Analysis

  • max time kernel
    64s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 05:35

General

  • Target

    a403aef7ce1ffddc82ba7edb75f9f511_JaffaCakes118.apk

  • Size

    7.5MB

  • MD5

    a403aef7ce1ffddc82ba7edb75f9f511

  • SHA1

    edab75c14a91be1ac86ba507286bd61a5dfd5335

  • SHA256

    06d48cacb868094a1f52a9e2908a3918d19a910224f78736ea1801ba2836682d

  • SHA512

    228e8aa893665728e5b96b48e411abc296761230ebd97142188f54e0bf334eb06c29cc94ca7a07d27bb3c7a7a0f2c9051c81155b58edba1be5972f4a3ece39e0

  • SSDEEP

    196608:Tom/oDWwUphTymhvW7n6m72ZrC4AJuqO2:TTphTF9ZreZ

Score
7/10

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.ganji.android.garield
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4175
  • com.ganji.android.garield:pushservice
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    PID:4206

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ganji.android.garield/app_sql/ganji.db
    Filesize

    17KB

    MD5

    318764b23b048b32aa3d4bd1a203d417

    SHA1

    d4353f234bd90a21408e6b35204c23890dfd24eb

    SHA256

    e197f767f83f55126d8a0c496367a3e8323f3459ce3d5f2b0c29cda27874dedb

    SHA512

    e487c05bc6e509310ea47c03b37fd5d338faee4ac3aac4bd3e6998449c1731e3704782926f88342026fa8d3ced0e3632c8d27dd5a930096ede1ef48a98ab7076

  • /data/data/com.ganji.android.garield/app_sql/ganji.db
    Filesize

    1024B

    MD5

    2c988bfec312f7b0636d0597a76ca4f7

    SHA1

    e55746f2b59dc8098bd95f780936e6a1a7e899ec

    SHA256

    1d33bc0d8cdd4eaededc39fdfe5f4f773521363b4f034af6aeecc9cd47701ab8

    SHA512

    766dae637adfb9a0405ca75bdfbe4b37a9bfd9bdd68869b47af7581424e8f698c9f8d1f20e455503cec4b164b1925cbbe8ab1df60daff82b222817a1ca9f0192

  • /data/data/com.ganji.android.garield/app_sql/ganji.db-journal
    Filesize

    1KB

    MD5

    b040ceaf854123efb54679aa5802434a

    SHA1

    b54f87592d0ca5032c25f383a98fe312bc97370e

    SHA256

    c2df46aa72148ece4823ebd58ecd7a934b3ebf63534906f56bc5a41a6947cf64

    SHA512

    7da8704b9d3e476e415f59e72df783a3f1c2c412ed8243fa53889fe647c487717e7eaed5cdc1260b26ca1b2b0eaf400d577202a475ffc0966c1b1fc8d7579307

  • /data/data/com.ganji.android.garield/app_sql/ganji.db-wal
    Filesize

    1KB

    MD5

    4652d2d919f3e4fb605ddca94d78de1b

    SHA1

    73c963ced7a7754f7011a627c590bf3a7e979d8f

    SHA256

    bf3283a4eb441f1896109c205f460a14aa07184acb62d30209a901a7483e78f6

    SHA512

    b6f21b3c91ae7c8bcf46693e65b6c80d062e12eda4f7e6739187a3d38b196d03b47173f643fa738f49bfa935463e930623abd0ede11f0bcf1b151bcc75920cde

  • /data/data/com.ganji.android.garield/databases/userTrace.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.ganji.android.garield/databases/userTrace.db-journal
    Filesize

    512B

    MD5

    67f9112739af5ad4e8e83b5d1e3c745d

    SHA1

    e3e0ef6cef29bf3467608818a0f61e0b8c0fc7ff

    SHA256

    a82e95d42273c30bd49d17cf6cdddedf84b6734198486044b689bc7412199ef8

    SHA512

    35ddd25a8f991f991734f8cf2d03492675e4f5761532da9aae301a98853197966bc981ac5883a2e9da77fadb1790304371e4eb27e33c7610461fb4940422dfc4

  • /data/data/com.ganji.android.garield/databases/userTrace.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.ganji.android.garield/databases/userTrace.db-wal
    Filesize

    32KB

    MD5

    1856284307ed9750f06d5f7675f1911e

    SHA1

    e78884d09f5d803c8849fd43d604a17b11d19a29

    SHA256

    9c570317bc252d87d3bc5163dc998a70f204ebd75726c37583533e5de4f1981c

    SHA512

    6a466197588fb9f5942ae5ee22b1205e93f27baf9a0258812e365a3a1b2ed004985d4d72880a9f993222d65bb460bd3fb530cb1c2ff5390e748832c5a2f7dcc5

  • /data/data/com.ganji.android.garield/files/mobclick_agent_cached_com.ganji.android.garield
    Filesize

    197B

    MD5

    1d90efe8c4d4134d8e60ef75290dda94

    SHA1

    24c23f4626a64934aacaaf6363f44366821de499

    SHA256

    c3bbd3054c1a7b13c2d1d60202a7b753d94963214f7ec7d021bbe2623a58aace

    SHA512

    e20fc936d4d060885a13a7d906ae757eda42e283462b717709ddd05e4c50eca3b709fb1679946113b0d369b2d2c04a739af502380603a541cbe0f92f9d15c2d8

  • /storage/emulated/0/mipush/log/com.ganji.android.garield/log1.txt
    Filesize

    220B

    MD5

    fb03a026258bee4a8b2420af02db039c

    SHA1

    d7b7c14433804d88b14026290826f5fd49e154a7

    SHA256

    bf19dc2ee94a2420f9d3f6b49299cbc1d9daf29c2ca453aac86a6b8199ca07d9

    SHA512

    52be4c351cb61e77093966c83dde3affda7c249abcbb1e9644f66aaefe9c43f9d72a25cb6ecbab8ee8740ba1452af8bbb79799b5b10210f863a688705c66f988

  • /storage/emulated/0/mipush/log/com.ganji.android.garield/log1.txt
    Filesize

    307B

    MD5

    710f0d80a3d6da7a5a32ebd562460fc8

    SHA1

    d3a4b78b4f993228cd37b835836b0dcc12153e6d

    SHA256

    226cb7fd2b509affb55ed7c223e859c17be19dfb96f820dd0958451bfed125e3

    SHA512

    19f54e1db49a6e3945da0953c610534fd500ca196239a5c4811065e7180aa2dc4f1c95605ba05d9a2c8562312ccb814e03b0a33b256a10cd0d709b8beed78a9f