Analysis
-
max time kernel
165s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
12-06-2024 10:24
Static task
static1
Behavioral task
behavioral1
Sample
a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118.apk
-
Size
16.0MB
-
MD5
a04f111d7bf1aae4f631a46bfa07b7ac
-
SHA1
a141ce6dab697962203a2c723284481cc0cf7496
-
SHA256
d72ae1fd0e29933d696e3fdd0e7e80ed07e181b754534cc7e04a51c54edec8bc
-
SHA512
f1ef01c031543f9151080dba28cb15e43ff949cfd06ca550355c8f81174f1fe922acb907c10e8f2746f6a9b0fc5e47a8504095b6b37cc63737114fa73477293a
-
SSDEEP
393216:I0vEnze5ltUcb10SblS4UNsB3rvy7C/ULzeTkVz79qE:bye5lpbOgS4mwrvnozRVzd
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.vod.infantisioc process /system/app/Superuser.apk com.vod.infantis -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.vod.infantiscom.vod.infantis:channelioc pid process /data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip 4450 com.vod.infantis /data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip 4822 com.vod.infantis:channel -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.vod.infantis:channelcom.vod.infantisdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vod.infantis:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.vod.infantis -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.vod.infantisdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.vod.infantis -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.vod.infantisdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vod.infantis -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 31 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.vod.infantiscom.vod.infantis:channeldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vod.infantis Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vod.infantis:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.vod.infantisdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.vod.infantis -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.vod.infantisdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.vod.infantis -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.vod.infantis:channeldescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.vod.infantis:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.vod.infantiscom.vod.infantis:channeldescription ioc process Framework API call javax.crypto.Cipher.doFinal com.vod.infantis Framework API call javax.crypto.Cipher.doFinal com.vod.infantis:channel -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.vod.infantisdescription ioc process File opened for read /proc/cpuinfo com.vod.infantis -
Checks memory information 2 TTPs 2 IoCs
Processes:
com.vod.infantiscom.vod.infantis:channeldescription ioc process File opened for read /proc/meminfo com.vod.infantis File opened for read /proc/meminfo com.vod.infantis:channel
Processes
-
com.vod.infantis1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4450
-
com.vod.infantis:channel1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4822
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5c5bbb46c9d8827d1e4e00cd117a67cf5
SHA17491b3191670420fee58d60d6480066c07ce7d5c
SHA2568a7bdd15bed9839a642b029044e42897d9060925c7598d02f954eb5572573081
SHA512c6cc7c71fb7924a09f966aba49523672215b79e64cc1adedf505828862cab10ba0c033a4965a4724911f689512967e31146a02694db1d164bb383223a8c1f1dd
-
Filesize
381KB
MD5392c9f24cf741835f03e992783c99707
SHA1688f7f070da4e8324ccbe45f02c6756047dc3053
SHA25668f360f5597645bd4b906b1b28617d08ea8a267d79ef57da4000f4404452fefc
SHA512540a8f6d15c97ed7e43c8a359f39a9195290129e19c3715e713866559d058dfbcf0492eaf765f7558dadaf8a9a4f1c80355a5ac580f05df59c62885cf09b8221
-
Filesize
36KB
MD5f3c0a042ce481e16b7272e33f3c5e1fe
SHA10f43b94fb1399c577e49acbbcdafda50eee1a56f
SHA2562f1ebd494ac88342932fad54042e34856688af8849f0719c6833946875a5184c
SHA512d110d6ae9feaa702249e2bf66337bdbe47dd3c881c2d14d06ef37d975502c090a30c2895a794876e2dab7fad51ba16ea71252d26c398cf71fa7be49643ad0525
-
Filesize
12KB
MD5d54f13ab64428d4c7fa3b2b3f5cdaab8
SHA1968e8eeda3f38a8d49e4a036addc887de4eb6356
SHA2563a775e74de0a61affe59936fe0eb5066977780b48d0cdff8878b52f81e982713
SHA512a8614efee3f260981ef67e31e388b1ecebedfacec43d186414f6f8dac608b1b667f188d166fab01d1726243b8fa63a2dab4231d4a139c1119dcb9b6040acbda6
-
Filesize
512B
MD5c9c0e49c01c13d82ef15a33839ec86bd
SHA1460cdae05e012b53c9af7c3dece5bbba4f7ad1d0
SHA25627645fef680dca12b94f746bb79f164d71ff2ab9705eb388be4bc49a073532c3
SHA51244b92e46315b9aaf3061bb9a525672f839e732702e5c9d0cd11f5a91237d56f3cb09b4e66dc50bbb581b39b1b8fd979e7b50334d8ce86c16dbb423b051a74c41
-
Filesize
8KB
MD56617ea659e091875ed0988641e27037a
SHA17388b6c1be7c86bf6926ec4417bbefc91643e305
SHA2566e41adfbf8643f987d17b3b5c2e8a4c493517bdb280482905dc0fac9fea94277
SHA5124a91c3f2bebc4376054336e637f11012bae571c257df638692b85817a3e193d4791482c879e471d2426a2405114d5596e40603578d9259095b750b0c3f49515c
-
Filesize
8KB
MD5b75cac05279cab38d6efb533996ccb61
SHA1c71bfe9bb9bc8fdf16fb2fe28ac357863bba3186
SHA25616b25f7296f0f6102380cc7dad7070246cb2b140d67539a42e9c25a8d4005542
SHA512e31c6d676f96a44eedc0f11a8d94425dea582992209197ac2af4608c004447eeb37d0a6dc3031ff65ef35b3f860051d5bbe181724c74a4ce898bd2049e1d8800
-
Filesize
691KB
MD50959e74e2817acfdabfdb68d85529179
SHA18f5c41874cdeaa88cfbf6639ee6629ea21b8ef88
SHA256d72e232383167362c542ead685ab9ced49c41b857c4fe305f76779ce54634d0e
SHA512b8cdb34e868b97fd09dc5c906217281b3059d2f15ee967693d77e51039726a6337def14a317a78c7bc8fb5c9b9414798de74a924ddfd995fc8bd3cfa5a1bf080
-
Filesize
512B
MD521cb0ee1b6fcfe449223c1431239a77d
SHA1d48529d8c7d3843de4f024b00ba75fea0bb4afe9
SHA25613864f969acbb2a986f40f1cf93b68ad945bd16a83a6fa12ad51dbf15c87b936
SHA512db0036974bd9e06559265e2fd97b292c27c8b259493962bb3367050061f65edd8c131701e119e53c450b8493770f65a82caf75aaefd20da858f5329ed2dcf04f
-
Filesize
8KB
MD5f7a790a9d0a14093eed5b1acd5953c96
SHA1058a6d734f4cddbf4933d62ffd4290ec9dd6c5f4
SHA256a8300dea9fbd362ef788f4274a162bf8d173b70503ed3cedd4f4d56ac2a4d5be
SHA512e7d4b02ae578a144fefe730f071642966fc46bb26a7a38be99a74f62a322bb044f7fd56445b8dbe6e365cfe96e7ee0abee525e06ee58542d8eeed352c57cc3a3
-
Filesize
36KB
MD57c0b5c6d1120bf3635cb815eb5e29f28
SHA1cbb58092e164d3d098e750a608f3833f85a06476
SHA256f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b
SHA512151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36
-
Filesize
20KB
MD5064201502ce25754236b3b5c12e24c65
SHA1e2c89961dcf8306440bc99f7b058ef4680eacf0d
SHA256b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00
SHA5123f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1
-
Filesize
512B
MD5950a90fa0b4465b1f9d93cdb4aed7906
SHA1d1561eb9b53cd4b0eb02ecb11e568ad8a74855b0
SHA25606d1689c123b422af80815754e0797ee2e03380a4eaefc7c5a686f084ac13460
SHA512cbd756d6e7508073b0a7405ff67648479159147c8a8824d063e1d7f50638aacc965e91e7efc0335229c5b9c1e3463b77684f9dd5785abf3caed9fbf1b09f353e
-
Filesize
8KB
MD5502458c9b59f471353544edb02d3deca
SHA1a96e97604599d558d132439b4b88f77e6156775d
SHA2560bfb6d61d0d512744db2cac1817bbd6cf236a3d39b3dc2375c0d7af164091452
SHA51215ee16d362dff8c4ee3a78e0b1b9a33fd9e5bdb772eacf4bd9f45ef39eb935ea8d3dac6836bd85cda77fc75e9191b3363ff61de1a778c657d67f22014c463608
-
Filesize
8KB
MD5fb4697f40395242c0c06893537e3d7fd
SHA1b0770a5380ecf86eb67fd18fa681239dd86d37d5
SHA2566cf5f6e46f6b3419911f6767ccec9239c18cb5f71111c84660b018a347886ec2
SHA512df1ec1bd18b9f031a507ec939973281d5f8a57c6ddcb129a69a350fd986af665ab47f7ec469746a1d1e0bf4275ef3f4dbe77403f26a226319027b8859ad43ae0
-
Filesize
2KB
MD526bc1fa725654e30f125a41d286151f8
SHA1bdfe904fd6639a6e6c7dae58c0741e70c26e7f9a
SHA2569227450a947bb70c90fa7c926ad2cb3f54c2ae4e1d8c2bd169565b60d8850396
SHA512d517849067d6f658999152e477f65ad0289c8ad5ec7b765358b7fba784b93c6717b91bd3d18bfb8c7a7e285dc7dbd490b80ae167a379545961d870eebd05cd9b
-
Filesize
162B
MD5803834851b0444c3cc1df6ae3dfc771c
SHA11de165a2fa52ac7d07d7fe280338b6e6ef41fdd8
SHA256fc9ca17eba68e8606186c59700b68df9c06228a05b01bd39ad5040aec62c0a03
SHA5121e422335cc2c1461b12e4a6259017bf24ef1c097bbdd860d1f64bbdaddc131132ec48f530460436f037996bf749c5c7628197d7c4ea230c83918e4f24e180a6a
-
Filesize
55B
MD5bd89c2fe52ece95323f633dbbf143b44
SHA1ff829b2a6f944819f6c67a12fb0979d43e171577
SHA256f6c9421750a425a4a989c84c6cc5a19a096dc0470000acccae8a6b539e3e2504
SHA512b8c906729457445541dd29c9cbf8fc25d9a359bf8436b18b9c843047cea0d91143a08d5129916653bf398d4996be13a0eda291fc1bf2c278606eee805f16cc2f
-
/data/user/0/com.vod.infantis/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTg3ODYxNjAx
Filesize1KB
MD5a4e086a76c722d02bdf3532f3111fd2b
SHA17c55069c8f29da2745783bff80e1e85ae995de50
SHA256329687c4e5364ca82adce23a74f0ac0a26ed536d1540263a0337be0decb56f20
SHA5126f9a19b88df150f1c5e6c564942dc183e2e8c24febe8a26a31fa2372494a5a36ce919fd0f02f7b0d49d4688532abc04d6b02bd1ffe71c53059feadd637a16e4e
-
Filesize
435B
MD5c608e4655bc3a83c83764c390ddcf6a2
SHA133150c5902a8347b5c54a2ab7c5f382e36eaf6b6
SHA256bdd5b7b52a2bc87fce3e70cea92a183b26db2bb87ffa49513637bc73efb353f1
SHA512692298507a5acbf922c68769f4edcf85c70e97da13d2f056df8ee96a6f1d1e0de7680137e48071098eeb5d3d1c9bfe6b12588fcfd5a6ef39860c25bdc049185f
-
Filesize
245B
MD5d8843fb4411d36b103d59f18d4be1d9d
SHA132977e4e097a031ae67a30866cc35d9736016aa5
SHA2567648afa950715f16e661683f05f2a3274556189e1efaef57990eec2a6d1a4539
SHA5121642b9dc4a3b5968adf86dc908bd69d34ca1dc6fe5aafedf277cbc3150092fe89b9959b239f741131113b4cc525a3319d7f05745989c5cc7409dce047d5ed910
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD53dd16ee325f23f025656a6c39278ff1a
SHA149539848a8989659af4dd89598e28647b5b79a26
SHA256e0e5530e88f58ad1b1dedb53af7a5ae2c32049ce27a1d1586065e9c0dec5cf66
SHA512b207b1745c852e8521558c1d5f790b405e5e3f8c35562ecb9c0cf3184ff1094a76f5e953ccb5da9cdb4d5220b58de3257e7cd160efb2546920940e728aedb4c1
-
Filesize
213B
MD5188a26ad38b0d06cf7a803514cf38dc7
SHA108615ed51747273850071f5abe640eac67b776c3
SHA2568780903a381eb4baa120b4d9c323459b11b05d6afdc6b9bf4513cf04b93c7351
SHA5127324c87b5c6b258a03862d6a73a99bb86e4274bc545e9db9ba42092a8c78e5e34ec66fc7a379f30c7ef3c8c3fb2374544a47566af997c14a076b005d7cf72874
-
Filesize
8KB
MD58773907c826431616cee482bf1a7a7ed
SHA17d89c21021bb64e88bc39c35ea7b126bcac6a626
SHA25696fa74f4a98c8a9576d4993b25b102c2107519020fc1fac3a90fe29f1678052c
SHA512e9de4ca5b6382b331f6a1c4dcca6905594765013977e3fe19137631dbc294f6c9508f92772d0e70a78504d27afb34f4c6ad1c777e2bb77789c5bc3ea5ff7751f
-
Filesize
167B
MD5743ec9c9390b80818f4f7c0c8df45c20
SHA12bb4dd23d06185a50bc7bbd38079726ea9cc2855
SHA256416abb00eaac05c38fe14a47b4e3f1b11f78bc0a8b2cc418976ffabd11cc4136
SHA5123bf5504af41038622e9f1cdd3c5f7069e7178cca1e5121262a2e1d561220316bb5173f3bb12d9296c3aac7b9ff1dc2c07278a5014ba6992b978199958d876594
-
Filesize
512B
MD583b0ed934118455b55b3cac5e913540c
SHA19981be3486896d604c25f6db86cb2da95d39224c
SHA25669f3915bf7cd8eb8dfa5fdac9b935829e0e308cb96ede118f76d82c36f2759d0
SHA512652469d12af4d0d6c8b80d99207a216c0e47db17acfe2831867f707df409cb2297d592ccc0abdd6e3cb5c762983e03089fbe1f23bb9a82bb87bd81f8568cd6a6