Analysis

  • max time kernel
    63s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 10:49

General

  • Target

    a527e3067a0c86696ff75a60328f8c74_JaffaCakes118.apk

  • Size

    4.7MB

  • MD5

    a527e3067a0c86696ff75a60328f8c74

  • SHA1

    ec276eeb3e0405d1b2bd3160a43c682d5c089774

  • SHA256

    c3e1f72f1b44d27c824aed2453bca4c239fc6939138718b7cea8d21b01092bd2

  • SHA512

    ba32be0285eef076d1787ed9c2333c5667ce5d909d17afcca35ebc461a655a90820f44b095919d926888f2d302d16feca06659c4a70ce89208ca34f56f583f2e

  • SSDEEP

    98304:7RtLfggRw+1aUSDkX1Db9sVTwou1ILApZKGbN2r8bLvtnlAspZ+dU:9tLfbP1aUS8FbFoyBi0llATdU

Score
6/10

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • oms.mmc.app.almanac_inland
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    • Checks memory information
    PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/oms.mmc.app.almanac_inland/files/mobclick_agent_cached_oms.mmc.app.almanac_inland
    Filesize

    183B

    MD5

    faac54715c6cf3f19617313b9d4cc601

    SHA1

    84c2222cbb4d698f9cd5c1f5b55a355c7e151608

    SHA256

    6442356e369d10c5a4fef4b6441191c9fbc196866d7abaa5ccf6a55d8716e233

    SHA512

    02fc5607850d45f4067d9a9c3f8735cc67eb3e4f460034370b25ec414606fed919d742f1c78f39a1336d9a009ace9e1f6c0007b3f5ac49eaae25ddc93313c99c

  • /data/data/oms.mmc.app.almanac_inland/files/mobclick_agent_cached_oms.mmc.app.almanac_inland
    Filesize

    122B

    MD5

    c54669f7777a8ab230b076af27aef101

    SHA1

    f0324a4a1f7cf4fecf253b8719f3fd3d942e35b5

    SHA256

    e5f8671e62d9bd8c1596c9501b05c6efac09954068f43361adae7c5b3c92494f

    SHA512

    73bff9cf8a51a8d62a0b78dc826ef32d230a55f405d5431267076becce8217aa82123cbe57f9bba9c9fca5158b6c9613481990a4ce9e34c3a2b999755aa1c929

  • /storage/emulated/0/pushNotification/push.db
    Filesize

    20KB

    MD5

    7a3d914efd883da7c6d2d9dfa97c797b

    SHA1

    d41ab7a82ccf521efeb16a5660cbee76bbdf392a

    SHA256

    e63e24f4968113ff14f1b9fc9b325830bce9f1e8f00cf4d3bea52f2eac5e4e1c

    SHA512

    d8529d7de39599dad10dd2e92c17662c4a1fd866318591cc5a12fc677f39ba18ce90fa14adf7d6c078c9fbcd1af16fd01b9c3a55ec147b07bf07542ea2035408

  • /storage/emulated/0/pushNotification/push.db-journal
    Filesize

    512B

    MD5

    c3cf0ba5b05b26baa032bab6b883be97

    SHA1

    026391669d4cc9b3416b12da18df01c107e0628f

    SHA256

    0eb27bf053e2826258c392af05c9b79e20be398f8e9cb8b80edff124d3723446

    SHA512

    c4e86d402b82d60026aeb92fd9c4345f140882a176b875bbeac2567c5842b6c324756385251fa3bbd1a106a8f3a7d6e61ef09bd4373fa3601926d19434c20f9b

  • /storage/emulated/0/pushNotification/push.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /storage/emulated/0/pushNotification/push.db-wal
    Filesize

    48KB

    MD5

    b36ad4edee5eef1e87d662af948122ae

    SHA1

    30b5f11852694e711319f7bd7c8b4b831a10721b

    SHA256

    d31a0b465bffd2ce509031a9d3bb95717d9c5bf48d7467dc3b3cb2bae5a6a841

    SHA512

    50796fdfbb9e1f2f1e4aa595a2b88a58de67980ef6241ee9a2fc4dcf65c186e43bdfa5733b2ebcec99e2a3707b76e0e58ac2f8021ddd68e539bf3a51b197cdbd