Analysis
-
max time kernel
11s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:20
Static task
static1
Behavioral task
behavioral1
Sample
a87ec6a33d2d0bd534eb7c4c66d1c4e8_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a87ec6a33d2d0bd534eb7c4c66d1c4e8_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a87ec6a33d2d0bd534eb7c4c66d1c4e8_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
a87ec6a33d2d0bd534eb7c4c66d1c4e8
-
SHA1
582b456c2a43a6c1ca8b0bfbf79dae581ead277a
-
SHA256
7f09cf0c2937db58fcf91d1d7bcae7d18aa8807a43f5e9bd721f45435a560e6a
-
SHA512
b09bc2618cf178ffe01484093b4c432305ebd0d990d45f30d96601274162b478c2350b6d0d0448d10881baef68db614f48f7bcef9956a4f694f8a1ec94788a63
-
SSDEEP
49152:hIiE7wWpZc08dwbVMjAKG+6V2F71C5bCZaqOEMYLmeM4CDKhPuykxyJWiNuCk61:67we/RVEXG+6k1C54aRVYLBjCWhPuzy1
Malware Config
Signatures
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 6 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.east2d.everyimagedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.east2d.everyimage -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.east2d.everyimagedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.east2d.everyimage -
Checks CPU information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.east2d.everyimage/files/__local_except_cache.jsonFilesize
408B
MD5e6e2d9b98201e2251c5b1d9dc939582f
SHA179ffc88641e732dfa07464da1e3b8dbbef8d70b1
SHA256e5921c6227a5a645e6d26e6e56ec39ec7e999bf834cf10805cc913c3686ef542
SHA512fdb37323b6167c2d29027a7306d9e4068c03279141beff862179811e3810a4050563db2c841eac145683a082374b4f1e810ec03f27d97a522a656c1f3314cbf0
-
/data/data/com.east2d.everyimage/files/__local_last_session.jsonFilesize
107B
MD5c4b8fd04e3151973f6931b7d0d13cc5c
SHA10ca136895f745baa2149713d7ec06966ec18dcf4
SHA256981eee717917c658b30d23cda4dacdad869053c2e99858038ef29a9c7e75558b
SHA51289ea851ca50cdad226acb8b5524c07b5e01e047883d6e8d3e80f9056e935b3d6dd99fdf0e6320db741d4f310afa2e6967f64b9f7a85645c0ab614dd4a5c002cc
-
/data/data/com.east2d.everyimage/files/__local_last_session.jsonFilesize
155B
MD5d4a2339d819972a5061830b667781e53
SHA17cfb26c3d51197d1964809aa10720370b32f040f
SHA256262ad5d1e6cb5c644a928b7def936aa119b62aeb7455cebed50cfeb721ad3fe1
SHA512bf52536138fbe5dbd361c4b94899ef6d30777edbf79e2d8e771d56072866b011a636e381c0843774e843032816e4ed0b481b0a998a403fc98d37d6970fec1761
-
/data/data/com.east2d.everyimage/files/__local_stat_cache.jsonFilesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
/data/data/com.east2d.everyimage/files/umeng_it.cacheFilesize
146B
MD58551ac082d64f90a098ac09d6c5ad3d1
SHA1a3864f61cafb15271a8fc532321fe72747c75980
SHA2563ec777b5495b24e3cdbf61ade1a300f048dae66bf59c3cd8b0f42d6567cf074e
SHA5122e79fd9c49e9ec79500364caca9404c16168d4f485189517c058477315000a91f1defc59ff33529df9482c20f3a75d064a34e3a3ce668fa739cdb9cf69e163a2
-
/storage/emulated/0/backups/.SystemConfig/.cuidFilesize
89B
MD5b7f9f4bf6f0b93cc7cdf5e46418b6e62
SHA1e0f928fd033cdaca799ddd1fa0e68d7f2ab4e2cd
SHA256b010ab2b6953e8bf32a4a761add06c596f72bb5dafb3aa8a9f2b108d08f296d4
SHA5129a3958219329c7060d0862a70efa0041cdcdae1dfeffc5e491b1f6d6f8aa5286ca31cfc726538f9311a3d28fdbe86f80ae436c0aa13e02eb29fe47259df8efcb
-
/storage/emulated/0/crash/crash-2024-06-14-07-20-34-1718349634560.logFilesize
1KB
MD578800c75a3899a9a89d8a02aab0405bb
SHA12816ed0ef4eea55559e4fa8c21cdeda18a4b819a
SHA256e55b4892b404ed4372caceba83667c040f9e05d8a53d92118fac8c8175f5379c
SHA5123455d198bbf033ffe100406c03381d482e1016e238fbd38b71f4a73e80545316f1029e72988d847973b461edfcad321cf0bb7fd8ca047a00e01d8090c0388ecd