Overview
overview
8Static
static
68dd7c1bba6...18.apk
android-9-x86
88dd7c1bba6...18.apk
android-11-x64
8CommonPlugin-1.0.apk
android-9-x86
1CommonPlugin-1.0.apk
android-10-x64
1CommonPlugin-1.0.apk
android-11-x64
1FrameworkP....0.apk
android-9-x86
1FrameworkP....0.apk
android-10-x64
1FrameworkP....0.apk
android-11-x64
1HandWallPl....0.apk
android-9-x86
1HandWallPl....0.apk
android-10-x64
1HandWallPl....0.apk
android-11-x64
1__pasys_re...er.apk
android-9-x86
__pasys_re...er.apk
android-10-x64
__pasys_re...er.apk
android-11-x64
__pasys_re...ds.apk
android-9-x86
__pasys_re...ds.apk
android-10-x64
__pasys_re...ds.apk
android-11-x64
Analysis
-
max time kernel
172s -
max time network
181s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 11:00
Static task
static1
Behavioral task
behavioral1
Sample
8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
CommonPlugin-1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
CommonPlugin-1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
CommonPlugin-1.0.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
FrameworkPlugin-1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
FrameworkPlugin-1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
FrameworkPlugin-1.0.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
HandWallPlugin-1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
HandWallPlugin-1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
HandWallPlugin-1.0.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
__pasys_remote_banner.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
__pasys_remote_banner.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral14
Sample
__pasys_remote_banner.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral15
Sample
__pasys_remote_feeds.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral16
Sample
__pasys_remote_feeds.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral17
Sample
__pasys_remote_feeds.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk
-
Size
9.7MB
-
MD5
8dd7c1bba6929f3a6d96d0b697748e04
-
SHA1
528ad28047e07513fc03f702e12d05de9e6a658c
-
SHA256
73ce0801147f8ac19242d837e7d4f2f3331429005751723c0d1d06acf209a616
-
SHA512
1d9606e4b327116671bc85d24309595e3888c4a85d04b7f064eb12c154ec8ab7fb35b7c58497c8a82ff92a639d4e636efaddf02b418c78cb7ea6ebc53b4159be
-
SSDEEP
196608:82tKbUYwu+bdshM+FixWHCo/1O7XX3FL+OP9J80wt1qdRITBuu:Vx3pshXMrMOgt1qdq
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process File opened for read /proc/cpuinfo com.jiecao.news.jiecaonews -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process File opened for read /proc/meminfo com.jiecao.news.jiecaonews -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call android.accounts.IAccountManager.getAccounts com.jiecao.news.jiecaonews -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.jiecao.news.jiecaonewscom.jiecao.news.jiecaonews:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiecao.news.jiecaonews Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiecao.news.jiecaonews:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jiecao.news.jiecaonews -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.jiecao.news.jiecaonews -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.jiecao.news.jiecaonews -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.jiecao.news.jiecaonewscom.jiecao.news.jiecaonews:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiecao.news.jiecaonews Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiecao.news.jiecaonews:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 26 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.jiecao.news.jiecaonews
Processes
-
com.jiecao.news.jiecaonews1⤵
- Checks CPU information
- Checks memory information
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4335
-
com.jiecao.news.jiecaonews:pushservice1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4527
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5e86cfb2a72c2a48ab18950b3cddd4934
SHA112d04b3d26dfff43249ccc3094c81abfa72773bc
SHA2560e6a9a7515e0571ca06133d61d87c5f4ad15029403ee5bb31be720c57751bae6
SHA512238ba918e6c5298aea3680ca0a7aa35bacf4f21c064a4690e472f8b5593b89eeaeed125ecc4b9c892744bf32064f1d48428a752440b51bfc059aff08c4be92ec
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD59c2faff7349b5885bdfcbcc4b4cc18f6
SHA1f17d20854619e3e2028a5f6f199704d5a5eeb267
SHA25688ae40ab6218153a9f5536baded17679de9e88e1101464a0203dd258c8cecd50
SHA512eef8ff94d27a3a0426b762c23ccfdf530f337667530650e5e1bb9803567b702fd4cb81661b9ef77ebf33f09fed264fd66108d227bc195dfe66592312e299a7f3
-
Filesize
512B
MD5c83381abe50f51ca1515910572fb1d29
SHA17c77fd8df07257c8a6e8d4ef4f06e2094a68f3c2
SHA256235c4c04ded4065d64d8e1ec3123b4aa2f064b49fbfe7aa2590f4cb12c9c418e
SHA512bf07fd0011641d38c1ef0bcdd4908223dd0d7fe4d5e72c9e371d686e1d785cc67817b6b8fa7bd746968423d4a522570cbbe0891fa9f8f4b3b7b943564142d12c
-
Filesize
124KB
MD59cb5baa61309997e7bb157771deb6b5e
SHA154709c46de55da4d71c71d04b3d37a4f43562c14
SHA2561291229b2ba6565f1526d3783c0692d2f67037df5f9a872eaa7fac7a64076375
SHA51264f88745bd54473044b9ae73a3f9a18dc025d5fbda91878edfc8da0abd36d6c61b3623cbceedc6de27240fe6b119337794b9d56bc1acabbd1e0e03a88303bf21
-
Filesize
577B
MD57b7455c6b6d7bcd4762b6202327dddf3
SHA15f5ff93d50cf8cdc2d969248eaf2dfaa00761011
SHA256bbbc12e246745145de620b74295119e7113d864c6024da321498d77c90ac559a
SHA512de2edbeba023cac9e076b7ca1e9a549402c5c4dbacaa149b71049955a6841ad4125e2b60d803bf74efb9746ebb21a543740d5b16b5fb80ec6f13804bf8097561
-
Filesize
162B
MD5a1318ed3a99562b383004f24d5c3e989
SHA1c82854f6bd7e8d060cb6dd20b6453f754a69a274
SHA256cf6c8c16dbc642a5d3691b85616858f36fe49f1f5b6385eaace886fd112b3cab
SHA512c22ae352c83481b24bfe9ae330c5a613af6996f2373704e1d89994d61caadc59afcd3b65527f6f41fe46024a435a02593f871d00f247694573b3da09e0573732
-
Filesize
310B
MD5bdf5076ccf5d095564cb30f4cff9791e
SHA1a9668029473ae4c4e10a5c69331d4c25edf74f47
SHA2560d3bb7d2e1307140a4921acc82c5a9c8ef43a5023873a521dda9eccd8a3ee233
SHA512de3a65d080d50dd12f2d29a23fc74ff4d7fdb7e091205894fcd1ce473961251f1a0d8ccecb053b656669de9bc97548dac71c8817c639abcab8b241cea58cb4ce
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
236B
MD56fe8e7fd70dbeb546fa2d3f1eba106f7
SHA165cd2fe9c26be68d43883ca45b65db50baec81cd
SHA256ebad9a057c58022d199a771b43b6ee16db3a6464a8150a0381b938e777b4b31d
SHA5120627b260d115d23c06af0160d58dd3329f4693b1af9ddea3e6f9fc7d37a4802582e14c3650bf9133c730d8f8b56cefbd462f89530821e056de97b80bf0158b94
-
Filesize
172B
MD561c0ec2caf4653c00296afe20e99a789
SHA1dc82126ad152cfd6267162e5aad5fbf17ee1e671
SHA25666149d76fdf74cbca08a43ec16a38ceb61a9ef90afe7f0252d1df72af54c1ad5
SHA5128f4e720ff939120cc54ecdf7441a427e04f97c950158c6147f8730fd58ea90c682ec02a65e8d025cbe2c87e5dda9b29a2cb50b2526d59703ec0aa4b22d10acc9
-
Filesize
85B
MD5420e8fbc5230f82db93a6023c4ea4f27
SHA1106c0bf4e616ab7a1242c0cdca844e56781e9423
SHA256eee1f3bcaac103c5b61e4ca4dbbe34f278f59980ec3bdd68c94e8b13df5d5bb8
SHA512d35e54a2b42a564fbabedf36950cc93fe292967c8e4830bd161f859e6a4f1cadc49085e3f8d615f9cea33e071d9fd7853ba6ed8dc28e4bc9a4999848162fa369
-
Filesize
82B
MD5e41d81d762a477cb01deb5c7ef3e988f
SHA1094a7d8f39b8924075170a81dbdc15a785c3100e
SHA256b1dbc75a233dc571a177c4f38b607abc5dbe70b54ee97e669e06a0c2498823e6
SHA5124c73454fcf38977175aed67879b4c8ad42ee69cc1b3b31499c13a36a6acafb18f9c2419a77e46813f47edf0998de52a038ff41786af46a5bce78c81c1466cc23
-
Filesize
113B
MD58049097c72a7b121ba3263d92908ca46
SHA13d8d3b3692d62fe3926714ffdb268d7439cfda10
SHA2560fbff2e0154799aa0fc08a99cb221c6681bb2704e93264dec6627e7fc46891c8
SHA5120c4eff6879f8f7dfd620015716ffaa537dd454658b8c42cd5b76f70003d1cb5b2f6b93f29447eb954b38f7fab56514282ddeaa248079ba3065b17d951452caef
-
Filesize
1KB
MD58cff193c1685b90505bddcee7b135150
SHA1e636e592e77cc49315f241aa8c29d05fa0f4c75a
SHA256715896484b0503ddf9b2f95437dde29f10c36dbb582ce2703849c009fff7cbdc
SHA5129de2c86f03e55799073f7c2cf1754f8cc051c8c700a9d33190b1dba3652dac002ef2282362cc534c0241c6b24c3e4e20d47b261872f54e7f5e222ae6cf3bf4d5
-
Filesize
2KB
MD50b4916916e247403551479d7fab10e2b
SHA1af2ccc6f19156568c57e576d115d8497397d1bca
SHA2567925a6904b3fd86ac7c66928562794012634715b7f255d6dd3aef11c28fec809
SHA512eb2d939018bd937ea9f9132cb349b657020b1946652bcb6055e3cd1511030e32f57ac1c25ef86275cb5f9f6aac92d04b6e4d6accd0fe1eb25d22c0760d9526c5