Analysis

  • max time kernel
    177s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 04:02

General

  • Target

    a3c4a7e99f32434bf4e10b096dc73401_JaffaCakes118.apk

  • Size

    12.8MB

  • MD5

    a3c4a7e99f32434bf4e10b096dc73401

  • SHA1

    39c25db5df8e8b3eee3e27a7d4b068660f3c1e0e

  • SHA256

    c686f5f38b52aff239d744bd382712b4d82b6847a6de342cd2dd1155b227998c

  • SHA512

    3013f25c1309a28b64d00b36973d53495a1984646be2ec86c34f9a0fa4ca84f370d8fac4ec301fc1c9536cc4178cb7f238ccef0ca691fda21a0d5af4d568d333

  • SSDEEP

    393216:1A4BgiqYH6oqb76gA0PNmS3jFTZltHYZFBWXZ8di:1AfCHXm6l0ll3ZrtHeNi

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.gikoo5
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.gikoo5/app_sslcache/www.easemob.com.443
    Filesize

    5KB

    MD5

    a0122b61da078ddd118b917ae62ba411

    SHA1

    bbee36ccbcac96d3ffaa95a5a77d54ca0d66b9a3

    SHA256

    cc9e1087bc91c4aadf26130d086df96be54c55576f8c6bfbbad29c0d416c343f

    SHA512

    142f9b600dd57b984d2084ff04bf5064f49e962e73cd694d348236759bdbabb043f76723deea42c1506cd3c9f9f8051f632e73de0f716ac357b66b6cc03a9342

  • /data/data/com.gikoo5/cache/com.parse/applicationId
    Filesize

    40B

    MD5

    a689895f98eeba3ad54c857fb7d3d491

    SHA1

    7b4bbe717287a91a5a6ab19a0bfd0a314fcca556

    SHA256

    898acf5a8ab518b0b83c6df22462def9085de719e0f25dbe6097acf4fd140206

    SHA512

    6e3594e8dd35521f5b8aea180ec54b6a09365a5f418241a0eacbd131cb41883b3a60f23fe0cbaa216ade13b29e73a35283ded1c5c4330c07e85068af0e17b803

  • /data/data/com.gikoo5/databases/ParseOfflineStore
    Filesize

    32KB

    MD5

    cb82aba1c84a4838189ffb3e839f0424

    SHA1

    5b56390c9bdae34787a06ef93a4e72a4db218b54

    SHA256

    2010e5743590b7c98cba19d7fd5241fca270cbab520e1c8fbabe51fe540972c8

    SHA512

    f2d29795c2f979a6f19fdbd136d639912e3bb1d945409a4bb1275396d5aa163eec0ecdf14af077f3edde260330a8eed42f204150b4238b7801f7462173efef75

  • /data/data/com.gikoo5/databases/ParseOfflineStore-journal
    Filesize

    512B

    MD5

    f82fdff836072ae6b4d881484b530bd4

    SHA1

    051c6832e26484fd01b74f146bf5c2bd66824d2b

    SHA256

    941ba1e0190577a20741e129b037ff17723bc3dab88d82b992bff57d60c9dc1f

    SHA512

    04350b56460bc63e72f8142744738614f93ad2126326d5b8e28db83b20da0b1edda1d4e44f333a0b68612b66092b85a0d640f6ee52a6e831d4322d465b5ad2d3

  • /data/data/com.gikoo5/databases/ParseOfflineStore-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.gikoo5/databases/ParseOfflineStore-wal
    Filesize

    44KB

    MD5

    f577d1b8e52a7af7c8a0e6847e88c2ad

    SHA1

    77703a606bb4f9e023efc3feee671aef83ea5dd9

    SHA256

    b1299c516880e78658d59199674a5a5dcc431e6bf8f35dd3df86fd34e0e36ddb

    SHA512

    8e3f74e08b29c951badd3832380268cf568463e4271e5d2112ae5925b06f300d4a877e6603dbacb26be36cc33bb9aa3fbae4b15de39087269feb3af581ade94a

  • /data/data/com.gikoo5/databases/rep.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.gikoo5/databases/rep.db-journal
    Filesize

    512B

    MD5

    db0e5b4190a737cc825b2731cde80185

    SHA1

    188afa8ca93c3df4b31a175b48f037961a0e3aa0

    SHA256

    3bd19b9511f0460d794914a10f91282b103323ebf2c648ec7b318c42f7b1a8dc

    SHA512

    633e7fce62d947ddebb5e90b4f279fa72d852ef1be12b97b4ad6d24efd9685d088b96fc77f9923f87d6b822afb08499b330ee8b3136fbd967e4dd4a87b2a4bf6

  • /data/data/com.gikoo5/databases/rep.db-wal
    Filesize

    36KB

    MD5

    60199292b1bbb56350ae54d1be10eac6

    SHA1

    8cb8f7a9ab7198206d7d9e9e2eeb5f115d899388

    SHA256

    39d4310ccaa955240587cf1e207f7dd4707a52430dc424e17ad09aea92329ac5

    SHA512

    848044501ac4817bf509c6085e8902fa848ef88fc50f09fad3a9298e062405180c7996bab943e547a68c4ccab2299b3d2641857582d73b8f520c0ae5ac0e8297

  • /data/data/com.gikoo5/files/.um/um_cache_1718251425452.env
    Filesize

    593B

    MD5

    f1ef26d93d3ae9dd2a50b25f8c97f971

    SHA1

    c02033b9f2a8c5b1a10d639aac716a74ff5c2bbd

    SHA256

    1540c564634250d31fcc207325253a772128d2a4115bba7044932158c12ce612

    SHA512

    54f42c69b8ac62e7112ae48423ec2d28399635f00b7b6e2171753bc32d99fc5bf4ec918d616bb876bd01eb8b47c69978267470fab88d1c8c14d94ef86a9d21d8

  • /data/data/com.gikoo5/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    bdad2aaaf63207ebbe66ad7ba95220b1

    SHA1

    c7131b047b6909da7d1cb3502b06090f7622066a

    SHA256

    ab53737a0697344161ca557afbd8a7d26882e192fda52ce43c8c6feed985afb4

    SHA512

    5e1aa40a99beec23e6d788c17eb025e3a8bdc990ec1bc29177219ff0186f5b014ee7ba7aefc010263f52e87a99a77bb675b5ac07c07079f53d619f98d91c8444

  • /data/data/com.gikoo5/files/jpush_stat_cache.json
    Filesize

    136B

    MD5

    3e00310e0f34f52a7b0c3ae2ccb8b5fc

    SHA1

    340522bd7882ec495199645f32cbdfea2c41967b

    SHA256

    b9291baec451aba7703eae5cc1139087b342a606c61c4e051fb486e121d19cf5

    SHA512

    29dc1582d41d68127d3ec57e2d9a61e42c589de2cb14c3420141595fabd3398f6b824d348f75bbb0ccc068a8339a17c9a6a1e7f054c16452c4f3a80cc022034e

  • /data/data/com.gikoo5/files/umeng_it.cache
    Filesize

    310B

    MD5

    97369c027f855d10e9bdfea6c3772efe

    SHA1

    b27f356d97859394bf8d6cc2beac036552799270

    SHA256

    21ca424388aae3c7ad29469a85125d14964029542913ac1e1f3c67b8ef69bff2

    SHA512

    648f1b5f628a114a765a72478e3aa36f3b35d6b27937fa9e71f6ce655f98181418121200638e124abf62c8cc278a011894e8a41b79ea3000942ddc47c2a54beb

  • /storage/emulated/0/Android/data/com.gikoo5/cache/uil-images/journal.tmp
    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.html
    Filesize

    85B

    MD5

    7486bb38eb4534d1a39efa1483e548ab

    SHA1

    4d917b2368d1dffcffb97fa7974f6bc82a78fb64

    SHA256

    ffc6bb04b4714ab69347a3233953fff1d966e891354869ace3ae68aa46343973

    SHA512

    c0965df0992598133ec93f892a56812793285394c97e5d7733a2c4f5d9e4b184b517f398beb73011494cd160ba5071bf75346e1faa9c2573449b815e76b6d7e5

  • /storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.html
    Filesize

    82B

    MD5

    54684f064c62caea0f70c12d06bfb8e4

    SHA1

    ebc504ec9d35ab8dd7d21b905f2d4db7aab8219e

    SHA256

    1a4bc2406b7a295e67a85225dddebcc2bcd04597bb48bffd71f14f2af369890d

    SHA512

    21dfeb49ba4a243dcf901c44b66c51dc4946a7f4a48ae9861a257c412f4e647f73b251fbbfa2697593b1dd5bef25c31de59d003213d8cfadaaefecd25f4335a0

  • /storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.html
    Filesize

    113B

    MD5

    c68a4c9b11f51aab7d175ed095a38876

    SHA1

    e9b7a4c2979ddae878a9094b7265381b7c27fbb3

    SHA256

    5de77f62257806a3ca12563f7177611aca817be5a3c19a5f6cd70cf5b1e72d1e

    SHA512

    5116064fb9268041d2c3dbe96bba6a71a7bec9d1b581bbb4aa28bab8a1f17d42fd05c32a7842d4c0057cd91637e57a06e44838f5477f55a0e2130c0886d92049

  • /storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.html
    Filesize

    10KB

    MD5

    05415b1053f3df4cc8849f07602333bf

    SHA1

    b777e5275b635a35d26eaba9702076c17e68cd8a

    SHA256

    c970071ee1bc3bb2808e902ab53345f994319f6d59e825895714c293b15f7173

    SHA512

    91b8fd53c3cfe7dcf6e4d8e6d2e69bf18ff0c60821416a3735ea5f9f0428862ed9fae84e4191a2c33beb270a6caea787c59d8a80c7f377488a89a4ab4be0e71d

  • /storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.html
    Filesize

    172B

    MD5

    08ca9898d3256420c5fbd383bdff5798

    SHA1

    8469f0e2a432896cd92ac76bb845b890852fa674

    SHA256

    21d5f7c12757c8e9b57d1cb7244fd70d5f0e18b76c98ce270ad58826d7f19a3b

    SHA512

    c2f07815705e8eeb6f3dfa09b5aa4d7126957d5276af5618fe7e563c83fa5adfd6f852a2aed7a24e79f2ff8da82bcf9ad4eab4003660d8d455078a29e7fb0dac