Overview

overview

6

Static

static

6

a4e1a0a12e...18.apk

android-9-x86

6

a4e1a0a12e...18.apk

android-10-x64

6

Analysis

  • max time kernel
    34s
  • max time network
    134s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4e1a0a12e07b3cbb4cab9ed2ec1b1d8_JaffaCakes118.apk

  • Size

    10.9MB

  • MD5

    a4e1a0a12e07b3cbb4cab9ed2ec1b1d8

  • SHA1

    b637f578bd1132af84cc633d882de2d33a7b390e

  • SHA256

    0469094b50b53cb65a3db00332f99cad8dc7d86fe453a37f4f48807b72a41f43

  • SHA512

    89a0467f485b1d038214c5deb72e81be82ed766dd006bab16d3c262c0eb51c82d988ca038b3045a6b134651feebd9d649ef5f762faa80a801ae98b4035f3913a

  • SSDEEP

    196608:Sog8DZ/S0OGVSiiwA+4p9Fprf7vHUiusN1sn+NJ6P0cWYm:SN0OGVRidp9PrbHU6++NAg

Score
6/10
discoveryimpact

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.vmall.client
    1⤵
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4233
    • chmod 755 /data/user/0/com.vmall.client/.jiagu/libjiagu.so
      2⤵
        PID:4259
      • chmod 755 /data/user/0/com.vmall.client/.jiagu/libjiagu.so
        2⤵
          PID:4335
        • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.vmall.client/.jiagu/classes.dex --dex-file=/data/data/com.vmall.client/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.vmall.client/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
          2⤵
            PID:4356

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.vmall.client/.jiagu/classes.dex
          Filesize

          3.7MB

          MD5

          e445957967ab5d558fabce455e563d7c

          SHA1

          b6b655ebebdb49426582ee1793eb48c81964f6a2

          SHA256

          348c6610439b8ad3d153f2f8fbe2680b1356812977168430f28cbcc6a84fb7d1

          SHA512

          9505ce5b43efeb11405b2ca2d79dd1c4a35ba1674c4039932efa4138cc9bf3a0417e769f3c92451846cb2c3cdb6d97589a986091a37514e6966954d9827b1ac1

          Download Submit
        • /data/data/com.vmall.client/.jiagu/libjiagu.so
          Filesize

          363KB

          MD5

          6c9d83b90aa9c9f904d22eb9b16f8f95

          SHA1

          4d5e0ce3c55a22475b58a982d67ab9aa84384c40

          SHA256

          2432ac0b864b33cd599129578c42c43811461dbcb83e2a21301ccb8d0810c5e7

          SHA512

          07d16f67cefc986c0d6974e3bbc38d95b5b184520ec8f3c9ae59a2f0e76213d359b35dc507d482322d2c045ee75183def8e3d7659ff5fa78f6afff931084e90b

          Download Submit