Analysis
-
max time kernel
86s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 19:44
Static task
static1
Behavioral task
behavioral1
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
-
Size
4.9MB
-
MD5
6fa299074016487e3feeb2804121ec3e
-
SHA1
50b70e9da8b972a2a5a7dc1cdae0c668213cc79f
-
SHA256
829004d7d70cb16bfb92bdfbab78f651bf2b90973c01c53773c0b354ff500a81
-
SHA512
6b1dab8a1eb8dffaac3473ad7241dea60028786a9471e32c5b6fa95ca3b362c62c408616df66a2cb8503657bd42555cc171bf8329e77ab80c3d542d1596681df
-
SSDEEP
98304:p0TzuBB7HJNBYWBRgVzsNWMLeMgLTycAVDTMDepDP9wK1OerDnWQwOkKlg8pJ/:p0TzurBYWBRqz1lMiMkKeK1triQwylbf
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.fengcheqb.fcqb -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.fengcheqb.fcqb -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fengcheqb.fcqb -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fengcheqb.fcqb -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.fengcheqb.fcqb -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.fengcheqb.fcqb -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fengcheqb.fcqb -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 9 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fengcheqb.fcqb
Processes
-
com.fengcheqb.fcqb1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4277
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD50be08d885a2530fed0f244adab089cd0
SHA1d009ed46b73f42b98ec553bc0211cba292a74d1d
SHA25602079faa6d10e0b48761ba5107e7ede656f169383d195d55ee61731365a3ca4f
SHA512e698817d75c35dde844ae63fd6af60c24e62f5ee6a8211bf0735ae877c10e0f7c2f41b7d17143f5f5f80a41f7759a821d21f471a298cb782014628a7f3c3fdcc
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
144KB
MD59c255615ea904ac0e487c83f68452df8
SHA101c7ab91766c0c84d75c6a578436f13d336fb3ec
SHA2562b467cffb17a0b88d041949b66ad50daa610a6d3e0a2ea35d6d4c5d27abadf9e
SHA5121a63ee92c6041906363f377d5f2a5bf395c13ac60321655620969bad15687ae1de8e07a3236db0ce822e7f2fcf29c0fb031b4a41bbde93939f9745838906386c
-
Filesize
512B
MD5117d24180309408c05713483e05f5341
SHA1806517775bffbbf6465f9b4a52525d13c31efb61
SHA256f3265d24dc91cb0d6a43e4cf4da7be41cb47e852858f947792a42e2580c91a31
SHA5129d60a84c262a79a2941c8981a2fa0fd56b7e58ed655068f4237a7e12aa015878453173c28a4d7cc30cb4a9d8a58575b4abed34acbcbbb00076b281b21aceb30b
-
Filesize
32KB
MD551ba2c198700f92a5bf6d612c8dae522
SHA134495af18463b63b17c6593ea2fe0ee9e0bba328
SHA256716b197c0ea5b0762408c8a839c5e1efef44431fdc41c9c0a5842d757ac962c6
SHA5126d1f9576faf0dc6d5b3a9368a827ecdbe6683b3b7a7790955febe9972bca005c6f62dce25c3d6a5eff816658d14ceb1009e6a2054dcac01a30add412d6664b30
-
Filesize
582B
MD556a40ccec97d1d0c6a69df656600c998
SHA17b10de6b282b57578fef7ff8e9bfe8addcdbc90f
SHA256b0bc1168e339464de5a09ade1ce4668ceec7ec64ccfe8c960e80fa659ebb16f9
SHA5127da6896de31ffa9ef774ab1d96455a349dad35eab6a99136c8a28d1c41c1696f78e25701b6f75eac163b5835f6e9e3f1add25631283f25dbf3e1b95ea9895834
-
Filesize
162B
MD5e47b12e27ae07c178b122a241c7ae843
SHA163f8a8f165b5edf3cc7cc20bf7fa06fa89666a85
SHA2568080c217c24cf558172b3ddf9590f844820d83e5db2146a720bf1880f424125e
SHA5125a7b4e44bd5ee73c7195adcefd59a4f6768abbfcbdeeeefb451be89dfe2bbc41ff7dfee2432019e5a0a86d0b3ca1a8c6a724b2316301eeb0b6d84ce21eefc75d
-
Filesize
310B
MD5bbfe4208a47510a3abcc88c6057e5af1
SHA13f71e170809e6006d9f6734369c77a59dd971707
SHA2563bde1b2d440f2a229385a4077be7e92a6de3f72974020f845eee23e0620a8af2
SHA5128388cd54539f80821b0195e458b95ed718b3b65321907f27b81c1a2c01a50aa5604b020c2f3f44dd78b0f7ad21590615870be3341c505ca17a8e410b6730dac8
-
Filesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81