d6fb5f8f0c6c5301e2850a1f3ea9d64e15c74f043705e4cc48282f6edccec0af

Analysis

max time kernel
28s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-10-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e4c784764f406d2f3f83e04dc3f4929_JaffaCakes118.apk
Size

1.1MB
MD5

3e4c784764f406d2f3f83e04dc3f4929
SHA1

074e39923a69794a02036ad255f34ebe97fd5a8f
SHA256

d6fb5f8f0c6c5301e2850a1f3ea9d64e15c74f043705e4cc48282f6edccec0af
SHA512

e6b179545ff09acc2bfc93574d7436a52bbbf0983ba278411ed78a48d4e3386e1ec4dd0ab392bfaec0d800d7d41668f2ab475b52e1e030903e553e5a43f90778
SSDEEP

24576:EpAQOEehrQErTzLEY93dgUcy0buRLWIHN6mk/ttj7ncXWeER8HB5I:ZQOfr3EY93mUcyquRLWok/Tj7ncmes

Score

7^/10

collection discovery impact persistence

Malware Config

Signatures

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.rrvcbdfrre.ertdvbdfdff

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
13	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.rrvcbdfrre.ertdvbdfdff

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.rrvcbdfrre.ertdvbdfdff

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.rrvcbdfrre.ertdvbdfdff

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rrvcbdfrre.ertdvbdfdff

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.rrvcbdfrre.ertdvbdfdff

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rrvcbdfrre.ertdvbdfdff

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.rrvcbdfrre.ertdvbdfdff

com.rrvcbdfrre.ertdvbdfdff
1⤵
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4310
- sh
  2⤵
  PID:4441
- - chmod 777 /data/user/0/com.rrvcbdfrre.ertdvbdfdff/files/932
    3⤵
    PID:4458

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rrvcbdfrre.ertdvbdfdff/app_bin/uda

Filesize
25KB

MD5
c26cebc61045ffd2d71d2d72191dab87

SHA1
0f8417c245fece0eeba62408ef2722547c8a417b

SHA256
414a5f5bd62e70dab5109023868014bc2f819184fc46689108c8314a32beb4d5

SHA512
1f7fdf55f4ff5671f221d45980a6dcac03951fbdab8ac1bbb40439805a4686dfd65627003b2a90b93ca7c31fb5a8a6db03146e559dde238e19235f8f85158ea0

Download Submit
/data/data/com.rrvcbdfrre.ertdvbdfdff/files/932

Filesize
146KB

MD5
6f2cbd63ab58e1b19df25b2fa53bfa50

SHA1
7a3f0381a68ce5ce0f79a781d197488304521917

SHA256
d06a6b816db1572b8e1d4d9f0b688f4dcc0daac721dd7ad777cd5d5f2b8b4476

SHA512
b627b592d6ce09ed7fc6c7343394d277bb9cc50aa75d14f331c070a503f8bbf447298396cff767ad93a8398f50b079388c72a814ed53ec0c5f80d52405c2c736

Download Submit
/data/data/com.rrvcbdfrre.ertdvbdfdff/files/iapp_crash.txt

Filesize
264B

MD5
7b289a8edcb824a2bb747d235a56252a

SHA1
5742573edc8257ae40990c6a2258b54c94c10cad

SHA256
14232ec1ed3262e9a41759e3a8a219dcbd6045eefaec144ace375256d795c137

SHA512
79cda24b597089020c8c9388e2e9ab5827de1820c8fb2d50475c52ef442bc52edd2b98fa9342a61047fa20d43684a378d9e7d1353e909dfbd9910548001fa6c1

Download Submit
/data/data/com.rrvcbdfrre.ertdvbdfdff/files/umeng_it.cache

Filesize
310B

MD5
323fd758d7e7ccce28e741de5964567e

SHA1
a9cf3f87eabc4968d3be40bfb3ac528758c9d702

SHA256
e682a7abecf8ec29c7d7c716e4f0769e694b3216661fb736a9852ee5530193d2

SHA512
d22b0565506f501d73cabbc90b8c337a2e453fd66d086d25a7f24905414ccbb1ff6146dc2954156a71618afc44999377eafceccfdb52b8dbf8e8fb5ac14eff9e

Download Submit
/storage/emulated/0/iapppay/statistics/com.rrvcbdfrre.ertdvbdfdff/statistics.log

Filesize
116B

MD5
e37ada2bb3acdb3eaa90dfaeef09db22

SHA1
9e29dc9f7f87092e1b0e2b409fa89721874822d1

SHA256
dd7dff4e1c7cd9b357c502606f92525e1929418a7a7213fc843aae10b6ba48dd

SHA512
3d27e3d742d4907055248fc6ba52b9269350725bf97602252d708824929197ecb948a5afeac979679c7bde8af352852d7e99bcb9f91a9033e3d90b51edd0c19d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads