Analysis

  • max time kernel
    178s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 05:02

General

  • Target

    a3e74485c0722783e16039c78b68507f_JaffaCakes118.apk

  • Size

    10.5MB

  • MD5

    a3e74485c0722783e16039c78b68507f

  • SHA1

    82bf70aac1307303f8b9561134e8e1ec974f6968

  • SHA256

    c15e5e05411c0370a9743e6fd6c5fc42532f9494e8ff218c1a55d58044884172

  • SHA512

    74cae3b61564ee859192f57e55080202bcfe3668e294ca1de485da80c00352366ac53eba99f5e52819fcd02d3d75a1d2c3f3c7607bb444d82fee9f2e47318549

  • SSDEEP

    196608:jStrVUUYOPC9ozxgtoPMMTmVRjJ5opdnhDDSwrk:6iUY59Hto+RjJ5oBfSwrk

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Checks CPU information 2 TTPs 2 IoCs

Processes

  • com.sds.android.ttpod.main
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4239
  • com.sds.android.ttpod.support
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4312
  • com.sds.android.ttpod.pushservice
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4401

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sds.android.ttpod/databases/search.db-wal
    Filesize

    32KB

    MD5

    8948b1c5c474e13937731bb3c5e323b0

    SHA1

    33d4ba477bc29f40306a1bd84d7c11c2fc76f3a5

    SHA256

    46265b8613a3684beec4d08829bd27c6b7948f71eb7370c3e504aee1be6bbf01

    SHA512

    2c04b4a110b59c190c401898df509660c1a836b06bb68a667cd7ee57327b6ea4fab3711ceb0081ce0efadc0b3b8097f5b324ca7fa22fd391d1b2adeab3f89b7b

  • /data/data/com.sds.android.ttpod/databases/ttpod.db-journal
    Filesize

    512B

    MD5

    f3391b406f3901269d4c07efaa402926

    SHA1

    70127ed0d6356ef78a88fb710adaa8eec37e4d95

    SHA256

    207ec1080b9b0c5dcd7ee953dc49a4bc15f3dd9096191cb8fa0d9acfcb8dc175

    SHA512

    7d118aab274b008e961a3636ce85e4834f4b42f67dded550534fe3b6cdae263d686f8753fcb35f8c9feeccec518501d07c92bd0de12a8c826d58992a3c1858aa

  • /data/data/com.sds.android.ttpod/databases/ttpod.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.sds.android.ttpod/databases/ttpod.db-wal
    Filesize

    80KB

    MD5

    3f53a900914557764bf934da0fa2fe8a

    SHA1

    b21be5e99b135a9c988a1b9d5012bcfd3ef8a15d

    SHA256

    807092a32f0f16303d3672875ee6668aadd7fdf0e1611bd7e9a528969029aed8

    SHA512

    c03a06e843c59c8ff1d9c19c838f7b8ce7429beaba33dfbee4c1bcfd0e554e6e9b8635ea15e0bc227b7ad2a82392b14a66c29a8b4529b735e6889269dbf5faad

  • /data/data/com.sds.android.ttpod/files/umeng_it.cache
    Filesize

    76KB

    MD5

    e97675bd0cc0be3265ea61d43ef351f8

    SHA1

    bef7b8e8c9a7e347bd451643b17878e390cbb3bd

    SHA256

    b571bd191f85814711f54d26cb1f92f0b954f5233e2b0a0b48b1bfd4ea703e57

    SHA512

    b63522ffb7b68f90b46f228f6c23b57cea58f995d8a526565e7e7493fdbb5a08aa4403b433734748fbe26685d97f2f79ea61fef6e7d3cac50284f6cf524f4ec6

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    32KB

    MD5

    b15b00bf90b7c93b3665eda88fbc4808

    SHA1

    5d90cbaee0798753afcad7e6555a92d2567dd02a

    SHA256

    92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429

    SHA512

    cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    381B

    MD5

    acebb384eb168f5e46299bb5de0e6027

    SHA1

    4439932d76bacbd9bc0ea76d919a5263d7e28399

    SHA256

    35fa2b75f194df887bf881399fe53d43d1daf3e0101d18fa79b0ab48895ad103

    SHA512

    24ead818144a17e8a01d14847317d30d6ac786d5860f74d92fedbaf770711a72a7865ab07e7614d38af5ce68f3e7224abf56fc4f98d9f71d770aa972c1cdcd35

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    f52c6f924f406ee7da8fcd6bae91e785

    SHA1

    55a14b39d2a19013574b3145cdecf0dfc261b04b

    SHA256

    9510eb8605a1935906a9356659b97d5f7d57eea750bebf5596178c6a842c87e8

    SHA512

    61ac4f98686c9d3e0e4efdd94926710f121e6d1c17db1ea8f48dfc3b7f29ad676b76cd09b155f88847e786891c3b469614bc5e9dec1fa04687372b15b16ae117

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    381B

    MD5

    b1b1cd31eaf24b56e05810ed5e41310f

    SHA1

    066a83acfe747377ca87b46574b4e79be0a8130b

    SHA256

    d10decf0befdcd79e68de94b1ef242c6fe1910a037b41a5bedee406cc8fcf84e

    SHA512

    679761b0fcf4f9d90cb9a4144dfe24455c5aa4d9449de5a161fb8d7eda4159622fbad3ce33989e0a7e02b7ad234ee13c2b60bfdd9eba19aa27b25448eea2b4fd

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    512B

    MD5

    2c2242156517d9f5315622ecd8ce7953

    SHA1

    a38f6c473ffd7853138c0b7f7b20ba0d8992acbd

    SHA256

    4afcc3a7e4ad2d8a3535f259c8e5a0b9eb078842722f884306c038a0c6ad0327

    SHA512

    18cb70076c15b61f599125bf2fbca63ff48502b247e426f1928867cdc3d5bc0fe93170d96e7dc8a92a433c2317fde66b7dd0874eed040c8cdd7fd3e963273ea9

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/.cache/statisticLongDelayTmp
    Filesize

    217B

    MD5

    86d47389a86fd261db4b90f145b37a9a

    SHA1

    66534e250d4ec3bc40fbe5917c5c57c20c59b26f

    SHA256

    201d1ea4f024101db14ed6c5d64c9f4df5259ff9c95a3cfea0ef7af752bb4793

    SHA512

    a85e4070c66374877ecaa9ddbb92b861d366871bec58d0e6e22511580fd2427bf4e2446d572b309d3d1218553bbfda977deb24d3e67da8cd0b341c9e343f1f3d

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/.cache/statisticShortDelayTmp
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deep
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deep
    Filesize

    1B

    MD5

    c81e728d9d4c2f636f067f89cc14862c

    SHA1

    da4b9237bacccdf19c0760cab7aec4a8359010b0

    SHA256

    d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

    SHA512

    40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deep
    Filesize

    1B

    MD5

    eccbc87e4b5ce2fe28308fd9f2a7baf3

    SHA1

    77de68daecd823babbb58edb1c8e14d7106e83bb

    SHA256

    4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

    SHA512

    3bafbf08882a2d10133093a1b8433f50563b93c14acd05b79028eb1d12799027241450980651994501423a66c276ae26c43b739bc65c4e16b10c3af6c202aebb

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deep
    Filesize

    1B

    MD5

    a87ff679a2f3e71d9181a67b7542122c

    SHA1

    1b6453892473a467d07372d45eb05abc2031647a

    SHA256

    4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a

    SHA512

    a321d8b405e3ef2604959847b36d171eebebc4a8941dc70a4784935a4fca5d5813de84dfa049f06549aa61b20848c1633ce81b675286ea8fb53db240d831c568

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/deep
    Filesize

    1B

    MD5

    e4da3b7fbbce2345d7772b0674a318d5

    SHA1

    ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4

    SHA256

    ef2d127de37b942baad06145e54b0c619a1f22327b2ebbcfbec78f5564afe39d

    SHA512

    06df05371981a237d0ed11472fae7c94c9ac0eff1d05413516710d17b10a4fb6f4517bda4a695f02d0a73dd4db543b4653df28f5d09dab86f92ffb9b86d01e25

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230
    Filesize

    176B

    MD5

    4c053560b18b4461720ab71f9d9e1e06

    SHA1

    80fc278a63ac39f14ee55ab72553f871047b0582

    SHA256

    f612276ec7f16a5e0aba050ded46d9f750e4edf05c12af546cd28fa6f062c1eb

    SHA512

    97c853c6c423834bfbee1bebe371a2c8eebc9bb01acf4f9088b2dbeee01a95d1c0c947a0f4207d2621507cbb2aaede564b309c4e58baba738c4dd8a388b2d5ca

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230
    Filesize

    144B

    MD5

    59ba0901308533bc5c9b6b04fad347ec

    SHA1

    d619271be615ec7131a0255a0c7f4f4e37b21d62

    SHA256

    be6b69cebe5ab9f8a631d147ff65ef219102ab7c39e3099710ac84d8f02cbe97

    SHA512

    ab5f04cb40c6a4f0b73e8df0303fcf452b0638dc423041a0b699a31218d8b37a8e5993fb6a57172871ae4502097d31c83e84ca8b296870cc82b8145db4af8e6f

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230
    Filesize

    160B

    MD5

    db7ba2677cf341eee88f5009d2291c11

    SHA1

    983a1ab01efe650946b4f228e23ccfe0c9961b57

    SHA256

    fa4ab3a21e06da2fececc6af07ebc8ef15f870f3f8fce5cdaf633add9bf57559

    SHA512

    62b30d0d5fda4795fe5697c06b0321a6d5f5c48665219f5151a148e3cef954c2ea48a6dcdae918b501f5ae1d04efceb4dbd17310a5c817d94ec7ba3cf57579c8

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230
    Filesize

    136B

    MD5

    38299e184f3962cad9132c66dc8c8340

    SHA1

    cfbd8ca3770d07b8ae16347b6029706b10df6c7c

    SHA256

    6c37755fdf7496122123f719adf1e31ba9b8a3e123c808d7d7d9c4b5d3b89351

    SHA512

    623115839e562a1de191b8cdc62c93b1fda5c59580df1e1c199744fb59619f097e4652c9dc4fdf66b40d2c9d47d769d320a81c56df7f0e476cd234305ec8e9d6

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960230
    Filesize

    179B

    MD5

    7d3472daeecc5d8412ef566634b57c2d

    SHA1

    9cb6266be6162e81187276cad535083b1f1dca99

    SHA256

    b095f98f22dbf78fec22c49b095a9d76fca4e3c5018973c20c7f09976c9b162e

    SHA512

    7963186d90499579e9667d63effb391456f324990a867f1e8be2c6b0158ed1e2764af01d79009f22631fbaff014648ecc3b2037dea7cc6580e4808d18b6fb1ec

  • /storage/emulated/0/Android/data/com.sds.android.ttpod/cache/statistic_1718254960308
    Filesize

    135B

    MD5

    390764928ae6a91ba9e41d7a6ad94baf

    SHA1

    6c32576bb24ae50f6091f99a03aa8e6afdec381a

    SHA256

    970747ff4a2880a1fdb99a257055c881066e834bc9b023403e1e3b9e94a0d42c

    SHA512

    d9dc30bb110a66744bf735426b7019ca3cf6e28f39687053b1de09b099ca52fd1f677a84017ec99bbba00ef156d72632bf8d176538c62b3cedec958eb7b47361

  • /storage/emulated/0/ttpod/cache/object/BACKGROUND
    Filesize

    549B

    MD5

    86f953fa5bbccfe91a70b0f4d9972444

    SHA1

    0b8124f2c9c09c49c0efed401d58b645e3c800ab

    SHA256

    3fd32e95b1ab6e42b6da349dd059502c469215f4ba077eb42ded0d823aefbbda

    SHA512

    e024a40463d72dad3e90ddb74263a13eccc9e2ff0b36d450eee7cd79f961a19dc5e645962e42c86185e19fceb7127fe13708cb8408210a63b3a337edfcdc2381