Analysis
-
max time kernel
116s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
03-06-2024 07:28
Static task
static1
Behavioral task
behavioral1
Sample
90f420f0982a0436672a5935cf588266_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
90f420f0982a0436672a5935cf588266_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
alipay_plugin.apk
Resource
android-x86-arm-20240514-en
General
-
Target
90f420f0982a0436672a5935cf588266_JaffaCakes118.apk
-
Size
11.6MB
-
MD5
90f420f0982a0436672a5935cf588266
-
SHA1
2d9adff69e003094a3384d832bdbd6a9cab0dc39
-
SHA256
e2aa1f9bbc9cf18287fddb4984050efcf966b2d2ed60bbdbb056926d134164a2
-
SHA512
07d3adda2f832bd659ab2a98498ccfcc3aded5daaef219bd3632d4f7c6f5ee034a3b040c9f8be49beb138ba0fb41fe98756d78fae5ec6d78fa6160a848843b45
-
SSDEEP
196608:FzHGi2HHDe6Mh+CoziPICBQG+0XfeaB07fnrQTnJ1m3ipJv5nh/jm0O:FTX2nyh1gie3iecjJ5jBnhG
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.gewaradescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.gewara -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.gewaradescription ioc process File opened for read /proc/cpuinfo com.gewara -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.gewaracom.gewara:moviemusicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gewara Framework service call android.app.IActivityManager.getRunningAppProcesses com.gewara:moviemusice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.gewaracom.gewara:moviemusicedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gewara Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gewara:moviemusice -
Acquires the wake lock 1 IoCs
Processes:
com.gewaradescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.gewara -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.gewaracom.gewara:moviemusicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gewara Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gewara:moviemusice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 36 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.gewaradescription ioc process Framework API call javax.crypto.Cipher.doFinal com.gewara
Processes
-
com.gewara1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4621
-
com.gewara:moviemusice1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4669
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD558c0a71f6c563afe27f045dd629e1591
SHA1f4d01dbf337278852cbdd3e2d74859e3b247fc6d
SHA2562bcc49a5888cff97319ab2cbe669f53652105114f52fb9fcfd7ea0d3ee5279fe
SHA512410dbf2a206fd9a9440f0ca5d5d82de8e83c58d6c939972f419acd2a5d86acd360d9fa526c00766ebbebf3511db7169d06de582b4dc51b8686d155dea82404c8
-
Filesize
96KB
MD5027fb700144ed03aec96a71bc2e9c34e
SHA115b9457a402979854743ca292ab114ac7aff2062
SHA256d1bafb211e60f1df5f2b4688efe84c543e5090422022c8b3b2e6029f7a8a6aeb
SHA512f6a221b68aec23ab65fe92049694829f8c425f80502610f4b50c0c7d950415fb19cd9d50f8ec7cb2cf730e80f1f0e9bbf448b0e95efad3b84fff9fa758c6ef51
-
Filesize
512B
MD51bcabec1c8c7f20faf8cc53401c09aac
SHA1ff2f02c77a83760266ddc182008ce5949e992858
SHA256ddfae148efd61b2772d1f00b1f5f5149fc74692f40d62ff5f1c1e6105c675bb6
SHA512a90fd1f3873d70b490dc218913d56334866557d4b2decf8f651c19238bc8f9cc43f9a00b11c90e3a1f03a3c1298a64473be32befc83827deaab74a2bc38868fe
-
Filesize
8KB
MD561f28e5302ff11ec655eefc9db496053
SHA1bc639d7dc1ee1bc4070c37bcea86b0247845ea48
SHA25649d2ed25fedbbe514bacb7e72c13923225e3c802898df03a014f46de800f868d
SHA5122d67aea912796057602fd09fddce558641a8003d9d4374e68a694af0826d43e6f32256625018634b5a6f054a133730a810d4641ee6724b52165e94fb11b1fe3d
-
Filesize
8KB
MD5cec9dc75ea019125fe8bfefc97711669
SHA1c61b6de8b3be0fff6af3b3c9505c64a6884ed7e3
SHA2568af1964250a1144a9b066288291d0ea031411c8d3ea297cdc246d5c8a2e798b5
SHA512aa7f283534e2ab08de05ed91ec51e59a7eb62e66721377f733113e29e734291b2f53c6b4159cda07272434f6933cd721c2d9ac023d8fd26ae1b7051e8290ba9a
-
Filesize
20KB
MD5d176b077a9de714a056194940473a251
SHA13ab5cf5024440c933ed19c7f10e048ac031514a3
SHA256c93d112030d1c9948b0bcc14db0e93c5a7ae00a1d7a19a1d3cfccdbc516c3e7b
SHA512877165bca824f8e07d1589199454588d055c5a676d3a5b4931a1c0bab685c723ae55a4da0b93b94e0c02029e76c8088947f228c0a770675cb65c2253e362ff79
-
Filesize
512B
MD55e13b1f68ecf3c35ab5076038ecb14e5
SHA107a273295daec20f4e7eed14ddf582ae48fe5552
SHA2566019a191c500fee3faa52caa58deba565f5f955b29d8acb37bacff63c9006e11
SHA5128e42a2849667d998b0b7b4ebd90eeedb31ad65c66aa958322f3d242d38a0a1aea4c315e526021ddfd5d3e34081af37aefd353ac8af7a332946457a9a301d6e66
-
Filesize
8KB
MD5d9401bd57276119d95ed1733f105cf57
SHA1f98d224f1183def679046f46928b4539bda6ca1b
SHA256230c4608c280d1b75f42a4ede359a39c72b04a73eccb2dd075a99383f32ad111
SHA51259dfb1cf072d826ac936de7e20d57551f1212a7907cfcd7f7967e4d06788c2c5bac45d3f59dd83914985b9eba61970576d05e3ff1998565c1412aec5b83311b3
-
Filesize
8KB
MD569e11a25cab5de2a2775d1b8077a3272
SHA1d914cebd561c995554455c325055743c9b282994
SHA256fcdea4b364f2d2ef56db8b837c5480c55475fda3772af2932f41550639a45a02
SHA51215e2d6a119e80e8c0575778caf473fd4d40e8208ed5d729dc0b5d969f6413f105294a070c2e60a32521a7d4d0ff815e7dd9647f673fee0e4c01856803efccb95
-
Filesize
660B
MD5112e433852f38b77843ce1af02f9b9e3
SHA16266511250dc3de4378b3680c80b5258de9e0efa
SHA2567c5887bdc3eeb06f8d2ac4688f48f1417cfc4195d02bb40d64147decfea7900e
SHA512eac084ae62f24ecae9b60043da2d98df37a2d6595ac61aaa6850a1c849349143f160e728fea696f51a0312b73713a70e912c0f3c64a8901cf9a8a9e24c326a5a
-
Filesize
148B
MD516258c842af711c3590376ff581f5f37
SHA1b828e79bf7ee70e35d518bc1760c15685a6143c5
SHA256385a9079d0ce5e7bf191a1186d5af0cc54ebd6aaa8712ccceddee64bf7f8846a
SHA512925162b7c4741bcdaf04076224201ce63297987e70f4ab29bc172e27ae2ccef668615a8655d1c8023d64ee66138e2b2c0719cba106351ff158042b0d6b140696
-
Filesize
369B
MD5e06f1f4a3c7b37166b39a70baf8fff2f
SHA19385e84f0ae11e1e5e1b6551bcff850e0452ef37
SHA2567b691841dbb273e52329bf8add31e4756cc342630e4b96456ddfcabf54cfc689
SHA512fe42769b3d4e6f307e8855c10456a29163657e3ca8bfc6a6afe4efd3c3ba8cc9108e0739b774766641071db0bf2a0045c71a1acc5ff37c263235e14e5bb1d8be
-
Filesize
468B
MD5d8df1287309df1de5bff2f6d4800f4ad
SHA1a5fcec2e6e535e1305d0675868d5e174dd747e2b
SHA25655741b58494ebae30dbcfdf0c5f36714e8570b9fe9e7ca58c1b8295ebdcab528
SHA512e3dcb99d479bf3432d21460ad19c1c349284f276b211e82d904dca76c2b6b522b02c78b8546baab0c2a4509b39ac6d6023d648f5640bb25908bc553250ad74af
-
Filesize
107B
MD5893bb9930a6efdd3211826f4114b5a29
SHA157b8895adcc3bbfec87268d5f004cdaa6caee8cd
SHA25645e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21
SHA51278f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010