Analysis
-
max time kernel
159s -
max time network
182s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 09:37
Static task
static1
Behavioral task
behavioral1
Sample
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
-
Size
9.9MB
-
MD5
a9000c449a9cfc91122147759d0964e8
-
SHA1
62795c848068588e9184435e94220a4ffc8740e7
-
SHA256
85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e
-
SHA512
629f125701a1e672ff418cbb68443bb0a54d308ace117af0a5446db51b84b463281df0ad044d32199f4bf2374ff8bb620628bf288b7fbf6e06859505ecd7cdc9
-
SSDEEP
196608:49INb5QAOVmqKrY05H5AXBPdsgFw/3RxJZFJX+tu7ybNrJKSZ:4q6+qMuPdlFw/RjZFJXvKrwSZ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 11 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smapp.habit -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.smapp.habit -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.smapp.habit -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.smapp.habit/app_crashrecord/1004Filesize
222B
MD5ea642e94f50604ad9aab30b7f1f4dbe0
SHA17ce37ca91b1845eb5bda6050ec658e32892d105b
SHA256d0040b36991c61f9136cb00b2dbc01e1f41d8a07f53c46dd542c8da76653ae6c
SHA5128ac4468cecfa69a383251576993ef7d65d36d3b35dd2ccb6cab8a62d4529f1fd44bcbe477038c7b66d19b982b8bb5d6d81967dcb91eee42f0b5b3b237b4f5112
-
/data/data/com.smapp.habit/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
512B
MD5f020e4c12ef25bea28de65ef4fddc1be
SHA18329a5b3e3677ceafc56f48c5fe90dceb1e27949
SHA2560be728d5e2ae48c3039798bfd67190062f2bc3ba1b98674f7a5790cf6dc25c19
SHA512da978a3b217132d0cf8f7a2f1aedb59ec479cbd1b0019b3d35cab1ab3ca30fbf2f66828c55ba76349401a9dc657490224fffe1756137c6a0b69d9834b59ccfca
-
/data/data/com.smapp.habit/databases/ThrowalbeLog.db-walFilesize
124KB
MD580efb2909d0df683980f39051d9ea631
SHA1e3388e8896ab80bd3231bb0bc2678e68ca8992d1
SHA256537642f47f87ff7025d7261232ec108cfab6a96f0e3d62dbe80464edc52e896b
SHA512cacc89291814b70196a31c993bac272a823afc9d46d6dc8bc1ebb7f1d273411f4dae13301b45977f366ef1d19b8d4324cb04db21ce36e0f9e356aabe9e1ef897
-
/data/data/com.smapp.habit/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.smapp.habit/databases/bugly_db_-journalFilesize
512B
MD59d51160902e0d64b8d1c1f15a72f5e31
SHA1bc71e17ca59e5b5d861378527027a071b8d377a2
SHA256311d6608f427a16bdf1325c8ae64ae826c6a38b33f2d35310454f203271f5a0c
SHA512f2df76fda58e9eebd71377c63c0bdfb2de92524bc22699e024359c1814b075662c3075a985c69f19849a15e758a30f5c79646589bcdab297243c2a739c946c6f
-
/data/data/com.smapp.habit/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.smapp.habit/databases/bugly_db_-walFilesize
72KB
MD514d3e7e143ac92719ae0c1f16ac4ecd3
SHA1b8420a6ee99e4091978edf99d4b4c8a7cef6f3c3
SHA256a0dcbfb1de5d5d086294fbc761e2c9405d0ab37867682ac6051d254d852d8b49
SHA5127ce024212b4322d609017774ea527d2047b0a0e0983ca089fc98a2de0bb10351e316424353e2f4e30c156674bc90ee5600aa9dce0fa296f608b0324bcc9473da
-
/data/data/com.smapp.habit/databases/cc/cc.dbFilesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
/data/data/com.smapp.habit/databases/cc/cc.dbFilesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
512B
MD56d6dc2171c6c2517ded7ee759d5cf42e
SHA1e0bb6cb98b9581a156377742f790289c588fa921
SHA256487b571e3884f6795e24a0a613e76c3cead03aaf62f9271094112676fa14d690
SHA512453aaa6f942f82a0bd66b1726b59dee3a28f9d9c0ed0c72d36498f0d7c5072bbd254c73f526ce043c09ba48577fc3248f68a5e0ef58c97b8f50e5215c5032e6d
-
/data/data/com.smapp.habit/databases/cc/cc.db-walFilesize
48KB
MD55149677fa3240c5288b99ab701296cee
SHA18ea8aedd2c14a86d6d2e9b56e7e6f297b47f9503
SHA256318d9e959c3dd0525bdffcbffdb6900bbd940031a651b82a74d3bdb67fb2ba33
SHA5124a7fe3802cca579d853c549d9268d7a55d7f9f46e30df44260a706080d4d255c1b9951df2edfbfbe6f6e583ca2c0ac7cb22fa83d93a4fe4c431675084309d14f
-
/data/data/com.smapp.habit/databases/cc/cc.db-walFilesize
16KB
MD5672959d141a7cc353946b5b271a2eda0
SHA168b5720f238723c3be747ab996ebe2cf57ba0883
SHA2561a5f5b806858573389f889705da2877cf0461ba51fd6bdcecd4b2da98349fcc6
SHA512db262f880fb4f492febd6e3cf27ce5909cadb157f25a8a851f6d1d12baafcea6a65a762a41b5669c737dc2c9748627d46208e205c287665047a93794b903605c
-
/data/data/com.smapp.habit/databases/ua.dbFilesize
32KB
MD56fba823c325c83038e873e8d004aee4f
SHA17a89bc2c9b804a7bddf8ea381e168015a9018a01
SHA2561bd6df19ace7b22140bbdaed0b36c97b48b1a48dfe85c028030884bee6f285ac
SHA512764d80791342345cecebbc4719f5f1688025a5b81ca69c72566697498fcf5a07c259ea851e4a0ab51f299cf4d315fb37fa759a454af190c1c6fa6a8105de6a7f
-
/data/data/com.smapp.habit/databases/ua.dbFilesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
512B
MD54d4329408aa9aaa37630eecfba11d0a7
SHA1c1d26940ad919b549bc11cc1db003b2252c1069b
SHA256021d7f86cf0cac87a0388e951e267974a8c2de63bd37ec17e59e7ffaef14fb79
SHA512b8ff8e4089f567f674e1d9a4c2d18bf539b49e971544a0ab57c5a1b01c146a40f453143193fd47ecea5ae799decf6daeee784363eb11abb597fd247c114fea16
-
/data/data/com.smapp.habit/databases/ua.db-walFilesize
52KB
MD5555f8a2a5673c8a677e47a1e8eb08588
SHA115fcfa3cd393592cddeabb246231377bc6f4f684
SHA256a2e620b3cbb9fd6c1da9a767177077cb953d043e5b831fce0bf5372c804d4c51
SHA512e95ba06e39bf6d26b6242891a5279e9ca0d95433216d6ef20c607da464a4639ccefed534364f4aa9b269fcf36dda85892266d26dab9e8f29c6ee0312ae43eaa5
-
/data/data/com.smapp.habit/databases/ua.db-walFilesize
8KB
MD53ddcd9b7e4b68ff490a8654e99a35281
SHA1da77cd7b5be5ebbbb0e56e471357d1ec5b9f6235
SHA256a266f4189492cf81c837e65fcb84b2645964aaefa8a7a9619616b5d2358e7287
SHA5120e0fff7ee5953412bdcb5f55eb8acf857daa69deb5bf6b3d8ccbbddf813017ffd9c7ddb45c12784b634f89b8cafcc43cf5e51d2e90735cbfee99dc941818a998
-
/data/data/com.smapp.habit/files/.um/um_cache_1718357980185.envFilesize
1KB
MD5c5dc1100749c4ce5e1f14e70ddcf6308
SHA1b54a17e49b5ad442a3d52f424b728b8c53321dde
SHA2568f214bddb795472a7b6b70ec2d1f600ad763264018fb877b9654bce3e0850632
SHA512ec589ddc6b002740fc1cde248b9ac096560e813561a15b97c0e607505d1474b2a88ce6dca463356e3e8e55a7eefb2c5666a02f1d275b78cc8649e5792a6e49cb
-
/data/data/com.smapp.habit/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD59937e9d52ea7a10b260750a334c8b021
SHA11ae45a4cf9a3bcca018d169d83a5818df0970fdc
SHA256d1fa59c1864ecc488599b698fdab39bb4e884ddfb3fb4e0bd3c65156cc78724a
SHA5127ce8f5092ab81716ecda83df2a46492f3b783296d49317e5d94e9ccd86077fea82f485ffd10353179d4e828b7661a5f25e700b2f10fa4b71958ae4af5b17e971
-
/data/data/com.smapp.habit/files/exid.datFilesize
56B
MD55938cbde4e676e4766d623c3ec3131d4
SHA111971a6f670e8636810c6ca7fdde699e2548f632
SHA2564ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3
SHA5123b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b
-
/data/data/com.smapp.habit/files/umeng_it.cacheFilesize
415B
MD5778b189701306e61be07b01ea22a55fe
SHA19e15aebf4e05d2ddf2d2fc1f88fbb431131c85e9
SHA256e3ac7dea0ea4c6b384b49f28285d77e656a5db9262190ea64a7451a4f6bc4388
SHA5122ab2075460ce47056557a691917a0a2b52c9f671a9e16f5a6e3b379642075f526f463c9fb52d111f6ffe47a7cd5545a5771d2eceee486ed9d054489ed1c1c73c
-
/storage/emulated/0/Mob/comm/dbs/.duidFilesize
496B
MD5fafe258d036588a59290ed19e603e749
SHA18381e96291a9c71c7491803b32b9cfdb6d4b4256
SHA256e40adc9b3348205f33ef8b9476537c4412fd618a5179ab7cb87d68887cc68071
SHA5122a049d60df4fb04a326bcedd7ae631fa52b7abee86fd38322c5b8b9e1693a0c283ca2f08dcb503ee4bc69ab0a75afbe3dc33762ed248402ce87fa214162a694c