Analysis
-
max time kernel
137s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 15:44
Static task
static1
Behavioral task
behavioral1
Sample
9888cc8aa1b49d30e608427d4d445e4f_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
9888cc8aa1b49d30e608427d4d445e4f_JaffaCakes118.apk
-
Size
10.6MB
-
MD5
9888cc8aa1b49d30e608427d4d445e4f
-
SHA1
e55f3e7981f280cdd2f317149b5da837860e53de
-
SHA256
d7fe6e93853f841d6782b75903204d66507a781d5f19ebe1735447bc056bb0d4
-
SHA512
42084157ad5ed2cb7b8c7714b5fe3b6028761425dd1ec9ef4826b77876bae80a3cc6161af3fcfc86070f1975d11243ca7e7cf43be8f4dc5f48ac2e1d2a85d8a4
-
SSDEEP
196608:X8okYTIWCPtmImc8AbI9KGTlScrSz12lcGEiZkYuRrXaZIjt2LuT/yg:X84TCl/8+TG8ccW0iz8reDuT/9
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanshu.info.xinfanioew Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanshu.info.xinfanioew:ESS_RM Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanshu.info.xinfanioew:ESS_RS -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 5 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanshu.info.xinfanioew:ESS_RS Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanshu.info.xinfanioew Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanshu.info.xinfanioew:ESS_RM -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fanshu.info.xinfanioew:ESS_RM Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fanshu.info.xinfanioew:ESS_RS Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fanshu.info.xinfanioew -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.fanshu.info.xinfanioew Framework service call android.app.IActivityManager.registerReceiver com.fanshu.info.xinfanioew:ESS_RM Framework service call android.app.IActivityManager.registerReceiver com.fanshu.info.xinfanioew:ESS_RS -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fanshu.info.xinfanioew -
Checks CPU information 2 TTPs 3 IoCs
description ioc Process File opened for read /proc/cpuinfo com.fanshu.info.xinfanioew File opened for read /proc/cpuinfo com.fanshu.info.xinfanioew:ESS_RM File opened for read /proc/cpuinfo com.fanshu.info.xinfanioew:ESS_RS
Processes
-
com.fanshu.info.xinfanioew1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4219
-
com.fanshu.info.xinfanioew:ESS_RM1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4254
-
com.fanshu.info.xinfanioew:ESS_RS1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4276
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
655B
MD576bd0dbea8205a80c8be89f34fd98cb4
SHA191b708c5f278bf9479f71b0d9891d3463e116b45
SHA2562fa942084b68eadaff5e327d8547d6e4729f62fe17ea23dc3e9a4d5db0dca8ca
SHA512b50248b805bb5d1e7aee88a8be201b18be44846fe4fc9bee640233ccd90e8297c1e8419a84258a011bff9ffcbbd41b414f7f4710e1e28b0bc77eb3253c2d3072
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
40KB
MD5b92ae992976e6f3ce1d57977d64b6884
SHA1881c3468ddedaca2bbc0c1e391929b2622a9b778
SHA256da308751f96f26e7f0b6d5a73d6f2f489fa4818a6a7ab93df3ac8015ec2fb6e9
SHA5122812075d033d4289d017cff80b80663f1c1662a7b30731777606045caa72b9b5fbc527ec3059d8b78d7ac5077e05dc09f959baa0fd965313fb9d9b4a1ebe395b
-
Filesize
584B
MD52ed26b72bd0a423b82558a7dec879cc1
SHA119c2667f2869c668abc177bec563b3068a8e7f45
SHA25680b7f7d205981654a1d22823e0f3f2c57c9a0ef4c793db7477b19896fe27f492
SHA512c20590f0fa6ecb8aa4293c9620bc716b43d352a317751fbbc6073afc3b7823dc3e2c82a0b781c702d43d782df7eb57f9b5cb6cdef113b1c95f4e33bf4e3b6791
-
Filesize
162B
MD58c372f6890c15f660c96c87f74f17222
SHA19fc87529f1b9a0f69435025e4d092e014ccb141f
SHA256a01dcec2c3168377f67b4e565e6d2e52a7cd7ef5b406784a166027ff043f4234
SHA5121de39d3e252cb20b979362b6267780c252dd739fd9b6da93b012b9cc9a5c74459099e3e762b4e243c48050e5e0ae237e84b1dadf909582a2324d9654c26ff148
-
Filesize
653B
MD587a8a6782d6dd09b3319c3eb0504b9c3
SHA1ed5db09843ca052c8943793e573ce272bcfc7b59
SHA256884769e1492cfb386090dc6142370b2101a42f8dbac46a16ed11c3e677aa6def
SHA512c74bca3708d2b29cae48e2dd5cacfc49351657ee2f65f72325f6e760028d78bac4904c720d6d0330d25c8cd5f6817d9f2e4176b71fb587b889e04945d219dafb
-
Filesize
310B
MD54e604e4386edca23635f59393857a616
SHA12a0e1e5a749360f224041fde624da568559a4f2d
SHA2568dcf0276c6c24e792d3d7c77a30289a2b4433d6288574018b62fac62ff15ab2a
SHA512a1543356965a24f5e9e1430e5b65d87b3f16d2acf3fc05c324f88c46b572c73f861ec9d107155a3c5110917fdb1d1e796838d7c7c63fa98243a172e7ad603df1
-
Filesize
111B
MD50b3a1986785e8fd832d63a01d3c0f06c
SHA11d3e080cb3c43162f6455d2fba1ffddf644fae38
SHA256018de538577367fa058784f7cff2a93abe033e455a663c133490878ea66eb10d
SHA512b38d78a35caded6898587ab5062e65da69b8edd9095eab8757cfa173bff746b818e5344c5b8fffb1f91aae32c8d31d04f3b51c7b5dbe858b7335f02ac4832a6b
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD528c423efd2e47772f8d532b5405f64d1
SHA1b8cdb0a506e27d22da7412744a0fc61610f56da6
SHA25630bfea8380d305bcc562d6585ab1936f10c95e57991596f5b10d6e15608df541
SHA512fc128aa022f4a16b71c5a36609d18595aba97c945a751ec5a03efbf7fe5deda82dbf01356d2944413505ff0c66ff92dc2a1695b001f4c1a383ba9319e3594930
-
Filesize
381B
MD577eb16c881d1ae79702073f569feabd2
SHA18275897e3a84bfc1ddef521bbfc52efb3ee021f8
SHA256cc333d0d5aaaf461088e68610dbf6589573925cbbda18c83b635f04bad1e31cc
SHA512a08d43d93e969194cff75868811699b7bffeb7d8644b281a4999667d9f5135557f158077617d24e222c7cd6517f6ce35db33b1d83f1da233f948b21e5dbf3493
-
Filesize
16B
MD5366e8ab79a6ef9add751ab61cc943362
SHA1e1963629c1440fef95fe5fa9ee7707e3e7b6b732
SHA2562c421b01b77802ff02f990d5ce05b4a28b18290f4bc87c553803bb2fb8bb92a8
SHA512b70246e253a9c3a99a5be449d7adacdd83d9385d7688d875b6d94818389a8c94a159e61c2aed9cd9864039691095b11572a8b073658e47d6e65224022bfebe26
-
Filesize
3KB
MD51708aa5b8f265a4de86a37f615c667e2
SHA15cfd822dd287a876fe3fe8b80b5ef0fad85d455f
SHA25691914102b942e0892868197fbf5a2ecea83b385b4eab2ec0c18ca3ee44078b09
SHA51245bdb4390624a97a57fdac82ae9425d3f21bcf799f0637f317751dfdc7d73c80625e507add9a8628f369eee86f076b6a40121ba6382480a11576e540c8cee316