Overview
overview
8Static
static
68dd7c1bba6...18.apk
android-9-x86
88dd7c1bba6...18.apk
android-11-x64
8CommonPlugin-1.0.apk
android-9-x86
1CommonPlugin-1.0.apk
android-10-x64
1CommonPlugin-1.0.apk
android-11-x64
1FrameworkP....0.apk
android-9-x86
1FrameworkP....0.apk
android-10-x64
1FrameworkP....0.apk
android-11-x64
1HandWallPl....0.apk
android-9-x86
1HandWallPl....0.apk
android-10-x64
1HandWallPl....0.apk
android-11-x64
1__pasys_re...er.apk
android-9-x86
__pasys_re...er.apk
android-10-x64
__pasys_re...er.apk
android-11-x64
__pasys_re...ds.apk
android-9-x86
__pasys_re...ds.apk
android-10-x64
__pasys_re...ds.apk
android-11-x64
Analysis
-
max time kernel
172s -
max time network
184s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
02-06-2024 11:00
Static task
static1
Behavioral task
behavioral1
Sample
8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
CommonPlugin-1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
CommonPlugin-1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
CommonPlugin-1.0.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
FrameworkPlugin-1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
FrameworkPlugin-1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
FrameworkPlugin-1.0.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
HandWallPlugin-1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
HandWallPlugin-1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
HandWallPlugin-1.0.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
__pasys_remote_banner.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
__pasys_remote_banner.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral14
Sample
__pasys_remote_banner.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral15
Sample
__pasys_remote_feeds.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral16
Sample
__pasys_remote_feeds.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral17
Sample
__pasys_remote_feeds.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8dd7c1bba6929f3a6d96d0b697748e04_JaffaCakes118.apk
-
Size
9.7MB
-
MD5
8dd7c1bba6929f3a6d96d0b697748e04
-
SHA1
528ad28047e07513fc03f702e12d05de9e6a658c
-
SHA256
73ce0801147f8ac19242d837e7d4f2f3331429005751723c0d1d06acf209a616
-
SHA512
1d9606e4b327116671bc85d24309595e3888c4a85d04b7f064eb12c154ec8ab7fb35b7c58497c8a82ff92a639d4e636efaddf02b418c78cb7ea6ebc53b4159be
-
SSDEEP
196608:82tKbUYwu+bdshM+FixWHCo/1O7XX3FL+OP9J80wt1qdRITBuu:Vx3pshXMrMOgt1qdq
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process File opened for read /proc/cpuinfo com.jiecao.news.jiecaonews -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process File opened for read /proc/meminfo com.jiecao.news.jiecaonews -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.jiecao.news.jiecaonews -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.jiecao.news.jiecaonews -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.jiecao.news.jiecaonewscom.jiecao.news.jiecaonews:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiecao.news.jiecaonews Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiecao.news.jiecaonews:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jiecao.news.jiecaonews -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.jiecao.news.jiecaonewscom.jiecao.news.jiecaonews:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiecao.news.jiecaonews Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiecao.news.jiecaonews:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 36 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.jiecao.news.jiecaonewsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.jiecao.news.jiecaonews
Processes
-
com.jiecao.news.jiecaonews1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4556
-
com.jiecao.news.jiecaonews:pushservice1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4740
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5d70cea691d8524d853f2a35de2f20a97
SHA184a87be7d34f5971444989c2a4a18dca35a9348a
SHA25663395943542cf36e59cb0b050b14e7611beced009e3abf96bd5a5dba83d9a255
SHA51244ca20e99cc412c705dfe346fe6e189baa03bc09086386f21b98eedfeba0cade2e9b22caf6cff4cf441df7e136ab849eac0be0d8cd37b7de565c80751ea3e916
-
Filesize
512B
MD59f8175fa0d8c6a8e4a58fac240a511eb
SHA1e681328fde79cbe24c02e821befddabbfb0d58f2
SHA256709e5218e87b530170522bbcfaea92b8e1458129714357233d2d6f340313a6a1
SHA5120a234b0d909159d83c3b56291741e1c37ed8b4ebe1af08a31aec61a91fd07ac08ead2d9056b99d143d9fe47777d9749205bc73e3a0a3e6feef34f2cefd51b187
-
Filesize
8KB
MD58031f042b5e945e817e0de374ec4fe5b
SHA1b9affab8a562560dca7662e52c653e7287d31234
SHA256eeadb785f1fbcde9bbdbedea4c8a093a573d1e8fca9634d2f643318dbac990cf
SHA5126f36fca9e602e768a632b75ae0af59108bb3cefe1feec07bed37ff2aa055205007ed20662c396fc7236bc710363f42d70ebfa0b0b0329c7f8a9c5fa9a7b7f246
-
Filesize
8KB
MD5d799e8db54aefe4aeb90152d84171d7f
SHA1e4cedcea70a84b0a1922f518230e28288f54da70
SHA2567cd184c01030b0eea0e013e995c67e8c6a13e52b8ac2b92c7c6e2b162f880298
SHA512f5291be099bae3ea114b4f69ddc6dee0fcf8e24280fb2e72a9c9cc2105b30e0ad324862efe4a312782fa0e81f1722d929ebf90b52cafd42b80db425a78cf5f47
-
Filesize
112KB
MD559abbc479be534ceaebd74f512bbc2c7
SHA11ca9a24dfe5b96b7e892797151c4a7822fa70650
SHA256dd648944a9f5f1b39512cca1ee62c49e4d045c66c7c134ec281232d390f02513
SHA512162a8f3bdb5f4475c275f75f60c573c82335f9d0a1552cc5c707291fc1da6f053cededf78c76ed34f595c1929e077738346f9b25229ede9be8c38d7b6484b9a6
-
Filesize
512B
MD5943f608c0baf42bb0815b5632f02c6ab
SHA1b5b200d8f4410c5a8a783be7735e89b54cf27c4c
SHA25687c30a55b9c37add36c03508a9f441ae1f4bce441f8d52834decfcf7f457c94a
SHA512bdc3072c8903b7e6e530686d5154c7cb363bd605dc8bc6557e9494d203fb181b03f9c03d49e4b1422871db15a4ecbfcc4f69eb48175318450a3f1c9d9b51ca25
-
Filesize
8KB
MD505458857d798911c860bfdf1be4ff02a
SHA1e00ffab510982e2e10f9e79a45c31dfab35dc927
SHA25603a56adf7a3a43dc02803b47a75a11966dd23ad6e07a518c8e1e5551773e65a7
SHA5122d67c0d01ea20291776cc92d41407ff41350dabae75f1a434c26b46c93b413c41681b22893894dde878c2b8580068ae8215c168bc9a6651094f37fd0efa37886
-
Filesize
8KB
MD5c832a29bcff97aea9e4d2db586b9027f
SHA125fc876cf5a2820b4f97b0ff77592fceed603ddd
SHA256643ae17c5829991a7e8c1f3dfee4a4dcb41d5cfefe54f7e58f82e6d930844dad
SHA512696c5428349700c31426f770cfa436392b367d7cc49b4adff857a09024ba6a481ea2a1576678ec9a87af002c9da3ac2cb5cd2eaf6a9d20a00892c49ecbb8cb1f
-
Filesize
827B
MD5102c6a7f836b2db5e4fb353e24261073
SHA1ae1b198b4495a939b7160892aae02aa937679fd8
SHA2561ccdcb27f7a915fa1c4a54665bf60e7678b5ab5e161153061a8808a254a28a6f
SHA512d33e126b86d5818c65898a122ea93d8587019112f8d42791bb92d24d2958cdbd085be0bc2dd1c017296dc8999766f0aa721c807f5bd7f9ed7806b70cea64c6bd
-
Filesize
162B
MD5e7d438889ec670bf68d09eb38fc52ea6
SHA1ad70473e719b733361ac742ef912f51ff44a0a96
SHA2565357a4c82bcfb5afdec61f9a0c40112a978b763c72c25a76cedd93dbf5ef7142
SHA512a5afaf7046291572b65aade0715a078496e2e8e55f579b9a041a15616f2fab4c121b43aafd6ebb5a9c1f4bd155d353ffcff8ec11fd0246d1ccbc4f461ff3814a
-
Filesize
245B
MD54b159e57b6fcd211c20613b2bde0fa93
SHA1d5321f14df9324557771496cccdb088feefeadf9
SHA2561fc686d99186faec4077c91ce7206a2a9fcc9f8904674ca81ae103e3b4d29876
SHA51218faf1ae314c29e8e489cd7d1d0cc91cef97bceeef20ad459e04d30cd7609d84c8e73d35a37275bb8b06a790edd7877b5b55cd088605170a2df3a9a28cef3ea9
-
Filesize
125B
MD5449bf8d2166b0f104fb48989bd7d5b21
SHA19c3692379eb5dc80e6a66fbed84e7bd1d77755bf
SHA2566dd7e2660558b84a57d60bd3f36125a279baa6ef2d94c422f46906799b9b3665
SHA5128093de71f199608db3b68486fec4d7eb38ddd5c60f7f53977864a265cf61754899c6485d84d7416446ff2f6ddd78812b119ccae1e3a4ee5e8afa3396586a9415
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
236B
MD53cc474addd67065d66cf8161cc6e4e81
SHA1700b08482a8d2c989d401bc150b16cc865e19ef3
SHA2565bd9bab8d79b6272060068b4f9185b72815b466bc103a7fdcb38b5a9b529f9cb
SHA512673b04e12c9ee73d87d15707753bcc93ebf85b95137543b7fd545c2ba4a2b48a4dff78e62e05e197f8f5d3d76489eff3ced7d40e59b5034f9b1577b13e10b28e
-
Filesize
172B
MD533d79253bc2348a7b4c76cb18c0d54a6
SHA1c7d745adf44d450de5a0296105b27d3811fe20f4
SHA256cbd2d2d62095a3af4ea4a66d898cafd59fe1a0b31096ebaf3c6595bf177c3759
SHA51294a22f022774435f1ceb4576065eb0d21a12c1c7f549d9136f538e5143d5718c275df24123a5756d34ab22d7f3b8a4376f66a71105ef25e062568ce3ae4535c8
-
Filesize
85B
MD557de702d36888a760b265ba0465fcdc1
SHA1361ac6d21a54402d6c2d632db21b1e9116a2a15a
SHA256ac9b33efed4013e3d4f687c4505a8a198461e9c596f84b8c5b035afc2f737c1a
SHA512aebddbefe0c97038f2a2aecca0eb2cf7460f2c7604fbf4e880fcf8f12743682f4bfde7aed62ed1dc2307c27024e33c22d1ff9706364c7777bf1e10deb69207c4
-
Filesize
82B
MD5386dbe0122ef88ed9e390a774508f84a
SHA1b9cd0182711571370e3e74c375c5a741bf5a200f
SHA2566406a1af4c58cd4e4aac498bda2ac9f443f6ab3d25d75c44f3a57be1d6028c99
SHA512fd0767ed3fcc90921677191702606d96b03f76a72b098afe5994655daf96e4b2ea277fe4c8ef8da804639171b8addddb4b419767bff3bacc2939d6104699bd6c
-
Filesize
113B
MD52d2434756e622a15ab3465de008ad6ea
SHA1a4e6222fdfde6b72b15adbb943d0784816fc4d17
SHA256a9b149cc4eadb9262aa825520b10ffd59138aa4577d87af85192565cc263cac1
SHA51227785b842989dd63aae756b866150ceb0dddf397dd573ec8d753241569f499b6d93b418a8f0680d4c9a0a77b049d114f393105edf9cc0f1916cfe040cbd9343b
-
Filesize
1KB
MD5bcdcdfca73d82d399ae80e565b947dc5
SHA19d2778c9069735ab68188057cc02920e397f609e
SHA256428213d8a802d32e2b1c441cc83b72d26e9d0425b14d54b419c193f830d360d1
SHA5120e6d278959e7415121442c700178207abf11f2c0a5e8e809f7f890025659b4112f123ef5734978e9c6c54a570cf2b17079d5a002e28293a5c8d532b89f217aa8
-
Filesize
3KB
MD5bddb5b1fddcb655b85625722eec41a34
SHA11dcc38024cfd33389d53b7af3d0dcb0fa7cc6a85
SHA256095dc5b9ba746ff19b63d4b3ce1b7f3750aad304be2a8b4de501b825ed47312c
SHA5128009a3a4c1234732cc364ef58fae57036156fcba763f51e537e831e79a48cfbe1aa52fbc1148d5f31197b1fd54fbbac0376b4d32a28935db4c4b72cbe3e790b9