Analysis

  • max time kernel
    128s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 09:37

General

  • Target

    a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk

  • Size

    9.9MB

  • MD5

    a9000c449a9cfc91122147759d0964e8

  • SHA1

    62795c848068588e9184435e94220a4ffc8740e7

  • SHA256

    85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e

  • SHA512

    629f125701a1e672ff418cbb68443bb0a54d308ace117af0a5446db51b84b463281df0ad044d32199f4bf2374ff8bb620628bf288b7fbf6e06859505ecd7cdc9

  • SSDEEP

    196608:49INb5QAOVmqKrY05H5AXBPdsgFw/3RxJZFJX+tu7ybNrJKSZ:4q6+qMuPdlFw/RjZFJXvKrwSZ

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.smapp.habit
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5050

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.smapp.habit/app_crashrecord/1004
    Filesize

    222B

    MD5

    af5cb07c509e545c406e3a7638040b34

    SHA1

    135cfcc0df1bc2d4de851c196a1be6a33969a4fc

    SHA256

    c96133c45b21d104042729a8e284905c739d83f2c4cd277f56ef1197ed747393

    SHA512

    38f7b3427bb1bb60f893b94db90143ef14bb58589757e316c257ff002e69ea23a20174ce2f1dbb1d92d5b4d6754b1327ce0f354ed32a010949ea33251eba1f30

  • /data/data/com.smapp.habit/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.smapp.habit/databases/ThrowalbeLog.db
    Filesize

    20KB

    MD5

    a852ebc3321d2bc807b23175a6a71edc

    SHA1

    645a7fd33cf75a23628d576e6c6fa5b454d16f13

    SHA256

    256fb4171fad95478a5a6615ef2bf8cdbb9948eb7f60ee6c909cf5480436128b

    SHA512

    145ecea475401cc23e175ae5410fe8bea6f2b2aa7f9dcd40ea048cc60f57f48395cf6aab3681c35a3d275d20e79a342de3e8e2302ea2ee234e53ec9f34b5a831

  • /data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    512B

    MD5

    fe38f4029f1581e38ac154dadb2dc8c8

    SHA1

    0dc28b30e590b846bc234653bc91e0e555ed7dc0

    SHA256

    fcb30572d24435ca567bc91b20be7ead0de2d85d17f988ffdd65c8c7f5a0dc40

    SHA512

    e6f4fc97c7d6afa8cc670b375a258ab81edb8104871d7a802051e852ee642707fa8a70a3f453eb22e021ade826ecd44f76fdbffa5201210b24d27f78b5ddf638

  • /data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    8KB

    MD5

    ccd440fe7cefd71ed124140e8c51ea14

    SHA1

    debe379a9f5a699af45640f55db44ab727aed343

    SHA256

    e362a271e060c0f11d37c03b7b55af35cb10c4a098fe811688767ae4dc9482f1

    SHA512

    525987d768a3318c56cf824ce94aa1e25242c8c7b89f93b0448d8f12582ef05b4c2cb63f7d98492293c33c9a152bc9a5f0a4590700c462f50a75cd5484faaf1c

  • /data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    8KB

    MD5

    3e6b204bb773719fe62d821357746163

    SHA1

    03873abeb7a3923cc63c0c08a4045720c58e0495

    SHA256

    01769dbe4033e3ce86fd98ec7a7d6ccbbc7c172ded1a98471ad6074483929298

    SHA512

    b0dbea21154603639e6ce894a992accf6e7b00900435e6b83a84e44f37dadd7c048bc2c0c0ba44211ec6efc3d3bdb7d686164ff0db80334d16e9b64cf3b1a9eb

  • /data/data/com.smapp.habit/databases/bugly_db_
    Filesize

    52KB

    MD5

    fba587ad00c39b395bc9598405f1a5c3

    SHA1

    9d31f345069b163d66df2e747a98f25ff85e2992

    SHA256

    44fc589bb9f2cc1bf4750c9fdd5843b21f0e5550edcfd903562590939915f1d0

    SHA512

    89181aaffa05b0ebc66f0958958410508dc366af78cd28937103581784f5a178321f0bb1e2be98f97e64889e5d4dbf61d6e27999d48b88353016de8c77ef6fae

  • /data/data/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    8b208f1a7d7b3d100172fe8955af8c91

    SHA1

    4eda3af99d4e891a6f69644cadb3ea5d9f8cba51

    SHA256

    29b8f40478b06b13b2597fcf1a408005645c19749528a545e2976a5ac6086578

    SHA512

    e4eafd032dda14ae4704e656883eaa933a7cc9af54ccc4dcebc8f758eaca366864695a70909bd3b454e7928d14e0a36bed27e6585e1e64417763057c640d1812

  • /data/data/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    a841bdd9264b3cd3e9d0a6ace3a6456d

    SHA1

    bff99d71b048bea247804b3e27da76e7e745a81d

    SHA256

    0a7e54172f323f3506d7b96015f7c8c401d155f19eaaaafd6c1df1e7a3fd0432

    SHA512

    8cde54087a977957c3eb2d5463b43373e1a9a5e7e5ab288deb94348e8d5bf6d95dc2bb27d4d36657172d9d8cedf0131d0f9c270d7f1e2ea0870750b1f5509be1

  • /data/data/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    712f49ae4ecf6d13b5285c10e089c396

    SHA1

    a0d32b600358efada6e284e17712aa4b7096755b

    SHA256

    5390ab1125e83dd103838e41e9a932d444744e8cc7087bfb1c99be5533c79b75

    SHA512

    ca2ec468ece5e5da5566489a262d119e366ca994855df82cbcf00e394ab2e8cf7e1d7ed794857a97eafa3fd9835a2e630518d681500ca9bb6b65ea0e1c99f7e6

  • /data/data/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    1c6cecae160b2b65ff69c56bcf5e5580

    SHA1

    d39a17d7db84081d4cc260bdbd3f5aca732d904e

    SHA256

    aa46b6734ba7e8ec596d593c40561050b18a3d789f8dd29e1fc467b8a7bf26c7

    SHA512

    8e4ccab121e42def011545076c9e42e9ee699474c263c75385c10ebf4bfa4a5e1d89e684179c3c18a1392e969f21d4e590aec5300c695b821f09ef19eed47e04

  • /data/data/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    48e69fc3fc2aa18d96db86cefda2414f

    SHA1

    af871a1e7d7c1916f4e431bc4ab1e624c81adb7e

    SHA256

    1b1c50482efd730e9bb6730be078ad210acd4b974bdb7abe3dc656c1135ecc9d

    SHA512

    62c95367e05a5a2b4e3c204c47e90e2a61cbdc5d924b4a1cb78ef0957ca6aacd40655b12b8cef2c907e9b5f56b7f4ffd15f6230f6f39b56365f20efc1a575e3d

  • /data/data/com.smapp.habit/databases/cc/cc.db
    Filesize

    36KB

    MD5

    0908e924aa236931dc7166fef6e00862

    SHA1

    7782648d6d8f6e835bd47058d4852932c096a467

    SHA256

    38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

    SHA512

    3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

  • /data/data/com.smapp.habit/databases/cc/cc.db
    Filesize

    36KB

    MD5

    67c12933d1e0e63d9801a6aa43092ce7

    SHA1

    b6936908554e4a1986b8eb08289e2d3545e8ff74

    SHA256

    abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

    SHA512

    db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    512B

    MD5

    4ff60e768ea9f2cf5fcf1d55497776ea

    SHA1

    b9079f4136e61e0b803f12f981bbc8c56e446ca4

    SHA256

    f8ed2e9307a7f1ca52c3880c9ef695dcc4bbc6ddea910179dcdbabec996a12a0

    SHA512

    0bcd02daa8d098d599d621b6dfe119d3169c657633cf2cfb3723f66684d7cb02820518db2218754b59aefca95588efa496022becb0ab47783580c8654981ab45

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    316fd6ad7557642f3bf0f2b097b2a019

    SHA1

    cd1dc4663adfcb9f625435addc566dde81238c70

    SHA256

    f73952ea6f3cf20c9ec1eed6896faeb4aadf1a2956e2d683971349d95d0d9541

    SHA512

    e720b2a004041d5bf92e1fb2a1f17952cf1c9fcd9785778c45e3f223b18185e0a7d9e9c21234295e781164d26d3bb7b851226f7ecc1dd0ae6c750988a97d927f

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    0dc8b96786b2faf3d90f7b186415e40d

    SHA1

    3ce3e0d4969687e9386a324eea8cfe2e2d082301

    SHA256

    90a220eb7ba38ea24b9a2e4332bfedab0d79d629b0ebbdf758180bb0faf59a48

    SHA512

    42a3becc69563a95adc0b96860ea6029aaa04868d39aee2a8c92ca80d71637ef667d743a5883e4d32a805572f7d88d5890571af8a20dc621e6eba17330971d5a

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    5a217d8ff73717e790173bf41a51a9af

    SHA1

    3c9e2f54cd8378ad52a9f0683613f805d4d9b642

    SHA256

    6030d94ce0bd0019302dbfd3d1faa58f64217d83697451455d1c5457cefaec71

    SHA512

    800094c684c626df9784c7332cb86f585b2f5e3aa66a2a211700b4bbeab5bfa961e36930ea78cfdc00c41c08c6c3c18781e780d21e1973756037166f4049c5d1

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    ee8cf33b157ec51de492a489129a17e6

    SHA1

    9e665bc94967cebc7dd7c69de8b8246ee656d2c0

    SHA256

    ff6af4ea5d0bf667374587fd9090b209d1708bcc158b90330f89536b2fecf23d

    SHA512

    a9aae8af476279246d0aca5ddb6ecce3244dcd2e138c19d6e2d77d64e48238f753526daac394d71a794d484ba2b0c8b006c023a4dcc0ecd81aca41dd311e9bea

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    12KB

    MD5

    4910fa362e469a50547ae6956f0bd41c

    SHA1

    1dc0532fbfab2c2fc630d1deb03c3353f6188e91

    SHA256

    32f50b6bc05b469e05b7993d9384b8d63f24c40e5a534c0d52201a07258e7327

    SHA512

    dde6c93bcaef61d8a21f85f2c8b41e83240d11b7bef28142f2fcdc639692d8bd7ebff60566fe32f4bfc05fcd33576e2854d651c57695ee98e2a210a8b7db3a51

  • /data/data/com.smapp.habit/databases/ua.db
    Filesize

    32KB

    MD5

    8a83f7ecf20987f05052d52dfe9681cf

    SHA1

    100d516fc6a7cc3bfa4434b4d9e531f5eac2dd39

    SHA256

    dcbe186a9202ead289667476df61dca890062ef4d91a9fde2e53d24244d60c38

    SHA512

    333b5bdfa2077fc0582e300ef59fa777a7370fd85d54c78fd46e98abb7593a3810960cb146b75ca35d717df03fa08fc3264a712f51f69ea81f1b502f690ede23

  • /data/data/com.smapp.habit/databases/ua.db
    Filesize

    32KB

    MD5

    38564ad4c73e5619bc2264b0c44997a5

    SHA1

    e55f6fe1b20347ad4cd58d77af0b0feb149f63d0

    SHA256

    1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8

    SHA512

    30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    512B

    MD5

    e6787d42620e533b615c7ce517852d6f

    SHA1

    1ba1c22bea00f628f1d580aced8affa59179972d

    SHA256

    6542494be321812ca086fa4636e6ab92bdbbea21a78ae51f1d2b7ff7250b8c09

    SHA512

    b3465374cc7fd0b6c90ec1003bd47d1d35b6d970401443aa5490fc6c3221f7a23a761ff62e5377ebc0124796ac9e5897dcde719c46863ddad729c037cdd9e9f2

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    8KB

    MD5

    b868d182a8474e3ac5d29d430cc7b954

    SHA1

    a1db61c73c8865177f51ebb8737548008acc76d3

    SHA256

    2f2e63506f92c334aaae0a744a90ee7f7541f10842ae6dfed7b0719c0448346f

    SHA512

    f7858bd0c80c9285d55b5632a9ba9372d2e722aea184cc04f8407d2d66fe69f1dfab94d0f72b7a1774d0b8528b707a3a216268b4e64b82fc9936ed957fb11903

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    8KB

    MD5

    8784a7ed10228abddba9a6f46ef559d2

    SHA1

    c2b4bee8f650653f11976897031768925b0246b2

    SHA256

    6de31ad49a47cb62787ef0a7b424dcde932d222cc4c29d5344a7fdea72df60bd

    SHA512

    c66dbc3733b6b0c0887d1bab8731becc5efcdb98d460df9961186c8486a4ae36b4a96561d03c5fbcd6dc40e593a55b03a3c582c0baeb7720cd36accc26866a79

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    12KB

    MD5

    1dd00dc3149a0a6f5b29034796c8db2d

    SHA1

    9cbe0a13b42d7125f027394203048b5069305d33

    SHA256

    6cb9ef9e2ec429d46a5bb42d5d2ba8b61609e1021b317ce5ba243a5b52deb732

    SHA512

    c15c9e1795f72ef555ce61ed18781588b44fa0fbadd9a5fdf7bc7191b529b50010499fd64e891cca0ad8a135ec7af7694194bc5179135b96b13fe36bff83d4aa

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    12KB

    MD5

    68c4223193060f3162821671d56ab49a

    SHA1

    11401abfc7c00f9d00bba5d7d45715249ff3fa37

    SHA256

    a185e993040e6528d7198c917cd616fd2ad059cfe2ecb7c1f923fb82ffe52ab7

    SHA512

    7424f89739d97503f880f8a15fb2ed69a6f2fb7cad95f1fe8a8ca1d3c3ddd3ddce7e18b5b33e00aa316dc19ac2cff75edceee37adc34e752cf662c02fe66699e

  • /data/data/com.smapp.habit/files/.um/um_cache_1718357984123.env
    Filesize

    1KB

    MD5

    8ea1a9df65c9ab8817035cc4b947996e

    SHA1

    6451b50b29ac6b3784d2a7329124598012fbac7c

    SHA256

    8e72814a03dac30d692433cbfc49313a4b03ec51a9aae38627f86ae494e0a086

    SHA512

    b32424d0be7f553dccac05350e5158f287287f3cd7abb390e46ccb58bd81a8d35d8a952a0f71e122f29abd23c4b4acd6e861bd8b8c8aa6a2c9d43684a7c36bc0

  • /data/data/com.smapp.habit/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    fb41769b18fb015fd51271f58315e685

    SHA1

    f92ab7ca03545d317ab8aadf458824d44facc274

    SHA256

    06f2cfbe7e31fa19271b13705c51d715b177eb059bf783faebcd5313b60babf0

    SHA512

    5f90bed560d32849ebbfe128355e00304e7b3236bf194d724e1d72c07a7ef742dfa2bf4918d92d177cbd4907a162bccd47f8aecd09c2697f2410261f6275279d

  • /data/data/com.smapp.habit/files/exid.dat
    Filesize

    56B

    MD5

    5938cbde4e676e4766d623c3ec3131d4

    SHA1

    11971a6f670e8636810c6ca7fdde699e2548f632

    SHA256

    4ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3

    SHA512

    3b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b

  • /data/data/com.smapp.habit/files/umeng_it.cache
    Filesize

    350B

    MD5

    59f0b387f318363fdeb8ceff7826161d

    SHA1

    d52812686dfe9b62aa9bb8437b4fd6eb32855949

    SHA256

    5d6bc0e7b580135f085335f9b71c9cf7831e6c945d7e01e4b26c5a9f3dd31ecc

    SHA512

    25dbddaf86a23fb7757cbda29c909fd9024e9fdb5043ec4ec1d700c03439858b5644a4998e5f537bdf37d6be88cce689b177083ddd6333de4f3bb9384ad5fc0d