Analysis

  • max time kernel
    177s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 09:07

General

  • Target

    a8e21510ec74b9a085e17916e9e0e936_JaffaCakes118.apk

  • Size

    30.8MB

  • MD5

    a8e21510ec74b9a085e17916e9e0e936

  • SHA1

    060f4ef8938b07a5052111f60bf786faef24a416

  • SHA256

    3811bf58cae441d2e5e3b2877e6158d3453e9e4037f64b52e273836c5d1b801b

  • SHA512

    45549edc3b3cffee73975dee733e470a312c5815595d25c4e1a19b4006d9233f4436490ec2ba6da74706a9fb747622fae6c8af6b6fd29853e74bea223e0d0330

  • SSDEEP

    393216:aIooZg2QIOJ9ty5tJCtbC4fmbZ6oJDNsoI18jsafTvtF1Y59LnvPNmOC:avorQIc9t2tktOOk6IpY8g8xO9Lnv4OC

Malware Config

Signatures

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.stac.empire.main
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4274

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.stac.empire.main/UserDefault.xml
    Filesize

    41B

    MD5

    4a8226e4211ccb4cb79f54d4ee35a55a

    SHA1

    7144e993ff784e4458c4d53d6f9f29930cf13fb8

    SHA256

    8d5bfd20db452314b315192d7160e28bce53c777c98a31aa6df7c93345a692eb

    SHA512

    7d7480da93b3363306438c7cc08fb913e29098eb19c4f6ac40ac5282329ecd8eae77fed695822955183a4b7084d18da89c2c937af5fcdf43b3f1bd7854cc7041

  • /data/data/com.stac.empire.main/UserDefault.xml
    Filesize

    159B

    MD5

    4f51c8f96fcd0d7f9f4948747688806e

    SHA1

    2c232943b441aa337fe3cfc8425aaa622d890d0d

    SHA256

    cf0ca8d15f45eff8e18cdd200cd4081adbc628e86a3735688400308666328a7b

    SHA512

    eb5423a975e7b32e17e17f89be3b2ee62804652151f52441afbad3621bcc282bc320233fc58be5ed1255c08edb2f828a96f0128d0be67598a269bdb776aea786

  • /data/data/com.stac.empire.main/UserDefault.xml
    Filesize

    189B

    MD5

    756f37133756d853284172761c127b63

    SHA1

    b0c6ba0c5e3c4a1d7c4d2145f182cc7d332b8f07

    SHA256

    afd0c6469ef2c46f713530f7bc9948455d2c6229165608bfaf84ff2a32016efe

    SHA512

    c1557681371c3bdf6a0ac4fa95ab85a592e23727613af0e2d3dc98f4d554a9f1bf845d1a9142d7b36968f0618adaba4d1b601e81616ee49e90f489c255d3cc3c

  • /data/data/com.stac.empire.main/UserDefault.xml
    Filesize

    217B

    MD5

    f8bc4768569e35ab5a7b6fe869d77327

    SHA1

    efc884adb37498efbf9eaee31eb4c6bce883432f

    SHA256

    2cfc0331bc2c493a718310c73f3d600489b1143784a3cb601254554c369ebfb5

    SHA512

    bb311444893bb20fe21d4d794f6b1c331723c514a635d680566f911af60ee55d0af8ed22d0055ed5ad4e6242cdd91b1f390b742f8504806dc5059469a7f8800e

  • /data/data/com.stac.empire.main/UserDefault.xml
    Filesize

    412B

    MD5

    25498b3b97a592cf89c332e0b80aef2e

    SHA1

    4b781b72c9b2fbc684c47a92b889c8417a3c06e1

    SHA256

    b7ef7d5cc7d228c34e1d742dab2615bf390cfa49385c42d154dbfb17d5668b88

    SHA512

    d43fb724465a342a6f8e365309fe7833cc9682fcacf433b485e62c86e5c81c5a8db8e381394f7cb2550e3ac9e5a0672368ce57ba4ef093df28d09f69b65922eb

  • /data/data/com.stac.empire.main/files/gaClientId
    Filesize

    36B

    MD5

    bd283c8527ddbaa8ecc7ea728d619abe

    SHA1

    089c0d1aced8af6447d98027122055fb7b5ac810

    SHA256

    fa428e3b75376b13f3e9fd02c95be19d0952795bae5181fefb986e1e1e79509f

    SHA512

    7f387864256dd68f6b32b827a26909bb8ffbcc3b5f323d09d274a1e44b1b2a7c1eee1a91f001f2ef879d84412a678f7befa422cbe39aebed52ce5aeb2065fa2c

  • /data/data/com.stac.empire.main/files/mobclick_agent_cached_com.stac.empire.main
    Filesize

    100B

    MD5

    a6ec85fc50c24cb97bfb99767cd2eee6

    SHA1

    94896c5ef1819f049f30e9f1853cc154d2566144

    SHA256

    122d5b7a51307bc72f8964e67ded5cd9eda7ae558f2986e45152f48f76bc92ce

    SHA512

    4615967216136a3b5bb1dd18244b62f200fb6ae1720b179cd1e332ee443e2e3dc21febf4cc96d354c11eb09fd5ad7c60e39c434cb608b7abc1306fe2ed3019ea

  • /storage/emulated/0/ppy_cross/7c8818e0b54505648c31ec132d64a3a7
    Filesize

    32B

    MD5

    1bc9f537dfa1d9fbc7399a0dd5807ed7

    SHA1

    bb5a5b99261958c4175d7e5a142b1ea5c33513c9

    SHA256

    38e7a6ca3d2ca957d5bbf78c70decb02ceb8b773e1bd561c4fd6f8d563f0a1d2

    SHA512

    30397e0b1f9256a47b21f6fa302d49280d271b781c84a93deb9d348bc77356ae9c80a6000c4a1c84959d81c670157f7e351b9124edb2f11ca5ef15001fa11baa