Analysis
-
max time kernel
168s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
03-06-2024 03:54
Static task
static1
Behavioral task
behavioral1
Sample
9074748031e1707cd5ea2f2d5b1f9db0_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
9074748031e1707cd5ea2f2d5b1f9db0_JaffaCakes118.apk
-
Size
18.9MB
-
MD5
9074748031e1707cd5ea2f2d5b1f9db0
-
SHA1
0d3a03002038b16c22df6014c55201897a3893dd
-
SHA256
09dc3f524fd188735c473f88caa3e92e963ffb5b22670f784f7a07ac0bc56a63
-
SHA512
f30c755a89a595fa14c26a72ce8a0f3dc74706502c61b8d38afd54f003fd7b9feadc74270c2decfff6e170033799d119f1fe867a863df199e6414c759027804d
-
SSDEEP
393216:rjhz/isAlDy3pQoPva8shxBf5bn2uUduIkSV5lLTISW9P7mV5XqjcaMvm:Z4YQooDBftR8PfdgVPM+
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.android.okehomepartner -
Checks memory information 2 TTPs 4 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo io.rong.push File opened for read /proc/meminfo com.android.okehomepartner:channel File opened for read /proc/meminfo com.android.okehomepartner File opened for read /proc/meminfo com.android.okehomepartner:ipc -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses io.rong.push Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.okehomepartner:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.okehomepartner Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.okehomepartner:ipc -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.okehomepartner -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.android.okehomepartner -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.okehomepartner Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.rong.push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.okehomepartner:channel -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 45 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.android.okehomepartner:ipc Framework API call javax.crypto.Cipher.doFinal com.android.okehomepartner Framework API call javax.crypto.Cipher.doFinal com.android.okehomepartner:channel Framework API call javax.crypto.Cipher.doFinal io.rong.push
Processes
-
com.android.okehomepartner1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4669
-
com.android.okehomepartner:ipc1⤵
- Checks memory information
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4709
-
io.rong.push1⤵
- Checks memory information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4741
-
com.android.okehomepartner:channel1⤵
- Checks memory information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4966
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD54cfe777c9f6e7859f5efe2197401d8e5
SHA1bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA5126be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de
-
Filesize
36KB
MD586752a4be6564d8370f2f0e403995003
SHA129f7d50675f6e59f3b808eb6dcc8619384412115
SHA25650484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA51279c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec
-
Filesize
512B
MD5657d3f9cc3eeb02a39af696815044f50
SHA1b07cdba5d332f9649572ff778fa644c02fc21aad
SHA2569887c545e11ec3f201a3b98a17e65f7d76d790531f8ace29b4c125e019d9f345
SHA512d8e4ec88a32a57bcc57c74d2823124982bd9fdcdc9a43e0296f83b99f80d36103e158b09686d2574ab593549d56dd698be9707c84e3d467be23cd1eb5fdb2396
-
Filesize
8KB
MD517556a0714ecba75692d6081eb0e52a5
SHA1982c963052749689fd12b60c6d1cfa9b6cb3fdd0
SHA256d8942330973bb2a29870aee025e5a87a481d4e7317a31a1e404b284c2a89c7ac
SHA51204a90c6e582eae94c1fa28fe66da7456b1c5cc8bb8a899d8c19ddfcef5b5115bbe53c0f45d97402053ee29f0d48b74f96171433ad4f51b10b674160bf7f2e26b
-
Filesize
8KB
MD583369cb3da0c966767e58cec80bdf759
SHA11418a0d0253cf6d20b4b39b16fdef333dd957aa6
SHA256d0442b9c477327977bbad8fd1e0091b2265fd3d5866c26fb6fac56ef7e13895e
SHA512436c3f26cfc059b7382462c2c308ec37b7c2f2c0252b62df56e5f6efac77b045b739f99f008fa01100901ab4e733ec89079e3dff94162d63f4747a434bcc851d
-
Filesize
8KB
MD5bb1fb4b6ab2f41438d4fc331995695a5
SHA16a3839a5551f532ea9ad1eb34915cc211b3b23f8
SHA256cfefe01eb1601e73d10eaaf0a98e02fc8a212942e438f9807101dd72a47eb7ee
SHA51262b2e905137e3880effb776d93e994f875e63c4338d574d86bc020ca79b06673b57bd1b7d15a26e5f0f6ed67f504a430b4dca58b5641f7731bacf7d3722db3ca
-
Filesize
8KB
MD57644bdcec2824e412053f9b50221baa0
SHA132a61cc72c448372c21cac8b8a88628de89f5058
SHA2563fdafb71b0c264c7987de8935be7be818008799c24cab846724b9fed7c59fb63
SHA512ba5ec37c73f51f6515d15c3aeb13ba8d12b9f74190e4f12ceb5abbf998f033eba030f1f533d65b123af4dc87e6b6b4f64640bdfe0db33bccba894c2f07efe564
-
Filesize
12KB
MD5690d6dafe5a2f447d698d75bdfdcde32
SHA19167d08e8ecd318866aa9a7891a84b105044712c
SHA256d1199bc9b66240f010f3d829cae03d6dd3a8bbc9fb9e4a2cb0933e117c861c7e
SHA51238b0eba0683aff19fae2769bd7b77547b8d48fade56110cdc10ffaab22a953263f965e574afe1924281381fa4b72594f4a576d124f9fa5cd20517dd49d7f15fb
-
Filesize
8KB
MD5bdf7c9b4ab66d0d726dc513f5b7a98d6
SHA12029737493c5747a996d75b19693f008bfb250b5
SHA256a4609937c6f423a2158051010892e8f6e943df5a97ffa87eb56b77ab54a3916a
SHA512ab77ce837777c8c1104c01ab2e55bb42b3810c05f2dbefdee1ca37d082d0f3bb0c28af1c178e9a8a8dd0d74fb985606123e5a680d472e3d2a1480bad88f0690c
-
Filesize
36KB
MD589cea6c1705c46d47b6b2399feac5036
SHA183cfcaa4333354f09688a82614f6644d71cb6ac2
SHA25678b075b2dbcdad20550d212dd4436d6e2b544a8b26dbf9999423fb35a6732dbc
SHA5125a36e31ace9dc6807233306485d7b3264876358f3dee075c38cf1654ad0365f01ef5cf0cf629c9ca7f3902d306d5e1877c3d777fca8ff069d64fadf7047b0e06
-
Filesize
12KB
MD5865bfae62e506041eab6bb03123c765a
SHA1f9ae14dcf1caf3dc9c9a273120557a5d2436124b
SHA2566bda994d0715dbbe0d5df48c94c5d874b4c2b63b62c8e0776028da9a21ef5d7a
SHA51229169abfc9b40166f346d313ad67a4ecbe67b71641bbc5bc0750477b368570ceb3396cca29f4faa8824316189c0212daf324080564a036a1b8b4ecc901d8de44
-
Filesize
12KB
MD505da4be57c57d0c9b3e3c87575ad4222
SHA1574a86086ca2ee51951f5840c8919c0bcd6d1512
SHA256d30f9875974fcaf812556b0191a2d72b71b0c025ed53244fe2699e2bbf32513e
SHA5125853596052b5c5c53edae28c946d156b630b498fd9f2b6cd3e5bd34d11dbbe12a7b59df951570543bfa26e83ededdf745670c23684ec34b19afcfed43466cfed
-
Filesize
80KB
MD5283c19477488bbc65d54f644c6cf255a
SHA18fbdcbb6e3fd5c941f41de1d1bb85e40d4b9fcda
SHA256261653d782886247409b1cdfb08940fea74d31da88e38947e79a19732f456d41
SHA5120df5929f7765821d7fd16f9a10eb96d53b4b22d7aee073824c6d3c3812228aeca30e8f6f56f1d080a9957a77765e97db8a9c3c863144234f97cecd93277ae4db
-
Filesize
8KB
MD55cf32ef0d6653fbfa1bc7cc2c3a1fc80
SHA1ac7884059898933f3a6ca78e1bac00c5b5cef9df
SHA2565528d434caa469d1f44c2c6aba8cfaa1c3c23b55ef057f021ca4ae89e2496d04
SHA5127a0535f2fd42e70b1ee76f9f36cc89410a364af7d961745b03e4d651365a7b5feef4e9e604a8da4d2e351a92026b8c246852286a2c7653402762104ad66dc27b
-
Filesize
8KB
MD54602f2ac991ca36987f8befd2570090c
SHA19a57c30523c121f6870ac292057aeab945b2560c
SHA256e92646cfdfea8b2c59387d47d9e3e1cbd40537ff1e2f1ee3e655a9a3f49f6964
SHA51248c1bfbdb00315c556927a60c634a15c812fcdc4871a221edaf5baa6e3dc5b482c81450ef3663ef94c37dbc084cb967359b566333479df89cdc17f4759044308
-
Filesize
8KB
MD5a811448c4c9256240041232ae82fcafb
SHA119def804a0f502866eca5aa6219a7e27fa201bae
SHA256e76721f38e5663f4fc3e27cc14f6bf2f046e6b90e626a00f789c44c91b5d9b9d
SHA5124e5ddf3282aac0e685a1362df879bc447db99eca70aa7ef433410df21421874e7410f18b8ded399ebc0140407fed2f75528236780ea68438218502af6158a38a
-
Filesize
56KB
MD56ec80610e45fb0145240e74399fb2108
SHA17630ae558b6b41999bd08a280823780ece06fb10
SHA25626580c1c92e141a7ca682ceb5dcbda760ec6bd59fca00033edeafe85a2062249
SHA512dd8b42662dab4e2bb87de00e3e13658c80b46904ddf472bfe8b39cf2cc2240ab8a86035fd0b522ffe7a0a571368651f85d88da2ed2a97c5e1860e530027101f0
-
Filesize
512B
MD5238b6d8930312dca5bc7c867952a6ca8
SHA108f3bdeab006f2e086e1dc8af683cef80b93d0d6
SHA25652bbd4729492259e35ffe552954e9b096a6d9b4102ed4948d46c1ed5b9c21093
SHA5128d9706d49f3fbe4de0a0bb49e2e35aa0c9a9c31ab7bb669605aee55039d48068e59de5bbb5afe764b796823dd7e01bdb4f8f8254fc1b1c18bf667285b701775a
-
Filesize
36KB
MD57c0b5c6d1120bf3635cb815eb5e29f28
SHA1cbb58092e164d3d098e750a608f3833f85a06476
SHA256f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b
SHA512151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36
-
Filesize
8KB
MD52163125ad993eb6c4de083c3cc84f339
SHA1f2d92d8dc6aefa6ea28b75c22301aa36b3f39ce2
SHA2563c3089decc5b8ea97a95d119ef138b4b6947d463e2006d17c682926b20626376
SHA512b7f7161daac46c488a151b2af82cd19f470839e2cd959919c2b03f9365a5ef3985f5a68e74c9a6a2cd2fdf8d4938618d7cfcfbdb3b3ff6cf550b388130fef769
-
Filesize
20KB
MD5d84bcbde4c76d6f0fd51af17845de222
SHA1d5fbdcb176bfb93e2a54137b5c8c2fdb2c3ba4c0
SHA256935c39b923fc689a641226f8aa7d928a2474dc9cc36d38bbab213bc72ed73b8a
SHA5121f500ad781de0d2a429377c5c5c24cfbebe0c6cab9606f7d5ae93a770396a1ab77b587b292d9a65cb7dc4c496ff471bdd45032851c01415d9f9f2cedb75880da
-
Filesize
512B
MD5abfb0c4bfe5b502021079afd8dfdbf7d
SHA1ad7f0e1f2aeae422a404bd11c7cdb4a15869f5f0
SHA256dbb9d0db8107e0447d4481951d7aa13d1806bdbd75e0ea35bac2e83ec0529071
SHA5121087925f1583d50cf2bc63111c1ae5aa073c9b88dfb984fb071b4c83334f994ecb9b18fbe17e625fc31c54ced1a78c675476d0358a44c7bc480cb8fa7c3bec67
-
Filesize
8KB
MD54a4b09be6e5f21d89f206f408f0b097a
SHA18acd2f4d6bd4bd1f96db9bfec07bff208397a692
SHA256d6228bca14e155cf71b3a2da53c889da3bb7418428352e6845c5a78c484cf086
SHA5129aea108485ceb7a3b1782eb51b84e9604942a1d2f063b08439e17c367bb9e75bfda92b0693660fd1798602ee53dda10b17d80eb45c802890de2e3e1e5ae81a4e
-
Filesize
8KB
MD5a20c157e167ee9bf2405167244adc11f
SHA146f8392e6718132437b768e3d9bbcd05d3449592
SHA2562112960fac08cd7ba130d927b31a1734f82026da7512a99e9119e0199e2dd109
SHA512eeec526e56bdfce0e8abd662452a0a446a1d04f6316036cc136644d8b286156ff71a8ef821f4e0098d3189594504175368932ad483daed4597d463f7f6e30dde
-
Filesize
8KB
MD5f755edf2599faf3be6059f95d8fba389
SHA16652a27f067fedf8df5b6aa1a96d12fc33977b28
SHA2561657fb73fdb6b29375ac4fb1f9a01d619c697f7e6ff9d4e92200c98f13cdd719
SHA512ad877d779cba2ec07cbd57d04027dfcfe154fe40b623f5835910632ea4026d14a29bd695a7cc6cd85b93212f1c47430921ee2bdd5bd6c898b006d7e0d7df577d
-
Filesize
1KB
MD562ba94749dc6cc9c67beda0304e35d32
SHA1b861d7f73eec763918a79cd09bb13633c19518a1
SHA256b82ceecd5c4ba42a44dcec7a8732018a3300afb382d2f251e949274100637644
SHA5127e39c4a029ec5bcc8c008297ad9a46e88c9335eda2d61ed98db8c75b5946613d0f1179ecdd1981d122cb6cd7f9b81e9e672c07820b21846bc54a9caf39ca1f9f
-
Filesize
162B
MD5071a06c2dd2b9d210fc1ade5be6526b5
SHA1fda9ffd3de911983c34dc030424702fe2e26625b
SHA2569e6d6682b0259f5be78d56ec9a56e96eeeec02d870f7eb64ed819ff1a3cd4f73
SHA5129ea81d75858adc6e0827310caf1873bebb0aae05dd6d3da7da3ab08f3f238d54527e676e5e7871346e692e5b6406570fff685403c9a9b2ba042ca1324f83ecd5
-
Filesize
57B
MD52f78dd6d1127be0442566eb6fb61f67e
SHA14e3ec0804ecf1f214d4806b48600612a722d7685
SHA2561585c4515a886c6840fb18c346177c53b9c07713f2dea97af73823cf5b5d14af
SHA51289d51afab5e3978043a84ca7a266be246bb172b321c986acac0bebb611b806f6fb206221efbe49a545e0736710d08022308df786f924eb8ce0b37ffdcd7fa852
-
Filesize
2KB
MD5849fbafb7750b000ae0198c4cfce4c5a
SHA1c5dc4ff227582ccfc76f1be7b9664713572111d3
SHA2560d38c20f7a324e4f78e05e12105193594d9fd211df1c834dd16304e02893794b
SHA5122d2a3ba251212b3b68282422b05b48231132a7eebd26bf084f7484ce0a35908b49dc28894ee1caf38729be5f13feace873696c5a0f8c3e725bb1bbbed43052f9
-
Filesize
433B
MD58b84090e58c768b5592fb96f2380f49a
SHA17af586f9b2586ce77af7e9795b5e825db47443e6
SHA25621d4ce8e9aeb5944bb3762c636bd37301b35996240f3b2ddfad727d323c90ac8
SHA512a2a9973124128ee855bfb748bcc3a3311081620cb974fc8c50ffb3372f8d65479f854ddd637d1686046b70704596eb4a2c1d054ce29f02ea9662518ceddaa508
-
Filesize
111B
MD5aac17818b985b5b3b3a0351cea5e17b4
SHA19529b12281488035538fef5c9a76418061aac31e
SHA256cdefca27acaa1da04c70b3b346d81f185c90b67d059a97e1df8a97de606c4e78
SHA51289ceb8a510edfe102a438fe824073b120adac4a51f2125892f368138cbbf2c51d2d56db9924a61dba827bd851a5bfec94cbb519aad82188cb4b85190849398e7
-
Filesize
213B
MD5641d2881455bf6ebb3db085a65eb32e0
SHA159678642a818edeaa874a492c0750e544a85e93d
SHA25604967bdf91b581d6ae263c7a30bd1ab9f077209729515fcd98491b9d53961498
SHA512179e91b86fd52ba45dcce793eb97ac8603444d95c8fc2ee78ab500e17b3754f37193099d901d0b79fc5a90dd2e7206e930e4c6e46edc02f2d24548cc8ed4cf0c
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5dab1fa35a105a22f59e42a6717aec85d
SHA13ccd16e561554cbd3eaf7ba7bef5630368e829c5
SHA25626b18c2ffa593a853c6e62268d3b4b6a7fa46bf8e9051f9005341abbd9929478
SHA512e87148d15f69a098811573d9b17aa234d00209766a8cf26bd042cdf2a84f0d98dff93010ebcf6b734cec43ae03cc68000f835b9165af6691e9c79a520d009236
-
Filesize
167B
MD5c2b008c14195e7cdef44d06e2e5d01d4
SHA10a3b12db9c7167db679e493b2102d4ce4ea92445
SHA256f4c0cac370abcd6c7ceb652d2532d86cefeec5e02d8e19cb3ac8ed722898acb2
SHA512098509f3a8da6c2899cd21c224fa082f80377a765920286ce203f49b02709245019c1ba66d8d2fbf9d22306e21024fe9d8af70c219cd4ff95e25d9f9d6c4cce6
-
Filesize
5KB
MD555c19da5968fa50bb70d5835210e264d
SHA15c1719ed6f1586f7f9cbac730ab6d56f0fa0498e
SHA25648841d2ae52e22a7dd564565c7cdba1dfb9cc44ccc7463437ec4d1abb33383b3
SHA512710b6d7e49c240ea675f7ff4be6df574616178b0215d69f3665f36338b2a5db5ef994b35446d3d11bd11ec3c82edd0fd7cf032e76132e1bb900c28ce63380e54
-
Filesize
1KB
MD54013f922d6e2b5127df7532c533abfa3
SHA1d2c113e1b1527a8525d50ac571499d2cfb04eb1e
SHA2568592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e
SHA51299103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/Android/data/com.android.okehomepartner/files/tnetlogs/inapp_20240603.log (deleted)
Filesize71KB
MD5462aaaef847372b9d191ce1609c0a4a4
SHA1892693c0bdb76b99e09c57819d1c32c39885ad27
SHA256b6a6292172ac022bc777f46e12d0bd6c0c6427db314a97683fab31ab8da72731
SHA512e5c89ad61ba9298f6258c92cba041e6dca0cf02eb4e8e3019aa0d87d1f01b011350174b814425dc2a9af1f3e2bcdde6bbbecaa88cc94fb2907e31ff80d984095