Analysis
-
max time kernel
87s -
max time network
171s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
14-06-2024 09:37
Static task
static1
Behavioral task
behavioral1
Sample
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk
-
Size
9.9MB
-
MD5
a9000c449a9cfc91122147759d0964e8
-
SHA1
62795c848068588e9184435e94220a4ffc8740e7
-
SHA256
85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e
-
SHA512
629f125701a1e672ff418cbb68443bb0a54d308ace117af0a5446db51b84b463281df0ad044d32199f4bf2374ff8bb620628bf288b7fbf6e06859505ecd7cdc9
-
SSDEEP
196608:49INb5QAOVmqKrY05H5AXBPdsgFw/3RxJZFJX+tu7ybNrJKSZ:4q6+qMuPdlFw/RjZFJXvKrwSZ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 24 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smapp.habit -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.smapp.habitdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.smapp.habit -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.smapp.habit/databases/cc/cc.dbFilesize
36KB
MD54cfe777c9f6e7859f5efe2197401d8e5
SHA1bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA5126be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de
-
/data/data/com.smapp.habit/databases/cc/cc.dbFilesize
36KB
MD586752a4be6564d8370f2f0e403995003
SHA129f7d50675f6e59f3b808eb6dcc8619384412115
SHA25650484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA51279c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
512B
MD5614666c0dc96ad443693a48176e8f06f
SHA11fde240987584d899c330680fa8ea7c4fbbca609
SHA25629a87b77051cb7d5b33bff7e81b69314bc2c532baeabe03d7dc8a9fcd9556f52
SHA512690d857cfe0aa13764245d5e94b1e2e6b42b94219f38c1307bc2b169c989bd364f70dc314fa73612c7ede134819e3f4da0cd851a4546dedd04b8dbe1b73a80ef
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD5c2f30b6f032d1756d20f4f1c4ff577c4
SHA147a15457f5126e610505bf5ec25607a6146c1b11
SHA2566a1ce86e2484dcbe224f35d648b49520e6d35cf0da27160e19c7101808f3a844
SHA512c0971ed6b8ca6e7cfe0bb9dfd93540663b962c3ceb309cf33034b3d09090ba17cb0610b3953765a7c57a866c9a507d628ac8e93d8f5b3810a261026716b730d3
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD50272290d428657920af1b3bff9689358
SHA15bb49393609b53f377698d4a320e966a901af641
SHA2561bf2a2dd4e0d06beec3c23a33116b993115e95b6ff258ddfbf96aca067e206e8
SHA512aa8b808c7c5de264ab1b0529dba66f65a34462a77529901c19188411d24ff8e0d1062086863ca0b4d1b809ac7d1c727955d1d08fc3c203ed20b18de2643f9865
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD5df921711a4463075605d031367a7066a
SHA13c3d1c14ef6f69f0b941cdde295a1afae87d2999
SHA2564287aca35463ddb09839c3be085335c76a534d4618cd7f780d17facfdef5ade8
SHA51257bd5314bed39cbacbe7676490bf2a0ff2f374bdaa94039e24805d19eafa45eea4efdcd5904f506f5bbad62822e54e38df0e1d58074e01df534085d1606f514c
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
8KB
MD576ce81d91c49af34fb951412a0f05cc5
SHA1f7b68f8842b89f97b3fae10e335dda1f74881e89
SHA256e0b39f8e61305e1865fda8450ff5b2f9bd70a55164a9e009173c9821c5058f12
SHA51227eaae4a3ebfcb95ee0165fb107ff0c700a7021dc7e6337ea7a916437357487ab3ae18e64ff35b9ae10cfd73611d6f38c92cfd9cefbd4ea071bd7e7acae825da
-
/data/data/com.smapp.habit/databases/cc/cc.db-journalFilesize
12KB
MD5bd4202043f7b9292424024d6ec362879
SHA1182151ecaa7f3ce63180221e4403946de8e4ea01
SHA25649e87db49a43475e0253a1c3898a60112138ab926fde5d236efefb3c03534a6b
SHA5129be51987d3162d9a3dd8c1c19fa190f77cf669163778f30679cd91699403cf8c4a0911427d46a9d9e238df6e8dbd18d3210908e6d2f108a9ca1c5bbbd12c0893
-
/data/data/com.smapp.habit/databases/ua.dbFilesize
32KB
MD57bf7ab1da9d209b4b12f27c31be31d32
SHA110c719fb8105c79bc789561cba80a5617e2414ce
SHA256cce58820e31cf3a3915dce7232b87d97332193cbbd694b71d3d1bec2c5270fb7
SHA512c95e5ad939bdff9387f6dc512dfdf8c18201528b23f459c9fc2b47f608ae23066206c1a28cb87a2bb36f9eb9552b0117dd3965e7756bf5658055cd1bcd91b507
-
/data/data/com.smapp.habit/databases/ua.dbFilesize
32KB
MD54cac7d31fb94d5c9581893537f64c5ed
SHA196bef3288546196ac3058b5eeddbe9da1d999fe5
SHA256d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5
SHA5120ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
512B
MD5939a199a8641aa4e560444ed8422b31f
SHA1733f78904d368e687103690e15ce0bd8fb7a4e35
SHA25698e7c254153a451603b8c6bf930d6fb15ce744c7089a61368060ea3742710ad4
SHA5120817c6b8c31a7198f68956403a259bd1213bbb475a0534d42edc85cdcdbac3bdfc164eec31c0153e47a7b1f9915bdec4706701a188e005e72005a65684b29be0
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
8KB
MD5c9abb7350a67641172f99178cfdca9a5
SHA13a27b3218eef6d82630e21a17415cb2483660184
SHA25679524a138ef55d16410191b5109638a2fe96e2211de99368471cd79f5d7ef655
SHA512d944b6796ca2b8708665df17153b88885b3b82b855e5c596cc978eb2eec322c6e2c5b26ec0b8f89381e65a4a2c3cdd7a5340910221fc65dd26635e0d1e1d72df
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
8KB
MD5a194eabd392faf98b15249c52b6c5e5a
SHA18e389dc5a364cd33839b693d99743f05b7d4a9af
SHA256a1f6b465d8fbb41f59315559ad8c871ac25dc01fd0cf5299bcfa89c800af4537
SHA512be410a1a1d74e73eae436c23c2afbcf47cd99fe5d6f688c1c861b4ec3e73c4921f4b1635a4e09b1154e4214dfd2ac6226ad55faba9cab8c4a073e4283222f883
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
12KB
MD5360c9d662f5f0f17c77294679120bab6
SHA1ce9717d704c480bc66903f95a7b169b5b1b00487
SHA25698070f791040a958466c0de860fdd25a9edce201da0dd8b051e4bf1f1b2cbd72
SHA512109603e63660b430e856655a6e0dbe59144c38c2975efc7320d14c81f2c88e75fcf27e9c177c1a233b05c2b5d095a0d429a14696c2a814f9a47deabe3aa66f22
-
/data/data/com.smapp.habit/databases/ua.db-journalFilesize
12KB
MD5713e3bfc82c089babfd716e785cf8267
SHA18511ff4beb821fc0ad7c1c6d4c37e5a233267338
SHA25674e486b636a0ee358f9cd8c22f0a05444023da83f048109b528925f00eb378b7
SHA51280a856c96a6652d9c324fb68343e6efc8d0c49a2ff08f495aa98bbdfdf7394b306c64661fc1742983d5d2e6ce8e28f1069227659282439c3ff2fe73a4b84a298
-
/data/user/0/com.smapp.habit/app_crashrecord/1004Filesize
222B
MD5e287e921ff6958cb0cb4eadf99c0ff24
SHA13e2578a472b101e5a97b62184da5186bb4086d84
SHA256b18046c0a941742fb650ef5ba3707a7d2c795b09def72a3178ff2e7cf4568c40
SHA512384aa14b699d428e16d850c3b11bd55e345a68413f8f666c07a34297a373c8249cd9c0f68729a1064be1d4538f92c44d2327a8991e33137ecc3f554207edca2d
-
/data/user/0/com.smapp.habit/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/user/0/com.smapp.habit/databases/ThrowalbeLog.dbFilesize
20KB
MD561c6e06afed0ed244319a8b366ccac7f
SHA1e22ae75378d506a7b13191e12b48341f5d518091
SHA2562d8d6058ca911211fed5562ac88fc34a45718dbfd2e6b8aa26b52f121a48aa9d
SHA512806f9ad0077c1f3b8a71eebc3a327eb7037717dc9c33b71219c54d7ccf955fa5c60fbab06dbfae8d022cf0acd0d8eb6bee231d74afcb926a923b9f32f39785fb
-
/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
512B
MD5fb0641132a7a4c5c8f4d3281cb748d64
SHA1cda86c8f5523a4e3c24a8685eaa88e916b784f72
SHA25674b6050527b9144782b75afd4c5b81b1fde525eb3f3ce373d3400054e4d46397
SHA5125566de6451f3283a298f07776ca516bc6cc511d63f2a8013b3a38171a0533986e987db4a20cb2c76ade2bef62b083ea7f8687022386e1a8bc3cb2e0c64e7e3fd
-
/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
8KB
MD50e734ceae6961c887b62e8b8243f7074
SHA1ed10416020d233cc0d637298e4e4f9494fffa95c
SHA2561cb87058398b3ad5ab74d05ad2b9958c30421d083fa4168e74f3b94750477047
SHA512221546b194a7493adedbb10c1ac6636294e77ef67487a6a71af26a8482636e1ccb9c24d82670f809abdbace78974890405c737172a2f24a8baee2f01189769ef
-
/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journalFilesize
8KB
MD506871f210dd4906f2fdbeb8030219b2e
SHA1df93bf77900afa89797d44bd702a34276458c15a
SHA25637a5046c0c37fe9e7c8b02ec9fa9b6912ec12c4d33bc1c6c3ba4cbfbd3c49b30
SHA512e1404a92f5f9a3af38df1c66f3af6d2f8095c307a92dd280b5e1bc6e928543b5be0eacf66293c8622b80fbd2e25c1c267e713fca5a3d8307a08318cf9573d973
-
/data/user/0/com.smapp.habit/databases/bugly_db_Filesize
52KB
MD5fb5127b812ce2183401cb637e587bc78
SHA18ce6cf53bf821baffec575b09fd75579d6770ffc
SHA2566725d9d263e413e14d4d8cb0ab131f907b0c2b6b0a6a94304f9096b04c13e0fc
SHA5128b9cf192771e6b3df1b6974077af1f6f7b17324c5caf5fa59abdcd70c75c6ef2ef22c012ade607c4496753577980b74da79a0f3c49bbc9669c20eaaa79f1b13b
-
/data/user/0/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD573b713a5a65ae8addaa4e82e6e870edc
SHA183045a4a229c521f6ba743feff996b9bb8e51329
SHA2561d6fde4696fbeec3a01297871e8018e4539502c2bf1b4a9165db02e20c68e578
SHA512735ee51ba26140d648b8ef466c894f7ddd8cc13a2ff8b0cce4e0f1bea08559d274dabac5a9014a4eebc42af80e5928f9e487ce7a85c87a1735e96704b88f3afb
-
/data/user/0/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD5b412d9a17df635cef5401667032eb895
SHA111514135e388139ee32d38e27a9fdc509523edb7
SHA25601ea576a3ecbbff6b449a212609c0adaa5697aed213db36ea2e4393915afae42
SHA5120f7429ea381ee932e7ad1370f980e4ea0a9bb568103d486ea636a6eba607c23e4ed488e69080526a3d7c000c6e8af1109285cc6b3bb61e659320a230f82df579
-
/data/user/0/com.smapp.habit/databases/bugly_db_-journalFilesize
512B
MD56cf0b830899443569c607b767f35ae91
SHA19582820f0ee95bd84a65c179b84275804b5c2c10
SHA25616c3b56f7566a551d5feeb1a670600e20c7d69e1b8cf72adc6a931abbbd9afed
SHA512a294b53ac0bff83435152a6e62a0073c986170e8d4ad1a2cfccf0ffd5b6af1fa5205e726d65bd825c2a3a5b180adf1e10847f60aac608e725528fb7030ef4660
-
/data/user/0/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD5e0e247907cf61d6b53364b09dccd3097
SHA17397f314aaf9d850daba631b47eadf51458427fb
SHA256bc81fbe0adef0c12803d19c783a638986794e1f4da95c95ccc461b2951ee1594
SHA51223d501f3ac269eaf2f0236a54616ca63871119eab1b865026db3e3a61af3e4ed21033b502a3dfd3ec7b256b2ab61763bc67d4d35480685c3abaf8193cff4e24e
-
/data/user/0/com.smapp.habit/databases/bugly_db_-journalFilesize
8KB
MD57c027f3021c1d8306f9e851932aba09a
SHA1af1a669b62317eebd44a54a6e35282d1d5a6c34b
SHA2563ed95aeb01a3324320fe3509a0df26f20e77ebdc81856c4302598fca44c4ef2b
SHA5128e6d8959d6cbca861797d42375a09805f0fc537a4eb6727be75024d25c555f944499206643e4f71b19bbdbc8e9014e0a0201dd8837979738547b2daa76e00494
-
/data/user/0/com.smapp.habit/files/.imprintFilesize
925B
MD5d1f06a10c5285fbd0a14de90b101a7dd
SHA1d421475ee50631f0dfb4b2ab81c4453403459c30
SHA256dd7beaf504cd613d393f359cdea1fea53920bc71256bb4efe69fe8605b6f6b4c
SHA5121c1a5aa58591ed3f59aa14f677c46b51ba87a2f39b8aaba27b4082727e0cc777c9782e7937f06d04ab8317bb00bda3e3899db1e4dac2cd7145324209df4e7641
-
/data/user/0/com.smapp.habit/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5ed5a138f2ae6a17032c5572a4a6bddfa
SHA15c8996625d5cec48c79f4dad8276c2cdd6f91c5c
SHA256756c4eeea4988ab93a34db1a467063cdb49998cc382360f2e05ad5f16672962d
SHA512fdc05636313f9e67636d03bbaa59ef770a7b8d25cea0c53c6f52cc7142b8c4580a809feeff0edd3881ac95b8bc5e73dc2a770ad7279a21ff6ee6028f856dc15e
-
/data/user/0/com.smapp.habit/files/exid.datFilesize
56B
MD55938cbde4e676e4766d623c3ec3131d4
SHA111971a6f670e8636810c6ca7fdde699e2548f632
SHA2564ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3
SHA5123b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b
-
/data/user/0/com.smapp.habit/files/umeng_it.cacheFilesize
350B
MD51041e2c315edae3a3a2f0aaa24766ad5
SHA1a9668bf831e209a25cb2c24aad4df8760345eeb0
SHA256507f0a65719de1116a3ecd18e77ec14365ebb838386cb3aed24f165d18961855
SHA51241f879b4cefca14b4675e45904bf235b23f0ecbc4228a8e1ee00474586bc3853b512371319e6976b8ed6f6969ef2de085480edaac54efc3220c565ec99a8ab77
-
/data/user/0/com.smapp.habit/files/umeng_it.cacheFilesize
178B
MD59f5fc05ff8ea19d5eef81d32e814e52f
SHA10ad9b155e3a3f9dc088b5d5076294f4e06d2c222
SHA25626c44b3cd2ac49ac6c979348059f6e511e23a2f5870acd75dca50979a5a94edd
SHA5120ab8cc4af4db732fa9ce3d6957c87bf00ef90748b298537128d50c7141d3f432f20395c23e5b812ab573737dd1c58d8cea3757953b1e46dc99dfe29971b9eced