Analysis

  • max time kernel
    165s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    12-06-2024 10:24

General

  • Target

    a04f111d7bf1aae4f631a46bfa07b7ac_JaffaCakes118.apk

  • Size

    16.0MB

  • MD5

    a04f111d7bf1aae4f631a46bfa07b7ac

  • SHA1

    a141ce6dab697962203a2c723284481cc0cf7496

  • SHA256

    d72ae1fd0e29933d696e3fdd0e7e80ed07e181b754534cc7e04a51c54edec8bc

  • SHA512

    f1ef01c031543f9151080dba28cb15e43ff949cfd06ca550355c8f81174f1fe922acb907c10e8f2746f6a9b0fc5e47a8504095b6b37cc63737114fa73477293a

  • SSDEEP

    393216:I0vEnze5ltUcb10SblS4UNsB3rvy7C/ULzeTkVz79qE:bye5lpbOgS4mwrvnozRVzd

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.vod.infantis
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4450
  • com.vod.infantis:channel
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4822

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip

    Filesize

    65KB

    MD5

    c5bbb46c9d8827d1e4e00cd117a67cf5

    SHA1

    7491b3191670420fee58d60d6480066c07ce7d5c

    SHA256

    8a7bdd15bed9839a642b029044e42897d9060925c7598d02f954eb5572573081

    SHA512

    c6cc7c71fb7924a09f966aba49523672215b79e64cc1adedf505828862cab10ba0c033a4965a4724911f689512967e31146a02694db1d164bb383223a8c1f1dd

  • /data/user/0/com.vod.infantis/app_SGLib/app_1718187852/libsgmain_312768000000.zip.tmp.4450

    Filesize

    381KB

    MD5

    392c9f24cf741835f03e992783c99707

    SHA1

    688f7f070da4e8324ccbe45f02c6756047dc3053

    SHA256

    68f360f5597645bd4b906b1b28617d08ea8a267d79ef57da4000f4404452fefc

    SHA512

    540a8f6d15c97ed7e43c8a359f39a9195290129e19c3715e713866559d058dfbcf0492eaf765f7558dadaf8a9a4f1c80355a5ac580f05df59c62885cf09b8221

  • /data/user/0/com.vod.infantis/databases/MessageStore.db

    Filesize

    36KB

    MD5

    f3c0a042ce481e16b7272e33f3c5e1fe

    SHA1

    0f43b94fb1399c577e49acbbcdafda50eee1a56f

    SHA256

    2f1ebd494ac88342932fad54042e34856688af8849f0719c6833946875a5184c

    SHA512

    d110d6ae9feaa702249e2bf66337bdbe47dd3c881c2d14d06ef37d975502c090a30c2895a794876e2dab7fad51ba16ea71252d26c398cf71fa7be49643ad0525

  • /data/user/0/com.vod.infantis/databases/MessageStore.db-journal

    Filesize

    12KB

    MD5

    d54f13ab64428d4c7fa3b2b3f5cdaab8

    SHA1

    968e8eeda3f38a8d49e4a036addc887de4eb6356

    SHA256

    3a775e74de0a61affe59936fe0eb5066977780b48d0cdff8878b52f81e982713

    SHA512

    a8614efee3f260981ef67e31e388b1ecebedfacec43d186414f6f8dac608b1b667f188d166fab01d1726243b8fa63a2dab4231d4a139c1119dcb9b6040acbda6

  • /data/user/0/com.vod.infantis/databases/MessageStore.db-journal

    Filesize

    512B

    MD5

    c9c0e49c01c13d82ef15a33839ec86bd

    SHA1

    460cdae05e012b53c9af7c3dece5bbba4f7ad1d0

    SHA256

    27645fef680dca12b94f746bb79f164d71ff2ab9705eb388be4bc49a073532c3

    SHA512

    44b92e46315b9aaf3061bb9a525672f839e732702e5c9d0cd11f5a91237d56f3cb09b4e66dc50bbb581b39b1b8fd979e7b50334d8ce86c16dbb423b051a74c41

  • /data/user/0/com.vod.infantis/databases/MessageStore.db-journal

    Filesize

    8KB

    MD5

    6617ea659e091875ed0988641e27037a

    SHA1

    7388b6c1be7c86bf6926ec4417bbefc91643e305

    SHA256

    6e41adfbf8643f987d17b3b5c2e8a4c493517bdb280482905dc0fac9fea94277

    SHA512

    4a91c3f2bebc4376054336e637f11012bae571c257df638692b85817a3e193d4791482c879e471d2426a2405114d5596e40603578d9259095b750b0c3f49515c

  • /data/user/0/com.vod.infantis/databases/MessageStore.db-journal

    Filesize

    8KB

    MD5

    b75cac05279cab38d6efb533996ccb61

    SHA1

    c71bfe9bb9bc8fdf16fb2fe28ac357863bba3186

    SHA256

    16b25f7296f0f6102380cc7dad7070246cb2b140d67539a42e9c25a8d4005542

    SHA512

    e31c6d676f96a44eedc0f11a8d94425dea582992209197ac2af4608c004447eeb37d0a6dc3031ff65ef35b3f860051d5bbe181724c74a4ce898bd2049e1d8800

  • /data/user/0/com.vod.infantis/databases/MsgLogStore.db

    Filesize

    691KB

    MD5

    0959e74e2817acfdabfdb68d85529179

    SHA1

    8f5c41874cdeaa88cfbf6639ee6629ea21b8ef88

    SHA256

    d72e232383167362c542ead685ab9ced49c41b857c4fe305f76779ce54634d0e

    SHA512

    b8cdb34e868b97fd09dc5c906217281b3059d2f15ee967693d77e51039726a6337def14a317a78c7bc8fb5c9b9414798de74a924ddfd995fc8bd3cfa5a1bf080

  • /data/user/0/com.vod.infantis/databases/MsgLogStore.db-journal

    Filesize

    512B

    MD5

    21cb0ee1b6fcfe449223c1431239a77d

    SHA1

    d48529d8c7d3843de4f024b00ba75fea0bb4afe9

    SHA256

    13864f969acbb2a986f40f1cf93b68ad945bd16a83a6fa12ad51dbf15c87b936

    SHA512

    db0036974bd9e06559265e2fd97b292c27c8b259493962bb3367050061f65edd8c131701e119e53c450b8493770f65a82caf75aaefd20da858f5329ed2dcf04f

  • /data/user/0/com.vod.infantis/databases/MsgLogStore.db-journal

    Filesize

    8KB

    MD5

    f7a790a9d0a14093eed5b1acd5953c96

    SHA1

    058a6d734f4cddbf4933d62ffd4290ec9dd6c5f4

    SHA256

    a8300dea9fbd362ef788f4274a162bf8d173b70503ed3cedd4f4d56ac2a4d5be

    SHA512

    e7d4b02ae578a144fefe730f071642966fc46bb26a7a38be99a74f62a322bb044f7fd56445b8dbe6e365cfe96e7ee0abee525e06ee58542d8eeed352c57cc3a3

  • /data/user/0/com.vod.infantis/databases/MsgLogStore.db-journal

    Filesize

    36KB

    MD5

    7c0b5c6d1120bf3635cb815eb5e29f28

    SHA1

    cbb58092e164d3d098e750a608f3833f85a06476

    SHA256

    f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b

    SHA512

    151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36

  • /data/user/0/com.vod.infantis/databases/accs.db

    Filesize

    20KB

    MD5

    064201502ce25754236b3b5c12e24c65

    SHA1

    e2c89961dcf8306440bc99f7b058ef4680eacf0d

    SHA256

    b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00

    SHA512

    3f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1

  • /data/user/0/com.vod.infantis/databases/accs.db-journal

    Filesize

    512B

    MD5

    950a90fa0b4465b1f9d93cdb4aed7906

    SHA1

    d1561eb9b53cd4b0eb02ecb11e568ad8a74855b0

    SHA256

    06d1689c123b422af80815754e0797ee2e03380a4eaefc7c5a686f084ac13460

    SHA512

    cbd756d6e7508073b0a7405ff67648479159147c8a8824d063e1d7f50638aacc965e91e7efc0335229c5b9c1e3463b77684f9dd5785abf3caed9fbf1b09f353e

  • /data/user/0/com.vod.infantis/databases/accs.db-journal

    Filesize

    8KB

    MD5

    502458c9b59f471353544edb02d3deca

    SHA1

    a96e97604599d558d132439b4b88f77e6156775d

    SHA256

    0bfb6d61d0d512744db2cac1817bbd6cf236a3d39b3dc2375c0d7af164091452

    SHA512

    15ee16d362dff8c4ee3a78e0b1b9a33fd9e5bdb772eacf4bd9f45ef39eb935ea8d3dac6836bd85cda77fc75e9191b3363ff61de1a778c657d67f22014c463608

  • /data/user/0/com.vod.infantis/databases/accs.db-journal

    Filesize

    8KB

    MD5

    fb4697f40395242c0c06893537e3d7fd

    SHA1

    b0770a5380ecf86eb67fd18fa681239dd86d37d5

    SHA256

    6cf5f6e46f6b3419911f6767ccec9239c18cb5f71111c84660b018a347886ec2

    SHA512

    df1ec1bd18b9f031a507ec939973281d5f8a57c6ddcb129a69a350fd986af665ab47f7ec469746a1d1e0bf4275ef3f4dbe77403f26a226319027b8859ad43ae0

  • /data/user/0/com.vod.infantis/files/.envelope/i==1.2.0&&5.13.6_1718187862502_envelope.log

    Filesize

    2KB

    MD5

    26bc1fa725654e30f125a41d286151f8

    SHA1

    bdfe904fd6639a6e6c7dae58c0741e70c26e7f9a

    SHA256

    9227450a947bb70c90fa7c926ad2cb3f54c2ae4e1d8c2bd169565b60d8850396

    SHA512

    d517849067d6f658999152e477f65ad0289c8ad5ec7b765358b7fba784b93c6717b91bd3d18bfb8c7a7e285dc7dbd490b80ae167a379545961d870eebd05cd9b

  • /data/user/0/com.vod.infantis/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    803834851b0444c3cc1df6ae3dfc771c

    SHA1

    1de165a2fa52ac7d07d7fe280338b6e6ef41fdd8

    SHA256

    fc9ca17eba68e8606186c59700b68df9c06228a05b01bd39ad5040aec62c0a03

    SHA512

    1e422335cc2c1461b12e4a6259017bf24ef1c097bbdd860d1f64bbdaddc131132ec48f530460436f037996bf749c5c7628197d7c4ea230c83918e4f24e180a6a

  • /data/user/0/com.vod.infantis/files/exid.dat

    Filesize

    55B

    MD5

    bd89c2fe52ece95323f633dbbf143b44

    SHA1

    ff829b2a6f944819f6c67a12fb0979d43e171577

    SHA256

    f6c9421750a425a4a989c84c6cc5a19a096dc0470000acccae8a6b539e3e2504

    SHA512

    b8c906729457445541dd29c9cbf8fc25d9a359bf8436b18b9c843047cea0d91143a08d5129916653bf398d4996be13a0eda291fc1bf2c278606eee805f16cc2f

  • /data/user/0/com.vod.infantis/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTg3ODYxNjAx

    Filesize

    1KB

    MD5

    a4e086a76c722d02bdf3532f3111fd2b

    SHA1

    7c55069c8f29da2745783bff80e1e85ae995de50

    SHA256

    329687c4e5364ca82adce23a74f0ac0a26ed536d1540263a0337be0decb56f20

    SHA512

    6f9a19b88df150f1c5e6c564942dc183e2e8c24febe8a26a31fa2372494a5a36ce919fd0f02f7b0d49d4688532abc04d6b02bd1ffe71c53059feadd637a16e4e

  • /data/user/0/com.vod.infantis/files/umeng_it.cache

    Filesize

    435B

    MD5

    c608e4655bc3a83c83764c390ddcf6a2

    SHA1

    33150c5902a8347b5c54a2ab7c5f382e36eaf6b6

    SHA256

    bdd5b7b52a2bc87fce3e70cea92a183b26db2bb87ffa49513637bc73efb353f1

    SHA512

    692298507a5acbf922c68769f4edcf85c70e97da13d2f056df8ee96a6f1d1e0de7680137e48071098eeb5d3d1c9bfe6b12588fcfd5a6ef39860c25bdc049185f

  • /data/user/0/com.vod.infantis/files/umeng_it.cache

    Filesize

    245B

    MD5

    d8843fb4411d36b103d59f18d4be1d9d

    SHA1

    32977e4e097a031ae67a30866cc35d9736016aa5

    SHA256

    7648afa950715f16e661683f05f2a3274556189e1efaef57990eec2a6d1a4539

    SHA512

    1642b9dc4a3b5968adf86dc908bd69d34ca1dc6fe5aafedf277cbc3150092fe89b9959b239f741131113b4cc525a3319d7f05745989c5cc7409dce047d5ed910

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    3dd16ee325f23f025656a6c39278ff1a

    SHA1

    49539848a8989659af4dd89598e28647b5b79a26

    SHA256

    e0e5530e88f58ad1b1dedb53af7a5ae2c32049ce27a1d1586065e9c0dec5cf66

    SHA512

    b207b1745c852e8521558c1d5f790b405e5e3f8c35562ecb9c0cf3184ff1094a76f5e953ccb5da9cdb4d5220b58de3257e7cd160efb2546920940e728aedb4c1

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    213B

    MD5

    188a26ad38b0d06cf7a803514cf38dc7

    SHA1

    08615ed51747273850071f5abe640eac67b776c3

    SHA256

    8780903a381eb4baa120b4d9c323459b11b05d6afdc6b9bf4513cf04b93c7351

    SHA512

    7324c87b5c6b258a03862d6a73a99bb86e4274bc545e9db9ba42092a8c78e5e34ec66fc7a379f30c7ef3c8c3fb2374544a47566af997c14a076b005d7cf72874

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    8KB

    MD5

    8773907c826431616cee482bf1a7a7ed

    SHA1

    7d89c21021bb64e88bc39c35ea7b126bcac6a626

    SHA256

    96fa74f4a98c8a9576d4993b25b102c2107519020fc1fac3a90fe29f1678052c

    SHA512

    e9de4ca5b6382b331f6a1c4dcca6905594765013977e3fe19137631dbc294f6c9508f92772d0e70a78504d27afb34f4c6ad1c777e2bb77789c5bc3ea5ff7751f

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    167B

    MD5

    743ec9c9390b80818f4f7c0c8df45c20

    SHA1

    2bb4dd23d06185a50bc7bbd38079726ea9cc2855

    SHA256

    416abb00eaac05c38fe14a47b4e3f1b11f78bc0a8b2cc418976ffabd11cc4136

    SHA512

    3bf5504af41038622e9f1cdd3c5f7069e7178cca1e5121262a2e1d561220316bb5173f3bb12d9296c3aac7b9ff1dc2c07278a5014ba6992b978199958d876594

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    512B

    MD5

    83b0ed934118455b55b3cac5e913540c

    SHA1

    9981be3486896d604c25f6db86cb2da95d39224c

    SHA256

    69f3915bf7cd8eb8dfa5fdac9b935829e0e308cb96ede118f76d82c36f2759d0

    SHA512

    652469d12af4d0d6c8b80d99207a216c0e47db17acfe2831867f707df409cb2297d592ccc0abdd6e3cb5c762983e03089fbe1f23bb9a82bb87bd81f8568cd6a6