Analysis
-
max time kernel
179s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 11:29
Static task
static1
Behavioral task
behavioral1
Sample
a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk
-
Size
20.7MB
-
MD5
a96f98dd11fa9e2ce4878c17a55f83f4
-
SHA1
45fe4fdabcf2b35a6dd8e76ec283d9b4c1af98cf
-
SHA256
9309bf7534acfa1eaea0c9832c155e9b555c85e52c4c2ef48df0fd333c1b9cfa
-
SHA512
347064d11c3407cd6fe4ff8a3e8aaab7fae80c38e8bccad5d940e6f450b053a0e6869d33297a58c6f3445c3902727c57a60d136cbbea36f4b06bccb7e4f6ccb7
-
SSDEEP
393216:wQJJNSMJnMGvQbxqEc2RQl7lkeEtqOV6KiUqprSDT2kzCMy/CpsXANKFmxrJ:woLSCnJvQtqEhQl7zgdV6xprSTpzkCi4
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.kidswant.sscom.kidswant.ss:pushservicecom.kidswant.ss:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidswant.ss Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidswant.ss:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidswant.ss:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.kidswant.sscom.kidswant.ss:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.kidswant.ss Framework service call android.net.wifi.IWifiManager.getScanResults com.kidswant.ss:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
Processes:
com.kidswant.ss:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.kidswant.ss:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 12 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.kidswant.sscom.kidswant.ss:pushservicecom.kidswant.ss:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidswant.ss Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidswant.ss:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidswant.ss:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kidswant.sscom.kidswant.ss:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kidswant.ss Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kidswant.ss:remote -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.kidswant.ss:pushservicecom.kidswant.ss:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kidswant.ss:pushservice Framework service call android.app.IActivityManager.registerReceiver com.kidswant.ss:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kidswant.ssdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kidswant.ss -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.kidswant.ss1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
com.kidswant.ss:pushservice1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.kidswant.ss:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kidswant.ss/databases/beacon-dbFilesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
/data/data/com.kidswant.ss/databases/beacon-db-journalFilesize
512B
MD5a1889e5d31dfcfedd42cf392f4d161b0
SHA1982263bb10afa93b785474f8d067982ae7aada34
SHA2564262684dfe4452000b63cfb8c515f739a4c950c6b29b603e0e7a796a50885d92
SHA512acf1701156d4a81f41acf1ef6fdb94d60bc8fa3eb107f130686b7d358a82c53a3abf7d778e7f885944e2d1974750bcd62183087119a7c436928c6ab59251cded
-
/data/data/com.kidswant.ss/databases/beacon-db-walFilesize
32KB
MD5076bcc4d53b57aae193fbeb6579fb7c7
SHA16859ba59ce9fd5343fdeb97c38a9ee13a5ec9861
SHA25631a28ee66c5e4cab996de879bec1cca430b97f8b086fe08e9ab962a587ab282f
SHA512b6bd69585e2c50b3fc4229aadf2ac07c10b790097fdfbb2b90e45329d909a93fbfa011a2265fa704b821c16bf9a682bdb41cabfe9a61bf15e975878a455e06cf
-
/data/data/com.kidswant.ss/databases/pushsdk.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kidswant.ss/databases/pushsdk.db-walFilesize
80KB
MD56bf82d87089ea6bf7eb6abc2f37c34c0
SHA1aa8b27477dbcd44e585f0a041e4cb07364e84eb1
SHA25670673b72527303e74518a6cb204e0491885bde565eb1bd4887b56596da37e567
SHA512e9bce9c820b55960d294f167d2f7d70c69c9a8a06ed047cf9adcc5d62a769dba55f3d4d5ade1db4adde17cea60dfef55e8fb738e60ec1bb0d6c18024945ca3c2
-
/data/data/com.kidswant.ss/files/.imprintFilesize
912B
MD5bc01be6d8d8a73ebb1ab51f12cfe0a4a
SHA1683002337d82220d83ceb3274ef68630754ef616
SHA256ac6b34ac930a866183bd10c906abe3a445b4cd57d50febadc9dc4bfd6e83bb46
SHA512b165e7fbfc5068aff3ab645a17542afe0e055fbf9ac6cece42f688d91877159b4dd01d1ec712fb17b68a4ddc1cb01b1c91b63b7e4773b2ad55b467addf5f0635
-
/data/data/com.kidswant.ss/files/.umeng/exchangeIdentity.jsonFilesize
32KB
MD5a21bf2c809b470a1c647f3e12bd87109
SHA1f929004b8d03af7d74487685d11f4576e4572ef3
SHA256c75abe83b082ed8a6c09e092b09dc9358958832fd74b32c4b328c30fb8f2c897
SHA512c8bd834a0807ba2a2570e3d41965faa3e57bd87777086d084d8659d7ed1d70d9f40cc5800de85cb94a03f2cef195c1c9d7f04fe119ceaa7864d01f45267fa5e4
-
/data/data/com.kidswant.ss/files/lldt/firll.datFilesize
76B
MD5de35bfd4c09fb826f3a745c10f555d73
SHA1f437fd6d418bdb90319926dfaaa138a1438db64c
SHA2561ded58801fe37d1b45e500e0b42140e68fc92b1390834635aa7eb56ea11c5b46
SHA5123c3258af9a736544a07a9ad0fd39c1b670d6516617b8925716524a2a05751735ee9158ac6b997eae5d5cd82b975119e79e9f17237a9a58e891acfeeed3f19f1b
-
/data/data/com.kidswant.ss/files/ofld/ofl.configFilesize
235B
MD5907cfc5aa267d414e32e7e9b75f9287c
SHA1a63faf84228ecc0f706c3169b0272cbe7f175125
SHA25637b5ae22894e8f529a26b9b7f5d644c8c6cbdb1cdd73f7e480c6120c3dc648dc
SHA51213705b09ad584ec5be1178c900237abeabf40e5cf8f97817a9847b26bd9c38d9c50f5a3f096334dc391143e9a3390c467d24ad790b16c3cbae4f5c1cb686c75e
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-walFilesize
156KB
MD5f6856e1d197c345e639372e39a843e7c
SHA1b1444e76b5652bf09008b29e42a156a291fa4717
SHA256c63a7a9eaf034a52f968afdfb982ca2c15b65a95abca382b1110c404643bf47a
SHA512127b3c8fd3e421636b715c8f1aff0733109abe77d28bd3bf6b55a07d8f4dc190316ade81ce8ad53ea6e161e31cd1352ad4df724bdd051353cc825fe20a06811c
-
/data/data/com.kidswant.ss/files/umeng_it.cacheFilesize
512B
MD5846d3f5ce7a44f2838e95129231fa7fd
SHA1ad6911ff02fbb4311779f5148b3a1495dd2acda4
SHA25649e1ab00fb96c70019eb0250116cc6f0b1f8f379a14ed3c3b0e4bad9e995328a
SHA512cdb2c240a412bf783ad19b28eb43c8e314df5a8c3fe320699070cbd3e1415c82e721975587d01c24dfa3671ffb77e81164661e147201bae1b1837d83427f5174
-
/data/data/com.kidswant.ss/files/umeng_it.cacheFilesize
48KB
MD5a30df463b1df01b825e1880cc62896a2
SHA124e5222f7e21126a4ea9bbbcc1db51272145d31e
SHA256f5ab14e90d79c97e0186f94aa0701889db861c2986ee382fb8f532ae9947b3fb
SHA5121c8555a7d627fcec6f2b203600d97e3d33a09e9d5e5d11e495806caff0f6176226dca18829863761f51e3ae38cdb77d754b2281dd2be29469380e4694433ec59
-
/storage/emulated/0/Android/data/com.kidswant.ss/cache/uil-images/journal.tmpFilesize
512B
MD57055f774688e119031fffc0785c733f6
SHA16c829edfdded8de291517f215c9cd2bf4c6c9906
SHA256655c2af5f594b6dd56d63abe196d39738c21326ca7c7c81fdd58031077c98402
SHA5121740638cb0c499aac3cdfd926f70347acc6c226fab46905021c5d8d0bae921dd42b38660710d99e62d54f8407f1a4957b56352615ae1ec2749f2a78910303ac3
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.datFilesize
152B
MD58d36fc98dfb7c03549777a4957dff7a8
SHA1f4f2129b540c8fee376cc6ded0286a0fd925ec77
SHA25647767076c716756575ff7ed13178b462c8e74eecd63839d903ae5c3b0fc643f9
SHA512bb0199cc1da2f95b90d0d7c5d6db8fd9d3dc0a4c40b57a7d844fa0277aff41d7c5d7d6bdcc07371c272606855ed1ef9b6256827c95bf5a6cfacf2c0e7c0e27da
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
438B
MD5c797c6aeba3b9fdd0b03db086289106b
SHA16f4b6fa1ead6af7f5db3d992dc460d14f985935f
SHA2565506f1e215d271b03254b40585d9de050bc5f92a59a27cf91c9f690f2ba24115
SHA512f0fe1a611b7068e0657b34fb487af874375fa4304d50440e809b23ec6871c238b72e6f662f8b6e8638400754a66f7137196e1861e1e3be19a8e919b39be579e9
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
1KB
MD5883592a9f0829f3b7123a2411a1734c2
SHA12074918453a401563d7628befb6629a459166561
SHA256ac30d4abb84c02a1adb78bdd5e79544f3111563f6562355b0ef5f29fc9046814
SHA51229ed690a057fd42bf8442a75a58037ad4fef6e860884d113480875a486033827e1284cd6777e6fd351f4cec31f71bba62d1d41a0bae90e4a02b8740edbb58d28
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
2KB
MD5e5269e0a9d7ae987b54c60822bbd8ebc
SHA13f7f2049da8a03a7ead84f2e95f234187f5dd84f
SHA256c3eebd8af0f232a6a607601e809c950695731112bc0133d152c6b351ebbac3c6
SHA51272d642fdaa1cf8a5c22021d06a0e7e9e9ab54eb0e6ec4fccaabc6ab3c0ef236014fdc5cca99c872f169c38aeebaf1dce6ae9e77bd992825c96cdadf210b1d432
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
5KB
MD565627d7f23b931dce0686f51d7adced3
SHA16ae6124f50d1f10bcab20e2d7524a7a338e280a9
SHA256497fb7e54364d6c01170472c07879ea760fae80c5b8f9c06dd62ad8d28c93071
SHA51276788671e64e8edbd7076e918a50c8e5264570cbb4485dadc2b18c8a9a8d5a26972dc4b93b6d8d7c09da4e0aa8d38de36efeb63493c5a5819cf5a574e1ed85f2
-
/storage/emulated/0/baidu/.cuidFilesize
52KB
MD5ff4db0eb7f9a326fd146584988a1c9cb
SHA19a4aab11ec6355602fa7f9b1643218a0a1068e28
SHA2563e3b6c4a9f87293ee92288ffd7f56d064ae5f4ecc53901ef384bedaa1b991cbd
SHA51214f5bd05392924595906d2b096e8921b5f889412ae349a23c6a4d7bb2d771c61b9a952467548da0f6edeec26474d73de93a23d0bf9e4d65579eb839a6481dab6
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD54602a90836ea1e0fa7e8cfc8c75a9f53
SHA1e7eae241d44b146064680b5f44e9f4252d422e30
SHA25624d3194b1a57ebbaceae862e76b10fbbd1695dc2e1d3f9e5080ac34c865a7237
SHA5129b0c23eee383e9711d8fb7b0d2417bfbeb3d1588ebc4d76192d5302a688ff8e7d971d80bc0bd2091b281316fa58e30aae9796b803024917365ace0a1afdb1993