Analysis
-
max time kernel
63s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 10:49
Static task
static1
Behavioral task
behavioral1
Sample
a527e3067a0c86696ff75a60328f8c74_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a527e3067a0c86696ff75a60328f8c74_JaffaCakes118.apk
-
Size
4.7MB
-
MD5
a527e3067a0c86696ff75a60328f8c74
-
SHA1
ec276eeb3e0405d1b2bd3160a43c682d5c089774
-
SHA256
c3e1f72f1b44d27c824aed2453bca4c239fc6939138718b7cea8d21b01092bd2
-
SHA512
ba32be0285eef076d1787ed9c2333c5667ce5d909d17afcca35ebc461a655a90820f44b095919d926888f2d302d16feca06659c4a70ce89208ca34f56f583f2e
-
SSDEEP
98304:7RtLfggRw+1aUSDkX1Db9sVTwou1ILApZKGbN2r8bLvtnlAspZ+dU:9tLfbP1aUS8FbFoyBi0llATdU
Malware Config
Signatures
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 6 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
oms.mmc.app.almanac_inlanddescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo oms.mmc.app.almanac_inland -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
oms.mmc.app.almanac_inlanddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo oms.mmc.app.almanac_inland -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/oms.mmc.app.almanac_inland/files/mobclick_agent_cached_oms.mmc.app.almanac_inlandFilesize
183B
MD5faac54715c6cf3f19617313b9d4cc601
SHA184c2222cbb4d698f9cd5c1f5b55a355c7e151608
SHA2566442356e369d10c5a4fef4b6441191c9fbc196866d7abaa5ccf6a55d8716e233
SHA51202fc5607850d45f4067d9a9c3f8735cc67eb3e4f460034370b25ec414606fed919d742f1c78f39a1336d9a009ace9e1f6c0007b3f5ac49eaae25ddc93313c99c
-
/data/data/oms.mmc.app.almanac_inland/files/mobclick_agent_cached_oms.mmc.app.almanac_inlandFilesize
122B
MD5c54669f7777a8ab230b076af27aef101
SHA1f0324a4a1f7cf4fecf253b8719f3fd3d942e35b5
SHA256e5f8671e62d9bd8c1596c9501b05c6efac09954068f43361adae7c5b3c92494f
SHA51273bff9cf8a51a8d62a0b78dc826ef32d230a55f405d5431267076becce8217aa82123cbe57f9bba9c9fca5158b6c9613481990a4ce9e34c3a2b999755aa1c929
-
/storage/emulated/0/pushNotification/push.dbFilesize
20KB
MD57a3d914efd883da7c6d2d9dfa97c797b
SHA1d41ab7a82ccf521efeb16a5660cbee76bbdf392a
SHA256e63e24f4968113ff14f1b9fc9b325830bce9f1e8f00cf4d3bea52f2eac5e4e1c
SHA512d8529d7de39599dad10dd2e92c17662c4a1fd866318591cc5a12fc677f39ba18ce90fa14adf7d6c078c9fbcd1af16fd01b9c3a55ec147b07bf07542ea2035408
-
/storage/emulated/0/pushNotification/push.db-journalFilesize
512B
MD5c3cf0ba5b05b26baa032bab6b883be97
SHA1026391669d4cc9b3416b12da18df01c107e0628f
SHA2560eb27bf053e2826258c392af05c9b79e20be398f8e9cb8b80edff124d3723446
SHA512c4e86d402b82d60026aeb92fd9c4345f140882a176b875bbeac2567c5842b6c324756385251fa3bbd1a106a8f3a7d6e61ef09bd4373fa3601926d19434c20f9b
-
/storage/emulated/0/pushNotification/push.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/storage/emulated/0/pushNotification/push.db-walFilesize
48KB
MD5b36ad4edee5eef1e87d662af948122ae
SHA130b5f11852694e711319f7bd7c8b4b831a10721b
SHA256d31a0b465bffd2ce509031a9d3bb95717d9c5bf48d7467dc3b3cb2bae5a6a841
SHA51250796fdfbb9e1f2f1e4aa595a2b88a58de67980ef6241ee9a2fc4dcf65c186e43bdfa5733b2ebcec99e2a3707b76e0e58ac2f8021ddd68e539bf3a51b197cdbd