Analysis

  • max time kernel
    87s
  • max time network
    171s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    14-06-2024 09:37

General

  • Target

    a9000c449a9cfc91122147759d0964e8_JaffaCakes118.apk

  • Size

    9.9MB

  • MD5

    a9000c449a9cfc91122147759d0964e8

  • SHA1

    62795c848068588e9184435e94220a4ffc8740e7

  • SHA256

    85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e

  • SHA512

    629f125701a1e672ff418cbb68443bb0a54d308ace117af0a5446db51b84b463281df0ad044d32199f4bf2374ff8bb620628bf288b7fbf6e06859505ecd7cdc9

  • SSDEEP

    196608:49INb5QAOVmqKrY05H5AXBPdsgFw/3RxJZFJX+tu7ybNrJKSZ:4q6+qMuPdlFw/RjZFJXvKrwSZ

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.smapp.habit
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4435

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.smapp.habit/databases/cc/cc.db
    Filesize

    36KB

    MD5

    4cfe777c9f6e7859f5efe2197401d8e5

    SHA1

    bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

    SHA256

    c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

    SHA512

    6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

  • /data/data/com.smapp.habit/databases/cc/cc.db
    Filesize

    36KB

    MD5

    86752a4be6564d8370f2f0e403995003

    SHA1

    29f7d50675f6e59f3b808eb6dcc8619384412115

    SHA256

    50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

    SHA512

    79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    512B

    MD5

    614666c0dc96ad443693a48176e8f06f

    SHA1

    1fde240987584d899c330680fa8ea7c4fbbca609

    SHA256

    29a87b77051cb7d5b33bff7e81b69314bc2c532baeabe03d7dc8a9fcd9556f52

    SHA512

    690d857cfe0aa13764245d5e94b1e2e6b42b94219f38c1307bc2b169c989bd364f70dc314fa73612c7ede134819e3f4da0cd851a4546dedd04b8dbe1b73a80ef

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    c2f30b6f032d1756d20f4f1c4ff577c4

    SHA1

    47a15457f5126e610505bf5ec25607a6146c1b11

    SHA256

    6a1ce86e2484dcbe224f35d648b49520e6d35cf0da27160e19c7101808f3a844

    SHA512

    c0971ed6b8ca6e7cfe0bb9dfd93540663b962c3ceb309cf33034b3d09090ba17cb0610b3953765a7c57a866c9a507d628ac8e93d8f5b3810a261026716b730d3

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    0272290d428657920af1b3bff9689358

    SHA1

    5bb49393609b53f377698d4a320e966a901af641

    SHA256

    1bf2a2dd4e0d06beec3c23a33116b993115e95b6ff258ddfbf96aca067e206e8

    SHA512

    aa8b808c7c5de264ab1b0529dba66f65a34462a77529901c19188411d24ff8e0d1062086863ca0b4d1b809ac7d1c727955d1d08fc3c203ed20b18de2643f9865

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    df921711a4463075605d031367a7066a

    SHA1

    3c3d1c14ef6f69f0b941cdde295a1afae87d2999

    SHA256

    4287aca35463ddb09839c3be085335c76a534d4618cd7f780d17facfdef5ade8

    SHA512

    57bd5314bed39cbacbe7676490bf2a0ff2f374bdaa94039e24805d19eafa45eea4efdcd5904f506f5bbad62822e54e38df0e1d58074e01df534085d1606f514c

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    8KB

    MD5

    76ce81d91c49af34fb951412a0f05cc5

    SHA1

    f7b68f8842b89f97b3fae10e335dda1f74881e89

    SHA256

    e0b39f8e61305e1865fda8450ff5b2f9bd70a55164a9e009173c9821c5058f12

    SHA512

    27eaae4a3ebfcb95ee0165fb107ff0c700a7021dc7e6337ea7a916437357487ab3ae18e64ff35b9ae10cfd73611d6f38c92cfd9cefbd4ea071bd7e7acae825da

  • /data/data/com.smapp.habit/databases/cc/cc.db-journal
    Filesize

    12KB

    MD5

    bd4202043f7b9292424024d6ec362879

    SHA1

    182151ecaa7f3ce63180221e4403946de8e4ea01

    SHA256

    49e87db49a43475e0253a1c3898a60112138ab926fde5d236efefb3c03534a6b

    SHA512

    9be51987d3162d9a3dd8c1c19fa190f77cf669163778f30679cd91699403cf8c4a0911427d46a9d9e238df6e8dbd18d3210908e6d2f108a9ca1c5bbbd12c0893

  • /data/data/com.smapp.habit/databases/ua.db
    Filesize

    32KB

    MD5

    7bf7ab1da9d209b4b12f27c31be31d32

    SHA1

    10c719fb8105c79bc789561cba80a5617e2414ce

    SHA256

    cce58820e31cf3a3915dce7232b87d97332193cbbd694b71d3d1bec2c5270fb7

    SHA512

    c95e5ad939bdff9387f6dc512dfdf8c18201528b23f459c9fc2b47f608ae23066206c1a28cb87a2bb36f9eb9552b0117dd3965e7756bf5658055cd1bcd91b507

  • /data/data/com.smapp.habit/databases/ua.db
    Filesize

    32KB

    MD5

    4cac7d31fb94d5c9581893537f64c5ed

    SHA1

    96bef3288546196ac3058b5eeddbe9da1d999fe5

    SHA256

    d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

    SHA512

    0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    512B

    MD5

    939a199a8641aa4e560444ed8422b31f

    SHA1

    733f78904d368e687103690e15ce0bd8fb7a4e35

    SHA256

    98e7c254153a451603b8c6bf930d6fb15ce744c7089a61368060ea3742710ad4

    SHA512

    0817c6b8c31a7198f68956403a259bd1213bbb475a0534d42edc85cdcdbac3bdfc164eec31c0153e47a7b1f9915bdec4706701a188e005e72005a65684b29be0

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    8KB

    MD5

    c9abb7350a67641172f99178cfdca9a5

    SHA1

    3a27b3218eef6d82630e21a17415cb2483660184

    SHA256

    79524a138ef55d16410191b5109638a2fe96e2211de99368471cd79f5d7ef655

    SHA512

    d944b6796ca2b8708665df17153b88885b3b82b855e5c596cc978eb2eec322c6e2c5b26ec0b8f89381e65a4a2c3cdd7a5340910221fc65dd26635e0d1e1d72df

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    8KB

    MD5

    a194eabd392faf98b15249c52b6c5e5a

    SHA1

    8e389dc5a364cd33839b693d99743f05b7d4a9af

    SHA256

    a1f6b465d8fbb41f59315559ad8c871ac25dc01fd0cf5299bcfa89c800af4537

    SHA512

    be410a1a1d74e73eae436c23c2afbcf47cd99fe5d6f688c1c861b4ec3e73c4921f4b1635a4e09b1154e4214dfd2ac6226ad55faba9cab8c4a073e4283222f883

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    12KB

    MD5

    360c9d662f5f0f17c77294679120bab6

    SHA1

    ce9717d704c480bc66903f95a7b169b5b1b00487

    SHA256

    98070f791040a958466c0de860fdd25a9edce201da0dd8b051e4bf1f1b2cbd72

    SHA512

    109603e63660b430e856655a6e0dbe59144c38c2975efc7320d14c81f2c88e75fcf27e9c177c1a233b05c2b5d095a0d429a14696c2a814f9a47deabe3aa66f22

  • /data/data/com.smapp.habit/databases/ua.db-journal
    Filesize

    12KB

    MD5

    713e3bfc82c089babfd716e785cf8267

    SHA1

    8511ff4beb821fc0ad7c1c6d4c37e5a233267338

    SHA256

    74e486b636a0ee358f9cd8c22f0a05444023da83f048109b528925f00eb378b7

    SHA512

    80a856c96a6652d9c324fb68343e6efc8d0c49a2ff08f495aa98bbdfdf7394b306c64661fc1742983d5d2e6ce8e28f1069227659282439c3ff2fe73a4b84a298

  • /data/user/0/com.smapp.habit/app_crashrecord/1004
    Filesize

    222B

    MD5

    e287e921ff6958cb0cb4eadf99c0ff24

    SHA1

    3e2578a472b101e5a97b62184da5186bb4086d84

    SHA256

    b18046c0a941742fb650ef5ba3707a7d2c795b09def72a3178ff2e7cf4568c40

    SHA512

    384aa14b699d428e16d850c3b11bd55e345a68413f8f666c07a34297a373c8249cd9c0f68729a1064be1d4538f92c44d2327a8991e33137ecc3f554207edca2d

  • /data/user/0/com.smapp.habit/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/user/0/com.smapp.habit/databases/ThrowalbeLog.db
    Filesize

    20KB

    MD5

    61c6e06afed0ed244319a8b366ccac7f

    SHA1

    e22ae75378d506a7b13191e12b48341f5d518091

    SHA256

    2d8d6058ca911211fed5562ac88fc34a45718dbfd2e6b8aa26b52f121a48aa9d

    SHA512

    806f9ad0077c1f3b8a71eebc3a327eb7037717dc9c33b71219c54d7ccf955fa5c60fbab06dbfae8d022cf0acd0d8eb6bee231d74afcb926a923b9f32f39785fb

  • /data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    512B

    MD5

    fb0641132a7a4c5c8f4d3281cb748d64

    SHA1

    cda86c8f5523a4e3c24a8685eaa88e916b784f72

    SHA256

    74b6050527b9144782b75afd4c5b81b1fde525eb3f3ce373d3400054e4d46397

    SHA512

    5566de6451f3283a298f07776ca516bc6cc511d63f2a8013b3a38171a0533986e987db4a20cb2c76ade2bef62b083ea7f8687022386e1a8bc3cb2e0c64e7e3fd

  • /data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    8KB

    MD5

    0e734ceae6961c887b62e8b8243f7074

    SHA1

    ed10416020d233cc0d637298e4e4f9494fffa95c

    SHA256

    1cb87058398b3ad5ab74d05ad2b9958c30421d083fa4168e74f3b94750477047

    SHA512

    221546b194a7493adedbb10c1ac6636294e77ef67487a6a71af26a8482636e1ccb9c24d82670f809abdbace78974890405c737172a2f24a8baee2f01189769ef

  • /data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journal
    Filesize

    8KB

    MD5

    06871f210dd4906f2fdbeb8030219b2e

    SHA1

    df93bf77900afa89797d44bd702a34276458c15a

    SHA256

    37a5046c0c37fe9e7c8b02ec9fa9b6912ec12c4d33bc1c6c3ba4cbfbd3c49b30

    SHA512

    e1404a92f5f9a3af38df1c66f3af6d2f8095c307a92dd280b5e1bc6e928543b5be0eacf66293c8622b80fbd2e25c1c267e713fca5a3d8307a08318cf9573d973

  • /data/user/0/com.smapp.habit/databases/bugly_db_
    Filesize

    52KB

    MD5

    fb5127b812ce2183401cb637e587bc78

    SHA1

    8ce6cf53bf821baffec575b09fd75579d6770ffc

    SHA256

    6725d9d263e413e14d4d8cb0ab131f907b0c2b6b0a6a94304f9096b04c13e0fc

    SHA512

    8b9cf192771e6b3df1b6974077af1f6f7b17324c5caf5fa59abdcd70c75c6ef2ef22c012ade607c4496753577980b74da79a0f3c49bbc9669c20eaaa79f1b13b

  • /data/user/0/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    73b713a5a65ae8addaa4e82e6e870edc

    SHA1

    83045a4a229c521f6ba743feff996b9bb8e51329

    SHA256

    1d6fde4696fbeec3a01297871e8018e4539502c2bf1b4a9165db02e20c68e578

    SHA512

    735ee51ba26140d648b8ef466c894f7ddd8cc13a2ff8b0cce4e0f1bea08559d274dabac5a9014a4eebc42af80e5928f9e487ce7a85c87a1735e96704b88f3afb

  • /data/user/0/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    b412d9a17df635cef5401667032eb895

    SHA1

    11514135e388139ee32d38e27a9fdc509523edb7

    SHA256

    01ea576a3ecbbff6b449a212609c0adaa5697aed213db36ea2e4393915afae42

    SHA512

    0f7429ea381ee932e7ad1370f980e4ea0a9bb568103d486ea636a6eba607c23e4ed488e69080526a3d7c000c6e8af1109285cc6b3bb61e659320a230f82df579

  • /data/user/0/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    6cf0b830899443569c607b767f35ae91

    SHA1

    9582820f0ee95bd84a65c179b84275804b5c2c10

    SHA256

    16c3b56f7566a551d5feeb1a670600e20c7d69e1b8cf72adc6a931abbbd9afed

    SHA512

    a294b53ac0bff83435152a6e62a0073c986170e8d4ad1a2cfccf0ffd5b6af1fa5205e726d65bd825c2a3a5b180adf1e10847f60aac608e725528fb7030ef4660

  • /data/user/0/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    e0e247907cf61d6b53364b09dccd3097

    SHA1

    7397f314aaf9d850daba631b47eadf51458427fb

    SHA256

    bc81fbe0adef0c12803d19c783a638986794e1f4da95c95ccc461b2951ee1594

    SHA512

    23d501f3ac269eaf2f0236a54616ca63871119eab1b865026db3e3a61af3e4ed21033b502a3dfd3ec7b256b2ab61763bc67d4d35480685c3abaf8193cff4e24e

  • /data/user/0/com.smapp.habit/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    7c027f3021c1d8306f9e851932aba09a

    SHA1

    af1a669b62317eebd44a54a6e35282d1d5a6c34b

    SHA256

    3ed95aeb01a3324320fe3509a0df26f20e77ebdc81856c4302598fca44c4ef2b

    SHA512

    8e6d8959d6cbca861797d42375a09805f0fc537a4eb6727be75024d25c555f944499206643e4f71b19bbdbc8e9014e0a0201dd8837979738547b2daa76e00494

  • /data/user/0/com.smapp.habit/files/.imprint
    Filesize

    925B

    MD5

    d1f06a10c5285fbd0a14de90b101a7dd

    SHA1

    d421475ee50631f0dfb4b2ab81c4453403459c30

    SHA256

    dd7beaf504cd613d393f359cdea1fea53920bc71256bb4efe69fe8605b6f6b4c

    SHA512

    1c1a5aa58591ed3f59aa14f677c46b51ba87a2f39b8aaba27b4082727e0cc777c9782e7937f06d04ab8317bb00bda3e3899db1e4dac2cd7145324209df4e7641

  • /data/user/0/com.smapp.habit/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    ed5a138f2ae6a17032c5572a4a6bddfa

    SHA1

    5c8996625d5cec48c79f4dad8276c2cdd6f91c5c

    SHA256

    756c4eeea4988ab93a34db1a467063cdb49998cc382360f2e05ad5f16672962d

    SHA512

    fdc05636313f9e67636d03bbaa59ef770a7b8d25cea0c53c6f52cc7142b8c4580a809feeff0edd3881ac95b8bc5e73dc2a770ad7279a21ff6ee6028f856dc15e

  • /data/user/0/com.smapp.habit/files/exid.dat
    Filesize

    56B

    MD5

    5938cbde4e676e4766d623c3ec3131d4

    SHA1

    11971a6f670e8636810c6ca7fdde699e2548f632

    SHA256

    4ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3

    SHA512

    3b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b

  • /data/user/0/com.smapp.habit/files/umeng_it.cache
    Filesize

    350B

    MD5

    1041e2c315edae3a3a2f0aaa24766ad5

    SHA1

    a9668bf831e209a25cb2c24aad4df8760345eeb0

    SHA256

    507f0a65719de1116a3ecd18e77ec14365ebb838386cb3aed24f165d18961855

    SHA512

    41f879b4cefca14b4675e45904bf235b23f0ecbc4228a8e1ee00474586bc3853b512371319e6976b8ed6f6969ef2de085480edaac54efc3220c565ec99a8ab77

  • /data/user/0/com.smapp.habit/files/umeng_it.cache
    Filesize

    178B

    MD5

    9f5fc05ff8ea19d5eef81d32e814e52f

    SHA1

    0ad9b155e3a3f9dc088b5d5076294f4e06d2c222

    SHA256

    26c44b3cd2ac49ac6c979348059f6e511e23a2f5870acd75dca50979a5a94edd

    SHA512

    0ab8cc4af4db732fa9ce3d6957c87bf00ef90748b298537128d50c7141d3f432f20395c23e5b812ab573737dd1c58d8cea3757953b1e46dc99dfe29971b9eced