Analysis
-
max time kernel
159s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
24-05-2024 12:16
General
-
Target
6e7d07d39d6cec8b94c1554612fe7348_JaffaCakes118.apk
-
Size
26.1MB
-
MD5
6e7d07d39d6cec8b94c1554612fe7348
-
SHA1
440d643a6230a6e4029d81273f88da7fcc4f45b9
-
SHA256
9608cc361b5b46a51f315bacfc959d2e3b8b9290669e2627d28326c30ac27f30
-
SHA512
35c1225f93718b5a179e2510fa8231a3ace4ec7715e106a522414a17aaf77d457eeae78fe76da6664dd3ac25f63baedf727bcc0a18177e1df45c153dc212c91b
-
SSDEEP
786432:55Jc6nsTFdASRMZk1qok6PAP5d5/wTX/iXqh:pcbdASRoh5d5wTV
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.saike.android.mongo1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.saike.android.mongo/databases/mongo.dbFilesize
168KB
MD5587b21fed9e8656d968efd4166996b9e
SHA105a8f0f20b5c53d957e5bc0e6dd911a8cafe5f86
SHA256bfedb241f3422f667136821bc2ce71f8bb536a3c37a97a4863a6962b1aade540
SHA512efee82d10d22cd06e804f106687f826a631092142568ce68dec1430832e4ff4bc1a0fe492d9c3181941b07e17ca078c575157f87d924c566f691d0f558248e52
-
/data/user/0/com.saike.android.mongo/databases/mongo.dbFilesize
149KB
MD5803174d047692b3ba352746b63d56f15
SHA111da875f883352e0667b77341b254fc33f5e8ac5
SHA256bd75fd50c239da9a0e87c519891a9a5e0c6e11950d3cd1d441f886452511f4f4
SHA5124446609d5083c63216d42c86d3ddadb88685284d3348235b1334df0e5787a3bed0b70a3a9df03f2aae7e93f2486e9ff787c4302627dfe79ecf698c6cace080e7
-
/data/user/0/com.saike.android.mongo/databases/mongo.db-journalFilesize
3KB
MD5e371974fd0ae9549b5bf6354b6c03b48
SHA15c10615a6969564e70892a712d84c1736b3b3d92
SHA256fcc20eaaef57398238984f6f7c6da025ad2f0f67bc0e6c9e3cbbb3e831aeeda1
SHA512301d7f03f70f02cd7c1da30218341bea8a186e672058a50437984843d0d2c3ae1645c88eae74546b4362e116e0f88963b992f1d646d6f829fdae6e45b59238da
-
/data/user/0/com.saike.android.mongo/databases/mongo.db-journalFilesize
2KB
MD5684433e176813c21f0cc60315ee1708e
SHA14b9086c44d232eaf7485f3badecc4432036260a5
SHA256c4a2310edee1f6111099219f405778b00c7d9673f1d137c38fde58390aa3cb9c
SHA5122bf6231f849e00eb3d23e9a59bbdd5c95ce6000c037218c09ea779fbbfc9645be70da765003b2effa05d64329077c48bf43850cb0775b473dbba126f74700de6
-
/data/user/0/com.saike.android.mongo/databases/mongo.db-journalFilesize
1KB
MD5f2bd67ed68889fb6757ba9f9798b863d
SHA1243493f6f8ce51d5bc1806652cfd3db37956912f
SHA2562066b072d0885c56aff1efbc876360e31efad8be62c5e21b69c9472ee01775cf
SHA5128d106e2581d160f875077cbf0622b4a3603f254bc37fdfb1c9980052f6e7509914e347f11a090bb755d82094bad1b4b4d138f5da2aadfa6654ba2b0e23edf257
-
/data/user/0/com.saike.android.mongo/databases/mongo.db-journalFilesize
4KB
MD52b6bb040e9486c5bb7557316f508a0de
SHA1fbb1b554f49fc4e7c1e22c8694dcd40eab1b13b9
SHA256f2949b633dff65c91db87edaaa89ea3ef0b69257ecdf82ff3838dbfceb210682
SHA512ca4c2e3650c0afbd02da999783ea682418661c0ea9a75ef3b6f2ed62a9b5929e7de717b95560adb749b8205f92d8e2e6f14524f92d7ee100ee5ddf389be9beb9
-
/data/user/0/com.saike.android.mongo/files/.um/um_cache_1716557461821.envFilesize
549B
MD5222e5e4c14be1e6daedf34c860b40887
SHA1f223322e67c2dc2b27c1ba6449fdc2b2c91c35a2
SHA256a474694f82afb3c46b51eb058d74c914eb93691e61791a15f819aa094aec75ba
SHA51204807e7f588b7a926a180452bcba49b48004fc9c32067b7c81a51984afee31a626286cdf3da6b8b9fa66fd098378d0c97127fce0fb40dc1816f2ed53e6192bb0
-
/data/user/0/com.saike.android.mongo/files/1716557400299.txtFilesize
519B
MD5130add134f9ccb257a64769493735049
SHA12b6e2f3aa15d1a10a6069f0c9d64d5a245a852f0
SHA256b061b3a1d3f2f44c69293abf0fb90e60493782f16eb66dd515ac486245b0ecb5
SHA512c69a7c6b4ab765ee4a7e3e9de24f0b112603c3b04ed7687dd7a9dd1eb6849a2f2f1e9b603ba42939c109a66944c85f07e7733580635b4505c8e8f0ec91efaa30
-
/data/user/0/com.saike.android.mongo/files/1716557400299.txtFilesize
539B
MD58e8052b36534b5aa41869707a768ccd8
SHA1b841d67ed629adf71d398f2c0bf56dfd305dac03
SHA256ec58fa0f216c11d76b6d3f7e595d7b8fae7f0189591b67e103c67af936fdc274
SHA51244cdd232c263a07ffd0e0e989bba64536ba561cfb955e339493d9127c79517024d1f6970e487051018693cfc7f2cf13adcba2124fc83390e1a0e3998659398e3
-
/data/user/0/com.saike.android.mongo/files/1716557400299.txtFilesize
515B
MD552e68dbbcde10314ae3870d35fab539a
SHA1cb81dfa940d582132a54a039396bc56789e12936
SHA256884dc0daff7ae670592ef743a4b15bb0d45dbacd6b62f790289ab831fc4083f9
SHA512fa43bacc2b578c7fa43fd598d7f45c919ecfecf9946996676151b067159884abb0ea16ed29a3a77044a8cd7801391d77b0a6abba58b9040a44c79e7a1a18dd93
-
/data/user/0/com.saike.android.mongo/files/1716557400299.txtFilesize
349B
MD5f3c8a04aa04a4c45a104710d5a265c7a
SHA1dd48b907138c58e4183b321731ba9c5ed4ea2855
SHA256a61224edd245d3b7b22adf78527f9698ec3ad46bc77ca88a58b62960dee1f00b
SHA5126fe0afeab34a9c32286a6d4f5a74e742a2efbb1f5f827ebac16da9067e14fb890b5832b6691ff9db73a9363ecd7be3b58aaf8e08d2dc8347154a3f3040d66b79
-
/data/user/0/com.saike.android.mongo/files/gaClientIdFilesize
36B
MD574ed5cd268109ee45b3321ee05d5d470
SHA124964b83bfaabca371fff4822bc76c543a995df6
SHA2567ac781b80d4020c083cbab6fd9db57d79aedce714f932d284b3cd8b172b1c1f6
SHA512c4bffe28d9faae90933029fa6ce074c8d963dd301ca5966e8c293fe85576840ca3176acdd3181e417677e49a5059009c762f45d8c84464258a391e70283f9b74
-
/data/user/0/com.saike.android.mongo/files/jpush_stat_cache.jsonFilesize
190B
MD5ee6ef685afb4e14185271c09e00e588d
SHA1c3bcfe68646fc077152b4e0b83710b7119e8c0fc
SHA25619596ad177ae75747f60975d4f2666b633964e91d68a12f90545e654d3029a12
SHA512106c3c9dc1b31d60e02e7012bcfb04cf8ffa6334bd8cc9944dc37159e0ba1c80593614e34a81b2738d7d111e3d608b7115190e18d0d508af5de780a6da8c183d
-
/data/user/0/com.saike.android.mongo/files/jpush_stat_cache_history.jsonFilesize
158B
MD5c477f9683385b2b4f70ae932570ad219
SHA1716948c7ce91a321828e2bf0b78f8bd95de56a21
SHA256e6f8a0eb4f28d636d7879300d8eb22b871954e09bc6a8d7dc7ce75b578cc0744
SHA51232c00c2f08ae682158d3e9c3ff73b4dfcb88bc750f5ae32d2be98bdda48d4410ac80d5610f9eaaed8a58c4389222fe65d3b34cc1e7db8bd0afb8db1ec7c8bc68
-
/data/user/0/com.saike.android.mongo/files/umeng_it.cacheFilesize
245B
MD588540889f5165907330e438a5193c0f6
SHA1c7292bbabe49403ffdcec16423c9b22921c661ca
SHA2562ffc1378e8be93b2868b5c88c00444c5e441c6c708f432d59cd6a0b5aa6142f8
SHA5121f5b4d320a7b9646bf3dc1385d9e6a99f3f44c7c3a11f872974b446d0a1935d7d340d28973566b6d917c43ac07d9e378699bc71ffbd5e50f73dd115b6f26efd8
-
/storage/emulated/0/Android/data/com.saike.android.mongo/cache/locationCache/journal.tmp (deleted)Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD5f1f12e7160a9bfb0ee9a421603ec20bf
SHA17fea672cdb7ef764b1c00aab56685bb95743eff7
SHA256e44d66e8fe44119678d1267f9c8473017fc882d1c9c41a04d2d7cf71d42028aa
SHA512db482355bdb7f34caf08906d7021ba6d37f5647ee93beace9c82dc8724dd0cf5d1bf4a24a361dbccfa1073d34cee2744a7a4500f504751a6b388237b7ae30817