Analysis
-
max time kernel
177s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 04:02
Static task
static1
Behavioral task
behavioral1
Sample
a3c4a7e99f32434bf4e10b096dc73401_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a3c4a7e99f32434bf4e10b096dc73401_JaffaCakes118.apk
-
Size
12.8MB
-
MD5
a3c4a7e99f32434bf4e10b096dc73401
-
SHA1
39c25db5df8e8b3eee3e27a7d4b068660f3c1e0e
-
SHA256
c686f5f38b52aff239d744bd382712b4d82b6847a6de342cd2dd1155b227998c
-
SHA512
3013f25c1309a28b64d00b36973d53495a1984646be2ec86c34f9a0fa4ca84f370d8fac4ec301fc1c9536cc4178cb7f238ccef0ca691fda21a0d5af4d568d333
-
SSDEEP
393216:1A4BgiqYH6oqb76gA0PNmS3jFTZltHYZFBWXZ8di:1AfCHXm6l0ll3ZrtHeNi
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.gikoo5description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gikoo5 -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 13 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.gikoo5description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gikoo5 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.gikoo5description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gikoo5 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.gikoo5description ioc process Framework service call android.app.IActivityManager.registerReceiver com.gikoo5 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.gikoo5description ioc process Framework API call javax.crypto.Cipher.doFinal com.gikoo5 -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.gikoo51⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.gikoo5/app_sslcache/www.easemob.com.443Filesize
5KB
MD5a0122b61da078ddd118b917ae62ba411
SHA1bbee36ccbcac96d3ffaa95a5a77d54ca0d66b9a3
SHA256cc9e1087bc91c4aadf26130d086df96be54c55576f8c6bfbbad29c0d416c343f
SHA512142f9b600dd57b984d2084ff04bf5064f49e962e73cd694d348236759bdbabb043f76723deea42c1506cd3c9f9f8051f632e73de0f716ac357b66b6cc03a9342
-
/data/data/com.gikoo5/cache/com.parse/applicationIdFilesize
40B
MD5a689895f98eeba3ad54c857fb7d3d491
SHA17b4bbe717287a91a5a6ab19a0bfd0a314fcca556
SHA256898acf5a8ab518b0b83c6df22462def9085de719e0f25dbe6097acf4fd140206
SHA5126e3594e8dd35521f5b8aea180ec54b6a09365a5f418241a0eacbd131cb41883b3a60f23fe0cbaa216ade13b29e73a35283ded1c5c4330c07e85068af0e17b803
-
/data/data/com.gikoo5/databases/ParseOfflineStoreFilesize
32KB
MD5cb82aba1c84a4838189ffb3e839f0424
SHA15b56390c9bdae34787a06ef93a4e72a4db218b54
SHA2562010e5743590b7c98cba19d7fd5241fca270cbab520e1c8fbabe51fe540972c8
SHA512f2d29795c2f979a6f19fdbd136d639912e3bb1d945409a4bb1275396d5aa163eec0ecdf14af077f3edde260330a8eed42f204150b4238b7801f7462173efef75
-
/data/data/com.gikoo5/databases/ParseOfflineStore-journalFilesize
512B
MD5f82fdff836072ae6b4d881484b530bd4
SHA1051c6832e26484fd01b74f146bf5c2bd66824d2b
SHA256941ba1e0190577a20741e129b037ff17723bc3dab88d82b992bff57d60c9dc1f
SHA51204350b56460bc63e72f8142744738614f93ad2126326d5b8e28db83b20da0b1edda1d4e44f333a0b68612b66092b85a0d640f6ee52a6e831d4322d465b5ad2d3
-
/data/data/com.gikoo5/databases/ParseOfflineStore-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.gikoo5/databases/ParseOfflineStore-walFilesize
44KB
MD5f577d1b8e52a7af7c8a0e6847e88c2ad
SHA177703a606bb4f9e023efc3feee671aef83ea5dd9
SHA256b1299c516880e78658d59199674a5a5dcc431e6bf8f35dd3df86fd34e0e36ddb
SHA5128e3f74e08b29c951badd3832380268cf568463e4271e5d2112ae5925b06f300d4a877e6603dbacb26be36cc33bb9aa3fbae4b15de39087269feb3af581ade94a
-
/data/data/com.gikoo5/databases/rep.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.gikoo5/databases/rep.db-journalFilesize
512B
MD5db0e5b4190a737cc825b2731cde80185
SHA1188afa8ca93c3df4b31a175b48f037961a0e3aa0
SHA2563bd19b9511f0460d794914a10f91282b103323ebf2c648ec7b318c42f7b1a8dc
SHA512633e7fce62d947ddebb5e90b4f279fa72d852ef1be12b97b4ad6d24efd9685d088b96fc77f9923f87d6b822afb08499b330ee8b3136fbd967e4dd4a87b2a4bf6
-
/data/data/com.gikoo5/databases/rep.db-walFilesize
36KB
MD560199292b1bbb56350ae54d1be10eac6
SHA18cb8f7a9ab7198206d7d9e9e2eeb5f115d899388
SHA25639d4310ccaa955240587cf1e207f7dd4707a52430dc424e17ad09aea92329ac5
SHA512848044501ac4817bf509c6085e8902fa848ef88fc50f09fad3a9298e062405180c7996bab943e547a68c4ccab2299b3d2641857582d73b8f520c0ae5ac0e8297
-
/data/data/com.gikoo5/files/.um/um_cache_1718251425452.envFilesize
593B
MD5f1ef26d93d3ae9dd2a50b25f8c97f971
SHA1c02033b9f2a8c5b1a10d639aac716a74ff5c2bbd
SHA2561540c564634250d31fcc207325253a772128d2a4115bba7044932158c12ce612
SHA51254f42c69b8ac62e7112ae48423ec2d28399635f00b7b6e2171753bc32d99fc5bf4ec918d616bb876bd01eb8b47c69978267470fab88d1c8c14d94ef86a9d21d8
-
/data/data/com.gikoo5/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5bdad2aaaf63207ebbe66ad7ba95220b1
SHA1c7131b047b6909da7d1cb3502b06090f7622066a
SHA256ab53737a0697344161ca557afbd8a7d26882e192fda52ce43c8c6feed985afb4
SHA5125e1aa40a99beec23e6d788c17eb025e3a8bdc990ec1bc29177219ff0186f5b014ee7ba7aefc010263f52e87a99a77bb675b5ac07c07079f53d619f98d91c8444
-
/data/data/com.gikoo5/files/jpush_stat_cache.jsonFilesize
136B
MD53e00310e0f34f52a7b0c3ae2ccb8b5fc
SHA1340522bd7882ec495199645f32cbdfea2c41967b
SHA256b9291baec451aba7703eae5cc1139087b342a606c61c4e051fb486e121d19cf5
SHA51229dc1582d41d68127d3ec57e2d9a61e42c589de2cb14c3420141595fabd3398f6b824d348f75bbb0ccc068a8339a17c9a6a1e7f054c16452c4f3a80cc022034e
-
/data/data/com.gikoo5/files/umeng_it.cacheFilesize
310B
MD597369c027f855d10e9bdfea6c3772efe
SHA1b27f356d97859394bf8d6cc2beac036552799270
SHA25621ca424388aae3c7ad29469a85125d14964029542913ac1e1f3c67b8ef69bff2
SHA512648f1b5f628a114a765a72478e3aa36f3b35d6b27937fa9e71f6ce655f98181418121200638e124abf62c8cc278a011894e8a41b79ea3000942ddc47c2a54beb
-
/storage/emulated/0/Android/data/com.gikoo5/cache/uil-images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.htmlFilesize
85B
MD57486bb38eb4534d1a39efa1483e548ab
SHA14d917b2368d1dffcffb97fa7974f6bc82a78fb64
SHA256ffc6bb04b4714ab69347a3233953fff1d966e891354869ace3ae68aa46343973
SHA512c0965df0992598133ec93f892a56812793285394c97e5d7733a2c4f5d9e4b184b517f398beb73011494cd160ba5071bf75346e1faa9c2573449b815e76b6d7e5
-
/storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.htmlFilesize
82B
MD554684f064c62caea0f70c12d06bfb8e4
SHA1ebc504ec9d35ab8dd7d21b905f2d4db7aab8219e
SHA2561a4bc2406b7a295e67a85225dddebcc2bcd04597bb48bffd71f14f2af369890d
SHA51221dfeb49ba4a243dcf901c44b66c51dc4946a7f4a48ae9861a257c412f4e647f73b251fbbfa2697593b1dd5bef25c31de59d003213d8cfadaaefecd25f4335a0
-
/storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.htmlFilesize
113B
MD5c68a4c9b11f51aab7d175ed095a38876
SHA1e9b7a4c2979ddae878a9094b7265381b7c27fbb3
SHA2565de77f62257806a3ca12563f7177611aca817be5a3c19a5f6cd70cf5b1e72d1e
SHA5125116064fb9268041d2c3dbe96bba6a71a7bec9d1b581bbb4aa28bab8a1f17d42fd05c32a7842d4c0057cd91637e57a06e44838f5477f55a0e2130c0886d92049
-
/storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.htmlFilesize
10KB
MD505415b1053f3df4cc8849f07602333bf
SHA1b777e5275b635a35d26eaba9702076c17e68cd8a
SHA256c970071ee1bc3bb2808e902ab53345f994319f6d59e825895714c293b15f7173
SHA51291b8fd53c3cfe7dcf6e4d8e6d2e69bf18ff0c60821416a3735ea5f9f0428862ed9fae84e4191a2c33beb270a6caea787c59d8a80c7f377488a89a4ab4be0e71d
-
/storage/emulated/0/Android/data/com.gikoo5/gikoo#gikoorecruitment/log/20240613/000.htmlFilesize
172B
MD508ca9898d3256420c5fbd383bdff5798
SHA18469f0e2a432896cd92ac76bb845b890852fa674
SHA25621d5f7c12757c8e9b57d1cb7244fd70d5f0e18b76c98ce270ad58826d7f19a3b
SHA512c2f07815705e8eeb6f3dfa09b5aa4d7126957d5276af5618fe7e563c83fa5adfd6f852a2aed7a24e79f2ff8da82bcf9ad4eab4003660d8d455078a29e7fb0dac