Analysis
-
max time kernel
176s -
max time network
191s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 11:29
Static task
static1
Behavioral task
behavioral1
Sample
a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk
-
Size
20.7MB
-
MD5
a96f98dd11fa9e2ce4878c17a55f83f4
-
SHA1
45fe4fdabcf2b35a6dd8e76ec283d9b4c1af98cf
-
SHA256
9309bf7534acfa1eaea0c9832c155e9b555c85e52c4c2ef48df0fd333c1b9cfa
-
SHA512
347064d11c3407cd6fe4ff8a3e8aaab7fae80c38e8bccad5d940e6f450b053a0e6869d33297a58c6f3445c3902727c57a60d136cbbea36f4b06bccb7e4f6ccb7
-
SSDEEP
393216:wQJJNSMJnMGvQbxqEc2RQl7lkeEtqOV6KiUqprSDT2kzCMy/CpsXANKFmxrJ:woLSCnJvQtqEhQl7zgdV6xprSTpzkCi4
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.kidswant.sscom.kidswant.ss:pushservicecom.kidswant.ss:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidswant.ss Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidswant.ss:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidswant.ss:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.kidswant.sscom.kidswant.ss:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.kidswant.ss Framework service call android.net.wifi.IWifiManager.getScanResults com.kidswant.ss:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.kidswant.ss:remotecom.kidswant.ssdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.kidswant.ss:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.kidswant.ss -
Acquires the wake lock 1 IoCs
Processes:
com.kidswant.ss:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.kidswant.ss:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 17 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.kidswant.sscom.kidswant.ss:pushservicecom.kidswant.ss:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidswant.ss Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidswant.ss:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidswant.ss:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kidswant.sscom.kidswant.ss:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kidswant.ss Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kidswant.ss:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.kidswant.ss:pushservicecom.kidswant.ss:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kidswant.ss:pushservice Framework service call android.app.IActivityManager.registerReceiver com.kidswant.ss:remote -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.kidswant.ss1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
-
com.kidswant.ss:pushservice1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.kidswant.ss:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kidswant.ss/databases/beacon-dbFilesize
20KB
MD5fd168f394c695f0805b86ce719f7054e
SHA1566774a8698a7372fb2f72c42bc8f7d1e90c98ee
SHA25688c32c722cc185eb1ddb011e9d648d89e99978469d555e3603545136b6cb5fbb
SHA5127c4514667ff39d5961177cda7c34d38d8642c3299b2c0a6bb85b4832c566fc03a481e1a1117618659385e2b933268dcaee201e83a936d4959148df6a732293c1
-
/data/data/com.kidswant.ss/databases/beacon-db-journalFilesize
8KB
MD53c115d9845f99b48f977bb19b368c9bd
SHA1ea24b61040e79b217180e3c1640308e70b2db553
SHA256e7cbfaedc9f1851e5002eeb7d06d2b38dba2d3d51b355a057c40acde61518790
SHA51209d74a70649ae5895e07d743bef0b7995c27e623b1629b8caed77fb559be886522c63d337522610d89746c43f1b5edbee843b2d6a9b1160cc98864bbca511587
-
/data/data/com.kidswant.ss/databases/beacon-db-journalFilesize
8KB
MD56434fba63e40c37c189b0071af3ee76d
SHA1387b002a216179457607b8a489194f2542b5222d
SHA256663af74ac0a01f991d341a0d472eb4b97951f1911fa190d6bacf5acaac8b58b2
SHA512f68cd6a03f08b1e5764888c426a5f9758dd000c61996d5c00d9a8a6a624fe152b1302421812e4e57bd5b43172d797e14b1e8fd420087d5e3d414e3a0afb44429
-
/data/data/com.kidswant.ss/databases/beacon-db-journalFilesize
12KB
MD5e737c7d44b0a3b01e3f184a2385e9ca6
SHA13395e116a2ee7858592a2c0b1efac4d09626af45
SHA25677a7f65b5873eccadf26aaff32a73f138a00514a539778148d97cdf4be67bad6
SHA512f32a4edccab758db1555ef14f0ee1eb821783bf3fc693926d57caacc97f637e53e41d56e6614a20486638ba95d7f51f23e179330ca61645f2645f2b34d2274f2
-
/data/data/com.kidswant.ss/databases/pushsdk.dbFilesize
44KB
MD58031e7932f4d03ecc8ce35d52b228fce
SHA1cff205bdc906abe6ed0a10cc95d677b79bcb6744
SHA256a5c37b370406dd25d1f0e714d4a248f8cefb8955dc983aa2ca946a2f7858d4c3
SHA5126ebcf9c71aa8592f09ca570bfa28cd591d3e0482cd19799de3f8539b48f9b07e7191486d14c4fddfd3e462146e3c59a8306e05ec9104c7cabf1727383a4cc459
-
/data/data/com.kidswant.ss/databases/pushsdk.db-journalFilesize
28KB
MD52cd47ada17ad7a4e3d5e2717cb2762c6
SHA17cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA2565f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae
-
/data/data/com.kidswant.ss/files/.umeng/exchangeIdentity.jsonFilesize
512B
MD5e44b5d21dd5a51bfa452339a58eacd74
SHA19fd3eaa5b783b23742acb443562063e9a3d9c3bc
SHA256a2f955323157a4e6647ae2f1be36824053480711380c98db44cca34ebbee1a3c
SHA5120afeb309131711839130195d7cbc6aa99105438779f86af229b93052c9523d19c4990ae73f88053bf4dbc99ccf922ad99f6b44f614745dfe1b390f61bde2323e
-
/data/data/com.kidswant.ss/files/lldt/firll.datFilesize
76B
MD5496e0b7cb9f1bd755af234891c9442b6
SHA10ba354db7adb8bb8760a1680bec2c22e6ee1dbae
SHA25666762ef8883e2c6b8f841b7a07f64a90519f4ab86445d13d1133625d160f1d9b
SHA51297eab8ffc4ea7bc0ed23308cfc2c7a3aa4a58b3ef6f5652ac73dd93a6c57709ae81d439f623972c14e931a8f02516f669f80855d28fa8be629032640eb2bade7
-
/data/data/com.kidswant.ss/files/ofld/ofl.configFilesize
235B
MD5f0375f9300fd8a6ca3e6c317771304ef
SHA14acffc6827591783c9d86b1e4ba0e53e7ee1615c
SHA256adeaa8b028dbe2c4f9f6556b5cdc2d8446b996f845c31d64f390422545878c04
SHA5128978753410895e8bd4dcaa4fb823b0b0bdf8e0c7734369910f84a3b4f7ab6d07978715e3d3ea3a8a318a93daaa572f47adf95a375925626d0dea00a56d6183bc
-
/data/data/com.kidswant.ss/files/ofld/ofl_location.dbFilesize
28KB
MD519bd1f5aa63bc981766e8c15ccb69cb5
SHA1eef2419338fdda9d0b5c3066d90488f74ae8e192
SHA2562c89601a78321761c44575c6e740109b0ef9b3b1f49b17ee827a0981a73f048a
SHA5128518a7b2f99be4648fd3e0bd5d4c89c69ae9392cfa3313d8c2e19618dfca2243a2d1797b94d29ae336582cd5d07c7f9613057c6032e66f5c56b42a2700ecff28
-
/data/data/com.kidswant.ss/files/ofld/ofl_location.db-journalFilesize
8KB
MD55dcb0c577ba4a5e8a3b3f9aa8ce48545
SHA17ebffe3d8b2657c7ce0908946de7a6f68e48ab94
SHA2560aadc556ab88b326dcb0e7534517bc27619658971b3587c170d95a2087cba52a
SHA512aaf9d9a42aa80e4c76de1b117d7519dd599bf3620a62de334c5a7048ca054aa24d58c448c65082577f5c0e62e84ab0df97302ef813e50ae2bd2f6e9867ad0df0
-
/data/data/com.kidswant.ss/files/ofld/ofl_location.db-journalFilesize
8KB
MD5eeaf3b8f6d0ba1d4a362ad7ddf8eb699
SHA1b536ae5349111343f3b6c160575c8b2358b4acd7
SHA256246f3fa4a5445defabdd6afc6aa1dacdbb9f1d26937d310059e42be1f4cc7a50
SHA512d68a61c9ac0b70b332c2da547d05cb92e2c1a2cd547ad91a94864fbd84902c3c0884fa3e921c3aa5081452a7caf878af7fd5c7d1b0b595ffb58f623d40f337e5
-
/data/data/com.kidswant.ss/files/ofld/ofl_location.db-journalFilesize
8KB
MD50c245951f43f6fb1c19448ff6c8b1ddc
SHA18e2d663e17b9ef8d9b62b49a2b877cb658a7dd3a
SHA256ceb9416a7525e30cd18ebb7d518acc639a5f877354cc6d25cfb93c01934d1507
SHA512e8c2f12f1ba4cbd48ef584d980d15a67a92c0ad01c2f19ccd70790b02685ae9a70f77a9f42bce4c3f185cdace328cd0708758abba82defd5f54ec99cdf276219
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.dbFilesize
80KB
MD5744ba4d6f58e22f8f82d56a50e4b5373
SHA1535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA2568b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journalFilesize
512B
MD5dc79db8cec4ed39c529f074ab0e4028a
SHA180e42c44f16d2c7db8ce59d7201251449e178ceb
SHA2564072e775927ea32714df552a3f15bc5bbb7f5fd85730d552637403d8e7cd86b7
SHA512a9b660b6138392faf72395df2a1db3a652466d8b9c9e0595358fb7bbd4a2256e329544874fe0e9722cdb57d60f174da565e2251e7df4060464da5e741618fad7
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD560172c59f274fcbc1143b90434fff57e
SHA17139dca4c924650eb8409b4ca4eb7de1f5540ebc
SHA256aa57f1e143583b858df358a3326d974170257be40ce2e5f6bea53116eb779614
SHA512863de0fc15f94669aa416a6d695b410f515d529be2aec8345c1429883cffe0edc7e58ee0bd2c6e769127690bdf57788502b716f18223ed2187a7881a4a9f5f5a
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD567a3e12aac2043f605e73d29995f4428
SHA1f86f465592c367e8a45fdcb1e13fb883ee020647
SHA256b5622259c9b235b956304351648f619f6a5dd8f9cb2a22658043ae6888ffc4f4
SHA512afecd3c334324e9ce84ebac42f7422c993a0a47922aed59140667e20addba9cf7a741d92a40c90e331518dd38ddf6c196297cfcaff8d553ed192388155c6b288
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD536305a1117f557420112cbc12938d51b
SHA1e2aef225de93566c5ed1131cc3482d1e84b35cb2
SHA256245b7ee71af41a3a11834cf0012c7610af56219ab5441f3bbe766b795db7f98d
SHA5125d68b464fe5a662e79e6d2b1bee1330e5722b96921d41dc729e2efb0c5061febc4dd1c51443d5ae7d74089ffd8112be5c4479bf215dc5dc3c82a399144c290e3
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD515cf6c884bfb49a61234830ac4430069
SHA1e6b43135295ae8de2c811bca457fae776f951220
SHA256aa093f8b27f77eed05e59be07effc9662f979aac8d8cb5837d1debb3512c0383
SHA512d8f6e7055ec6234547040819cda3d38caa73a0ad076fe766a12da7bd1cf62b6416f75498091da619fe92a8fa682d55b366370c25a57afca5140a3d145cd7bf4e
-
/data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journalFilesize
8KB
MD5710689e23db1d50ecef0c7ca96fc2dd5
SHA155e5a69ce9339bf195be851f32c0da8f9a032c99
SHA256452bc9d3e3972d1d97a5565eb53507b1ffffd3b71ab50da1838d7e06f574dc34
SHA51238c26266798402efe5796f71d5e3a471ee51e34dbd71990c8a28bebfd0c857070448d75ac0f82cdf7c29185d33dd7f11912d263d09298359d4c29dccf949ec74
-
/data/data/com.kidswant.ss/files/umeng_it.cacheFilesize
245B
MD5c915cec1e7df8553f5b6860d2a25de8d
SHA151b1e710ce7e63b214c31ab07b3deaa8c846d475
SHA2568d5052bf0cc499dbb23dbe51fb2238088e6f7e0ac13cbceec6aa2e9f952e3ef7
SHA512bb13097fdc7dee26eef78bfa7c5733f1054188ba924fa7f3b12059e4aa28db162bd1762981c8f6570690ebe87936cbc11fefd482e4f16ebe12d3fbffa09b7e8c
-
/storage/emulated/0/Android/data/com.kidswant.ss/cache/uil-images/journal.tmpFilesize
512B
MD515266aa8a747d4d801445fc5442cda9c
SHA148a59412dd3616d5b8ef502fc480bcbf66039974
SHA2560ec818a3ba13df50f6fe41f625d2474690d7c6e732b130885be4b1aa08345ddb
SHA512ea0bec8adb0fdd0eca692fb747fa61b9b382490542348c89e87c93e114e771a2be3f48b57b0f14232b21a4b9d59d559711cc2be7ee7e823f4ce04a8ed711fb20
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.datFilesize
152B
MD58d36fc98dfb7c03549777a4957dff7a8
SHA1f4f2129b540c8fee376cc6ded0286a0fd925ec77
SHA25647767076c716756575ff7ed13178b462c8e74eecd63839d903ae5c3b0fc643f9
SHA512bb0199cc1da2f95b90d0d7c5d6db8fd9d3dc0a4c40b57a7d844fa0277aff41d7c5d7d6bdcc07371c272606855ed1ef9b6256827c95bf5a6cfacf2c0e7c0e27da
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
418B
MD5ce16bcfb70910ff3b1c83511db068668
SHA12083f30075bdb440c88bd8869407f1d1e60a5c11
SHA2568a74abc89762e1aadebe54c76124fd3fb21a99e8af297bb6a55050699f4928d5
SHA512dd6f64b48c3eed009acc5f318e7cd072fb1727933b7ef04b1744bf3266c02528fc66644bddb7ac4d88e3deb0c2dd233d9470564b4ad74833bcfb37d155e8c6cc
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
1KB
MD58d19d579e7b81902508ecb809d07cc49
SHA1ebc5686e9a3e64023a3b0a6ad7e5460af994c352
SHA256564d9431b608baff20c7353b7d4f7552e986e99c53766940e17d209a03bdb2a4
SHA512afa22151ca4fef1dbbf4cc15b96de5a97b5faadca139156076e82aa36f3fe30d70b32b5f3307254804b60e913949a936b446a54f23bef85e34ab841aec965e12
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
2KB
MD50b2bab650dcebb2a88f409a7776daa33
SHA12b037d0b158b65f8db55396b893a511f5c331743
SHA25695f7e57ba46a4c2526f06eb25e121cb66a26cb314a4ccb1d8d9a3eadc336496c
SHA512552ad1e3284b7d5d3239cd8b523c0f7e019e9fe64db80eb32754ea4140edafd97874d4d0b9846d5edfdf1891161110df43b3a872d2a9fd1d2f4ee6c651797296
-
/storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.datFilesize
5KB
MD51a88ef2bcf0a5823b2de0abfdfb4dd16
SHA1d5966fe5c7f2b74110472c3a7fa9de5a45c1537a
SHA2562220e8ec003528da7677d2aa412fd51f1e4ba55e27dab4dd2a4bb7b6513f7c78
SHA512c386ecb400f6bc7ad0ddc1c5b5cb726ec6ccc485b16c42cd7be541d939a771822386e3ea0f4175e7d00a13976e0c19dcb5c8e9406b7c6c93ccc3712e31fbb039
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD5a411b3ae19c92e5eddc22aaa5aa96220
SHA1fc85e6eed9df85915de67dd77bd7e528d71c5500
SHA25665d7ffdbb538fadb6c7d74f55ca5b2c33c200373fc9330b6127136864ff49b43
SHA512decd895f0126309a7b0688455e36b3e731dd8afe96615ffa9eb54ebeb1efcb7e2996b68dcbb491121c51ffa4f989d3749009016e5a39532e0386fc24141c02e7