Analysis
-
max time kernel
137s -
max time network
170s -
platform
android_x64 -
resource
android-33-x64-arm64-20240603-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240603-enlocale:en-usos:android-13-x64system -
submitted
05-06-2024 15:44
Static task
static1
Behavioral task
behavioral1
Sample
9888cc8aa1b49d30e608427d4d445e4f_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
9888cc8aa1b49d30e608427d4d445e4f_JaffaCakes118.apk
-
Size
10.6MB
-
MD5
9888cc8aa1b49d30e608427d4d445e4f
-
SHA1
e55f3e7981f280cdd2f317149b5da837860e53de
-
SHA256
d7fe6e93853f841d6782b75903204d66507a781d5f19ebe1735447bc056bb0d4
-
SHA512
42084157ad5ed2cb7b8c7714b5fe3b6028761425dd1ec9ef4826b77876bae80a3cc6161af3fcfc86070f1975d11243ca7e7cf43be8f4dc5f48ac2e1d2a85d8a4
-
SSDEEP
196608:X8okYTIWCPtmImc8AbI9KGTlScrSz12lcGEiZkYuRrXaZIjt2LuT/yg:X84TCl/8+TG8ccW0iz8reDuT/9
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanshu.info.xinfanioew Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanshu.info.xinfanioew:ESS_RS Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanshu.info.xinfanioew:ESS_RM -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 10 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanshu.info.xinfanioew Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanshu.info.xinfanioew:ESS_RS Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanshu.info.xinfanioew:ESS_RM -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fanshu.info.xinfanioew -
Checks CPU information 2 TTPs 3 IoCs
description ioc Process File opened for read /proc/cpuinfo com.fanshu.info.xinfanioew File opened for read /proc/cpuinfo com.fanshu.info.xinfanioew:ESS_RS File opened for read /proc/cpuinfo com.fanshu.info.xinfanioew:ESS_RM
Processes
-
com.fanshu.info.xinfanioew1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4241
-
com.fanshu.info.xinfanioew:ESS_RM1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Checks CPU information
PID:4296
-
com.fanshu.info.xinfanioew:ESS_RS1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Checks CPU information
PID:4322
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5d9b41a7a9910678760cc526a3a7d4a38
SHA17c9c4e69c2dbf701cf7f83393e52e97066a4ffbf
SHA2565ff0ffbbd6d3f7183082c6c8d575d1753ba6bf81196fc3b952108ed87b851c0e
SHA51248a061dced72de8d3688ef320e54a08e993a8ce9321a06c466e46dfb551cd5ab665970a533433da750cb989b647e3b8fda45e9fdd0d85ed1857565135161dfdc
-
Filesize
8KB
MD533fe8c3e25ff51c473f016bef8b660a0
SHA1f35dda5cd5dcb06c20071f617f58c27b563b568b
SHA2569413a3236afe35e28d88c10a240f55795f589bc015897b8f0005eee532051358
SHA5126b19da07fcdb7f097b57ecb8b207ad9aa4642b8d089f4033a7f0866157f43986570f5c578e42d6a749389f7c165d4c0079590dc1d3a4f184b77638a6215a1fba
-
Filesize
512B
MD5c6cec9a3786701a5f893803d5133a6b9
SHA1cafa00a989bf54ef88bb58da72f059a7610bf134
SHA25679d87952faf217f4b424e6495fd4b62ac7aed8b5acb5221c41ce86e9b72e2afc
SHA512bbae504becf54c9955239a388986ebbef4bceef83e83db42f283e380096d659c83b228ae0100fcc30351d5dc93d1b0ae1f5ffd95b876633c45e2a42f7f7f2726
-
Filesize
8KB
MD5c2414f0bf4f4ee2ea5365cb074cd11c3
SHA16f2ab83b1d88c56b1b4fbf6ecaa05e293f0dfb98
SHA2561a1299fb4d4e0629ba543ab5e9aa2d13f628f0e9ddf6f2154197c8c018989269
SHA5126b57bed4155dcdd2ba1e9aeaf80fc156bc57781cb1e5be1366f46dbfacca0465a6f6fe25527d2c3a40a3734390854d13efaa0aac4611bd7b268b7c3601f67b36
-
Filesize
556B
MD58c9d0a6f36680b7cf5a0c19d6845d69b
SHA150d0d33f0c82b3ed50bd365a56830934440d19c7
SHA256cac6dc90be9f8e8fcc7457e3a1458f4fa03f4de3a0b14c3ed2fb0f337fe03f67
SHA5126708be87ca6f9b89320c23c77b39e42ed2d2a12deb4842b42d638f34f652ef4f51cb7bfa9037a491026513b095ffd15fa5f6c95e7bd550774c37a65377ac27ad
-
Filesize
162B
MD5be285c6d20c21c92e89c65901f155231
SHA155811ec02b22185da0f672fe3d5519b10182170f
SHA25688a10f4826565673dce4f150877fc981e02299c87e4a8e28070dd545d92fcc5e
SHA512656741e6b4f8ab092d07b1261acbfd0fe74f4701dc703ef34782595c6630b7d7182cce64ad86dadd99cb48db57b23b18b0ccbf2c35c7ebfed28a9519fd2fdd7b
-
Filesize
838B
MD5a5f86b9272e480d312fedbd33dabd0f3
SHA1499cc678228534d206a94bc417933121e3c2451b
SHA2561750e9ac378c6fd0b5e821774ea66620e30cffbc469d53b15f01bdbeb173c629
SHA512c9205d5594c3a213ef4164c711d3db37b75a84c178ef4f5e52283701ae6930a8668b82fb4bf17f99219dfe1c34900e6821e836938eed63f659c197524a35c6e8
-
Filesize
112B
MD5872da7256d7874e985088f598c3fa822
SHA152bd8d89c6bb8d1c824f3fc6160c67b6977cfb9e
SHA2563a9211c61885aebfc97fc31f6803100945302c038939b5574e7f177e1a7bee29
SHA5121a30fd3b083c7ffb52298af055fa8512a15a3313c1d0a4f52d9be4e7afad6920f50bcf721217943f722066bd87c3e2db2c997ab97aaffadadfd8671a5b920793
-
Filesize
629B
MD5d9cc3abde63578f9267df4e7fd0748bc
SHA1ebb74503728e2afa3f58fbbd7ae4d19371f5496d
SHA256c82baa326d055ff7d3edeaf7130cd06b41f257c902237672f3400028ba90ad72
SHA51272d41ddde3ed8668873168bbb8d7beac6b119fcb01b1b379eba8b48f5596db3c60ed6808f902bb9fc04d1078a84cd453019b3b016d2baac3ef8de954a5e2a934
-
Filesize
111B
MD5283c3587cf8000fad26fda92f4a5ebb7
SHA1b97d5d7feef06c56fd83f6f26579b35cad3f4038
SHA256a30be8133d41cb28ff69ddd473e84dabd3f5e94acdcfb0c1b414317249192e9e
SHA5125a3b6b8380136a66cb52ec97dc16fbff1eb4dc9ba434735b161b91d0d1617f75bdb5acecf3dfea4a613653c11321ff03f8d424338974d715ed87880b8cef7afd
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD591f33d80332c344b04e5e352d42b1845
SHA1adf2efdf520304eb09f58036dc7bbf5460dd8d57
SHA2568bf2cf1b5cb905bc52cc743cecac33b0daa5e578338bf8878fe7c5cf343b74de
SHA5128f050ff7214ff72805969ae07ca2218cd396a7c4b1449912e396b8300517fef60a4ee217845b107538cf3fee214e2b3d4fc2efacda728b994446b6c1447ace50
-
Filesize
408B
MD55b840323fc93b14df8b883995c632060
SHA16d0c03d640dad9bd2c0a6d5c6521c4c91c04938a
SHA25690eea6002a73c9b7c24eeba21e211a4318d09352d62a3067ce37cc4c9f857550
SHA5127e13b700910db7185665cd4cb35a4c78cc36e6d7d7463831fa8fa8d65e429d52b1219df23f3d3d810f5c99067846de31d01feed43e8922e43298b5cfc11e3a1f
-
Filesize
16B
MD5366e8ab79a6ef9add751ab61cc943362
SHA1e1963629c1440fef95fe5fa9ee7707e3e7b6b732
SHA2562c421b01b77802ff02f990d5ce05b4a28b18290f4bc87c553803bb2fb8bb92a8
SHA512b70246e253a9c3a99a5be449d7adacdd83d9385d7688d875b6d94818389a8c94a159e61c2aed9cd9864039691095b11572a8b073658e47d6e65224022bfebe26
-
Filesize
3KB
MD5fbbdf893d5bc7b433e7e1f02b405aa4a
SHA10b56e3ecb76d12a300413dad747bdc38364cb024
SHA25607ed12889ea5dbcf3522858a94fafd8f13623252af2a20c1630aba52956fb824
SHA512d8be38bf6da1c7b7e5c8e78db2c43b95167a6ec44ff13de2c14a4508bfea63b5495ca8f02fffe604c826edbcc4e2b0029dc4d7f9ed18ec973210d08295347033