Analysis
-
max time kernel
176s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 09:04
Static task
static1
Behavioral task
behavioral1
Sample
a8decbf38be4f1fa2465ec4e7ab1a7ee_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a8decbf38be4f1fa2465ec4e7ab1a7ee_JaffaCakes118.apk
-
Size
26.7MB
-
MD5
a8decbf38be4f1fa2465ec4e7ab1a7ee
-
SHA1
a215948ad1c1e21f64aec8a8f2c6cc67bc6c5c24
-
SHA256
c70c27501cc3e56eff9f598e010127a3272bee0c3d352fa7a0956c06cf1b6874
-
SHA512
819c6986fd5dd5e0a23afe35b08ca0253e3012e3671cceb51053a2ae3a723ac28b8b832d8cec835a72c1ea43a159e2ccce29d99f09f516756e468a17696615c5
-
SSDEEP
786432:gkZa0MiF/+kagsSj06sd/y45amzTeJx67vkFNmye:gWMiFWkCr6sd645aG2x6QL6
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.hunantv.imgo.activity:QSioc process /system/bin/su com.hunantv.imgo.activity:QS /system/xbin/su com.hunantv.imgo.activity:QS -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.hunantv.imgo.activitycom.hunantv.imgo.activity:QScom.hunantv.imgo.activity:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hunantv.imgo.activity Framework service call android.app.IActivityManager.getRunningAppProcesses com.hunantv.imgo.activity:QS Framework service call android.app.IActivityManager.getRunningAppProcesses com.hunantv.imgo.activity:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.hunantv.imgo.activity:QSdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.hunantv.imgo.activity:QS -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 11 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.hunantv.imgo.activity:QScom.hunantv.imgo.activity:pushservicecom.hunantv.imgo.activitydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hunantv.imgo.activity:QS Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hunantv.imgo.activity:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hunantv.imgo.activity -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.hunantv.imgo.activitycom.hunantv.imgo.activity:QScom.hunantv.imgo.activity:pushservicedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hunantv.imgo.activity Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hunantv.imgo.activity:QS Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hunantv.imgo.activity:pushservice -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.hunantv.imgo.activity:pushservicecom.hunantv.imgo.activitycom.hunantv.imgo.activity:QSdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.hunantv.imgo.activity:pushservice Framework service call android.app.IActivityManager.registerReceiver com.hunantv.imgo.activity Framework service call android.app.IActivityManager.registerReceiver com.hunantv.imgo.activity:QS -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes:
com.hunantv.imgo.activity:pushservicecom.hunantv.imgo.activity:QScom.hunantv.imgo.activitydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.hunantv.imgo.activity:pushservice Framework API call javax.crypto.Cipher.doFinal com.hunantv.imgo.activity:QS Framework API call javax.crypto.Cipher.doFinal com.hunantv.imgo.activity -
Checks CPU information 2 TTPs 5 IoCs
Processes:
cat /proc/cpuinfocom.hunantv.imgo.activitycom.hunantv.imgo.activity:QScom.hunantv.imgo.activity:pushservicecat /proc/cpuinfodescription ioc process File opened for read /proc/cpuinfo cat /proc/cpuinfo File opened for read /proc/cpuinfo com.hunantv.imgo.activity File opened for read /proc/cpuinfo com.hunantv.imgo.activity:QS File opened for read /proc/cpuinfo com.hunantv.imgo.activity:pushservice File opened for read /proc/cpuinfo cat /proc/cpuinfo -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.hunantv.imgo.activity1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
com.hunantv.imgo.activity:QS1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
cat /proc/cpuinfo2⤵
- Checks CPU information
-
cat /proc/cpuinfo2⤵
- Checks CPU information
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
ps -P2⤵
-
com.hunantv.imgo.activity:pushservice1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.hunantv.imgo.activity/databases/ImgoPadFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.hunantv.imgo.activity/databases/ImgoPad-journalFilesize
1KB
MD5e70afb28838a5914e8725495cafdf423
SHA13afe05c1287d0567619337554b9f13ef27642ddd
SHA256c34fdd9d10bf8b9e062448774be48f78981b83c03e7fc527907887a77eff20b5
SHA5128add2c7accc4b7b5d657cf1e4f533867697dfee33c17d818321737b3c75282139d05087fb67b4725f683f5006ae48337f494cba15994f3599b2afa31e68cc0b2
-
/data/data/com.hunantv.imgo.activity/databases/ImgoPad-shmFilesize
28KB
MD599f67ee587385e57b328fb4816480044
SHA12a01fad4f0b45f96b6b28f4dc6761b132160971a
SHA2568df9e292763afb79aad2cd2e63106b63400596bbf3c377403ed50224bdaf8e9c
SHA512701b3aecd41ad59c2390890ff28fff00d090424c836360f7ea0e907dc4f521a4c755db615c661c01951e3806b1d8b5f65196c8af9a7921deeb12559933f74ea0
-
/data/data/com.hunantv.imgo.activity/databases/ImgoPad-walFilesize
44KB
MD50ad54cb36f5dcaf4757dfccd27f66875
SHA19a7d076c649d9f6aa3c11d1dee5bb0685236c1e6
SHA25605884d9618fda1a3777833ce27724a8cb969e4184480ee96671fe226990cff20
SHA51247ab688f8ab0bea878e6cc8c32545fb70a9857a42143e1870aee106370374bb606bfa411ac331909474de0c98a68c85ae65c8581975726ab8799b1f917cfda2d
-
/data/data/com.hunantv.imgo.activity/files/MV3Plugin.iniFilesize
1KB
MD5fbdbb88cb2006cac68ac0722b0681965
SHA1723f4c83f644a2a42d953f81c8aac9a60f3acdd9
SHA256ac1a777b7b28f436bc4d27ebff5c4cf7a245c61e49d0495d16bbc51b1cc3435a
SHA512f088329ac20c751da00163b9318a1e4d851b1efc1329f4382b61a35945b0ef553b84d3e399106caf80c02300d93a0841f7a3ede310f8bd17cd84b2a4b890fde8
-
/data/data/com.hunantv.imgo.activity/files/MV3Plugin_Default.iniFilesize
185KB
MD5e67860bf1e7d9ebe78d104bd5f5ba8fa
SHA16087708a7ae18edde5cb7174844e06a058a35b0d
SHA256888866200260576bfceb2734445c6ab455fb55ca8bbce0e3cc3b60a729e50471
SHA5128033ab20b12bfcf7d066ae7e247a78d86cc37986c026924767c3ad580a51d3cc777692cc3f354abaf1c315a3b0b68e08e7aad06ee22651e6cf8b08f9ed22a99a
-
/storage/emulated/0/Android/data/com.hunantv.imgo.activity/files/UnicomTrafficFree.logFilesize
32KB
MD564a26a114501cd4c12eb8ffae677f690
SHA1fc9ba66d7438ad60149e52e85b3928f2b556b7c0
SHA25635b8e7dba8739e261ac1a2c2a56ff8f4327c76ccad66d08efc67f30b7480374e
SHA512c73235f549591377f619b492d47a41094c001f82ad7f13b110b27e5f98a870d25181a61bbe9d5ec84ffa4440a5e3554cc94d585adc063f482cc48fc5d9ebf449
-
/storage/emulated/0/DCIM/uuidFilesize
89B
MD55bad25c05c367fdf2713dfd4d0c3194f
SHA190bf92904d667303a76d9df52d08e1c0d5c3ba58
SHA2563eb2c0b56a511e52bb2d1a33b8f3a00d1a0c444e84085f80fe841c066e7dbc1e
SHA5124c33fc00cd56ee645b5f01dbaf144006f4dcfea4fb835305b3e35d6d8cca39f40708515dd3438a4d23233769cfaa2e2da823773f451b0b1166e788c3930e0b8c
-
/storage/emulated/0/sitemp/uuidFilesize
89B
MD554f3f7a7802b4a6eec853e0acbf83bb7
SHA12a7fc2e09113d1931c52573dd7bce6833ffef5a1
SHA2567253b0b2c9cb712c829bd08ddb817d4993f3eb5d904518d9d6c629ee25614be7
SHA512fda8de9e61a5c459395042686536971888660d9c9148b6b7d856e55615490eaae0e9a0f15c1fd439f98ebb87f61f9ae66aab465058453349fcda23db37391aa0