Analysis

  • max time kernel
    179s
  • max time network
    181s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 00:22

General

  • Target

    a31fb5638450b4390fb43954bd847342_JaffaCakes118.apk

  • Size

    3.7MB

  • MD5

    a31fb5638450b4390fb43954bd847342

  • SHA1

    51cca2fb35cff284293755f394483394d9ceda64

  • SHA256

    91139952f4945ceaf9461135a296a06ec7c35ff28b7f7c30c84aba16b3c0d4fb

  • SHA512

    222e664941baa5979c76fc63dadc21033e44880dd885f824b6fed14aea7ffe9950fbf4f95876c3bee5a485fdf6885c9463df3953d5e4c1c5678f517b635a69b3

  • SSDEEP

    98304:0WGepd+SLBqxwoGl/4kE/pE2g+XgDa7gvDM:0TaHFyEJE/2ZACDM

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 5 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
  • Checks CPU information 2 TTPs 3 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.aio.downloader:process.main
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4252
  • com.aio.downloader:aio
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4369
  • com.aio.downloader:daemon
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4392
  • com.aio.downloader:remote
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4406
  • com.aio.downloader
    1⤵
    • Checks Android system properties for emulator presence.
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Reads the content of the call log.
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.aio.downloader/app_bin/daemon
    Filesize

    13KB

    MD5

    3fc73019a250522ad89598ed334fb9dd

    SHA1

    0311ce2ae0bf8fd85b6421eb31154d33b2d62d26

    SHA256

    c9b3f2c1f1c1012881aafdf61465aad5866f0052b74978127d2d1eda9dc690bf

    SHA512

    07593085777a99571eca9d8b0f6749e5afac6d92ae0ffdcb98e167715dafc4b295f83df09c72cc4cbd36eb5f3c9c894f6dd0303dd24726c82d7c37f9c6939bb1

  • /data/data/com.aio.downloader/databases/.ua/ua.db-shm
    Filesize

    32KB

    MD5

    e819768502d571ebea083ff10f436d87

    SHA1

    a982da91127c492f31630417362930d237423d87

    SHA256

    21f0ca8963022c61c57b3a7311ab13a9f90a9eb0279d95646057d54cde156170

    SHA512

    265669851e19c192dc1a6eaced8ead6914d634c17b04ae2a009d76d739e9b5b28818d8b05d381115b2a1312781b881dff0336b85d44c8b2e16ebb73ff002e707

  • /data/data/com.aio.downloader/databases/.ua/ua.db-shm
    Filesize

    32KB

    MD5

    c9c43a2eb35067b8824e98ceb0ff0f9f

    SHA1

    2471858704533f0439543e11ad24ce91ea7f0792

    SHA256

    efa2670507d2cda8dc582f056a77d1b3874239b9af97ca58d5436346f5e53f88

    SHA512

    1da4953a72b61d41e280cff2c0a385d299509906407ab6c4ad81be03e5ebe3f5ef47909d83aaa85bf68c590505c930c76e923588c4c29c5e9a28829db88ee1f4

  • /data/data/com.aio.downloader/databases/.ua/ua.db-wal
    Filesize

    12KB

    MD5

    f053c3e9f5d05b82d5170fa6616803ed

    SHA1

    224e541f31cd5674eebbd09db5def890d34b2a73

    SHA256

    68828e45521bdb1a1129ea15da40aa8bfbe499d21abea5778468ff790f235215

    SHA512

    18c404a2d4d5279ed76bd3c7a273427efb3c97062737da75e774b83233c588650844cb853a069e31ffce3aeb390f721456bcfc6685507af428b92637df9ed7f7

  • /data/data/com.aio.downloader/databases/.ua/ua.db-wal
    Filesize

    36KB

    MD5

    3c9bd9e70734b62461cdf37e5466032c

    SHA1

    060ac54de8cc22d944ed71dfcdb53e7ed20f9054

    SHA256

    1cda89ec8d1a8da9e8d2c48a5fcfef951d09f67a882e9ea132e6b67cb64e3720

    SHA512

    108a217111f1bf60f6d9fc2988116642b6403ecce300e81d1ab03bf538d48ac97779d9aff92e90290cdc047c1bb0bb9228fcf855d33494e894400203dffb56b7

  • /data/data/com.aio.downloader/databases/cc/cc.db
    Filesize

    36KB

    MD5

    54a7df9ccfe01a4f20b8ff826e737186

    SHA1

    c38fc0eb95df073662e0b80e8d212def41d4974a

    SHA256

    5584b6dd5e6eccd55adb0d6dcba085e7d9088baf89f16b9d70f94dfe3e6b2473

    SHA512

    165fec7144d653b33e5d6ee11f2af281ef02a6af150da4c9b4ec53bc147d851cc75d3f5e6a2894ca0520ff287ea2f56517c64514ef03c0b09dbc6634917ecda6

  • /data/data/com.aio.downloader/databases/cc/cc.db
    Filesize

    40KB

    MD5

    f549edf1e94e0b32ca161bd574e6f7f7

    SHA1

    8065981ad67fe8f1a0cf1d520af438814279851f

    SHA256

    7d9c969515fc3e171e189f13caf58e819fb98e57e103b3f9793457adfa3e1078

    SHA512

    0683fa47f9d24bfae5ba8b263a126682bcc45bee9ee49389790fe36f541d5c61dc4160235976cbcd9cec63dd938c9fa320f5075d781957c0db7c36bc4bc5a9ca

  • /data/data/com.aio.downloader/databases/cc/cc.db-journal
    Filesize

    60KB

    MD5

    6ce2ddd3886e1ca84e514b026c0d2357

    SHA1

    7c44c88865095650d5fa97f67d0ba37b2d2f5cd0

    SHA256

    141211ecb52adfac9f89fed0288610bf12e8dab6dd8db72bd5dcce5bdc180ab9

    SHA512

    ff20fca394bbdf008c07175027de5db65341d1a742f5d2b0fc7154536ba7c341f1b2dc228f1686c298a3d2075a1d9c0d9e482d5118cc921f163d134a17a17031

  • /data/data/com.aio.downloader/databases/cc/cc.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.aio.downloader/databases/cc/cc.db-shm
    Filesize

    32KB

    MD5

    119041def51cb69b93e2027130924ab8

    SHA1

    89d45fb319555b1a8201bdfebccf563056e4dc99

    SHA256

    0df90dbf3dc5520e8375d903f867ab6d46d56e56d9283c84043748b755529145

    SHA512

    6d6d107d9126d9e39be66631b36aaa7e0fcaf7539d0ed9a58db18ad43cfa0c2f66f7c1c3b0ad7f824fa38e5b86fe2fedb8ba39450978995da609d13b65db5584

  • /data/data/com.aio.downloader/databases/cc/cc.db-wal
    Filesize

    32KB

    MD5

    51d1cbf14f03c18f3577acccf34ce660

    SHA1

    c1b5fb5fdce2a84c5b7e25afc0d2615f6456e809

    SHA256

    89274677150077bb0ada2aa49277a31421ce1abcd68c6332b3f5175de8cee936

    SHA512

    5155db12b1f0653c4bae1d2d3ef684454641857b39030b9a4859ab9c68a940c8c141e4cd2472fc6314335afa5b3ed632503a1a708e096b86b1640b1afe7de088

  • /data/data/com.aio.downloader/databases/cc/cc.db-wal
    Filesize

    48KB

    MD5

    62dc599431bb453e1788afc2a46d2aa8

    SHA1

    cdff89cf513597883766cd7e67dec38bde78a6e4

    SHA256

    e027918c40bccb898230de53eced54b7b39b90007039aa4f141e87324eecea1d

    SHA512

    046dc943857a71beb9e7267b34c56cc1cda5c86a994938d65fab2b1eaf0eb42491670df3216ff73a7ee51a4ac1f17e533a5ed0d37474316686dbd95176c78416

  • /data/data/com.aio.downloader/databases/download2.db
    Filesize

    36KB

    MD5

    1478b8cfa2aaca256493a3d0f907e5ac

    SHA1

    d9a16eb07b30a73ee05d5f85722f385b975f5d88

    SHA256

    df0f26be38f33e2b81c5d813f4311ad6e1471d3a167d099e1ac5c9c985c21d58

    SHA512

    36446fde898cf4801a312b9ad3c75da8d20e20fcb0ebb6f5f61b07fdbef505173a3cddb87c26884b82fd4a150b64ab302b603b84b17e5021133578bc813661c8

  • /data/data/com.aio.downloader/databases/download2.db-journal
    Filesize

    52KB

    MD5

    2bf3b9c0bbaff37894e97f2ba8c09d28

    SHA1

    0cc2517d5f69e542fa4bd2d5e7d6f114738afab8

    SHA256

    2409e340c6fe8d0543458e696218e5f1c00672b85b78517bab249386f275afa0

    SHA512

    5c6082aea5c5d18682b746bfd0f768d57b6cfc93c95cfc5128b31d094ce3e16ca64814a2bfbb6024d1e683726159d2ca2f3e8ae62ff905641439e48090a1b67a

  • /data/data/com.aio.downloader/databases/download2.db-shm
    Filesize

    32KB

    MD5

    4b5ca46986a21b38a636b13158455c90

    SHA1

    c343767bc05070ae3e0ad0319594d48ed9908ff4

    SHA256

    45e1621eb2061f8c95341d7187c16363ef35541a714d3edca084033a206c9532

    SHA512

    629acf1b33c6869eb6e18995d24e00263bfd7a656766603220745bd2bf78576561354014e7952d9d2feecfdddc90bf15d340761c448f047961bfcea3777fdf29

  • /data/data/com.aio.downloader/databases/download2.db-wal
    Filesize

    32KB

    MD5

    7a53be6f1efe2931148432f2c0a6be38

    SHA1

    5f8fc39bf7f8f3f05d530076c965677957e8d91b

    SHA256

    b40b7537eaa367fc26c759ac006af4086745a2f3bfc73231b9585d6adb841c28

    SHA512

    053c1d6f9b276c26d2ee2007ba81664b4859f6e110f4c89246e0abb1ee3449b4e20dc61cf1622684f4ee3706f5cfadf6a3a324ba36d8015cc2ab552ce8518026

  • /data/data/com.aio.downloader/databases/runapp-shm
    Filesize

    80KB

    MD5

    c6c58521dcb6cbf0751ae50d4afb7d4e

    SHA1

    97c2a21fe750993032d59f19f5981ea9faa4edd0

    SHA256

    e07f99ee0171c464a7a5fe3877aa9c01ed9c7db26fed2632061ecdce9fbb1e48

    SHA512

    2cdca5988c04b3107f4fd6237cc804d7fb4fce21dced793d7085f0ff24b7cc129f9c9c12f2677f32fc37d0f5d91b3ceb0a13f9ec6fa34093c225b0aeb97c3323

  • /data/data/com.aio.downloader/databases/runapp-wal
    Filesize

    32KB

    MD5

    0cd39c45bb914b3d324c1ee7dcb0a63c

    SHA1

    89485eed956e64c9ac0d43dfb4cb29fc67187c02

    SHA256

    a0439a7e3ff0153951715b6daf780a760e6ad02d65c354b3cbc9944e2c00d4c2

    SHA512

    1536b395a134f205f67d6701990bf1b7ec8e060df6a5ce197ebdf793d6aefc3d29b1da1e7e98ddcb0fafec2f0218c9f255a0464bb2549b6e842321d9a5011878

  • /data/data/com.aio.downloader/files/.um/um_cache_1718238276832.env
    Filesize

    1KB

    MD5

    7be443c20865aa5b19e72f593676287d

    SHA1

    03bc5079cf3e026bc4e277d145dc681d003823f6

    SHA256

    5cafa2273769a2e1409aac542befb22cbd2bbaae93b253a843ae6b1200926687

    SHA512

    498c5020fec66a92d508615a333f2b66195f509c837bea48fbf579cb790a43c9b9453f6b77d835ffa25d05fe1d485b1f1a42445fc99e816939a78c88dd64eb1a

  • /data/data/com.aio.downloader/files/.umeng/exchangeIdentity.json
    Filesize

    32KB

    MD5

    9069bb19b1703251fd2ee639bcc2c694

    SHA1

    6d87154ede3cd4aa4f4f47cf98405d5158b106b2

    SHA256

    5e86d8eae1a49efdf903a16d4d3b60ffe7168da825c8ca89f93b8c5aad15ae7b

    SHA512

    c4c98f700c671ef1c0f1edd83508d15d32ae69994a3abeb899c530c83ace953c0455177a9cc6e59a6a141d622c58b85a982325a6986b5d7ed562d0db2fb631fa

  • /data/data/com.aio.downloader/files/exid.dat
    Filesize

    32KB

    MD5

    7d35f67cbaa1ebe4acef01c93c198ac3

    SHA1

    0b9d7ac7ce7d4b611a748b3d97041a5fdb7071ce

    SHA256

    40dc1e7ff334efd5b7160d87b0d3f32d32a9e38e4289d5d5943be73d170b6342

    SHA512

    93c2967d61d1aeb8b633b4d240b3efcc014d6052e6b13ee0f5f1f6f2460ade66d99aedb2173fdb351d8336269b7e27195a7a8e55e0aac4e9d41e04da9dfc5f05

  • /data/data/com.aio.downloader/files/umeng_it.cache
    Filesize

    32KB

    MD5

    cb19a194a7bc647aa2dd976803268d01

    SHA1

    68d991d72bec953cf0597a907396b04e2f42a7af

    SHA256

    e8818e318b5b1e3d5546edb703daf486602fde54237a4afa874044c6e05ba7c4

    SHA512

    83b50402f2023c5ca9326b0211167a132601e06e32cdcc7c4a4ee09b32b7c6091ecbd7c9e06e377eaac117f463e4e93c630a7c6e1d835e2734d4be4e2bfa8df6