Analysis
-
max time kernel
178s -
max time network
190s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 15:19
Static task
static1
Behavioral task
behavioral1
Sample
987b9a74ebb1c1c7c4a63d1783edd345_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
yayavoice_for_assets.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral3
Sample
yayavoice_for_assets.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral4
Sample
yayavoice_for_assets.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
987b9a74ebb1c1c7c4a63d1783edd345_JaffaCakes118.apk
-
Size
14.9MB
-
MD5
987b9a74ebb1c1c7c4a63d1783edd345
-
SHA1
0b54e19a109a8929d84c79257e81565813e1588f
-
SHA256
fcd9e1fe740e58df6f733687ad6aef5e8ab8d8caab48717b1c8f018df4730765
-
SHA512
f01f6ee85fe1222979aaebc6d023c54a38be79d1225487c0213d97275565b562dad252759ab075d15c560b248e494c0ea5f68bb3d757ed80873a21dd9fbafd2d
-
SSDEEP
393216:4j2KJjKwmMnMs0XJH/kJZdV4YehgzyUNw8wzaZW88QeE:O2KJ+wmMMs0XJf4VneqOFza488TE
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wufan.test20183063884216 Framework service call android.app.IActivityManager.getRunningAppProcesses com.wufan.test20183063884216:lebian.base -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 25 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wufan.test20183063884216:lebian.base Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wufan.test20183063884216 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wufan.test20183063884216 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.wufan.test20183063884216 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.wufan.test20183063884216 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.wufan.test20183063884216
Processes
-
com.wufan.test201830638842161⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4291 -
cat /sys/class/net/wlan0/address2⤵PID:4428
-
-
cat /sys/class/net/wlan0/address2⤵PID:4469
-
-
cat /sys/class/net/wlan0/address2⤵PID:4494
-
-
cat /sys/class/net/wlan0/address2⤵PID:4550
-
-
cat /sys/class/net/wlan0/address2⤵PID:4569
-
-
cat /sys/class/net/wlan0/address2⤵PID:4591
-
-
cat /sys/class/net/wlan0/address2⤵PID:4606
-
-
cat /sys/class/net/wlan0/address2⤵PID:4631
-
-
com.wufan.test20183063884216:lebian.base1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4321
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD57d2f8178de23e0571b05c1f5f2f53754
SHA1de82c13a76dd2146e53ceca056b77a89213e065a
SHA256c4563a1c8217ed13e5d6a7c887e61baed9498ce1b3b4742ba8b0580ff050238b
SHA5123338ff9890cb989fef720c3401a8e1769abee3cfb4decea85c1b4e1f8dc73df540e65dc6f80fb279aa32d47554943066bcd91941673b68d1d9ff4ca77ebc1b4a
-
Filesize
112KB
MD54de1750dfcb300c55fdf4c805131c20a
SHA15dc988700c7c196bbb676d7d961f47a5405d0626
SHA256f2bb909fe5d26566f0ae91cdba297daafa751cc6e7fe49828c5decda5ae01826
SHA5128bcd20ded34d4fd977237deaab60fcea906d30092cdf6e6a4580578780f86be408f425a8fb9d5b44e27f933b8d6d7d41e15d081e4268ad2674af3bcb79469f55
-
Filesize
260KB
MD5f19ad37702199ffbe9ea075d2e1f4418
SHA1bdb621263c6319b387602e9f758832f02d7e49b2
SHA256456d1dd37a67a3ec9c9373078b4a05a50dc0efff725da5ea9c8e24ff9cc0ee80
SHA512ecc51c5b72c235899de2a3e3648b5c5de8c6c4ee78a9214c938a2a60baca39b8f8256f53a975a10208abecfc6b37454f2eddacbe1389f1e7d4328ca31877e8c8
-
Filesize
512B
MD557727ec46fa1b20e42122b5a861121c5
SHA176deb7fc115920d7d892dad7656e5dd255aba567
SHA25605074c78eac015bc7f38c3db4ec40c919e9e496ffade74be619ca20ff9e0e1b5
SHA512dce40dfccd1c6cd48fda61fe771f6cb6b018e70a4d71815a1f0b2fed7fa1c17e2d2d3505564416d19144ef168970571bdd8609926072ad73783f1c68a897074e
-
Filesize
402KB
MD51638e89095417639e6d7afc007658eff
SHA17273db2687157314913e312d322f0453736b07e2
SHA2568c58ef4158201d0738e503b7a46d44b0a4cc8fd6157a14b49a869704259f9bab
SHA51254550ff9c362f486800cd1dd8d0bc0c97a667606a1a52e6f2e31e3036160dca303a8571c00b0f37fc49ca8df0181e42518dbc5529fbfacbc4c165ff5b2ad3dde
-
Filesize
28KB
MD53166f8cb52c45a1332ea41d6ab94e5b8
SHA1aff7dee287f4d4e5fa0e6ca55773b3ac6bdde4c5
SHA2563f636427d297bf7be079eda728e3f8a6c878f3c3073497a0b7d82c27ea25cbf6
SHA512ed076f9b955646d38ab405933593d598bb71a3c31b3f4fc2ed6838510ca980d99be457f9a9d433404c18d285f5f305734815312abcf26aa10fdbb5daffceb00c
-
Filesize
512B
MD55e26bd4b765516bc62e3c79ea2a5481e
SHA117873185e5d939c42d4a8929cd254334225afac1
SHA25631bf31fdad335b7fdae0b5aba6e9c04c7ba19ab22b7c4513d2967f98fdc9a81d
SHA512d97cca2030e403762ff7eddac8e3cdea28ce4a9f753f78211869cd0fcf722be2f2d0a1bbd013c0d4c1840c440468f3a0a3dfef9e0b1d86bd6242e9408b205707
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD59d9ca82cefe64ab29b6fd8dc89ef96fb
SHA1bada02213fe3b1101c1c7264aca5059f87e3f7aa
SHA256147b85efdeaebb70e9335415e49771f9a05378bef4388ee6e51b9f8af86b1b1c
SHA512b0b37589e50ebb9c5383b70eec20c3c2ee3f2b4280b9c911b785fe2a45b783778c6eb4a9644bf5400bb5a4eb819fb1be0ed8cf38011175926519e57b9f9f4f8c
-
Filesize
675B
MD5e9143ed09bce3317460077dbe8e14867
SHA114b74276dccc4963eda38bbf68c79255a933a56f
SHA256681ebeadafc5e07e99923807e0c45c0f4a7facb431ee12957a3db811f93ff812
SHA512ac5491a797e54c3badc86f2e1ebd1e116a4aea47278d5b4771cdc3f0034951f3268fa1bab0b8776e46cd1407677541310665c6b317f472f432e28c312c1502c6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
40B
MD50893c2281cdd5524505717f5b1433e00
SHA13ac7944efc9aedbe2a29850138cf68c5d63ef0be
SHA256cbc83598fb00ebd5eef1234a828ec5ea6ff13919376205bd345ad818280af0dd
SHA512d4a8aae5ec2fcb685158479f5fabc1c5e906d270ed5f00308e0f314a6a6fe7feb7e08866d8921e1dbcf890a063e4239ba8cfa8aad2d3437deb5945f5a03d640f
-
Filesize
64B
MD519cc3c1dd1e5abdf0fff5687e63dd024
SHA139f9bed7eaa70c1a4c13ab06a3fb3604b7d92e9e
SHA2568d710e3ff4ae66c8a2a8dd20d59b79377c409701953c58cba66724b214886bfc
SHA512306112885c64692476cac532ca47d0179b6ac0f153d7fc3ffc7665fc11a7e4ed7bfb1beeee755313c49cb43c9af60542753eab53ee39b105165812c5569da0d1
-
Filesize
310B
MD5614400ded8f685b92cb7b13398fea439
SHA18df3ff57b604c1938822dd84e042104109771e81
SHA2568ead907cd205757f8bd768e031618d485d1ab43be0e6ee33beb8eeed1df285fa
SHA5123fd4494a1f537d8d6fee7937cb671da7f968bfc7e6675e91a10606aeac17754f443c1281ef50ca2464bdabdabc54f013b4e1aeb5384f7b8f265eb9c368defcc5
-
Filesize
36B
MD5c0a94a8f07c7ceae1dc98ebdf53e7c90
SHA14e3c7d0b57cadf465906c8d8895c953488d22cd5
SHA256e18b41a53760e45a9dcc691e2dfb770cf98badfb20c9423489cec275052d9db7
SHA5125276f79bb3d16caebc970b014ab5a8af8d73313385de9a7f5f473ef38364f2e14d682d81fd8421182523f09cf0ac90f335e18cd28444a9cfec29e0f807b456a6
-
Filesize
6B
MD5c7c8d45e0fc1a2ac188f9b0a62f1a797
SHA1ffe2c07fa6f7f6b99e9be07d89c766dc029b846b
SHA25691bf44d0a10bdb192c372abd8362e5089b7da61c9dbb2dffc0d936b0f33b5caf
SHA5126abc5570f847c76a8f091301c26679321be9e27ea4fd07d067227937b3ee7d1a4c6e0020e4bffa769ea0d9355604e390ca29d2c998c2ca49a9341cec57a54755
-
Filesize
64B
MD5d62b25791b9f8972176645601373ffbf
SHA103bb840c1867ffda55c486a53fc36a9ad95ef4fc
SHA2562050f5a0e4bce2cc95fedb74e8438f87814131057ba93f8b5e175be144bd5ae9
SHA51221de1d2fced190df5709a7444cc2300c850537aa91a26a2ddb6d87fe59321f54e1b96e616ad1462f41a1d73db837beaa36333bcd6b7e2be29dd25c261e29c112
-
Filesize
66B
MD519402718bfb1c685a726b4e1d846ad98
SHA102a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA51225254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b
-
Filesize
26B
MD5840eaa01e5d03fffee257ed5ce4fba9e
SHA1886bd732b29f6dbdd94b890a2b203c5a276ae773
SHA2567648e772307acf936c331c4ea9d92872b1af6367cbf83f33f569ac204df65595
SHA512b0a4f9238c4b60bec0cca9c72e551a702a95210a735bd8176c1d5ba741e264d2f1e885d65ed07a88086afd74f69c5e02a92db8068b222a62c6f56762a26b7d4d
-
Filesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c
-
Filesize
613B
MD5d7169fd90624dabf58efd145a4669768
SHA11df041f4bbd8fca00002dc112243246bc850d38a
SHA256b6404a5781e12bfdc9d691562247e14f51015ec2e7a7a0eb1511660643dc1979
SHA512d7366ae23944473c15383f02d848d73d8f44a4920c6c79ca2497c68610c79b45fc9364f0dd0cde69ec74c01319cb8e1aa47ae7d3821655505d958e3e85e2f0c6
-
Filesize
32B
MD5ee6220ff537d6952ec496d32f27270d2
SHA1c1b54295002c2d103c1c5320b5c31308b8fac846
SHA2567e61c5c1af591b9b8a934d90b2611958955700bca4b5354d5eccedd9eb3d8b5c
SHA5129046f9b0390b57aa41cc5b08795bdaf083c460471770ac6af7446f2556a8c0246050f13835785dd08ec110569340fb21c5965f8ddeb272b0af13b9a5195e57fe