Analysis
-
max time kernel
128s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 09:37
Static task
static1
Behavioral task
behavioral1
Sample
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
-
Size
9.9MB
-
MD5
a9000c449a9cfc91122147759d0964e8
-
SHA1
62795c848068588e9184435e94220a4ffc8740e7
-
SHA256
85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e
-
SHA512
629f125701a1e672ff418cbb68443bb0a54d308ace117af0a5446db51b84b463281df0ad044d32199f4bf2374ff8bb620628bf288b7fbf6e06859505ecd7cdc9
-
SSDEEP
196608:49INb5QAOVmqKrY05H5AXBPdsgFw/3RxJZFJX+tu7ybNrJKSZ:4q6+qMuPdlFw/RjZFJXvKrwSZ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 15 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smapp.habit -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.smapp.habit -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.smapp.habit -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.smapp.habit/app_crashrecord/1004Filesize
222B
MD5af5cb07c509e545c406e3a7638040b34
SHA1135cfcc0df1bc2d4de851c196a1be6a33969a4fc
SHA256c96133c45b21d104042729a8e284905c739d83f2c4cd277f56ef1197ed747393
SHA51238f7b3427bb1bb60f893b94db90143ef14bb58589757e316c257ff002e69ea23a20174ce2f1dbb1d92d5b4d6754b1327ce0f354ed32a010949ea33251eba1f30
-
/data/data/com.smapp.habit/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.smapp.habit/databases/ThrowalbeLog.dbFilesize
20KB
MD5a852ebc3321d2bc807b23175a6a71edc
SHA1645a7fd33cf75a23628d576e6c6fa5b454d16f13
SHA256256fb4171fad95478a5a6615ef2bf8cdbb9948eb7f60ee6c909cf5480436128b
SHA512145ecea475401cc23e175ae5410fe8bea6f2b2aa7f9dcd40ea048cc60f57f48395cf6aab3681c35a3d275d20e79a342de3e8e2302ea2ee234e53ec9f34b5a831
-
/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
512B
MD5fe38f4029f1581e38ac154dadb2dc8c8
SHA10dc28b30e590b846bc234653bc91e0e555ed7dc0
SHA256fcb30572d24435ca567bc91b20be7ead0de2d85d17f988ffdd65c8c7f5a0dc40
SHA512e6f4fc97c7d6afa8cc670b375a258ab81edb8104871d7a802051e852ee642707fa8a70a3f453eb22e021ade826ecd44f76fdbffa5201210b24d27f78b5ddf638
-
/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
8KB
MD5ccd440fe7cefd71ed124140e8c51ea14
SHA1debe379a9f5a699af45640f55db44ab727aed343
SHA256e362a271e060c0f11d37c03b7b55af35cb10c4a098fe811688767ae4dc9482f1
SHA512525987d768a3318c56cf824ce94aa1e25242c8c7b89f93b0448d8f12582ef05b4c2cb63f7d98492293c33c9a152bc9a5f0a4590700c462f50a75cd5484faaf1c
-
/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
8KB
MD53e6b204bb773719fe62d821357746163
SHA103873abeb7a3923cc63c0c08a4045720c58e0495
SHA25601769dbe4033e3ce86fd98ec7a7d6ccbbc7c172ded1a98471ad6074483929298
SHA512b0dbea21154603639e6ce894a992accf6e7b00900435e6b83a84e44f37dadd7c048bc2c0c0ba44211ec6efc3d3bdb7d686164ff0db80334d16e9b64cf3b1a9eb
-
/data/data/com.smapp.habit/databases/bugly_db_Filesize
52KB
MD5fba587ad00c39b395bc9598405f1a5c3
SHA19d31f345069b163d66df2e747a98f25ff85e2992
SHA25644fc589bb9f2cc1bf4750c9fdd5843b21f0e5550edcfd903562590939915f1d0
SHA51289181aaffa05b0ebc66f0958958410508dc366af78cd28937103581784f5a178321f0bb1e2be98f97e64889e5d4dbf61d6e27999d48b88353016de8c77ef6fae
-
/data/data/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD58b208f1a7d7b3d100172fe8955af8c91
SHA14eda3af99d4e891a6f69644cadb3ea5d9f8cba51
SHA25629b8f40478b06b13b2597fcf1a408005645c19749528a545e2976a5ac6086578
SHA512e4eafd032dda14ae4704e656883eaa933a7cc9af54ccc4dcebc8f758eaca366864695a70909bd3b454e7928d14e0a36bed27e6585e1e64417763057c640d1812
-
/data/data/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD5a841bdd9264b3cd3e9d0a6ace3a6456d
SHA1bff99d71b048bea247804b3e27da76e7e745a81d
SHA2560a7e54172f323f3506d7b96015f7c8c401d155f19eaaaafd6c1df1e7a3fd0432
SHA5128cde54087a977957c3eb2d5463b43373e1a9a5e7e5ab288deb94348e8d5bf6d95dc2bb27d4d36657172d9d8cedf0131d0f9c270d7f1e2ea0870750b1f5509be1
-
/data/data/com.smapp.habit/databases/bugly_db_-journalFilesize
512B
MD5712f49ae4ecf6d13b5285c10e089c396
SHA1a0d32b600358efada6e284e17712aa4b7096755b
SHA2565390ab1125e83dd103838e41e9a932d444744e8cc7087bfb1c99be5533c79b75
SHA512ca2ec468ece5e5da5566489a262d119e366ca994855df82cbcf00e394ab2e8cf7e1d7ed794857a97eafa3fd9835a2e630518d681500ca9bb6b65ea0e1c99f7e6
-
/data/data/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD51c6cecae160b2b65ff69c56bcf5e5580
SHA1d39a17d7db84081d4cc260bdbd3f5aca732d904e
SHA256aa46b6734ba7e8ec596d593c40561050b18a3d789f8dd29e1fc467b8a7bf26c7
SHA5128e4ccab121e42def011545076c9e42e9ee699474c263c75385c10ebf4bfa4a5e1d89e684179c3c18a1392e969f21d4e590aec5300c695b821f09ef19eed47e04
-
/data/data/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD548e69fc3fc2aa18d96db86cefda2414f
SHA1af871a1e7d7c1916f4e431bc4ab1e624c81adb7e
SHA2561b1c50482efd730e9bb6730be078ad210acd4b974bdb7abe3dc656c1135ecc9d
SHA51262c95367e05a5a2b4e3c204c47e90e2a61cbdc5d924b4a1cb78ef0957ca6aacd40655b12b8cef2c907e9b5f56b7f4ffd15f6230f6f39b56365f20efc1a575e3d
-
/data/data/com.smapp.habit/databases/cc/cc.dbFilesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
/data/data/com.smapp.habit/databases/cc/cc.dbFilesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
512B
MD54ff60e768ea9f2cf5fcf1d55497776ea
SHA1b9079f4136e61e0b803f12f981bbc8c56e446ca4
SHA256f8ed2e9307a7f1ca52c3880c9ef695dcc4bbc6ddea910179dcdbabec996a12a0
SHA5120bcd02daa8d098d599d621b6dfe119d3169c657633cf2cfb3723f66684d7cb02820518db2218754b59aefca95588efa496022becb0ab47783580c8654981ab45
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD5316fd6ad7557642f3bf0f2b097b2a019
SHA1cd1dc4663adfcb9f625435addc566dde81238c70
SHA256f73952ea6f3cf20c9ec1eed6896faeb4aadf1a2956e2d683971349d95d0d9541
SHA512e720b2a004041d5bf92e1fb2a1f17952cf1c9fcd9785778c45e3f223b18185e0a7d9e9c21234295e781164d26d3bb7b851226f7ecc1dd0ae6c750988a97d927f
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD50dc8b96786b2faf3d90f7b186415e40d
SHA13ce3e0d4969687e9386a324eea8cfe2e2d082301
SHA25690a220eb7ba38ea24b9a2e4332bfedab0d79d629b0ebbdf758180bb0faf59a48
SHA51242a3becc69563a95adc0b96860ea6029aaa04868d39aee2a8c92ca80d71637ef667d743a5883e4d32a805572f7d88d5890571af8a20dc621e6eba17330971d5a
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD55a217d8ff73717e790173bf41a51a9af
SHA13c9e2f54cd8378ad52a9f0683613f805d4d9b642
SHA2566030d94ce0bd0019302dbfd3d1faa58f64217d83697451455d1c5457cefaec71
SHA512800094c684c626df9784c7332cb86f585b2f5e3aa66a2a211700b4bbeab5bfa961e36930ea78cfdc00c41c08c6c3c18781e780d21e1973756037166f4049c5d1
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD5ee8cf33b157ec51de492a489129a17e6
SHA19e665bc94967cebc7dd7c69de8b8246ee656d2c0
SHA256ff6af4ea5d0bf667374587fd9090b209d1708bcc158b90330f89536b2fecf23d
SHA512a9aae8af476279246d0aca5ddb6ecce3244dcd2e138c19d6e2d77d64e48238f753526daac394d71a794d484ba2b0c8b006c023a4dcc0ecd81aca41dd311e9bea
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
12KB
MD54910fa362e469a50547ae6956f0bd41c
SHA11dc0532fbfab2c2fc630d1deb03c3353f6188e91
SHA25632f50b6bc05b469e05b7993d9384b8d63f24c40e5a534c0d52201a07258e7327
SHA512dde6c93bcaef61d8a21f85f2c8b41e83240d11b7bef28142f2fcdc639692d8bd7ebff60566fe32f4bfc05fcd33576e2854d651c57695ee98e2a210a8b7db3a51
-
/data/data/com.smapp.habit/databases/ua.dbFilesize
32KB
MD58a83f7ecf20987f05052d52dfe9681cf
SHA1100d516fc6a7cc3bfa4434b4d9e531f5eac2dd39
SHA256dcbe186a9202ead289667476df61dca890062ef4d91a9fde2e53d24244d60c38
SHA512333b5bdfa2077fc0582e300ef59fa777a7370fd85d54c78fd46e98abb7593a3810960cb146b75ca35d717df03fa08fc3264a712f51f69ea81f1b502f690ede23
-
/data/data/com.smapp.habit/databases/ua.dbFilesize
32KB
MD538564ad4c73e5619bc2264b0c44997a5
SHA1e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA2561820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA51230d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
512B
MD5e6787d42620e533b615c7ce517852d6f
SHA11ba1c22bea00f628f1d580aced8affa59179972d
SHA2566542494be321812ca086fa4636e6ab92bdbbea21a78ae51f1d2b7ff7250b8c09
SHA512b3465374cc7fd0b6c90ec1003bd47d1d35b6d970401443aa5490fc6c3221f7a23a761ff62e5377ebc0124796ac9e5897dcde719c46863ddad729c037cdd9e9f2
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
8KB
MD5b868d182a8474e3ac5d29d430cc7b954
SHA1a1db61c73c8865177f51ebb8737548008acc76d3
SHA2562f2e63506f92c334aaae0a744a90ee7f7541f10842ae6dfed7b0719c0448346f
SHA512f7858bd0c80c9285d55b5632a9ba9372d2e722aea184cc04f8407d2d66fe69f1dfab94d0f72b7a1774d0b8528b707a3a216268b4e64b82fc9936ed957fb11903
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
8KB
MD58784a7ed10228abddba9a6f46ef559d2
SHA1c2b4bee8f650653f11976897031768925b0246b2
SHA2566de31ad49a47cb62787ef0a7b424dcde932d222cc4c29d5344a7fdea72df60bd
SHA512c66dbc3733b6b0c0887d1bab8731becc5efcdb98d460df9961186c8486a4ae36b4a96561d03c5fbcd6dc40e593a55b03a3c582c0baeb7720cd36accc26866a79
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
12KB
MD51dd00dc3149a0a6f5b29034796c8db2d
SHA19cbe0a13b42d7125f027394203048b5069305d33
SHA2566cb9ef9e2ec429d46a5bb42d5d2ba8b61609e1021b317ce5ba243a5b52deb732
SHA512c15c9e1795f72ef555ce61ed18781588b44fa0fbadd9a5fdf7bc7191b529b50010499fd64e891cca0ad8a135ec7af7694194bc5179135b96b13fe36bff83d4aa
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
12KB
MD568c4223193060f3162821671d56ab49a
SHA111401abfc7c00f9d00bba5d7d45715249ff3fa37
SHA256a185e993040e6528d7198c917cd616fd2ad059cfe2ecb7c1f923fb82ffe52ab7
SHA5127424f89739d97503f880f8a15fb2ed69a6f2fb7cad95f1fe8a8ca1d3c3ddd3ddce7e18b5b33e00aa316dc19ac2cff75edceee37adc34e752cf662c02fe66699e
-
/data/data/com.smapp.habit/files/.um/um_cache_1718357984123.envFilesize
1KB
MD58ea1a9df65c9ab8817035cc4b947996e
SHA16451b50b29ac6b3784d2a7329124598012fbac7c
SHA2568e72814a03dac30d692433cbfc49313a4b03ec51a9aae38627f86ae494e0a086
SHA512b32424d0be7f553dccac05350e5158f287287f3cd7abb390e46ccb58bd81a8d35d8a952a0f71e122f29abd23c4b4acd6e861bd8b8c8aa6a2c9d43684a7c36bc0
-
/data/data/com.smapp.habit/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5fb41769b18fb015fd51271f58315e685
SHA1f92ab7ca03545d317ab8aadf458824d44facc274
SHA25606f2cfbe7e31fa19271b13705c51d715b177eb059bf783faebcd5313b60babf0
SHA5125f90bed560d32849ebbfe128355e00304e7b3236bf194d724e1d72c07a7ef742dfa2bf4918d92d177cbd4907a162bccd47f8aecd09c2697f2410261f6275279d
-
/data/data/com.smapp.habit/files/exid.datFilesize
56B
MD55938cbde4e676e4766d623c3ec3131d4
SHA111971a6f670e8636810c6ca7fdde699e2548f632
SHA2564ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3
SHA5123b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b
-
/data/data/com.smapp.habit/files/umeng_it.cacheFilesize
350B
MD559f0b387f318363fdeb8ceff7826161d
SHA1d52812686dfe9b62aa9bb8437b4fd6eb32855949
SHA2565d6bc0e7b580135f085335f9b71c9cf7831e6c945d7e01e4b26c5a9f3dd31ecc
SHA51225dbddaf86a23fb7757cbda29c909fd9024e9fdb5043ec4ec1d700c03439858b5644a4998e5f537bdf37d6be88cce689b177083ddd6333de4f3bb9384ad5fc0d