Analysis
-
max time kernel
178s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 05:02
Static task
static1
Behavioral task
behavioral1
Sample
a3e74485c0722783e16039c78b68507f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a3e74485c0722783e16039c78b68507f_JaffaCakes118.apk
-
Size
10.5MB
-
MD5
a3e74485c0722783e16039c78b68507f
-
SHA1
82bf70aac1307303f8b9561134e8e1ec974f6968
-
SHA256
c15e5e05411c0370a9743e6fd6c5fc42532f9494e8ff218c1a55d58044884172
-
SHA512
74cae3b61564ee859192f57e55080202bcfe3668e294ca1de485da80c00352366ac53eba99f5e52819fcd02d3d75a1d2c3f3c7607bb444d82fee9f2e47318549
-
SSDEEP
196608:jStrVUUYOPC9ozxgtoPMMTmVRjJ5opdnhDDSwrk:6iUY59Hto+RjJ5oBfSwrk
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sds.android.ttpod.maincom.sds.android.ttpod.supportcom.sds.android.ttpod.pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sds.android.ttpod.main Framework service call android.app.IActivityManager.getRunningAppProcesses com.sds.android.ttpod.support Framework service call android.app.IActivityManager.getRunningAppProcesses com.sds.android.ttpod.pushservice -
Acquires the wake lock 1 IoCs
Processes:
com.sds.android.ttpod.pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.sds.android.ttpod.pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 5 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.sds.android.ttpod.maincom.sds.android.ttpod.supportcom.sds.android.ttpod.pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sds.android.ttpod.main Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sds.android.ttpod.support Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sds.android.ttpod.pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sds.android.ttpod.maincom.sds.android.ttpod.supportdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sds.android.ttpod.main Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sds.android.ttpod.support -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.sds.android.ttpod.supportcom.sds.android.ttpod.pushservicecom.sds.android.ttpod.maindescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.sds.android.ttpod.support Framework service call android.app.IActivityManager.registerReceiver com.sds.android.ttpod.pushservice Framework service call android.app.IActivityManager.registerReceiver com.sds.android.ttpod.main -
Checks CPU information 2 TTPs 2 IoCs
Processes
-
com.sds.android.ttpod.main1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.sds.android.ttpod.support1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.sds.android.ttpod.pushservice1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.sds.android.ttpod/databases/search.db-walFilesize
32KB
MD58948b1c5c474e13937731bb3c5e323b0
SHA133d4ba477bc29f40306a1bd84d7c11c2fc76f3a5
SHA25646265b8613a3684beec4d08829bd27c6b7948f71eb7370c3e504aee1be6bbf01
SHA5122c04b4a110b59c190c401898df509660c1a836b06bb68a667cd7ee57327b6ea4fab3711ceb0081ce0efadc0b3b8097f5b324ca7fa22fd391d1b2adeab3f89b7b
-
/data/data/com.sds.android.ttpod/databases/ttpod.db-journalFilesize
512B
MD5f3391b406f3901269d4c07efaa402926
SHA170127ed0d6356ef78a88fb710adaa8eec37e4d95
SHA256207ec1080b9b0c5dcd7ee953dc49a4bc15f3dd9096191cb8fa0d9acfcb8dc175
SHA5127d118aab274b008e961a3636ce85e4834f4b42f67dded550534fe3b6cdae263d686f8753fcb35f8c9feeccec518501d07c92bd0de12a8c826d58992a3c1858aa
-
/data/data/com.sds.android.ttpod/databases/ttpod.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.sds.android.ttpod/databases/ttpod.db-walFilesize
80KB
MD53f53a900914557764bf934da0fa2fe8a
SHA1b21be5e99b135a9c988a1b9d5012bcfd3ef8a15d
SHA256807092a32f0f16303d3672875ee6668aadd7fdf0e1611bd7e9a528969029aed8
SHA512c03a06e843c59c8ff1d9c19c838f7b8ce7429beaba33dfbee4c1bcfd0e554e6e9b8635ea15e0bc227b7ad2a82392b14a66c29a8b4529b735e6889269dbf5faad
-
/data/data/com.sds.android.ttpod/files/umeng_it.cacheFilesize
76KB
MD5e97675bd0cc0be3265ea61d43ef351f8
SHA1bef7b8e8c9a7e347bd451643b17878e390cbb3bd
SHA256b571bd191f85814711f54d26cb1f92f0b954f5233e2b0a0b48b1bfd4ea703e57
SHA512b63522ffb7b68f90b46f228f6c23b57cea58f995d8a526565e7e7493fdbb5a08aa4403b433734748fbe26685d97f2f79ea61fef6e7d3cac50284f6cf524f4ec6
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
32KB
MD5b15b00bf90b7c93b3665eda88fbc4808
SHA15d90cbaee0798753afcad7e6555a92d2567dd02a
SHA25692882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429
SHA512cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
381B
MD5acebb384eb168f5e46299bb5de0e6027
SHA14439932d76bacbd9bc0ea76d919a5263d7e28399
SHA25635fa2b75f194df887bf881399fe53d43d1daf3e0101d18fa79b0ab48895ad103
SHA51224ead818144a17e8a01d14847317d30d6ac786d5860f74d92fedbaf770711a72a7865ab07e7614d38af5ce68f3e7224abf56fc4f98d9f71d770aa972c1cdcd35
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5f52c6f924f406ee7da8fcd6bae91e785
SHA155a14b39d2a19013574b3145cdecf0dfc261b04b
SHA2569510eb8605a1935906a9356659b97d5f7d57eea750bebf5596178c6a842c87e8
SHA51261ac4f98686c9d3e0e4efdd94926710f121e6d1c17db1ea8f48dfc3b7f29ad676b76cd09b155f88847e786891c3b469614bc5e9dec1fa04687372b15b16ae117
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5b1b1cd31eaf24b56e05810ed5e41310f
SHA1066a83acfe747377ca87b46574b4e79be0a8130b
SHA256d10decf0befdcd79e68de94b1ef242c6fe1910a037b41a5bedee406cc8fcf84e
SHA512679761b0fcf4f9d90cb9a4144dfe24455c5aa4d9449de5a161fb8d7eda4159622fbad3ce33989e0a7e02b7ad234ee13c2b60bfdd9eba19aa27b25448eea2b4fd
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
512B
MD52c2242156517d9f5315622ecd8ce7953
SHA1a38f6c473ffd7853138c0b7f7b20ba0d8992acbd
SHA2564afcc3a7e4ad2d8a3535f259c8e5a0b9eb078842722f884306c038a0c6ad0327
SHA51218cb70076c15b61f599125bf2fbca63ff48502b247e426f1928867cdc3d5bc0fe93170d96e7dc8a92a433c2317fde66b7dd0874eed040c8cdd7fd3e963273ea9
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/.cache/statisticLongDelayTmpFilesize
217B
MD586d47389a86fd261db4b90f145b37a9a
SHA166534e250d4ec3bc40fbe5917c5c57c20c59b26f
SHA256201d1ea4f024101db14ed6c5d64c9f4df5259ff9c95a3cfea0ef7af752bb4793
SHA512a85e4070c66374877ecaa9ddbb92b861d366871bec58d0e6e22511580fd2427bf4e2446d572b309d3d1218553bbfda977deb24d3e67da8cd0b341c9e343f1f3d
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/.cache/statisticShortDelayTmpFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deepFilesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deepFilesize
1B
MD5c81e728d9d4c2f636f067f89cc14862c
SHA1da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA51240b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deepFilesize
1B
MD5eccbc87e4b5ce2fe28308fd9f2a7baf3
SHA177de68daecd823babbb58edb1c8e14d7106e83bb
SHA2564e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
SHA5123bafbf08882a2d10133093a1b8433f50563b93c14acd05b79028eb1d12799027241450980651994501423a66c276ae26c43b739bc65c4e16b10c3af6c202aebb
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deepFilesize
1B
MD5a87ff679a2f3e71d9181a67b7542122c
SHA11b6453892473a467d07372d45eb05abc2031647a
SHA2564b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a
SHA512a321d8b405e3ef2604959847b36d171eebebc4a8941dc70a4784935a4fca5d5813de84dfa049f06549aa61b20848c1633ce81b675286ea8fb53db240d831c568
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deepFilesize
1B
MD5e4da3b7fbbce2345d7772b0674a318d5
SHA1ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4
SHA256ef2d127de37b942baad06145e54b0c619a1f22327b2ebbcfbec78f5564afe39d
SHA51206df05371981a237d0ed11472fae7c94c9ac0eff1d05413516710d17b10a4fb6f4517bda4a695f02d0a73dd4db543b4653df28f5d09dab86f92ffb9b86d01e25
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230Filesize
176B
MD54c053560b18b4461720ab71f9d9e1e06
SHA180fc278a63ac39f14ee55ab72553f871047b0582
SHA256f612276ec7f16a5e0aba050ded46d9f750e4edf05c12af546cd28fa6f062c1eb
SHA51297c853c6c423834bfbee1bebe371a2c8eebc9bb01acf4f9088b2dbeee01a95d1c0c947a0f4207d2621507cbb2aaede564b309c4e58baba738c4dd8a388b2d5ca
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230Filesize
144B
MD559ba0901308533bc5c9b6b04fad347ec
SHA1d619271be615ec7131a0255a0c7f4f4e37b21d62
SHA256be6b69cebe5ab9f8a631d147ff65ef219102ab7c39e3099710ac84d8f02cbe97
SHA512ab5f04cb40c6a4f0b73e8df0303fcf452b0638dc423041a0b699a31218d8b37a8e5993fb6a57172871ae4502097d31c83e84ca8b296870cc82b8145db4af8e6f
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230Filesize
160B
MD5db7ba2677cf341eee88f5009d2291c11
SHA1983a1ab01efe650946b4f228e23ccfe0c9961b57
SHA256fa4ab3a21e06da2fececc6af07ebc8ef15f870f3f8fce5cdaf633add9bf57559
SHA51262b30d0d5fda4795fe5697c06b0321a6d5f5c48665219f5151a148e3cef954c2ea48a6dcdae918b501f5ae1d04efceb4dbd17310a5c817d94ec7ba3cf57579c8
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230Filesize
136B
MD538299e184f3962cad9132c66dc8c8340
SHA1cfbd8ca3770d07b8ae16347b6029706b10df6c7c
SHA2566c37755fdf7496122123f719adf1e31ba9b8a3e123c808d7d7d9c4b5d3b89351
SHA512623115839e562a1de191b8cdc62c93b1fda5c59580df1e1c199744fb59619f097e4652c9dc4fdf66b40d2c9d47d769d320a81c56df7f0e476cd234305ec8e9d6
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230Filesize
179B
MD57d3472daeecc5d8412ef566634b57c2d
SHA19cb6266be6162e81187276cad535083b1f1dca99
SHA256b095f98f22dbf78fec22c49b095a9d76fca4e3c5018973c20c7f09976c9b162e
SHA5127963186d90499579e9667d63effb391456f324990a867f1e8be2c6b0158ed1e2764af01d79009f22631fbaff014648ecc3b2037dea7cc6580e4808d18b6fb1ec
-
/storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960308Filesize
135B
MD5390764928ae6a91ba9e41d7a6ad94baf
SHA16c32576bb24ae50f6091f99a03aa8e6afdec381a
SHA256970747ff4a2880a1fdb99a257055c881066e834bc9b023403e1e3b9e94a0d42c
SHA512d9dc30bb110a66744bf735426b7019ca3cf6e28f39687053b1de09b099ca52fd1f677a84017ec99bbba00ef156d72632bf8d176538c62b3cedec958eb7b47361
-
/storage/emulated/0/ttpod/cache/object/BACKGROUNDFilesize
549B
MD586f953fa5bbccfe91a70b0f4d9972444
SHA10b8124f2c9c09c49c0efed401d58b645e3c800ab
SHA2563fd32e95b1ab6e42b6da349dd059502c469215f4ba077eb42ded0d823aefbbda
SHA512e024a40463d72dad3e90ddb74263a13eccc9e2ff0b36d450eee7cd79f961a19dc5e645962e42c86185e19fceb7127fe13708cb8408210a63b3a337edfcdc2381