Analysis
-
max time kernel
64s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 05:35
Static task
static1
General
-
Target
a403aef7ce1ffddc82ba7edb75f9f511_JaffaCakes118.apk
-
Size
7.5MB
-
MD5
a403aef7ce1ffddc82ba7edb75f9f511
-
SHA1
edab75c14a91be1ac86ba507286bd61a5dfd5335
-
SHA256
06d48cacb868094a1f52a9e2908a3918d19a910224f78736ea1801ba2836682d
-
SHA512
228e8aa893665728e5b96b48e411abc296761230ebd97142188f54e0bf334eb06c29cc94ca7a07d27bb3c7a7a0f2c9051c81155b58edba1be5972f4a3ece39e0
-
SSDEEP
196608:Tom/oDWwUphTymhvW7n6m72ZrC4AJuqO2:TTphTF9ZreZ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ganji.android.garieldcom.ganji.android.garield:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ganji.android.garield Framework service call android.app.IActivityManager.getRunningAppProcesses com.ganji.android.garield:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 5 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.ganji.android.garieldcom.ganji.android.garield:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ganji.android.garield Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ganji.android.garield:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ganji.android.garielddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ganji.android.garield -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.ganji.android.garield1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
-
com.ganji.android.garield:pushservice1⤵
- Queries information about running processes on the device
- Queries information about active data network
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ganji.android.garield/app_sql/ganji.dbFilesize
17KB
MD5318764b23b048b32aa3d4bd1a203d417
SHA1d4353f234bd90a21408e6b35204c23890dfd24eb
SHA256e197f767f83f55126d8a0c496367a3e8323f3459ce3d5f2b0c29cda27874dedb
SHA512e487c05bc6e509310ea47c03b37fd5d338faee4ac3aac4bd3e6998449c1731e3704782926f88342026fa8d3ced0e3632c8d27dd5a930096ede1ef48a98ab7076
-
/data/data/com.ganji.android.garield/app_sql/ganji.dbFilesize
1024B
MD52c988bfec312f7b0636d0597a76ca4f7
SHA1e55746f2b59dc8098bd95f780936e6a1a7e899ec
SHA2561d33bc0d8cdd4eaededc39fdfe5f4f773521363b4f034af6aeecc9cd47701ab8
SHA512766dae637adfb9a0405ca75bdfbe4b37a9bfd9bdd68869b47af7581424e8f698c9f8d1f20e455503cec4b164b1925cbbe8ab1df60daff82b222817a1ca9f0192
-
/data/data/com.ganji.android.garield/app_sql/ganji.db-journalFilesize
1KB
MD5b040ceaf854123efb54679aa5802434a
SHA1b54f87592d0ca5032c25f383a98fe312bc97370e
SHA256c2df46aa72148ece4823ebd58ecd7a934b3ebf63534906f56bc5a41a6947cf64
SHA5127da8704b9d3e476e415f59e72df783a3f1c2c412ed8243fa53889fe647c487717e7eaed5cdc1260b26ca1b2b0eaf400d577202a475ffc0966c1b1fc8d7579307
-
/data/data/com.ganji.android.garield/app_sql/ganji.db-walFilesize
1KB
MD54652d2d919f3e4fb605ddca94d78de1b
SHA173c963ced7a7754f7011a627c590bf3a7e979d8f
SHA256bf3283a4eb441f1896109c205f460a14aa07184acb62d30209a901a7483e78f6
SHA512b6f21b3c91ae7c8bcf46693e65b6c80d062e12eda4f7e6739187a3d38b196d03b47173f643fa738f49bfa935463e930623abd0ede11f0bcf1b151bcc75920cde
-
/data/data/com.ganji.android.garield/databases/userTrace.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.ganji.android.garield/databases/userTrace.db-journalFilesize
512B
MD567f9112739af5ad4e8e83b5d1e3c745d
SHA1e3e0ef6cef29bf3467608818a0f61e0b8c0fc7ff
SHA256a82e95d42273c30bd49d17cf6cdddedf84b6734198486044b689bc7412199ef8
SHA51235ddd25a8f991f991734f8cf2d03492675e4f5761532da9aae301a98853197966bc981ac5883a2e9da77fadb1790304371e4eb27e33c7610461fb4940422dfc4
-
/data/data/com.ganji.android.garield/databases/userTrace.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ganji.android.garield/databases/userTrace.db-walFilesize
32KB
MD51856284307ed9750f06d5f7675f1911e
SHA1e78884d09f5d803c8849fd43d604a17b11d19a29
SHA2569c570317bc252d87d3bc5163dc998a70f204ebd75726c37583533e5de4f1981c
SHA5126a466197588fb9f5942ae5ee22b1205e93f27baf9a0258812e365a3a1b2ed004985d4d72880a9f993222d65bb460bd3fb530cb1c2ff5390e748832c5a2f7dcc5
-
/data/data/com.ganji.android.garield/files/mobclick_agent_cached_com.ganji.android.garieldFilesize
197B
MD51d90efe8c4d4134d8e60ef75290dda94
SHA124c23f4626a64934aacaaf6363f44366821de499
SHA256c3bbd3054c1a7b13c2d1d60202a7b753d94963214f7ec7d021bbe2623a58aace
SHA512e20fc936d4d060885a13a7d906ae757eda42e283462b717709ddd05e4c50eca3b709fb1679946113b0d369b2d2c04a739af502380603a541cbe0f92f9d15c2d8
-
/storage/emulated/0/mipush/log/com.ganji.android.garield/log1.txtFilesize
220B
MD5fb03a026258bee4a8b2420af02db039c
SHA1d7b7c14433804d88b14026290826f5fd49e154a7
SHA256bf19dc2ee94a2420f9d3f6b49299cbc1d9daf29c2ca453aac86a6b8199ca07d9
SHA51252be4c351cb61e77093966c83dde3affda7c249abcbb1e9644f66aaefe9c43f9d72a25cb6ecbab8ee8740ba1452af8bbb79799b5b10210f863a688705c66f988
-
/storage/emulated/0/mipush/log/com.ganji.android.garield/log1.txtFilesize
307B
MD5710f0d80a3d6da7a5a32ebd562460fc8
SHA1d3a4b78b4f993228cd37b835836b0dcc12153e6d
SHA256226cb7fd2b509affb55ed7c223e859c17be19dfb96f820dd0958451bfed125e3
SHA51219f54e1db49a6e3945da0953c610534fd500ca196239a5c4811065e7180aa2dc4f1c95605ba05d9a2c8562312ccb814e03b0a33b256a10cd0d709b8beed78a9f