Analysis
-
max time kernel
178s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
02-06-2024 08:01
Static task
static1
Behavioral task
behavioral1
Sample
8d6346731b68f41af2e69f11d93e24fa_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8d6346731b68f41af2e69f11d93e24fa_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8d6346731b68f41af2e69f11d93e24fa_JaffaCakes118.apk
-
Size
26.5MB
-
MD5
8d6346731b68f41af2e69f11d93e24fa
-
SHA1
374c8dffc3fd80fc531e6f4468e84bc133bf0a6f
-
SHA256
32222772e81d03ab733bce47fa0348e7cda65020a2c9fce95220a12936d847c5
-
SHA512
06e284cff6c5d5460630988709e9f153e642d4de00377209f092823094b99529de7a13f7bb2aa17c1e6b6d12fe89923d372de2871cb43351551fa94f7b6e16d5
-
SSDEEP
786432:4QcW79bfAHziywLUEdrvu+jh7evTTEXAogoqEfIq:xcybfAGL1drW+NKbTEAfJEfh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.incooltech.xsydioc process /sbin/su com.incooltech.xsyd /system/bin/su com.incooltech.xsyd -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.incooltech.xsyddescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.incooltech.xsyd -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.incooltech.xsyddescription ioc process File opened for read /proc/cpuinfo com.incooltech.xsyd -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.incooltech.xsyddescription ioc process File opened for read /proc/meminfo com.incooltech.xsyd -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.incooltech.xsyddescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.incooltech.xsyd -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.incooltech.xsydcom.incooltech.xsyd:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.incooltech.xsyd Framework service call android.app.IActivityManager.getRunningAppProcesses com.incooltech.xsyd:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.incooltech.xsyddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.incooltech.xsyd -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
Processes:
com.incooltech.xsyddescription ioc process URI accessed for read content://sms/ com.incooltech.xsyd -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.incooltech.xsydcom.incooltech.xsyd:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.incooltech.xsyd Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.incooltech.xsyd:pushcore -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 36 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.incooltech.xsyddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.incooltech.xsyd
Processes
-
com.incooltech.xsyd1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Reads the content of the SMS messages.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4656
-
com.incooltech.xsyd:pushcore1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4697
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Location Tracking
1Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD54cfe777c9f6e7859f5efe2197401d8e5
SHA1bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA5126be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de
-
Filesize
36KB
MD586752a4be6564d8370f2f0e403995003
SHA129f7d50675f6e59f3b808eb6dcc8619384412115
SHA25650484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA51279c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec
-
Filesize
512B
MD5045b9be2d6f12d5075b654ede6a72558
SHA1ab51c3ec117e86caef399e3ad6c673bae7a72609
SHA256abf583ac4b81a8ef2d750d4bff5ff0e65f2141be991c56f099febed780029722
SHA5124859e8574a4ae7f0fa4973a99c2d49efba40cb58aba005b3f55ce9a52a23f6c08090c67806569f1256dd1d26247b5b6c6d1782e5c6c2ccd707707ce47a2717b1
-
Filesize
8KB
MD56eaf67fe92b94f2f076c55854d113415
SHA1715c4f46ec2b7bc2dfa21f590ed7f267dd2cef4b
SHA25617b7198ddcc9d6b24177faff2f6494479534902f87fd526e4d5fc5eede8a7b51
SHA512fa8a8969faeea08e1c559f92bdc5386dc37b20ba26f3139a7b7237455fcdbd920de85dfd138e58c3817f23716518c656fdba13aafb20bf29c5367fae2c36db30
-
Filesize
8KB
MD55faeea04391b058cf7ca137cdb02cc55
SHA198b52be70167fc358734c3b0832564d647db8e48
SHA256c1d4f68209fefa5feb85e9bad5f71b698bc0470c40d4ae0780e4cec83e80c846
SHA51280839c93d11166a024c80e29ff6861264b30c38fcf1dc71f55d986ccd149dee1e5c1a0c0df58bcc3287f0840257d172a5343cab93b42e540c55fda0149611ce7
-
Filesize
8KB
MD59e064482858e6ce1d918e0e657605f8b
SHA1fa305f3dc643277d49040871c76f8d56418d0a6b
SHA2564817b2d9b8c687c01a711eb6aafe10dc2072c3e6840ed81187c2cc0f60878d11
SHA512a7cf9a7b83b55be2f70619d49fe7c71c360259f5f017df7f89b65f1f0c9615443203e5910cc3a8583d5a053b6f825fc65452af314c5f411dbe77b919bd8ac7b2
-
Filesize
8KB
MD5ad53940c27f24fbea1c66b705cdbbd51
SHA164b6f4f1196748d8dd360e4a0d6adc935a59897f
SHA25656f8dad7ba6ec8dbca3e7bd4047d1906aa942287c48da7c092b2c281bf615679
SHA512dfe2da17d0d70dc9cd48a537b4dd43b1c4b400843cf2e968650d7c5de104d85d219a4f68355129130ea5dd18d11990b5f3aa94e9ad42a9b4bc31a45356d0cca1
-
Filesize
12KB
MD5011083af1ec11626b66482fc96c8a3aa
SHA14cd764d649a242f64b4c4dc8fa3953a971956c32
SHA256085d698504e9359dae5cb0db97b0dbcb14189d42f3513ee28f197be263a4cc64
SHA512eb2fda2434fe6d34515f68d2e8b413184e1682ed393f87a269ba23eacfcd70a0fb7a651c350fee3abf8a424c11963bc83ade9b8a193f6d4595fad6d83cf4f260
-
Filesize
16KB
MD505a51243dac469dba568b11935e06439
SHA1008ee34eea2b4e6cfa410e03729f5c6276473c74
SHA256095d6eea4ae854144cc684548bd0eb6d423f4f62928aadff82893c263fa38386
SHA5120c22b2f476326dc0a76ad7fcf2e5ce097642c5f39d22bf64a2fc3c104bfb028e639978c6c5f341f4b2e33c79ac90f73ea6a5cbcd87e773feb07fe95c2fb76d80
-
Filesize
16KB
MD5d897701cdbd6f9600e090c76a5d9ce2c
SHA137070b1e8c97fe837cb128900c4cbd289889ff6d
SHA25694c7f1f04941cfcdfa662ccd66d309e3ab2ee649013e3c3fb8b53b173515db18
SHA512cb479af5923da596f7fe3fede6688981061ca12976b28ad3a6a4b320e7bc0f8c486068a2a9dba70e5680af78c0b69c71da7e0982d3c15e38bc9432e5e2bf49b7
-
Filesize
32KB
MD54cd141af5f5f1ff6416e42d1aa8fd169
SHA1121bf46cb4857e644ebf1d78fbda4c226cc9d028
SHA2560d025277ecc531093a863bbbf75b61f5c22997f1e70fd5f8d70f3c0ec66630cb
SHA512c2362199eb6452beb82042280a58c7cf60143881673120f7029e461bbfeccf0c3f0b668b40cd93c5fb4b0dd2eb9a3fa41307bb19f276fe3729ccfa4db12c03b6
-
Filesize
32KB
MD5fce197b0b5d7a48a126c4d37b4e88ada
SHA129994d8c7c9d300418f5b1f725fe33f2d0a28c23
SHA2561f8209f4c2ed30aa8585d82547077863590603b625a5eca8a4454aaa2c59d380
SHA512e39ed2bbe23bc32c10b1e5f7958316ed8f945c5f64e41728782be523c77ce80e83f2e63e39f7e2829fb839491814bd35e52b50771b0a6957b0097e9a166fca27
-
Filesize
16KB
MD5a70bd044f490b0f0d27dfe1a41387d9c
SHA12e054261d7d0ea7fb26fe19316b83c336b76eda5
SHA256c78d425f038c17292f2ac3303e8daa3e40a6f702d4584158d89f143d7498f20d
SHA512e2f4686cdf1b385fcbe2cfe8fd6f88053a4db9c5f730fe4b358681bf2cc5f2c46e6894437eb4d8bf4b1a9088200bea5582c47d18364d0ed7f91c44bc92743bff
-
Filesize
8KB
MD5bb33e38e2d15c182c7f77ae4aafae469
SHA13d45f047254ef7a0fba016008b44268303f0aae2
SHA256fe1876e15ccc92622450e2a1a8eabacb33095b907c2796a8a695b6c7d20a3fc9
SHA5126ebb49eac4f0626d1f398b67b52ba921ad30660508eb5974a806f22f2cfd4d0bf54b0526a1d6168b6ff6402ea02b2dc44ac6fda12bbc505490b95bc73f420ab6
-
Filesize
12KB
MD585ea64fddf0738b2965d24488ad84a04
SHA159b0f9f79d93dd1f3f71c2198ee596a0b0dd7e6e
SHA256178a5dda71ddf37795037c0b439a9517a713de66ef985e41d6c0d09a67d66095
SHA512467e0cec1ba4ba7bc92f1ba25c77a2ce6ae151b5865ba0024d9fc4d83898318ec0f5274b2e9e24eed3bc060dda1fda1c6b692eabf238f32391f8a29f00f78e44
-
Filesize
512B
MD57734d07af14a73f7c80f10fe8a4aa729
SHA1ef93dd3a4630764201b660b8740e17531488a033
SHA2563efd4ce401ec015162a61d054a967a688beb48880ca73bb48d10c9ebec1dbc36
SHA5129d7e092a605cb2b1ad3b9d8dc8d8a3db14d6da2027eb9271f3e6c7e709ff106d54b9466972f0d8b972c45996e4ebf5cd42719a3f7f1f9d99ec28fe485960b94f
-
Filesize
8KB
MD55fd6c2ac26cd6b4c98fc3f35f54fdfb1
SHA1077e444bb15dcb4641c49c7506a0ebb2a6695648
SHA2566fe19e3c411035db2a217a1f44a406e813977a3cb4394d8bd4a024838a3bf1ef
SHA512aaa04a20aebd7fd670ef863e8bd980c7b32f7974d9ac2d33281ebd7c1e0422951ade47a12117a434376f5a7837b708b00136bbbf2189f5d472f64827b835df82
-
Filesize
8KB
MD56ecd66076682c0ae343a86fa132d891e
SHA1ffc26e807997b3b7cd288ec2c9f5f7a913ec02d2
SHA256457a6340b14bf999c71b76e1b418c394973c796a8a25d89b160d19a03db04165
SHA5120a3ee3cf2d882005c87dbbc61e278df068de4ec6732d5dfef05d80fcb38af45531d89b285d3ee53fd69ed4d25af835c1422174030616c0c68b109d069b0a3dba
-
Filesize
512B
MD59cb6f86cac4aa1bbf73c716293549fe7
SHA1d6009703db9b6fc2d0e4f56c68a3d8ce5c32a9ef
SHA256fbff670c66fa2a4e55d3ea60f475d1c9e1675398aaad7e4ef6872b4d283a9385
SHA512db6999e81a6ec04e6df873bd9dbe14cc9604d2a79cc18abdd8f60ec8493dc8cdc4fb60cd67becbc5500ebaa1fbf7f2fb3079ff37f6b83c5c96ac5a77e723b4c0
-
Filesize
8KB
MD5ecfb082afdd41570d51938d833149b7e
SHA11cc935b7b60cd2a10b64166d9580201d765e0758
SHA25694023223b1282508acdc11d81f7b0a5d2e908867eac1247d5393e1cc20ec4279
SHA512cd69ef95c6bc23a068f18fa5d1631a1c86d3fc2943e0a4db87be1b3471ea227080e222e125af2a520518e22ecc39379d890436155cf7ea1f82b30f5da9204fdc
-
Filesize
8KB
MD54ec58977c4786138734bb54162b80dd4
SHA1d5b59240f5977ab729c2a1e61389b95689a03b4e
SHA256c0b3140d1fe7e654476bd1a2eb432226205fc588d0fcc3af54972b6ba8a53ea2
SHA512a9d5f54b002f4762fb892fe9239d75e44fe92f98b969a3aca70b8c4269e23aaf6cb9105594d218d58b0dd986fe975670ed771a19893dde7f8583dd9eb15bf622
-
Filesize
1KB
MD582576a05d7d186d33ff9d5d00356a197
SHA1e1fa0100dde2076cd720292673468b01f239033b
SHA2565e19e5cb8e964d47cdf57d635164027c46b867b26f4620562b8607370bff00c9
SHA5127f28fb4ee297e04af886bb06f1203a5e5e4e0d522c472bd9a4d5db4401bbb7f7c3326ba11b148d0fda4156bc55aed2f180b48c078ff29bb0d5c93d92276b009f
-
Filesize
162B
MD5428dbf3f72f284c296f3007c0136202e
SHA15f0fc8d40d3f8d88c9ee5634fb55b3d7d3d20a61
SHA256479a52590f1ba9691b394e8d21638f1ae6638da19f319184323a11a532f32e33
SHA5127dcac85cd16a708684829b55d31f822416740b976c64c6e12257aa6c83533f26df15e57d2554981e55463cd5c68872d18044caf65b4d38741d9c3810a103526b
-
Filesize
61B
MD5c7539f9280b210d74c3d91d9472cbc03
SHA109adecc3d5a51c92f22df462d3df3ef11cef3ad3
SHA256120d578f7c7c6fab440603d116b605c539e590abe2c93cad236c31cab7e4ba6a
SHA51202f0884ed535f0762aa59606a6a60e5ec0c1587067c1a61f4167e66fff08b368375c69f280488cbd3d7c9c7c039a6f0ce485d8847d8b60338aaf25485b54bbe3
-
Filesize
134B
MD5e1555a2416b16b86156627479497faf4
SHA1f4fbdd1d4d868fd492e98015405a0f8dff437e62
SHA256c28c952495af7aec77a863db2fff8f0447e138b49ed6391c1004570213f3e789
SHA5126e0c460d4c424b2e02d18aff60f9dfa1d63e44641cba07f6a01f866eada2cbf24580eddd01733c25a9155ebfba9e167de4501dd92a1d1b5e40f1cc7a63c44dc8
-
Filesize
350B
MD527424a21624969ccb2cac17a4f070725
SHA17bcfb8814bcfae6cc01153aeffafa55af585d822
SHA25612097a782a87d9e633a201e4256eea75e6db2e4f6939ea6097c1fe6d9567f346
SHA5125e0fb03a0d3efa6b84f3a50c25c73d9107e046104320f5f8aacc1ec9fb681d3a38cf73431c957e171d3a7e77630768b3a4708e1f3eee84c95b7da172c484a939
-
Filesize
52KB
MD51853a95cf3759535bbe1ca2306f2cdfd
SHA1d82735108e1100199b9cf112035959b82d0c1dd3
SHA256f7b48fc6e735227e13d9f1e2dde90819262e6c5d8f63c0fb187cd898c1ebfd6e
SHA512c4ed095072189ccaa001b64f210fb74bb1d95f7fd3e387a9a2339c59904a7fba51edea7c10102622d58aa24a737d622faf5bb03d72e3b265f6073389542e9e87
-
Filesize
36B
MD52964624d8ad2303e1e4cc42f5c032233
SHA1a7a8a57440eacbbb2b9e1bce83cf449ef7d37727
SHA25633c8e9825ef0e1a02f0bbe1b441e8022ee65ac9c6bc08c4d629f40c7738db675
SHA5129d05ba75c6b89cfe841a52b542bd46d55ae9b0ced50c882ffa31ebef1dcef221d0fbe531e49ff49448a09b96f93b879119fe8df7b3f91283e5cfb0943b3c1b2a