Analysis
-
max time kernel
160s -
max time network
182s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
24-05-2024 12:16
General
-
Target
6e7d07d39d6cec8b94c1554612fe7348_JaffaCakes118.apk
-
Size
26.1MB
-
MD5
6e7d07d39d6cec8b94c1554612fe7348
-
SHA1
440d643a6230a6e4029d81273f88da7fcc4f45b9
-
SHA256
9608cc361b5b46a51f315bacfc959d2e3b8b9290669e2627d28326c30ac27f30
-
SHA512
35c1225f93718b5a179e2510fa8231a3ace4ec7715e106a522414a17aaf77d457eeae78fe76da6664dd3ac25f63baedf727bcc0a18177e1df45c153dc212c91b
-
SSDEEP
786432:55Jc6nsTFdASRMZk1qok6PAP5d5/wTX/iXqh:pcbdASRoh5d5wTV
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.saike.android.mongo1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.saike.android.mongo/databases/mongo.dbFilesize
168KB
MD5587b21fed9e8656d968efd4166996b9e
SHA105a8f0f20b5c53d957e5bc0e6dd911a8cafe5f86
SHA256bfedb241f3422f667136821bc2ce71f8bb536a3c37a97a4863a6962b1aade540
SHA512efee82d10d22cd06e804f106687f826a631092142568ce68dec1430832e4ff4bc1a0fe492d9c3181941b07e17ca078c575157f87d924c566f691d0f558248e52
-
/data/data/com.saike.android.mongo/databases/mongo.dbFilesize
149KB
MD525de01f1d4e171a6876830e3a1d3b5ec
SHA1b9928908104d72c49a2123e233d6d97cdce933fd
SHA256a3569d68af481af28b66c876e18f73e22a4ea724518721b3cd58e5b283851154
SHA512be62eb48df71bcf3ad719cb14aad0d726d56457d692e8a675e9efaf8bdfdaf425682cd8d249aafaa04af29aeb5e9f02cfb67b34b9defe59c8aae4ac819ad7712
-
/data/data/com.saike.android.mongo/databases/mongo.db-journalFilesize
1KB
MD591e0c9812b914cd75caf028ff322320e
SHA1a6eec77eeb27d66dedaf8973ae461eab4427ae82
SHA256b8ac884f5e396c8e38624d35e5dc3d977173af0f6c56cf29abaf928c27f9ab05
SHA512226dd7931f8bc9090d29a2282fd9440a289d311158e72fb4b30080fd2460d2530855bd77d4067e9892f87f3449a15101b121d592a726d973eed6c24a5a5d1b96
-
/data/data/com.saike.android.mongo/databases/mongo.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.saike.android.mongo/databases/mongo.db-walFilesize
11KB
MD5e0b0efe05bbdf4e6d445c65ac2d7156a
SHA1621f26fae896b9bdf444f946b5db08ed6c160b9e
SHA25667f2c150206095babc50f1ab78a491c3943ea36acacda7163035465d08f4ffa5
SHA512fceeb8d80d5bfc9e810038c0d5fb2e715d0465405f2038a633cc282d94315864259634e954a2f2772c17042481d30c389dde278f94aed22e8ddb2a09364f4cc5
-
/data/data/com.saike.android.mongo/files/.um/um_cache_1716557972731.envFilesize
584B
MD579cb357cf31517cd9bb720639c6d230f
SHA1ad789e187a017cedc833aa920a87ee00527e4ab9
SHA256543416fad7acca7e5874c8145ce18e3fb3208fff299b446486365c77ca7a97fe
SHA51222f8ac67f2ac5af020adf017b46d39c9d5bac4ed1c5b5310be6bdf8ba8b8e469777aa5ae168649f773fe63fea772d3768a87ec52e0c62bd1190e151073427c8a
-
/data/data/com.saike.android.mongo/files/1716557911687.txtFilesize
539B
MD58386436361a753cf2c4201572d5fb945
SHA1c4b02ab57e1eb7cb5aa6a0ff5a9eae70c158038c
SHA256d20572da919af89e80597bb9233c5bd9d443263ba17e84c9a705ec6a4022b748
SHA5122d140e5c9ef7ec8462a6e33549cbad89abe8b428899f5c2615372ee69d320268044875edc861ece23ec556a0721178629e073eac1e04815df8f56a02975a058e
-
/data/data/com.saike.android.mongo/files/1716557911687.txtFilesize
515B
MD5ca45b4604be6e02249d4c76ca2228bdb
SHA1fe56b2576bc66d22df52779f6e948bb81c910f3e
SHA256c9332e3e2cc4b43d63c10c8514efa5738d4cb5afc780e592f5200061fe5e6081
SHA512c2088a7dceff0d001711b205281e1a899dadf3b59dc11b2af4bb20d490ab1b604cb135bb6692aa5eea0ba6437001538df6d50820a51819e04043f0c9da6d64d2
-
/data/data/com.saike.android.mongo/files/1716557911687.txtFilesize
349B
MD574916cc9c84ac366efe7f5708f626549
SHA1a1e1157694815bc498f1f0645557cdf41c5bce73
SHA256aa73ba73ded3ce77b6624c9d1b94baf883cf7d07dde2024d64078eac14028d7b
SHA512d7887d5972aeda9499506588a730eb7d6290c039caf3635f55eede50f23fcc8aa858e737948bc0891b3d7b2f8a25444c2110c2f4ac29afb05da2390be944110d
-
/data/data/com.saike.android.mongo/files/1716557911687.txtFilesize
519B
MD54364c0b62d14ea60334d917e19efa67e
SHA103990b77aa6f70823ab5323c723d43d937b9467b
SHA256fefc40e328903cd6b10ce5448885dda75e84ee5175c5aaaa1f7832b2c7c803ce
SHA51221517804c15701ffcbd960531469de04aa7a508041c22fef38fb3ab807ec738e1a27b1f7de91b59ace927c4ab05f4b534d42d93acd5f14d6b9ec37095d2119c1
-
/data/data/com.saike.android.mongo/files/gaClientIdFilesize
36B
MD572a608e807e76427c27b44d466d31669
SHA1d144f1ba700b48f58b49d8d4aee7aeb3d70c2e0e
SHA2566d235e74c8c98209e6dd5b743aefd6c84548bad31394dd2a0f6a32c091e1dc40
SHA5127549b198955e0877d833f46d9d4b754310f26768a4b56e97b06831d9a13daa47ed222f7ae6d59e202b19dbfe4989d3aec969b935da85ddf727394afd68752ddd
-
/data/data/com.saike.android.mongo/files/jpush_stat_cache.jsonFilesize
190B
MD51288b42b986b8de796f2a3aedb7144e5
SHA168f3a44127e08743f5484a2a4563d8487228a383
SHA256aa39c3cca4f6bff3aca751b1ebc7440c2f844d966d4ff53e120be8fbf6859a98
SHA512711b925f8c9ebbc735b8fe535a227b135429b450bf36701cac0b1917d475eb78c776dcb610964b08f565ea0db9a02c6b4d928999d20b00b901bf25fb655d81e3
-
/data/data/com.saike.android.mongo/files/jpush_stat_cache_history.jsonFilesize
158B
MD51a9715e21e73ee4e6b6110db93654f92
SHA188218a1596782c5a587445845e2bf782b2b1fe20
SHA256c07eee6763b0bff248b37a915a2edfe8f675bc103ea6a1c7c29e2117ef998d94
SHA512a179d712cf467c17b0bf5e4f36c6b576514bd090bde3c3f1fe426a244a60f90fdba1dfe2b1cd5dc844c358ad25692a7d4ad0f6d10abab782385d0b7e7c397972
-
/data/data/com.saike.android.mongo/files/umeng_it.cacheFilesize
310B
MD59065ade273bb5068ebc508933ad6b771
SHA16c9739b7ca043a14d6659baf119c489c83539a2c
SHA256285e76a4e8496915a47f36404740f471f4ddb9d61740a582e0487d75788a8832
SHA512182fbf07622cd75fc8866b64b33d1106bd80fc641e54ee6a6f58ff9020ac3dd998eb6b94d68e6e584d933a0ad30a751810ea39d9522486c9fff11f93096c44e1
-
/storage/emulated/0/Android/data/com.saike.android.mongo/cache/locationCache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD53686c45213fbb99825c8117fac881c34
SHA1938caa651bed4259e14a6f59793952715024574f
SHA25611ad007b5a1af5ada9ea09ae5e5651e609b73086aefa6effd689e32b6d98a16c
SHA5121eb920d08736380ce85ef5298b3c00c97573316a6d0580636d69465ae74730856da37509c764406a367fc42040352192726df349d78f374ae8a7c154ee2bafb1