Analysis
-
max time kernel
179s -
max time network
181s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 00:22
Static task
static1
Behavioral task
behavioral1
Sample
a31fb5638450b4390fb43954bd847342_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a31fb5638450b4390fb43954bd847342_JaffaCakes118.apk
-
Size
3.7MB
-
MD5
a31fb5638450b4390fb43954bd847342
-
SHA1
51cca2fb35cff284293755f394483394d9ceda64
-
SHA256
91139952f4945ceaf9461135a296a06ec7c35ff28b7f7c30c84aba16b3c0d4fb
-
SHA512
222e664941baa5979c76fc63dadc21033e44880dd885f824b6fed14aea7ffe9950fbf4f95876c3bee5a485fdf6885c9463df3953d5e4c1c5678f517b635a69b3
-
SSDEEP
98304:0WGepd+SLBqxwoGl/4kE/pE2g+XgDa7gvDM:0TaHFyEJE/2ZACDM
Malware Config
Signatures
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
Processes:
com.aio.downloaderdescription ioc process Accessed system property key: ro.product.model com.aio.downloader -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.aio.downloader:daemoncom.aio.downloader:remotecom.aio.downloader:process.maincom.aio.downloader:aiocom.aio.downloaderdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.aio.downloader:daemon Framework service call android.app.IActivityManager.getRunningAppProcesses com.aio.downloader:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.aio.downloader:process.main Framework service call android.app.IActivityManager.getRunningAppProcesses com.aio.downloader:aio Framework service call android.app.IActivityManager.getRunningAppProcesses com.aio.downloader -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
Processes:
com.aio.downloaderdescription ioc process URI accessed for read content://com.android.contacts/data/phones com.aio.downloader -
Reads the content of the call log. 1 TTPs 1 IoCs
Processes:
com.aio.downloaderdescription ioc process URI accessed for read content://call_log/calls com.aio.downloader -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
Processes:
flow ioc 19 alog.umeng.com 89 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.aio.downloader:process.maincom.aio.downloader:daemoncom.aio.downloaderdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aio.downloader:process.main Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aio.downloader:daemon Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aio.downloader -
Queries the mobile country code (MCC) 1 TTPs 2 IoCs
Processes:
com.aio.downloader:process.maincom.aio.downloaderdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.aio.downloader:process.main Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.aio.downloader -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
Processes:
com.aio.downloader:remotecom.aio.downloadercom.aio.downloader:process.maincom.aio.downloader:aiodescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.aio.downloader:remote Framework service call android.app.IActivityManager.registerReceiver com.aio.downloader Framework service call android.app.IActivityManager.registerReceiver com.aio.downloader:process.main Framework service call android.app.IActivityManager.registerReceiver com.aio.downloader:aio -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.aio.downloaderdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.aio.downloader -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes:
com.aio.downloader:daemoncom.aio.downloader:process.maincom.aio.downloaderdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.aio.downloader:daemon Framework API call javax.crypto.Cipher.doFinal com.aio.downloader:process.main Framework API call javax.crypto.Cipher.doFinal com.aio.downloader -
Checks CPU information 2 TTPs 3 IoCs
-
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.aio.downloader:process.main1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
com.aio.downloader:aio1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.aio.downloader:daemon1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
com.aio.downloader:remote1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.aio.downloader1⤵
- Checks Android system properties for emulator presence.
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.aio.downloader/app_bin/daemonFilesize
13KB
MD53fc73019a250522ad89598ed334fb9dd
SHA10311ce2ae0bf8fd85b6421eb31154d33b2d62d26
SHA256c9b3f2c1f1c1012881aafdf61465aad5866f0052b74978127d2d1eda9dc690bf
SHA51207593085777a99571eca9d8b0f6749e5afac6d92ae0ffdcb98e167715dafc4b295f83df09c72cc4cbd36eb5f3c9c894f6dd0303dd24726c82d7c37f9c6939bb1
-
/data/data/com.aio.downloader/databases/.ua/ua.db-shmFilesize
32KB
MD5e819768502d571ebea083ff10f436d87
SHA1a982da91127c492f31630417362930d237423d87
SHA25621f0ca8963022c61c57b3a7311ab13a9f90a9eb0279d95646057d54cde156170
SHA512265669851e19c192dc1a6eaced8ead6914d634c17b04ae2a009d76d739e9b5b28818d8b05d381115b2a1312781b881dff0336b85d44c8b2e16ebb73ff002e707
-
/data/data/com.aio.downloader/databases/.ua/ua.db-shmFilesize
32KB
MD5c9c43a2eb35067b8824e98ceb0ff0f9f
SHA12471858704533f0439543e11ad24ce91ea7f0792
SHA256efa2670507d2cda8dc582f056a77d1b3874239b9af97ca58d5436346f5e53f88
SHA5121da4953a72b61d41e280cff2c0a385d299509906407ab6c4ad81be03e5ebe3f5ef47909d83aaa85bf68c590505c930c76e923588c4c29c5e9a28829db88ee1f4
-
/data/data/com.aio.downloader/databases/.ua/ua.db-walFilesize
12KB
MD5f053c3e9f5d05b82d5170fa6616803ed
SHA1224e541f31cd5674eebbd09db5def890d34b2a73
SHA25668828e45521bdb1a1129ea15da40aa8bfbe499d21abea5778468ff790f235215
SHA51218c404a2d4d5279ed76bd3c7a273427efb3c97062737da75e774b83233c588650844cb853a069e31ffce3aeb390f721456bcfc6685507af428b92637df9ed7f7
-
/data/data/com.aio.downloader/databases/.ua/ua.db-walFilesize
36KB
MD53c9bd9e70734b62461cdf37e5466032c
SHA1060ac54de8cc22d944ed71dfcdb53e7ed20f9054
SHA2561cda89ec8d1a8da9e8d2c48a5fcfef951d09f67a882e9ea132e6b67cb64e3720
SHA512108a217111f1bf60f6d9fc2988116642b6403ecce300e81d1ab03bf538d48ac97779d9aff92e90290cdc047c1bb0bb9228fcf855d33494e894400203dffb56b7
-
/data/data/com.aio.downloader/databases/cc/cc.dbFilesize
36KB
MD554a7df9ccfe01a4f20b8ff826e737186
SHA1c38fc0eb95df073662e0b80e8d212def41d4974a
SHA2565584b6dd5e6eccd55adb0d6dcba085e7d9088baf89f16b9d70f94dfe3e6b2473
SHA512165fec7144d653b33e5d6ee11f2af281ef02a6af150da4c9b4ec53bc147d851cc75d3f5e6a2894ca0520ff287ea2f56517c64514ef03c0b09dbc6634917ecda6
-
/data/data/com.aio.downloader/databases/cc/cc.dbFilesize
40KB
MD5f549edf1e94e0b32ca161bd574e6f7f7
SHA18065981ad67fe8f1a0cf1d520af438814279851f
SHA2567d9c969515fc3e171e189f13caf58e819fb98e57e103b3f9793457adfa3e1078
SHA5120683fa47f9d24bfae5ba8b263a126682bcc45bee9ee49389790fe36f541d5c61dc4160235976cbcd9cec63dd938c9fa320f5075d781957c0db7c36bc4bc5a9ca
-
/data/data/com.aio.downloader/databases/cc/cc.db-journalFilesize
60KB
MD56ce2ddd3886e1ca84e514b026c0d2357
SHA17c44c88865095650d5fa97f67d0ba37b2d2f5cd0
SHA256141211ecb52adfac9f89fed0288610bf12e8dab6dd8db72bd5dcce5bdc180ab9
SHA512ff20fca394bbdf008c07175027de5db65341d1a742f5d2b0fc7154536ba7c341f1b2dc228f1686c298a3d2075a1d9c0d9e482d5118cc921f163d134a17a17031
-
/data/data/com.aio.downloader/databases/cc/cc.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.aio.downloader/databases/cc/cc.db-shmFilesize
32KB
MD5119041def51cb69b93e2027130924ab8
SHA189d45fb319555b1a8201bdfebccf563056e4dc99
SHA2560df90dbf3dc5520e8375d903f867ab6d46d56e56d9283c84043748b755529145
SHA5126d6d107d9126d9e39be66631b36aaa7e0fcaf7539d0ed9a58db18ad43cfa0c2f66f7c1c3b0ad7f824fa38e5b86fe2fedb8ba39450978995da609d13b65db5584
-
/data/data/com.aio.downloader/databases/cc/cc.db-walFilesize
32KB
MD551d1cbf14f03c18f3577acccf34ce660
SHA1c1b5fb5fdce2a84c5b7e25afc0d2615f6456e809
SHA25689274677150077bb0ada2aa49277a31421ce1abcd68c6332b3f5175de8cee936
SHA5125155db12b1f0653c4bae1d2d3ef684454641857b39030b9a4859ab9c68a940c8c141e4cd2472fc6314335afa5b3ed632503a1a708e096b86b1640b1afe7de088
-
/data/data/com.aio.downloader/databases/cc/cc.db-walFilesize
48KB
MD562dc599431bb453e1788afc2a46d2aa8
SHA1cdff89cf513597883766cd7e67dec38bde78a6e4
SHA256e027918c40bccb898230de53eced54b7b39b90007039aa4f141e87324eecea1d
SHA512046dc943857a71beb9e7267b34c56cc1cda5c86a994938d65fab2b1eaf0eb42491670df3216ff73a7ee51a4ac1f17e533a5ed0d37474316686dbd95176c78416
-
/data/data/com.aio.downloader/databases/download2.dbFilesize
36KB
MD51478b8cfa2aaca256493a3d0f907e5ac
SHA1d9a16eb07b30a73ee05d5f85722f385b975f5d88
SHA256df0f26be38f33e2b81c5d813f4311ad6e1471d3a167d099e1ac5c9c985c21d58
SHA51236446fde898cf4801a312b9ad3c75da8d20e20fcb0ebb6f5f61b07fdbef505173a3cddb87c26884b82fd4a150b64ab302b603b84b17e5021133578bc813661c8
-
/data/data/com.aio.downloader/databases/download2.db-journalFilesize
52KB
MD52bf3b9c0bbaff37894e97f2ba8c09d28
SHA10cc2517d5f69e542fa4bd2d5e7d6f114738afab8
SHA2562409e340c6fe8d0543458e696218e5f1c00672b85b78517bab249386f275afa0
SHA5125c6082aea5c5d18682b746bfd0f768d57b6cfc93c95cfc5128b31d094ce3e16ca64814a2bfbb6024d1e683726159d2ca2f3e8ae62ff905641439e48090a1b67a
-
/data/data/com.aio.downloader/databases/download2.db-shmFilesize
32KB
MD54b5ca46986a21b38a636b13158455c90
SHA1c343767bc05070ae3e0ad0319594d48ed9908ff4
SHA25645e1621eb2061f8c95341d7187c16363ef35541a714d3edca084033a206c9532
SHA512629acf1b33c6869eb6e18995d24e00263bfd7a656766603220745bd2bf78576561354014e7952d9d2feecfdddc90bf15d340761c448f047961bfcea3777fdf29
-
/data/data/com.aio.downloader/databases/download2.db-walFilesize
32KB
MD57a53be6f1efe2931148432f2c0a6be38
SHA15f8fc39bf7f8f3f05d530076c965677957e8d91b
SHA256b40b7537eaa367fc26c759ac006af4086745a2f3bfc73231b9585d6adb841c28
SHA512053c1d6f9b276c26d2ee2007ba81664b4859f6e110f4c89246e0abb1ee3449b4e20dc61cf1622684f4ee3706f5cfadf6a3a324ba36d8015cc2ab552ce8518026
-
/data/data/com.aio.downloader/databases/runapp-shmFilesize
80KB
MD5c6c58521dcb6cbf0751ae50d4afb7d4e
SHA197c2a21fe750993032d59f19f5981ea9faa4edd0
SHA256e07f99ee0171c464a7a5fe3877aa9c01ed9c7db26fed2632061ecdce9fbb1e48
SHA5122cdca5988c04b3107f4fd6237cc804d7fb4fce21dced793d7085f0ff24b7cc129f9c9c12f2677f32fc37d0f5d91b3ceb0a13f9ec6fa34093c225b0aeb97c3323
-
/data/data/com.aio.downloader/databases/runapp-walFilesize
32KB
MD50cd39c45bb914b3d324c1ee7dcb0a63c
SHA189485eed956e64c9ac0d43dfb4cb29fc67187c02
SHA256a0439a7e3ff0153951715b6daf780a760e6ad02d65c354b3cbc9944e2c00d4c2
SHA5121536b395a134f205f67d6701990bf1b7ec8e060df6a5ce197ebdf793d6aefc3d29b1da1e7e98ddcb0fafec2f0218c9f255a0464bb2549b6e842321d9a5011878
-
/data/data/com.aio.downloader/files/.um/um_cache_1718238276832.envFilesize
1KB
MD57be443c20865aa5b19e72f593676287d
SHA103bc5079cf3e026bc4e277d145dc681d003823f6
SHA2565cafa2273769a2e1409aac542befb22cbd2bbaae93b253a843ae6b1200926687
SHA512498c5020fec66a92d508615a333f2b66195f509c837bea48fbf579cb790a43c9b9453f6b77d835ffa25d05fe1d485b1f1a42445fc99e816939a78c88dd64eb1a
-
/data/data/com.aio.downloader/files/.umeng/exchangeIdentity.jsonFilesize
32KB
MD59069bb19b1703251fd2ee639bcc2c694
SHA16d87154ede3cd4aa4f4f47cf98405d5158b106b2
SHA2565e86d8eae1a49efdf903a16d4d3b60ffe7168da825c8ca89f93b8c5aad15ae7b
SHA512c4c98f700c671ef1c0f1edd83508d15d32ae69994a3abeb899c530c83ace953c0455177a9cc6e59a6a141d622c58b85a982325a6986b5d7ed562d0db2fb631fa
-
/data/data/com.aio.downloader/files/exid.datFilesize
32KB
MD57d35f67cbaa1ebe4acef01c93c198ac3
SHA10b9d7ac7ce7d4b611a748b3d97041a5fdb7071ce
SHA25640dc1e7ff334efd5b7160d87b0d3f32d32a9e38e4289d5d5943be73d170b6342
SHA51293c2967d61d1aeb8b633b4d240b3efcc014d6052e6b13ee0f5f1f6f2460ade66d99aedb2173fdb351d8336269b7e27195a7a8e55e0aac4e9d41e04da9dfc5f05
-
/data/data/com.aio.downloader/files/umeng_it.cacheFilesize
32KB
MD5cb19a194a7bc647aa2dd976803268d01
SHA168d991d72bec953cf0597a907396b04e2f42a7af
SHA256e8818e318b5b1e3d5546edb703daf486602fde54237a4afa874044c6e05ba7c4
SHA51283b50402f2023c5ca9326b0211167a132601e06e32cdcc7c4a4ee09b32b7c6091ecbd7c9e06e377eaac117f463e4e93c630a7c6e1d835e2734d4be4e2bfa8df6