Analysis

  • max time kernel
    159s
  • max time network
    182s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 09:37

General

  • Target

    a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk

  • Size

    9.9MB

  • MD5

    a9000c449a9cfc91122147759d0964e8

  • SHA1

    62795c848068588e9184435e94220a4ffc8740e7

  • SHA256

    85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e

  • SHA512

    629f125701a1e672ff418cbb68443bb0a54d308ace117af0a5446db51b84b463281df0ad044d32199f4bf2374ff8bb620628bf288b7fbf6e06859505ecd7cdc9

  • SSDEEP

    196608:49INb5QAOVmqKrY05H5AXBPdsgFw/3RxJZFJX+tu7ybNrJKSZ:4q6+qMuPdlFw/RjZFJXvKrwSZ

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.smapp.habit
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4267

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.smapp.habit/app_crashrecord/1004
    Filesize

    222B

    MD5

    ea642e94f50604ad9aab30b7f1f4dbe0

    SHA1

    7ce37ca91b1845eb5bda6050ec658e32892d105b

    SHA256

    d0040b36991c61f9136cb00b2dbc01e1f41d8a07f53c46dd542c8da76653ae6c

    SHA512

    8ac4468cecfa69a383251576993ef7d65d36d3b35dd2ccb6cab8a62d4529f1fd44bcbe477038c7b66d19b982b8bb5d6d81967dcb91eee42f0b5b3b237b4f5112

  • /data/data/com.smapp.habit/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    512B

    MD5

    f020e4c12ef25bea28de65ef4fddc1be

    SHA1

    8329a5b3e3677ceafc56f48c5fe90dceb1e27949

    SHA256

    0be728d5e2ae48c3039798bfd67190062f2bc3ba1b98674f7a5790cf6dc25c19

    SHA512

    da978a3b217132d0cf8f7a2f1aedb59ec479cbd1b0019b3d35cab1ab3ca30fbf2f66828c55ba76349401a9dc657490224fffe1756137c6a0b69d9834b59ccfca

  • /data/data/com.smapp.habit/databases/ThrowalbeLog.db-wal
    Filesize

    124KB

    MD5

    80efb2909d0df683980f39051d9ea631

    SHA1

    e3388e8896ab80bd3231bb0bc2678e68ca8992d1

    SHA256

    537642f47f87ff7025d7261232ec108cfab6a96f0e3d62dbe80464edc52e896b

    SHA512

    cacc89291814b70196a31c993bac272a823afc9d46d6dc8bc1ebb7f1d273411f4dae13301b45977f366ef1d19b8d4324cb04db21ce36e0f9e356aabe9e1ef897

  • /data/data/com.smapp.habit/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    9d51160902e0d64b8d1c1f15a72f5e31

    SHA1

    bc71e17ca59e5b5d861378527027a071b8d377a2

    SHA256

    311d6608f427a16bdf1325c8ae64ae826c6a38b33f2d35310454f203271f5a0c

    SHA512

    f2df76fda58e9eebd71377c63c0bdfb2de92524bc22699e024359c1814b075662c3075a985c69f19849a15e758a30f5c79646589bcdab297243c2a739c946c6f

  • /data/data/com.smapp.habit/databases/bugly_db_-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.smapp.habit/databases/bugly_db_-wal
    Filesize

    72KB

    MD5

    14d3e7e143ac92719ae0c1f16ac4ecd3

    SHA1

    b8420a6ee99e4091978edf99d4b4c8a7cef6f3c3

    SHA256

    a0dcbfb1de5d5d086294fbc761e2c9405d0ab37867682ac6051d254d852d8b49

    SHA512

    7ce024212b4322d609017774ea527d2047b0a0e0983ca089fc98a2de0bb10351e316424353e2f4e30c156674bc90ee5600aa9dce0fa296f608b0324bcc9473da

  • /data/data/com.smapp.habit/databases/cc/cc.db
    Filesize

    36KB

    MD5

    5d7ea1a23af19b4340cc8d90f28297d5

    SHA1

    4cfe95b23a9e98378d69c4290af81b51fbe76aea

    SHA256

    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

    SHA512

    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

  • /data/data/com.smapp.habit/databases/cc/cc.db
    Filesize

    36KB

    MD5

    ce6135aa1b1fe4f2c2db2a546d2a5558

    SHA1

    79b59582154017aadab783dc266fcb158c252940

    SHA256

    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

    SHA512

    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    512B

    MD5

    6d6dc2171c6c2517ded7ee759d5cf42e

    SHA1

    e0bb6cb98b9581a156377742f790289c588fa921

    SHA256

    487b571e3884f6795e24a0a613e76c3cead03aaf62f9271094112676fa14d690

    SHA512

    453aaa6f942f82a0bd66b1726b59dee3a28f9d9c0ed0c72d36498f0d7c5072bbd254c73f526ce043c09ba48577fc3248f68a5e0ef58c97b8f50e5215c5032e6d

  • /data/data/com.smapp.habit/databases/cc/cc.db-wal
    Filesize

    48KB

    MD5

    5149677fa3240c5288b99ab701296cee

    SHA1

    8ea8aedd2c14a86d6d2e9b56e7e6f297b47f9503

    SHA256

    318d9e959c3dd0525bdffcbffdb6900bbd940031a651b82a74d3bdb67fb2ba33

    SHA512

    4a7fe3802cca579d853c549d9268d7a55d7f9f46e30df44260a706080d4d255c1b9951df2edfbfbe6f6e583ca2c0ac7cb22fa83d93a4fe4c431675084309d14f

  • /data/data/com.smapp.habit/databases/cc/cc.db-wal
    Filesize

    16KB

    MD5

    672959d141a7cc353946b5b271a2eda0

    SHA1

    68b5720f238723c3be747ab996ebe2cf57ba0883

    SHA256

    1a5f5b806858573389f889705da2877cf0461ba51fd6bdcecd4b2da98349fcc6

    SHA512

    db262f880fb4f492febd6e3cf27ce5909cadb157f25a8a851f6d1d12baafcea6a65a762a41b5669c737dc2c9748627d46208e205c287665047a93794b903605c

  • /data/data/com.smapp.habit/databases/ua.db
    Filesize

    32KB

    MD5

    6fba823c325c83038e873e8d004aee4f

    SHA1

    7a89bc2c9b804a7bddf8ea381e168015a9018a01

    SHA256

    1bd6df19ace7b22140bbdaed0b36c97b48b1a48dfe85c028030884bee6f285ac

    SHA512

    764d80791342345cecebbc4719f5f1688025a5b81ca69c72566697498fcf5a07c259ea851e4a0ab51f299cf4d315fb37fa759a454af190c1c6fa6a8105de6a7f

  • /data/data/com.smapp.habit/databases/ua.db
    Filesize

    32KB

    MD5

    d604a3bf1f8d992cc320ea5b1f7609bd

    SHA1

    247f88df0b55c7d523ea5398637711a0e4a483a4

    SHA256

    329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

    SHA512

    67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    512B

    MD5

    4d4329408aa9aaa37630eecfba11d0a7

    SHA1

    c1d26940ad919b549bc11cc1db003b2252c1069b

    SHA256

    021d7f86cf0cac87a0388e951e267974a8c2de63bd37ec17e59e7ffaef14fb79

    SHA512

    b8ff8e4089f567f674e1d9a4c2d18bf539b49e971544a0ab57c5a1b01c146a40f453143193fd47ecea5ae799decf6daeee784363eb11abb597fd247c114fea16

  • /data/data/com.smapp.habit/databases/ua.db-wal
    Filesize

    52KB

    MD5

    555f8a2a5673c8a677e47a1e8eb08588

    SHA1

    15fcfa3cd393592cddeabb246231377bc6f4f684

    SHA256

    a2e620b3cbb9fd6c1da9a767177077cb953d043e5b831fce0bf5372c804d4c51

    SHA512

    e95ba06e39bf6d26b6242891a5279e9ca0d95433216d6ef20c607da464a4639ccefed534364f4aa9b269fcf36dda85892266d26dab9e8f29c6ee0312ae43eaa5

  • /data/data/com.smapp.habit/databases/ua.db-wal
    Filesize

    8KB

    MD5

    3ddcd9b7e4b68ff490a8654e99a35281

    SHA1

    da77cd7b5be5ebbbb0e56e471357d1ec5b9f6235

    SHA256

    a266f4189492cf81c837e65fcb84b2645964aaefa8a7a9619616b5d2358e7287

    SHA512

    0e0fff7ee5953412bdcb5f55eb8acf857daa69deb5bf6b3d8ccbbddf813017ffd9c7ddb45c12784b634f89b8cafcc43cf5e51d2e90735cbfee99dc941818a998

  • /data/data/com.smapp.habit/files/.um/um_cache_1718357980185.env
    Filesize

    1KB

    MD5

    c5dc1100749c4ce5e1f14e70ddcf6308

    SHA1

    b54a17e49b5ad442a3d52f424b728b8c53321dde

    SHA256

    8f214bddb795472a7b6b70ec2d1f600ad763264018fb877b9654bce3e0850632

    SHA512

    ec589ddc6b002740fc1cde248b9ac096560e813561a15b97c0e607505d1474b2a88ce6dca463356e3e8e55a7eefb2c5666a02f1d275b78cc8649e5792a6e49cb

  • /data/data/com.smapp.habit/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    9937e9d52ea7a10b260750a334c8b021

    SHA1

    1ae45a4cf9a3bcca018d169d83a5818df0970fdc

    SHA256

    d1fa59c1864ecc488599b698fdab39bb4e884ddfb3fb4e0bd3c65156cc78724a

    SHA512

    7ce8f5092ab81716ecda83df2a46492f3b783296d49317e5d94e9ccd86077fea82f485ffd10353179d4e828b7661a5f25e700b2f10fa4b71958ae4af5b17e971

  • /data/data/com.smapp.habit/files/exid.dat
    Filesize

    56B

    MD5

    5938cbde4e676e4766d623c3ec3131d4

    SHA1

    11971a6f670e8636810c6ca7fdde699e2548f632

    SHA256

    4ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3

    SHA512

    3b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b

  • /data/data/com.smapp.habit/files/umeng_it.cache
    Filesize

    415B

    MD5

    778b189701306e61be07b01ea22a55fe

    SHA1

    9e15aebf4e05d2ddf2d2fc1f88fbb431131c85e9

    SHA256

    e3ac7dea0ea4c6b384b49f28285d77e656a5db9262190ea64a7451a4f6bc4388

    SHA512

    2ab2075460ce47056557a691917a0a2b52c9f671a9e16f5a6e3b379642075f526f463c9fb52d111f6ffe47a7cd5545a5771d2eceee486ed9d054489ed1c1c73c

  • /storage/emulated/0/Mob/comm/dbs/.duid
    Filesize

    496B

    MD5

    fafe258d036588a59290ed19e603e749

    SHA1

    8381e96291a9c71c7491803b32b9cfdb6d4b4256

    SHA256

    e40adc9b3348205f33ef8b9476537c4412fd618a5179ab7cb87d68887cc68071

    SHA512

    2a049d60df4fb04a326bcedd7ae631fa52b7abee86fd38322c5b8b9e1693a0c283ca2f08dcb503ee4bc69ab0a75afbe3dc33762ed248402ce87fa214162a694c