Analysis
-
max time kernel
155s -
max time network
161s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 19:44
Static task
static1
Behavioral task
behavioral1
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6fa299074016487e3feeb2804121ec3e_JaffaCakes118.apk
-
Size
4.9MB
-
MD5
6fa299074016487e3feeb2804121ec3e
-
SHA1
50b70e9da8b972a2a5a7dc1cdae0c668213cc79f
-
SHA256
829004d7d70cb16bfb92bdfbab78f651bf2b90973c01c53773c0b354ff500a81
-
SHA512
6b1dab8a1eb8dffaac3473ad7241dea60028786a9471e32c5b6fa95ca3b362c62c408616df66a2cb8503657bd42555cc171bf8329e77ab80c3d542d1596681df
-
SSDEEP
98304:p0TzuBB7HJNBYWBRgVzsNWMLeMgLTycAVDTMDepDP9wK1OerDnWQwOkKlg8pJ/:p0TzurBYWBRqz1lMiMkKeK1triQwylbf
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.fengcheqb.fcqb -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.fengcheqb.fcqb -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.fengcheqb.fcqb -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fengcheqb.fcqb -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fengcheqb.fcqb -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fengcheqb.fcqb -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 24 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fengcheqb.fcqb
Processes
-
com.fengcheqb.fcqb1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4527
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD52ebac7af149f764e2b9e8d8d7369b4c1
SHA10743d0f2e4e755aa7aced7c39025d7f51ff10e8f
SHA256437459cc5df8c63dd4984629d9031ef19785da34e72127017ef9f70d49ceb4dd
SHA512be4aa56b3d50a530edb70c5663b809b79d081000d00fbcce553fc94ae3848d5e86a5309a11ae2abfce5407a0b94290d473f341d41d3c0fd1e83cb31cae712665
-
Filesize
16KB
MD544a8b24699a392a2ddffd1044d2418e0
SHA15b21387897cd3ec90c1d9b7d50ae2d6473efe1cc
SHA2566233aaf3e1a20a100752e324ac4fe6a836325d59788f23a5f9a1327551ef1719
SHA512f97e673de63c91a4f3621338a0a9f5a1a5d1d2a04d32b4b4d56d70cf13d56d5fa9fc2dc91404aa9e5562fb6806d100904b942f64faf2f994eec7a30e885ec82e
-
Filesize
16KB
MD53598ff25acda437c17a803da49b3d9d5
SHA1222d846494bb8b4cd72bf3a89d53f99aead8c16b
SHA256886e4c939caad74a05664fdaccc2ae00b53abe2d64230564c304d60d09ea59b8
SHA512dd76d5a96fefff3fc420bb476dad3cdb75e51fc5d4a110b17546853ba2c411af2a977a9ca5922d74545083d5810196e6f7c6fdbdb605869753979979e5bb58c5
-
Filesize
512B
MD5dbdd137c48932775d30ef0d22709984b
SHA19798fe0545c4106f66e56f397334ad0547aeff58
SHA25601ed0599bcf65db6def8c9e58788ae3f641d5e6e8fdf332948dfd16566383eca
SHA512107abd18c595aaf1664e2f8ce42dfcf1620ab1bfb6b7511434741031412c07f4144752a103118d8ce18c0016149a9ff76ff295ae6e9dcb6967f40804bd7cef33
-
Filesize
8KB
MD5be075e2b539b5d172931701e32c9cf4c
SHA110342c1a8cc98283640f740c3abaf52c9aa27915
SHA25635f407b48f2434c3f3ab975884b02b8fbf2e5ddb3bf31fab0415414c4e080466
SHA5126460a2dfb6a99e0f0a4951cb196caf3868f4c097b8ff77a53a2da5bf6c93fa62762050055b192bd27acef17e16f6c3593550bb36b43220ba3ac16c293a2febc2
-
Filesize
8KB
MD59cc04712e87a81715761f08b7ef47f3d
SHA1b167d7d2b9b7cfe472b4154c96a2703fbbf1ec9a
SHA25607724d4a27263e9bb5d2c8ad6156ea769438c629c29c5dcb5f8321db3c77615a
SHA5126fa63e9907a0c53906ec94dd3189f1ff4db4340d3ad9f3042fc7fa1ffdb6c0bf4752e1f409db8096e60c5a2bc970204a0742add597ac249ca66aae48520f0bd8
-
Filesize
12KB
MD507014cf0a8228af46cfc0ad0b6de74be
SHA1ea2c394fefe928d1cb3feea521e040a4b1c8e101
SHA256966020366529409afcb532b77cbb61a7ff1a650ef3aa09f98ad50128bbd8ffb0
SHA5126d095be00b37ed146a7150c2b66756e54678efdeb8f511fb36ec3368fe174b619f964b189da0c73646968505385787ce20a354cb5eb588c148432ddca925c261
-
Filesize
20KB
MD5d176b077a9de714a056194940473a251
SHA13ab5cf5024440c933ed19c7f10e048ac031514a3
SHA256c93d112030d1c9948b0bcc14db0e93c5a7ae00a1d7a19a1d3cfccdbc516c3e7b
SHA512877165bca824f8e07d1589199454588d055c5a676d3a5b4931a1c0bab685c723ae55a4da0b93b94e0c02029e76c8088947f228c0a770675cb65c2253e362ff79
-
Filesize
512B
MD56cf242692efbbb2ac174ec352a39a81b
SHA15d6bbce0c8ec66962741657dc110978ea80e53d8
SHA25694d475d4c87c178784ba865159b5d63c5decd12471fb90f53ba4e5685cdabb0f
SHA5127fe051beed620dc6b7fbb2ea98766949f08d8c781204fb36949ebe51366c65c88a69b783bd507d32056db0ea3dcd9a64e1d7b78080a61c75899cc12a117adac5
-
Filesize
8KB
MD5838509bfcfdd1234ef3d348aa96e8803
SHA1a0cb33d429cffd93a89daef682dbb9a0849e2c87
SHA256312592d429b1c0dac7162d68b15829a448a7416d46d40126c1df90186dcb38c8
SHA512d8889f630f662b30046fb998e0ecc0a0a3cc6345e934c3df1d62e5616cc679855c9f76671c3e87e49822082c778fbb038c0d3e4560cb203ac76f1907af7afacf
-
Filesize
8KB
MD5261e76f1e829240637d397264783744d
SHA1b6f08f197974e44ccde3663a64fbe9380b3eda13
SHA2568e5b8968db4dd9c36295f092d54fc119eee16746647fbf8e15264a933a0f9b82
SHA5127409850e0de9ab2108a6f340768074254b4d1a74fb1bc937d2639c3f414051116600f3568a24d07fd4010407c318b70f03e3b196a0af93cfc9e25ca13eb1d089
-
Filesize
550B
MD591698778cc45e6960e2f6bbe00bd2c5d
SHA1cb795d3513622cb24dc4a766b220990f3b6e2af9
SHA256c6c61a3911cc6f88df4de39933598aa23190490947adc62cecf4498748927c0b
SHA51210bc2ace83677b0998f671857421c9ff082cd716a44bff785b8439a9a8595b7edf88d4a3068c16035fed5a5b01210009594f31ef1f9ab755a328793a97d01b58
-
Filesize
162B
MD5d852466b040b8a7ad9159f92366d3efe
SHA16601dd6820caa6d37c8b5db08427af2849361dc3
SHA256cf7e10d66d2706c55ab92b0701e9dc14525325c9633872859b4c25dbd7d9003a
SHA5124929f2e91117604746965158c2076d075b5b3a870bdbdbb4d544ffcd29a1d0cec844c6366b7d998e47091695ee8bebc612e22fcbd8b3bed9e16aacbd8b239f91
-
Filesize
245B
MD589e947ec575f30813eae1dc522ae9c31
SHA1f28a74c28e20b8c6de8424dfef3d3bdebd11644f
SHA2563fd217963374db0ec168c7f84a3a2342b7cf9f55963468baf6c652a7b5043f66
SHA512a17af2318bccae20e8803c285b792f2676bb72de01510dacc172755a78548e0308a2cd26f9b845252f7987222880b3aa7782b88d2c7ec555229b39b2c3407819
-
Filesize
369B
MD55039d0316d9f626bbfe29e403a8dc324
SHA1cb035c8aad0e9ea15b34590f6182c5031b4a0221
SHA256cf28faffa8ecb88f33c419abf8620f9c701b3f71ccdc439335eed53fd182b13d
SHA5121b48e4c2dd8945842b6b2488183ff3a468f90af79950e9c478ea6c85074bde5d71dccd3b6dd409989ace12e793c25bc3896206a5baacab3d058b49ef10596b5f
-
Filesize
468B
MD5cde05d9ca66bef1aca9c81977d73c0a9
SHA1775b6ae39a96d507cb409c33f0ac3a1285fd03db
SHA256323df66ac7c638798a7bd927bed27d9e41674e3f5edc5d39a4618ed7b4cbd118
SHA512a6a43680a64e5cd716e1923b34a39f28b91eb147c01da756fa01e756fb88c2fe61c426e9f74d0556c1101aeca46f4bfe7287bc7e1dd0905e7c7864026f360368
-
Filesize
107B
MD5893bb9930a6efdd3211826f4114b5a29
SHA157b8895adcc3bbfec87268d5f004cdaa6caee8cd
SHA25645e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21
SHA51278f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010