5a0b701a54c582ccda6a54d923b3c72f0ea6ce96e1d7f256d486166e5fb50c64

Analysis

max time kernel
14s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09/10/2024, 06:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c6b6143c9375f42eb31200211985a59_JaffaCakes118.apk
Size

1.0MB
MD5

2c6b6143c9375f42eb31200211985a59
SHA1

8d86cc7c46e1203a52bfc6147453e88329e69c7d
SHA256

5a0b701a54c582ccda6a54d923b3c72f0ea6ce96e1d7f256d486166e5fb50c64
SHA512

97052f9e3a8fc20289dfb2a0a51ad29ecc40cd2d5b444307a2234be77e6a9e917373c71d45c1916e5c9cc637b2fd9314dc38104924aab3267dc47ed16f525e0b
SSDEEP

24576:nhE00DUhozwpnmr3DtDAWNfhdfMALARpQ1JNGBk:nhEqhoMpnmr3DBAWffgS/

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nys.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nys.mm

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
11	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nys.mm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.nys.mm

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.nys.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nys.mm

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nys.mm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.nys.mm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.nys.mm

com.nys.mm
1⤵
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4247

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nys.mm/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
4b19349b83fe8d69e9026e3b76e0edfc

SHA1
fc11ae68850ea7dfb148a6a270e1d3f1824f2b70

SHA256
0114e7cfcd735a5e93a589f0f38ea5b1b0beb40e3f07b9bddf1755f8449604a0

SHA512
cf0d476916093ddd7fe54688866f2e9739b5d81c64eda08151bd5df3170d5d7b68a4d6647f5cede1810ff40027cbdc9bc31fd081754679df4acd4bd3627a36ba

Download Submit
/data/data/com.nys.mm/files/iapp_crash.txt

Filesize
919B

MD5
0edff0a42752152e95d458dd61c307cb

SHA1
6361be7382823e472fce13e0119acef4d1cc4e7a

SHA256
b122337edea29dd0ae31a28f82bfa4c3d8c6646a264af68196926b3df95e300c

SHA512
d3cd27ca0065c9b1f2f33c7207fc91cf9490e41c18d2a6f24c856a786bb7785d4e313730c12de96b6c545662c57303e224c4a84aed0821b20701e63e56018cf4

Download Submit
/data/data/com.nys.mm/files/umeng_it.cache

Filesize
310B

MD5
cb1783b7fddd55ec479b251ee2303440

SHA1
1725aac3b8da3b5c0cc18d237b778ebc4ffaad9d

SHA256
f2d131c2fde0050a163531ee378bcbf3b6ade17ad18b98504b3cea7a963aabd6

SHA512
8e8f21b091e84cec680b1f56e9cd83bbc0bdec4824ae56d3307482939e016584d15bc9c163a3635ced303754745d2d37c13b6f5ad5c6100c6a07fef73e345e96

Download Submit
/storage/emulated/0/.sino

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/storage/emulated/0/iapppay/statistics/com.nys.mm/statistics.log

Filesize
116B

MD5
0c3b4c47705916daea892ba89fb7d3eb

SHA1
2969e46bcf5bd7fc89742b9417b48bea154e9f65

SHA256
1d7bf4e451fa63399389c751c49bdaea15ded1560090d6a50d0f3d18512cdfe5

SHA512
d07883de6f8abc09fe379deacd22046f3524d2e4d5825078d39abc7bfa4ab87cbd795267c05c7de8351f75bee0d6f8fdcdf1aa4ad121a8708029ee25e735432d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads