Analysis
-
max time kernel
163s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 03:54
Static task
static1
Behavioral task
behavioral1
Sample
9074748031e1707cd5ea2f2d5b1f9db0_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
9074748031e1707cd5ea2f2d5b1f9db0_JaffaCakes118.apk
-
Size
18.9MB
-
MD5
9074748031e1707cd5ea2f2d5b1f9db0
-
SHA1
0d3a03002038b16c22df6014c55201897a3893dd
-
SHA256
09dc3f524fd188735c473f88caa3e92e963ffb5b22670f784f7a07ac0bc56a63
-
SHA512
f30c755a89a595fa14c26a72ce8a0f3dc74706502c61b8d38afd54f003fd7b9feadc74270c2decfff6e170033799d119f1fe867a863df199e6414c759027804d
-
SSDEEP
393216:rjhz/isAlDy3pQoPva8shxBf5bn2uUduIkSV5lLTISW9P7mV5XqjcaMvm:Z4YQooDBftR8PfdgVPM+
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.android.okehomepartner -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.okehomepartner Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.okehomepartner:ipc Framework service call android.app.IActivityManager.getRunningAppProcesses io.rong.push Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.okehomepartner:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.okehomepartner -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.android.okehomepartner Framework service call android.app.IActivityManager.registerReceiver com.android.okehomepartner:channel -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.android.okehomepartner -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.okehomepartner Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.rong.push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.okehomepartner:channel -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 24 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.android.okehomepartner Framework API call javax.crypto.Cipher.doFinal io.rong.push Framework API call javax.crypto.Cipher.doFinal com.android.okehomepartner:ipc Framework API call javax.crypto.Cipher.doFinal com.android.okehomepartner:channel
Processes
-
com.android.okehomepartner1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320
-
com.android.okehomepartner:ipc1⤵
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4352
-
io.rong.push1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4378
-
com.android.okehomepartner:channel1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4601
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD52261ebf1bc6fe681d72003cbfd450139
SHA1d4b1954f066d2b5e50227c897ee0b10198ba1267
SHA256a69c26538f2c93957c0393b6c91ed1f9c6f05c6724c863579d7349e826f2ce90
SHA5123f137e78605cc7ed4abfb99ed1ff72ea2e69e0670cb7d438de45acbce4bd5734ea73c73870c07afb3beded0153c21ca9b9b7d781e25b1dce73d0a4a0700d09c0
-
Filesize
80KB
MD5afd741d8ec4662c1b1b2f23536cb21d5
SHA1a4b7d144c0121b4f0786f309af78866aade6d9d1
SHA256669e1d1fe2eed836844b6ca57f82a74b6ab6b272dae6ffd706e20e9f4c7ff501
SHA51282348387a08e2a72ac28b263a49f9a2b1206935cc840a5deeeca0c4a0f16643ced385efd28c283dfb10c4d98bf487a8136ce614242ccaf6bdc7f2c42b08b8f13
-
Filesize
76KB
MD5f58a503ac1fd0898b22067e875c4997a
SHA15e2f384daa80c1d90e75b6f4eab73ef2a3f1af5c
SHA2564590db681073f4a5f388571e52de41406d347777dc9c11c5797101d76c6d29d1
SHA512febb4bcad21db00aa16578ed54d79f0eeaa3a70c5420b0a501287f4063a5f4ce56116de97b79145e4c9b88e3a45f8caa5eeb58d0e50a391a250f0d383b4280e6
-
Filesize
4KB
MD5911ee82f0925bfe32a96a1dba29707af
SHA1ef9f395418dee15472425274f6f5c4858e074421
SHA256c6442081397400c71ea6568ee437f13f3458de118a7968c0b73aa1106f0ac5b5
SHA512a90ba1bed18040855e965e1df9662d6e89c094e9330a9b013a51433e6231b6624ab7ac41a367c8dd18a5f3ec641e4dca419cfd72039099784d6a22c31ba81cb3
-
Filesize
512B
MD579f5caef83568e223245fc33a91c349e
SHA11c587dbbc2a5439c05d34db63c02e69efdb24cc3
SHA256d0e18cbf06eb719cfa77099c8736d07336625eef9eb55ed1ee34cb1e5fe3b1b7
SHA512cbd3493525a4438a86f6fef7bcd2ad3bae0c88fb6b6c276912177b946f35e6e85969c1154fd56ba511121e59b1bb35d35dc359623f7e55f0f021911dd63e319c
-
Filesize
32KB
MD5e69e2181c99ce4dfb99176f6fcc0e8eb
SHA1174383fd93bdd45c5a649abcf989db8a449d80fc
SHA25690bec8f5cb2683a5f1ad73fba797a3085a5dc5cbff1b105a3b17ac7caab28364
SHA512091668cd3566ee91f64e76a3782e62752f8760b5144513e45f0223e80c4cd7a12a404ad5351da5a63fed72ad4b2c6b759cf015831adf2c260ee196ea18deb677
-
Filesize
68KB
MD5ddfc7ef45302ba7c1d300e900089f0d8
SHA1f665bb59e2c8b4a4ac89fd126dceafb80da2395e
SHA2566ace0b8ce2c00773d56e5841d9175f5bb2e9f68c2ace65d64cce60351de80ded
SHA512f92755730d1adf3ce76692ae54c6d2c7ca3e87c787adb32933583710e66c04c7cb435b2ffd0b52a32e94c5a02769e6b7cb8e6e0d8473711a8543b4bf7349795f
-
Filesize
48KB
MD527354ed481321b6672a4e0dd527e6a55
SHA1ccd0ac1df12f98e32818e545a15db79a07a97b24
SHA2561b166361da5ba63006dd23971a0ae1b72f058f6826e65a166327490ec6392e27
SHA51234da4fad4d8e53d0b2cf830078993ed31b50a2b5c0e647b9b6df2bc1625ce8a7185d8521de70a60798e538ef7273861bff31f8470661629360740cc88703f538
-
Filesize
32KB
MD536c70bb3bcb65077414c7362a9223753
SHA181604bf0d377d7453e0cc67334670d58f5b2dc60
SHA2567c07d89ccccb89eb0576f8cbac26f3ab20bb372c7cd58cc6ea13550f82f26ccb
SHA512334563cd4d8aca90499a110a3a855b14bb701faea11b90406ad69274b7d42b2a83c9c25e6673f23567cc900622b8e74cf74699adf8f6cc3fdf81ea903db6e5a5
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD55f1ae1aea9b06bb052c676c85ded27c9
SHA17050b8fdc72496f5d35384ad608465c7d91e492a
SHA25625e044735a8d976085e94c3a9b819c1d91d1682366421ad7c59d3310f6428e7d
SHA5122bbad12458a8563aee6eeeddd0e66a622989cf36e301105b3a2d1d876f21f1f2c453cbba5f5fe1a481ffb8ffad5318223b560cb3bd6bd8856dd9c1c23cf73af1
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD5b49e3b93782692a13e6c300e9c219345
SHA1eb885e0a7e12d614d6b840ed8477d855e10508ea
SHA2562e895ff36ebbb77442a44035d865d6333943010d9d27bcd70bae29c553dbcd94
SHA512d2b267ce0cf9bbce49a2b189e7e4dbc6bfb4ee09f029e5186e88c85592250f4079e279f9b3304fe703bdf9ca6c2623a1adecd580025fb28fcf8d85e0d8186d5a
-
Filesize
48KB
MD552c956dad0d19ee2e740327288a21403
SHA1c996365c19b1ab1d785814cf30a5caa63dec0cb6
SHA2567a37aac796e30c457b7927bcaa19c7931eb8e29f239f9eb0d8a1894ad851b384
SHA512664114a28a1a780fda688c7c8fbde899b6bb31402a8300889e4a0c5e18f250f4e020042933b88403b04647512d338a25d2e694849ac568423f513eaa9c8031f0
-
Filesize
16KB
MD5ffba48698d0d57efd2886d1361216ccc
SHA1e05f21c706598bfb03090724bbffe31c67247e3a
SHA256d439fb633ec99ec51cb4a9f136bf371fd20c3e7265541075af344ab7e470542b
SHA512ef15617f5af2523085c106b72d5c630a1ef9b90e32a6f29da7c5d2ce13c0805dded60a674e58e36ed127d0a646bd01f5d88a35971558767ed212480985439829
-
Filesize
512B
MD542303c7c5bfa85834632790334324917
SHA1107e4e67afce1d2f1254f682e797cd6bdacf908a
SHA25611d90b5125a5c29b759124cec1a1492640078f503afd1804567a7d44b51f98a3
SHA512e6ada411d58ac6c7b6a4b7e05c3ec56ff348a0fe7118a2d7be0d36bebc6835dce452aa01a88aae765228684b6ea72e33b1a8e64aee03ac479651d65ec292cad6
-
Filesize
1KB
MD5434b89bf2f56ac35b72a249284705467
SHA110f55bc044e93de4b7fda76b04fc6e088f0e2302
SHA256977392027464affa86bd4f2db507d3062e21904796f19bc33fe8d2f6451d6f05
SHA512b8616fc8c6a27b587213ea029e08d107e3faaa5bd19ac484288f8f8ffa58a80a176e666ea4f9ea4ce926f067679894c8005fc955771cd59c18b1c0f3d40c5810
-
Filesize
162B
MD5de9e18a9153a3aeb2f6fad1fe5fcf017
SHA1f5ad354f1d4e2939001b603cf7aa3a4e9e1aaad1
SHA2560cbea1b4a6e8db50a75cfb66ff5ae71e2263ee3093f929b43179daefb936e33b
SHA5129458c1b421edfc9f12fe762c68f55cfb7741bb78c1b2be16df00bd781e3f2537519d4e006fff2137788bb4bc35a7d44edc31a950dd772264f1327a67b0febe4a
-
Filesize
57B
MD52f78dd6d1127be0442566eb6fb61f67e
SHA14e3ec0804ecf1f214d4806b48600612a722d7685
SHA2561585c4515a886c6840fb18c346177c53b9c07713f2dea97af73823cf5b5d14af
SHA51289d51afab5e3978043a84ca7a266be246bb172b321c986acac0bebb611b806f6fb206221efbe49a545e0736710d08022308df786f924eb8ce0b37ffdcd7fa852
-
Filesize
2KB
MD5d2693345d4773d2e0486a346ac6a91f1
SHA11d8c18b2439fd5beebf47924e6781db9c441bebc
SHA2565ceed7f1fbd16c32b3d7da3bfc8bad8de3a44f66b1704aec78c978bd9351e62b
SHA512a28a28953769db82883e74fe2eba98e68eeb3521cac1c53316cc77c61424a19dbcf867f6fdb2d305512ab7b13baee91a7828cbfc6602cbea9d14261b256dd49c
-
Filesize
498B
MD553da4bf8b791766eb457260896c5cf9d
SHA13ad697d7adabd105e9b73680a4d804ea1976e853
SHA2565ee76f07bf853b4e92f1527fc8676835b0fea04271974f01601347cc1a25e115
SHA5126c7fbe939ab0dad7f254c16ba03c55d139c148a0f22c8272a62c835bfedd2461dceef40b8da419c58baa7519f11e2ca653e48c6944b0130834ede3f4fd66b0db
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD529e5397d2a197abef4897cc9f2fdd68c
SHA10b657e70a2b0068a10d77a07a6a995cb54264442
SHA256b0cc9aea33f5442c9a84252c02f68b1e13d1ac2295762f5fa337d1212384308e
SHA512b05018f71805a48fa753a6c3c0e7e3f837cee94967c6f1bf30e6f50061ff1e9c1833911d702c6c385090e29c7eb71570c5d4c5c651762ec5d58ec87d9e713b95
-
Filesize
213B
MD5c34df8847ca9078c39ebabfe47d3932b
SHA11434477710a9b79aa38c1f91720bae148e0f93a2
SHA256c2839f842f1df9112f527910c607011fd6cac8b35e64dac3d495797dccf5eea3
SHA512471bbb1a23ccf42bd6ecef3e7e2828210e847f8ae4ab4ce4d57376be85dbb323bbe1548ba53ace7ed91a86687b1516a5251eba4acbc051d52836fb4f91e493a1
-
Filesize
780B
MD57e053b9ff60cae27ae8ad21d21632932
SHA1674652aeea091ccc87e35cbe782b4c597c5e305f
SHA2569573c317dab83c2c53eb65fe9b054b7888c116aa35f487ab26746e3ec383c9b3
SHA51275dafacaf80780cb0140f5320234af957ed75a3af837069b52b1dbc44e67bb2e08f14dfafe1c3ca276e75b228c47b39f62a5d482fbdfb943d99f7e22ce5f4c8e
-
Filesize
111B
MD574e2b00af8d47dce221c84d6e54de0be
SHA128e842b15c156b9800730a78756a9a444b9e2e5e
SHA2560a2d326c1d4c1fa721231d04e6fe1f4c39040e65e77d9ed040153bf95a945ecc
SHA512793f646d231ff75befea0dc204e5a90435a2da8007e4fd809c99c90624fa674e9fc6a0dbd7b35e0b19d7a706e397befd2bcd316173dcc02cf5855e83de6be04c
-
Filesize
167B
MD535a745ce4c2e03dfb7bd58a0298e7291
SHA1ab58441d3506bcc1774c37c25c73b0baa48797e1
SHA256b0c16674bb4bda54f50d341f69d1165905c84f0a329b9cb5dd6f306c9ff80759
SHA51217efd72a932871dd2d69c00db0355822aca4ce75bca92209a6669e2bdc1ee488053e97a073c26ab8c186cf23c8c97b0194d342070423f072e4215dbbccf61871
-
Filesize
5KB
MD5a8457ad79453c49a046866d20758e044
SHA11383bebeab827406ba84a705988ebbf433d40925
SHA25603151bdd2915f2f9a35c5619d3ca59d370bd51c1bec4f938f585bd6215216b05
SHA5125dc51046893bced0ba123901976af4e248807ffaaf7b380132f7c594f8b979aed987066a8a2bace86ed5e3fdfc0ae416a00fb96a39a8b3fd8b6a1a74feee5194
-
Filesize
1KB
MD54013f922d6e2b5127df7532c533abfa3
SHA1d2c113e1b1527a8525d50ac571499d2cfb04eb1e
SHA2568592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e
SHA51299103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
71KB
MD5a473c5d2dd51009631adb3b29096cf73
SHA10f3bb2f0a872f5d81bbef7afb104012437e75501
SHA25622080fab56ad62b55c6443aef9b6055ddf68dbde9affccca9799c3196b1524eb
SHA5122fa461dc59da7bf0794c652c51db8fdd448f16667f3bd43769af6d0910f9589f32e45a9a8a4ac8721ef754eaac93b1f0c5715387d593e17bb9cf244a6d9cbfa6