Analysis
-
max time kernel
156s -
max time network
161s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
24-05-2024 19:44
Static task
static1
Behavioral task
behavioral1
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
-
Size
4.9MB
-
MD5
6fa299074016487e3feeb2804121ec3e
-
SHA1
50b70e9da8b972a2a5a7dc1cdae0c668213cc79f
-
SHA256
829004d7d70cb16bfb92bdfbab78f651bf2b90973c01c53773c0b354ff500a81
-
SHA512
6b1dab8a1eb8dffaac3473ad7241dea60028786a9471e32c5b6fa95ca3b362c62c408616df66a2cb8503657bd42555cc171bf8329e77ab80c3d542d1596681df
-
SSDEEP
98304:p0TzuBB7HJNBYWBRgVzsNWMLeMgLTycAVDTMDepDP9wK1OerDnWQwOkKlg8pJ/:p0TzurBYWBRqz1lMiMkKeK1triQwylbf
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.fengcheqb.fcqb -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.fengcheqb.fcqb -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.fengcheqb.fcqb -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fengcheqb.fcqb -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fengcheqb.fcqb -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.fengcheqb.fcqb -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.fengcheqb.fcqb -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fengcheqb.fcqb -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 10 alog.umeng.com -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fengcheqb.fcqb
Processes
-
com.fengcheqb.fcqb1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5091
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD56894ad8317698669af02674cb6d21281
SHA1048cab395440dc624113c5221e369e0509d11525
SHA2569a265e93829151f008ab780517c592099f2ce780206a6fa0134281f6ffe99b20
SHA5123e0d7da79acbf7a5a3ec93ae3ee8bb8fdf4687c2b97ea4bec0e2f63ba72a415ab5249e96956d0dac86ffa7717db4aa8c620c4b46cdf86cc4faca451c2477a5a6
-
Filesize
16KB
MD5f9e4dae9743fdfb69e857f02deda3131
SHA168ee210ba95e4a5688583f6f6c79a903b87d3932
SHA2563bc0271e40f666a37836b11d24c565ffe2be59dea3fd792ba8c488262a342bb6
SHA512814e04c0f5bc7164753299ce83ea31a5118e0754741c87dbc0002bfa4d213c7548233deca3d0e2cc9ff9b41f0523ee43a1ad877f685894894053ae19a7a6b4f7
-
Filesize
16KB
MD56606417d0c0f4367d72bc6c25094ac01
SHA14b0d5d76fda28009a95b8b024efa98b90ca29877
SHA2564e014a8462b90e2d4402e4bad6948e0a9da4d2eb83a49fd58590bb76b2126bfd
SHA512ce34aaa341dc6fb271b778cc53c08a3447a1e976718dae5c88746ca7c669d7742a23d3e71ad29315834f56358e9e9a6813a3c57a0956f680254c9e360081a200
-
Filesize
512B
MD5fd6a676d1a306c8acae1a490f80fa303
SHA11b3a4b3cba0bd81c93f0094bd49d4e547bcaa3e5
SHA2561675a5f431b7f70934fa3c49b8191e2d8b71a16351826b825d875c4b494c9117
SHA512b1eaac34bf13db0ee92bdbc0a8251d20435f923f18d5699560f30b96982b0e993dde87276afcde1fa7609453639399f34be5bb832500a892f33e062e16c573ac
-
Filesize
8KB
MD54ad7bd534ed6d8d20e37d33e534c2f40
SHA125f7be4df407e0968547b415bfa440afebdad809
SHA2561b01252960e0892ff54f64e362ced2519b150cc4787867d1d9af6bc0f8c4ab14
SHA512cef6dd3bc6e9849bf9582a88db4fc0a1713c9ff3b29e9089e14f66c98aab0f60e93e3f201366c3dc7bf82b4d1a9d3d73c94c7ad146bf4f8132fd826851a009e8
-
Filesize
8KB
MD5cc1ca5f22697407207ead100d9ef3244
SHA19e8f65b65ee0018cc95525f8fd5ae2b4bd92f1ff
SHA256ceada9a9a53bd0c573e44345f289d78bd7eccf4e801e5198000fac95db519857
SHA5120b42e43a8acfb3a2467da16aee00e4bb9692d0c3925e07a4eff32cfe28bd0a60ea8c35e8dda03a35f7f7dba5e13509e6b8b4287f8a3b9be8d0cd5ba146d5db1e
-
Filesize
12KB
MD51861de96f4a914b33f645fd33b0da642
SHA18d1d0372049d4d78bf16a41ca96ab138d75de503
SHA256ee57a61b7195bb6a65249c0662f738387cca47cb445dfd9204b1e4873e0698b9
SHA5129581091e50132f424b5d0c1043b750888503b655e3059756b0c0f5ee18fe0bf18da95fb97e3ca71a69382c2819fd5ab11cc185281d9efe1364026f10dd5834f5
-
Filesize
20KB
MD5c8641d1bece79d230ca81bf73f6a5710
SHA1d28640aa528f3db6cb3817694acfa8e44b7010dd
SHA25601bf85559a2c046235e6e4cf81cfaba6a6084f276a6df4d4e02e214828157dcc
SHA512471e494f3e133e759b8dc08301725b971277cc361935819224560a429802d1b625d5882a8f5c33a75d2a6f65a4f853855019e7e91233f8c10e4716db6d041390
-
Filesize
512B
MD52c0783110ae2138a8241f81364b62dd4
SHA116259ee6da98e38bbc69260db55930d99a0d2a73
SHA2560d3b3067a7eed1e43b272fea4068711c6081efd8c9a9f175fc7ac4042c7c6c3d
SHA5126672ca24cc4ae53edff17980f453f1cbea2468ee92a8c5e509e163695d1727f35ae6082735c887d84619d364a6860460d5eaad896698d26c6841de1661167dad
-
Filesize
8KB
MD5e77113b7c1de424580bd005fd61704cc
SHA1842c52bd3e245037f17b60491ea96e050ccf675f
SHA2566de43726b3dbb844a101914cb8270bfac652a4e1a5d53103563583503033f396
SHA51230f28b650551e5730e46e58a91efc786d74641e8ed7480f33440e8076e7a7b8e6c4dce7aaddfc9701f738a62f53cfc705b3cc590c549aa562d918668789c3eb7
-
Filesize
8KB
MD52d8ebc08408d7b845227016e3cf4ead7
SHA10a3a1474e3469ee1a64b11e5493f9c6fdaa5e842
SHA25685ee1ca4d835995055bf6999390cb587f344979fa2ecd4540384b3caf671fec0
SHA512e1bd92c1f79a7d3c755b5ed4b0f62b52a67e40daf9052aa5f2daefef2bf623957f7945a397bab27e79e1dcdccece0a648cb43e8c2f1ca00c59bb5dcd30f33c7f
-
Filesize
550B
MD5442bea9fede229a6639b42ed941d06b0
SHA1d4352cfff2f97414dd32400c36d2ad55e7904215
SHA2565826ca0dc26d5258943a78eb351a2f1032a0afba7720358eeca66ee48b7738c8
SHA51235f904e0669cb349315c0810d19a36511022a70cbe22055f354f51cb37f27d159bc67a54e844729061134f01b823a8a61da3b7a831ccf0965cb4f54f63e23d66
-
Filesize
162B
MD5aa94f32783abb6f0021d75917a56443a
SHA109860d9f2d0288329d51e6e5ed62ad45bfcb9053
SHA2562a82216ed7c379b393e9658b6a1a26a820c3c008a9f51d1468f516f01489c494
SHA512c777fe9cb5f78caa2c88787d9df87495778c6d1fdc313bd212d4b54e03443fcf4d54c8fa147fa87361310ea74eae59b3f4561c5a57a593bc8bc3e937958dfe2f
-
Filesize
245B
MD5086e021048fe4e94444d361fd1ca4694
SHA1ce47702ae3bd60d12a5e5ddc5017d183f4447120
SHA256393f549f098601b6580c89458e0526d74fe186a5bd337d8cbca29e37ff1433c6
SHA5126edeacf5bf2392f2c06c254806fe73fff87f8ace049169b2a38e8febc51f24ad05cb8859df6f05b558a95febaae2e885bbed3e3127abe63612fce75b9687d984
-
Filesize
369B
MD55039d0316d9f626bbfe29e403a8dc324
SHA1cb035c8aad0e9ea15b34590f6182c5031b4a0221
SHA256cf28faffa8ecb88f33c419abf8620f9c701b3f71ccdc439335eed53fd182b13d
SHA5121b48e4c2dd8945842b6b2488183ff3a468f90af79950e9c478ea6c85074bde5d71dccd3b6dd409989ace12e793c25bc3896206a5baacab3d058b49ef10596b5f
-
Filesize
468B
MD57e6a5d7fc305ff95c2c443d2902cdec9
SHA1674a68d91c98cf8927c59fd944ad44826547163c
SHA2563e5ca551e7ccc8e59def03d3714c8785846ab093912bf9e49f2f023ec24fd035
SHA512b4c8c369590d999ef2938cf623047214ceacfe3fb0bc65e7cacca53ca4e27418c0bd361ffe7eda85fa7e25eb6bec8141bcdda02514d68927891e8b85b0a23a2f
-
Filesize
107B
MD5893bb9930a6efdd3211826f4114b5a29
SHA157b8895adcc3bbfec87268d5f004cdaa6caee8cd
SHA25645e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21
SHA51278f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010