Analysis
-
max time kernel
170s -
max time network
174s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
10-06-2024 13:13
Static task
static1
Behavioral task
behavioral1
Sample
9ac70d71273f95d9432e4fdd5e905b47_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
9ac70d71273f95d9432e4fdd5e905b47_JaffaCakes118.apk
-
Size
13.1MB
-
MD5
9ac70d71273f95d9432e4fdd5e905b47
-
SHA1
1ea26edf1089a3f9155afb241ac7f51258e48797
-
SHA256
05af1c6f0ae98d4c4d3dc613efdc72f3573cef3d8a18217c21053642d396eb02
-
SHA512
a0e7e289f293462d0344b41f59c21be7d9103cef6c3a1378f1d233e7354c968fd058fe7124085620708a0884dc1bc99d800f6c4c57c1803c2ac33af0d49811e6
-
SSDEEP
393216:w7BEA9BBy2oysO035fcsmC3iL5QJzi7oBH/:YCYXoyiAAi2iuH/
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 2 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock cn.ledongli.ldl Framework service call android.os.IPowerManager.acquireWakeLock cn.ledongli.ldl:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 8 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.ledongli.ldl Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.ledongli.ldl:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.ledongli.ldl -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener cn.ledongli.ldl -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver cn.ledongli.ldl:pushservice Framework service call android.app.IActivityManager.registerReceiver cn.ledongli.ldl -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo cn.ledongli.ldl
Processes
-
cn.ledongli.ldl1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4282
-
cn.ledongli.ldl:pushservice1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4317
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5212aad557916d0042f981fc83f14cf98
SHA1c031dfead9a60785d4b16161b3cc4f0bb695f713
SHA256983fa0fe4b57c17577b4665e31a89a94af09b23875c2d84783643fe2d6598813
SHA512466cf07ac3cef2c0a1aedfbf965edfe1676bd9cc19d93b1ad820e60fe932ec2aeff7a69116fa06315dde424a758229f27a0234321616918ab58db780030bcf03
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
92KB
MD507aef6b1442f508c38acb1d4c04093bb
SHA1226f1f7cc8cab1480f152194a4707bf5e496fd20
SHA2569794d589058501bd0fd3285c1d55d587ebb4cbc9f93c4ca180bb3f163dfcc90d
SHA5122a33742182f2c687c224fdac37731e2858fa7beb5727a9bfb3ddd96748641c1a6150b6176aa881e68e016c2719a5ab1909f11450a9240b60b5c47b906d89dfb2
-
Filesize
599B
MD5ae9b1152ea05a7d5db9e6debeb701254
SHA170262fd677ba993b82870471c7ba5d96e1bc668b
SHA2567ea57a8367789faeef7a8d2041b0178f9467b5e71342722c9133d9c6da73cfab
SHA512d55713f4149391761ce6c5a5d0f2e81161dd40cf250bc87c2181f4f2e3de6a4531a074123a09838be4d3770383a22bbcc7dd7e144e84ae3d20a15dfda83e8751
-
Filesize
53B
MD5f0e9337855f020a9d5697ae1e225d72d
SHA1364d5d3936ad76d77cd809be282ae9dfbd0300d0
SHA256a04d54be44ad31ac4d360ae5bcb2fe099cab4f0e234c716f9f7aa4ae20ca1a83
SHA5125002db848fa0c336492e78aaeb7d4ba8d9c390b819f009a44f3e9cd023f44f96368ffb5b71f57d00bb2aa2b991175f95a869ff2b18652d01368af5dee9ae12dd
-
Filesize
53B
MD5d5375bfe4525ec039b992eff2e563465
SHA1818cf51b1861906c8a4183ad6d593af37c672338
SHA2564a7a0c732e58a77b586cff9242b33a5375ea1dedb93c330b53b325aada780e9e
SHA51262d247cc72a731342e59683c0707d00177b4ec37b91d6e5d9f7ad6f480c651ac6e16fc28342bc48237d050490a02c13e4bec65bf102f183245628953d10bf7ea
-
Filesize
53B
MD5f18dbf593ffdd96518e1f9aa1a380402
SHA144e97e01c84da867c39dca340b901e5a38691fa1
SHA25620e70ceef6a1d0306ba49acf94887658fa1b7a5369e65d087e2a781475070c39
SHA5128fc3f50a6ee59a6e8de3eac0beee28095e1a264f1a0f7d1d25a67ec6f959b9f8524c1ab69398a290f83f609b064071cbb4d7982409a630c07edd41e7edf95ddd
-
Filesize
53B
MD57a190fd60bc600dac258d4d81b5a6663
SHA1fa0cd013ff621a5a81297628954a0156a00eaf4a
SHA256d26c69a748a4166e317da898824b8077e18f0fbb4658ac8f4969860c5c0da2a5
SHA512cc4ccb22bc686b0808991a96866e202064956df156058fe86952eeb44c06ee08bbaef6fd8fe00917d335166b0156171ce8fca1fc8e86573774e0a5715322414a
-
Filesize
53B
MD531c6f37e368f322b9d873678066a3f81
SHA10825ce33f86b40f6ca0c7777cd4cf2c5cc84dfa1
SHA2563a81661a5ce1c53ccad05cb267abfdc63c330e36148af837c6942644d64b3c91
SHA512386ab902411bcfc36185e12a1d39ed0ef67237935b1cc36aec92e5451ff5a034b7438bfe3c6a0936c217154da993c8a961ee5e2a641d21a7a6f0ac4b2657acd9
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
53B
MD5bad40f5da318051285621b2f1217e401
SHA1046d22142d513db5f7a564a282912a1ebd207bc7
SHA2566fd6a98ed8b98cd936d0198229a252a0ec9c7e5e3e94fb344a8a53192859c9c0
SHA512893d7ec2311e1bdf07d02a1eda919f02bc62a5625b84addfd4efb8bd01cabcf3a6208957b5eb030e83b68d39c2d066f2a8eafc7efad1f95d8ae92086425a3d83
-
Filesize
53B
MD53ce1ad3c1b8829a886fa989dd3cc9e98
SHA1d9aabf162ac77c5d7999228f9fe2e3e07e417e40
SHA256fd87d29fffe0c81ddf07394c99472e07922613139e7d44c3f48d05e2957725f7
SHA5120cec0b9606984a418b2d886cd3350b89971b2223c34e2199f69a0bd432f380703be10b2918ee161e643ee1e4e3b0cc0dbb5d17e49116eb8dfa68bd2af89c04d5
-
Filesize
53B
MD52942d6531d710e9e2173feb8c3e4fa44
SHA175fa216fc95750af379f1944c866916588fc19fe
SHA256305962fd1ee8e0627313dc6761229db196827929c39d8275ed72bec09530004e
SHA512bc647f8db30fa0d1ac2ccb469493a14d740d73c552c9ecc0410487e24a7bad0ee5b12af209aa3c211946c68f40df96c2513c8c4100be0110304bb9655a48792e
-
Filesize
53B
MD58714539f0459b916e41a74ac9251285c
SHA120dc15f0ba3ab4c3363347ac491aa086cb9976e0
SHA2564b15cdc06f17b270c53588df786e1e716b3cd9715e2923b136e593af764c1adf
SHA512523da1756edc2a7d0116c80fbe669e60c1795e61fe33f1113abf9ec7858369cd66cc96e797dae25a95bbb3ec2e9848c85b3c9076156de0b42bacbd2419a45b56
-
Filesize
53B
MD50342d7d7d17ef1eb11776ab7ae45c9ba
SHA1b176dac7c446900f77850392058bebba7631d605
SHA25661cee1718d418705829b68d72a4bb2a2bf00ba927e61b95fcf7cfebb7e09289b
SHA5129bcb18264154c76d5f8147a5075ad1e6bbbcbb62402be2ef42262823148e6576dec4a3f5024230b260a8a3ca0d0e0dc28eba23275d6b2639b2ec26257f932d43
-
Filesize
53B
MD55892fb25a2786f1b6abb561120491d19
SHA119f396c7d2113c0a4f8d02eb8532518a73a87efc
SHA2566de9ec899a7b4d2495d2a2805dea3cde54ac39152fddc8b77e81c1c3cd8e82b9
SHA512d573e2747d6cc349001e4968f6e47f0c87d214514d974405a2106fdb635e4ff5d549637c2e46965c82758252db33f1c0b4b17fb63a15e5ec597dd373c285b330
-
Filesize
310B
MD5bc9cf3362655882a0b88ae85d9d40ed5
SHA18b260b50713136acb9e74ad327f1c2a98246a10e
SHA2566164e18e27101b10c49b8b6fe286b9bf6500b6acd95930e893ef4490c0fd530d
SHA512909261de2fae8eaa5ac8b8418888fd6985fbfa81beab0a41d0a8c3f4c8b56353e95b2f25ab0814b45d35e35c6e125fa480d645394e4e4cd36942815185e1e208