39d46b4885c04f36132293bc11fa97134c41abd1201e58cd07269eed4305d5a7

Analysis

max time kernel
87s
max time network
135s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
10/06/2024, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9be47542a0affb2991d186711f401424_JaffaCakes118.apk
Size

31.5MB
MD5

9be47542a0affb2991d186711f401424
SHA1

d894cdb6663f9f71b2f20de019a546b34c4fcdf7
SHA256

39d46b4885c04f36132293bc11fa97134c41abd1201e58cd07269eed4305d5a7
SHA512

0973c1fb1e1fa955ec860a8aa86ac680b0e27288b0687b5b8df55326e7ce9c3b2db8aa877de823e40f21f88f5c6ff6d062132eb794c11c1189cff16532266cd7
SSDEEP

786432:I/c0ukRbA+7lnbeSQuL6sWDs87JBGD6VdkGnaPOQdp6bWg:I/57bAKK4L6LGD6vZnnQdp5g

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/[email protected]	4698	com.NeronOnFire.SpaceStickMan.gtx
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/res/37669/vva.jar	4698	com.NeronOnFire.SpaceStickMan.gtx

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.NeronOnFire.SpaceStickMan.gtx

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs

flow	ioc
30	s.appjiagu.com
41	d.appjiagu.com
57	b.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.NeronOnFire.SpaceStickMan.gtx

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.NeronOnFire.SpaceStickMan.gtx

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.NeronOnFire.SpaceStickMan.gtx

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.NeronOnFire.SpaceStickMan.gtx

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.NeronOnFire.SpaceStickMan.gtx

com.NeronOnFire.SpaceStickMan.gtx
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4698

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.NeronOnFire.SpaceStickMan.gtx/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/databases/cc/cc.db-journal

Filesize
512B

MD5
8ce610fabf8a3185a4ba6965c570e305

SHA1
8686eefbafd7b7f72b1970d6a16141c3f3d1a756

SHA256
c0169756fbd8533fd2835822f105207cc98865036cdbd97cd93c4c923c4c0289

SHA512
3632c937877628c3c327934517e55881eacfb4f7d66784a3e6555c030db02b364807c4797521a3d1cc0ba006781d3bcf93c5738896671a44249ca94c936f8b02

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/databases/cc/cc.db-journal

Filesize
8KB

MD5
4369c94a9bb107b191f37926616c67ea

SHA1
88e6b12ea21c2c6d85b3a232a6987e515e6530a7

SHA256
173d3efe30f99184e58b8389562a82918c11df731033569681f346d6b4d03cbc

SHA512
960dee05277883c5a2911e6bf6128b4ecce1245201610cb963882b56cf053578d140ab0a41fc5d5cc07167fc74535de60d2777de619cedfeefd436d71771a3d8

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/databases/cc/cc.db-journal

Filesize
8KB

MD5
2d4709f3aa7ac6fc66f4288163b4f056

SHA1
3022404ca05ae201abd607294bf00f884a5dc7ed

SHA256
a5f77aeae409a26bc061df8ecb701df4bef8e5b487cd1c9e96292d3eeb50dfcd

SHA512
06169384d6dc06d707252b263174b00132ab92b9ce7afb67aafc6ca2707889410235da44bd4e5d1645631d8192e4e9e058ef39dfd012e4e6eed2cfb74064dc16

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.ac

Filesize
40B

MD5
5950e37a415ccd3325926cfe40b054a1

SHA1
52c7279ed924e27d5ef30ccbde30c2988c4eaa3f

SHA256
6cb1e31a5dc1cce91e6435b5be48382fe8c6dcd20b81df7d43cf4d37093ebd17

SHA512
06f4dea0493b6b586760d997b22c4796f4805ef0b4a675abe418cf55349167e31ee043d81f592e62f25cad07106b2e84442cc766aded3e3d2d9955234449a8d4

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.ac

Filesize
40B

MD5
fe1985ab1e29d6ddfc5bc4a6979b9425

SHA1
5c76551104c36aa1a8168abcc2c2fdbe9c776d65

SHA256
be35cba8d67d03b2e204510ef4c1edd3ca2b7733a884272fc98c5849fc4fc762

SHA512
c9193e89cdb39e587b166024e9258aa27c0189c0f89e49c8d4627abdf99d4ccf1d666cbabc7878297ad978ab3a5ddb3a4acb4eb3472b3f1b0908b37384bb2ec4

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.di

Filesize
340B

MD5
da1c4a8d1d1f58052c895f3597b8d1da

SHA1
e8d643542a3f748b319dce0e3cf73c3a1c98a51f

SHA256
dab009daaa99901dcf2b528aaeae572fbb1c6ecb818daea8573a9435c54bc132

SHA512
7f93c657fc4326d215102dec50699c8473cb25632377add667075133a8b10d1dc231c39201965c38867ad6ee57001dba4067b4424640176eed8a5e2d92bf21d2

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.di

Filesize
340B

MD5
4c5cff7f2f28eb54c8a8e50313b40090

SHA1
81e95c1ca47a0cdd892a404aa08806c9af8c2b78

SHA256
c56601c2a8dd79b01be094642c988785360e4e4649cd38b95d7e6f38cae64cc8

SHA512
94ca899428a1be51a88649ac4eebf50167bdf7cee2530e6ab8d331a0850d26101308544df86f812d7ca9ef3ab6c0d5888a6475060ae1d123db7efc690c3883d7

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.ic

Filesize
40B

MD5
f7f30a681126603524249122eb2af1bc

SHA1
68b8466916a3dd4bd5db7b3b935dc48cf0e57c77

SHA256
27f6535d54175d30c4f9c3f4dbf217291c4df1d5fef0d45b84b1f17d36976fb3

SHA512
c7eaccc138e857d90331725d29e63eaa57f7c2ca9a7a9ecb0c1652bbfd2e339fa1674825d136a04766d36f9ac300c317ff1e4da3c62983d07548446ac8c03b4b

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.rd

Filesize
32B

MD5
62341ca73f226ae6cb65f353d01f3fbc

SHA1
8317399b6d439735160af2a1e769e557d32dab9e

SHA256
bc4149a5eafd595abc81cd810b4732f4bda6c9fe8ce4592e17b4c7a17a5b687d

SHA512
ab4ba303165aefed9ecd7e3c4622d2c908c792f770c1b251c71c6351eae78da63b116ad719e1a3b2d709d5f576ca5f8b9358f2b587743e15d4ebf498d2d0a66c

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.ri

Filesize
314B

MD5
d11cd6f600e8650be9253f978830f51f

SHA1
172494ae823859d534d1568d8776952915240bcc

SHA256
e5b2547b00899702b731ed73ea0684f4e294edce1cc70e511ec3c9fce8a187ae

SHA512
4749a4ff8d9bf1acf97a0ab924410eba242de3e96c56c85a69d72658b5873b163bc8ef7a2dc71145c69dc35da40eaca5eb0b41d7f97cde708ecae4a979e70d89

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.store

Filesize
127B

MD5
9d7e588c4f1190e425ff4c28dcffb84f

SHA1
5dd127ef1a31e654a48bed712b48a00858ba0a99

SHA256
b04ea899c01c11e9c67c7438ab38b65137bbfddd42c73de8161ab83f644ce0cf

SHA512
57b534b3c38a656d58389f6cdee2b5a35019fcaf3e3336bd4396824643ca6681a5fa8720108b00626dbf4350ab320764876fdbaaa6bd02a302839c7745d7a8d8

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.NeronOnFire.SpaceStickMan.gtx/files/.jiagu.lock

Filesize
27B

MD5
587c0f16a846602aa0fef53b6e221fd5

SHA1
03127941989d5461c6f82818adbfa11768758a8d

SHA256
a1e752510e559294a143be96de8fea7178efa2ed6e68c2e6e8c1ed6291ea90db

SHA512
eb3ddc7d20c75ff6ab1b35005551ae797f98349a246208dc620f2a5127a706f837181db0a730a10f51f4cae46bf5f11595550fea634f433da2a27fb5f80ae74d

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/.jiagu/libjiagu.so

Filesize
482KB

MD5
3109df50d76c9f65eb6dee8df94d8ec8

SHA1
7e54861a416440c377338aaf1f585f377c406095

SHA256
72015fef9dcf64a5affd4681a85b8a5f43da02f0f9c08cb6e4c39f3ecac4665e

SHA512
e5af25c92421ff91b37abddbc665b28f9e3b9d502643e5d81ccf7cf7403dd794ccd4daaa6fc291a45870a954c0807cc2ad2f198998b18b4132e917775f8a92db

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/[email protected]

Filesize
5.4MB

MD5
54ccc6e24e2bc5ed3495b63633be5750

SHA1
ce6af30bcfb659810db335efc29a9fcfda19a8fd

SHA256
88204d85aa2d62c92a74d450c6d1deff6a030738a4fd739a8c44a9f83a82bdce

SHA512
f88900668f8421197c9d08befcd771f2dbb0e48af1d7e55e9541c965fe783780af7dba6f7df22b07572bf48ab5ea49f5147f21a5c9a648d9b6ff13ab546b8bfd

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/app_ebody/res/xmtok/37669/uuloi

Filesize
2.6MB

MD5
f89793bb73a1dfca31a10ae21357bed8

SHA1
47a36c05e0fc31a2803da81ba1297267806101ef

SHA256
84c62eabb4d46fe7773e72fc36a58581ff48161f7f9665af96eac568cb251dda

SHA512
d500017a3da344ddc56398a7bd908a824148f3270502ba004897a57997fe35faa97443e422ef006c98700069886865131a205c3c4ba98e618c6a613ad58431cd

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/as/cheuu

Filesize
8B

MD5
f24c2d0d5f925e5eca0e1212aa120913

SHA1
44fb23fe5c811a77045885877dd0a62fec31f40a

SHA256
f4d233a313f7c0c8fddc0c10b74a7a65699650f4949cd605c1ab992133af3c75

SHA512
74b8971c4aef3856a8cec8d1a4c2a19ec8c76c07abbd13bd48fb1b1e6f458de54998d7ce335a4fcc365c9441010fb5522c7f68a9139d47e95899c5718cbf0e9f

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/res/37669/vva

Filesize
2.6MB

MD5
c0a1b0ad00259da1005edd05151635ba

SHA1
9679497cb82b4b4a1b2d594029d66b1f1f0de905

SHA256
6ec9e8d0b677ea2e6d1282250425af4e57cb7586b26206f9983d680e64aaddf9

SHA512
907226b3052ccbf24a7eea23c4aa8f0abd30bb1997d2590821e2561c81beaf1530fefe189c3083884d4463fcc1094a80e65a7c96926e4cda7df9c0d1414cd937

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/res/37669/vva.jar

Filesize
342KB

MD5
d66b3092a0364edd2d053b28db5450dc

SHA1
b94e8bb0ad25a3dff77e9960cf9442f1141d5d4c

SHA256
2b2de2a36792222e246096fbc72f3ed89167f4ce7a76c3e46393470ba3d6eff0

SHA512
b6e3f2b57797b0621cbb3b664ef9d6557240ece3c866ebac73f0bdc65292e99c14f93cd7cb4f21639d7f53030b81decc3536c8a1c1b534005004f8532f5ebd0b

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/res/37669/vva.jar

Filesize
1.0MB

MD5
d170908004c128c03a3f5bd9b2febdb2

SHA1
123a176f4370b54c67f7475e1fc66754696e4398

SHA256
04ae0c6944c16e958fa9b29b8561efe1fd9c06625f18bcdf37757b9c56799bc6

SHA512
3a940951695e3cbcff1a1d102ed2739d05415c02179fd7f6d2a316ea3f5e0b09e143016e4a6f98f48354d0caf7c98cf6c1c8f37299dc7b432cc70e0e632ac673

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/seey/tmd

Filesize
32B

MD5
3c650d3e406dca102bde74538010bf06

SHA1
12e662b97cfbe786dfe5f80485bc5adadc9aae58

SHA256
3c4a4dad0f0a5373ebcef93dcf877eb55a79dbfe902235a52718b6979bef2a78

SHA512
c6c621e126be190a479a03ffa0fad9358114e3af5474ac708bd9637ce8b1070f10d97fa44558dc6517ef5f421b92920e7dd7aaba8240514ce76ff3b5c0ff5348

Download Submit
/data/user/0/com.NeronOnFire.SpaceStickMan.gtx/files/ebody/seey/tv

Filesize
5B

MD5
f493971809a5352fbc493e2b7e7f7110

SHA1
0ad8c106dd4b30f40bf4fec3e8720ec860932bd6

SHA256
9085aa498408b4a70b82c08b189ff3969bce460065cfbb21ecd8d6777020e266

SHA512
1fb25e95900472fe3523d31010f4b18b32741725f30f3a1b7f23f60c992c113657836645e18c5df5439de92058fda48b6ed72268c34c64453199cda261d0e00e

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
5eaae312d69a978dd8c1e44d492d45cd

SHA1
454f99cd2553aef82e046193d9b2dec1c9c4d174

SHA256
0a760d571675aa06d8e40a8dec459e0609279401265e4f4808494ac3f9565df3

SHA512
34b2a4c33c9cb6ab9155557f44589d0ef123b0e979c37a6cc6a6a34a62caff17672a38a0b3514fd70afd56f004a1d2549059339390a8a5f9473e04a34772e946

Download Submit
/storage/emulated/0/Android/data/com.NeronOnFire.SpaceStickMan.gtx/files/Unity/local.ce6046e6eb90401438d68901a6af7d07/Analytics/config

Filesize
293B

MD5
8673a8ac0b06a9d056d08d62f857ba4b

SHA1
a351bea1932270bafbe468584058fef20dcfc31e

SHA256
83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96

SHA512
edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

Download Submit
/storage/emulated/0/Android/data/com.NeronOnFire.SpaceStickMan.gtx/files/Unity/local.ce6046e6eb90401438d68901a6af7d07/Analytics/values

Filesize
150B

MD5
e1ef5ca45f33436f5bfe3984dc01445c

SHA1
fd89223790491e2fdd39f51b30ea08850857e9d8

SHA256
bb854c35f1cc8c42a3b666fb6da567e30cf3a08e8eddb364e86c7c434030e964

SHA512
b2427da0b71948364c7fa0bd02dddf1c875759e4c4aaa22a6aa3f12ed934716e3af04138676cfc0b4fd89509d8135e34a90d3dba33c77181cfb31480bc776e6f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads