab90

SHA1
26933c61c90faa7aba33611a7e777093c1e5d392

SHA256
1aaa6161df1c9cf6c7506b27f562759120d23e9efb7fa172a5efc6b19006a35c

SHA512
cf8d8f5cbae03a95a23fc4a03b35b528253a755f9f86460480e43db313962e090f023273c91f7cdffd496ed8e892696b7f1391106e8d7c40ce1b7285f6ae7655

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
099eff8129b272064c544ab8882a5fab

SHA1
eeeb0e4d8c23a561530b5e287e1ee07a7c6e2329

SHA256
ed9d480480472a405fa2b36793e82bdc8c66c7ca1adf4c04d0183a2eb96ada20

SHA512
f8881b3a5bf0cd1c39a9ba4673c7a1cdda841627da33409e2e28bf8d2573a9e2848b3080d634926cff6bfa18f5f00e93da7b613bdbcf1186c555b21b252d634b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads