Analysis

  • max time kernel
    176s
  • max time network
    191s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 11:29

General

  • Target

    a96f98dd11fa9e2ce4878c17a55f83f4_JaffaCakes118.apk

  • Size

    20.7MB

  • MD5

    a96f98dd11fa9e2ce4878c17a55f83f4

  • SHA1

    45fe4fdabcf2b35a6dd8e76ec283d9b4c1af98cf

  • SHA256

    9309bf7534acfa1eaea0c9832c155e9b555c85e52c4c2ef48df0fd333c1b9cfa

  • SHA512

    347064d11c3407cd6fe4ff8a3e8aaab7fae80c38e8bccad5d940e6f450b053a0e6869d33297a58c6f3445c3902727c57a60d136cbbea36f4b06bccb7e4f6ccb7

  • SSDEEP

    393216:wQJJNSMJnMGvQbxqEc2RQl7lkeEtqOV6KiUqprSDT2kzCMy/CpsXANKFmxrJ:woLSCnJvQtqEhQl7zgdV6xprSTpzkCi4

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 1 TTPs 2 IoCs

    Uses Android APIs to to get current cell information.

  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.kidswant.ss
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:5187
  • com.kidswant.ss:pushservice
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5251
  • com.kidswant.ss:remote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.kidswant.ss/databases/beacon-db
    Filesize

    20KB

    MD5

    fd168f394c695f0805b86ce719f7054e

    SHA1

    566774a8698a7372fb2f72c42bc8f7d1e90c98ee

    SHA256

    88c32c722cc185eb1ddb011e9d648d89e99978469d555e3603545136b6cb5fbb

    SHA512

    7c4514667ff39d5961177cda7c34d38d8642c3299b2c0a6bb85b4832c566fc03a481e1a1117618659385e2b933268dcaee201e83a936d4959148df6a732293c1

  • /data/data/com.kidswant.ss/databases/beacon-db-journal
    Filesize

    8KB

    MD5

    3c115d9845f99b48f977bb19b368c9bd

    SHA1

    ea24b61040e79b217180e3c1640308e70b2db553

    SHA256

    e7cbfaedc9f1851e5002eeb7d06d2b38dba2d3d51b355a057c40acde61518790

    SHA512

    09d74a70649ae5895e07d743bef0b7995c27e623b1629b8caed77fb559be886522c63d337522610d89746c43f1b5edbee843b2d6a9b1160cc98864bbca511587

  • /data/data/com.kidswant.ss/databases/beacon-db-journal
    Filesize

    8KB

    MD5

    6434fba63e40c37c189b0071af3ee76d

    SHA1

    387b002a216179457607b8a489194f2542b5222d

    SHA256

    663af74ac0a01f991d341a0d472eb4b97951f1911fa190d6bacf5acaac8b58b2

    SHA512

    f68cd6a03f08b1e5764888c426a5f9758dd000c61996d5c00d9a8a6a624fe152b1302421812e4e57bd5b43172d797e14b1e8fd420087d5e3d414e3a0afb44429

  • /data/data/com.kidswant.ss/databases/beacon-db-journal
    Filesize

    12KB

    MD5

    e737c7d44b0a3b01e3f184a2385e9ca6

    SHA1

    3395e116a2ee7858592a2c0b1efac4d09626af45

    SHA256

    77a7f65b5873eccadf26aaff32a73f138a00514a539778148d97cdf4be67bad6

    SHA512

    f32a4edccab758db1555ef14f0ee1eb821783bf3fc693926d57caacc97f637e53e41d56e6614a20486638ba95d7f51f23e179330ca61645f2645f2b34d2274f2

  • /data/data/com.kidswant.ss/databases/pushsdk.db
    Filesize

    44KB

    MD5

    8031e7932f4d03ecc8ce35d52b228fce

    SHA1

    cff205bdc906abe6ed0a10cc95d677b79bcb6744

    SHA256

    a5c37b370406dd25d1f0e714d4a248f8cefb8955dc983aa2ca946a2f7858d4c3

    SHA512

    6ebcf9c71aa8592f09ca570bfa28cd591d3e0482cd19799de3f8539b48f9b07e7191486d14c4fddfd3e462146e3c59a8306e05ec9104c7cabf1727383a4cc459

  • /data/data/com.kidswant.ss/databases/pushsdk.db-journal
    Filesize

    28KB

    MD5

    2cd47ada17ad7a4e3d5e2717cb2762c6

    SHA1

    7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5

    SHA256

    5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279

    SHA512

    c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

  • /data/data/com.kidswant.ss/files/.umeng/exchangeIdentity.json
    Filesize

    512B

    MD5

    e44b5d21dd5a51bfa452339a58eacd74

    SHA1

    9fd3eaa5b783b23742acb443562063e9a3d9c3bc

    SHA256

    a2f955323157a4e6647ae2f1be36824053480711380c98db44cca34ebbee1a3c

    SHA512

    0afeb309131711839130195d7cbc6aa99105438779f86af229b93052c9523d19c4990ae73f88053bf4dbc99ccf922ad99f6b44f614745dfe1b390f61bde2323e

  • /data/data/com.kidswant.ss/files/lldt/firll.dat
    Filesize

    76B

    MD5

    496e0b7cb9f1bd755af234891c9442b6

    SHA1

    0ba354db7adb8bb8760a1680bec2c22e6ee1dbae

    SHA256

    66762ef8883e2c6b8f841b7a07f64a90519f4ab86445d13d1133625d160f1d9b

    SHA512

    97eab8ffc4ea7bc0ed23308cfc2c7a3aa4a58b3ef6f5652ac73dd93a6c57709ae81d439f623972c14e931a8f02516f669f80855d28fa8be629032640eb2bade7

  • /data/data/com.kidswant.ss/files/ofld/ofl.config
    Filesize

    235B

    MD5

    f0375f9300fd8a6ca3e6c317771304ef

    SHA1

    4acffc6827591783c9d86b1e4ba0e53e7ee1615c

    SHA256

    adeaa8b028dbe2c4f9f6556b5cdc2d8446b996f845c31d64f390422545878c04

    SHA512

    8978753410895e8bd4dcaa4fb823b0b0bdf8e0c7734369910f84a3b4f7ab6d07978715e3d3ea3a8a318a93daaa572f47adf95a375925626d0dea00a56d6183bc

  • /data/data/com.kidswant.ss/files/ofld/ofl_location.db
    Filesize

    28KB

    MD5

    19bd1f5aa63bc981766e8c15ccb69cb5

    SHA1

    eef2419338fdda9d0b5c3066d90488f74ae8e192

    SHA256

    2c89601a78321761c44575c6e740109b0ef9b3b1f49b17ee827a0981a73f048a

    SHA512

    8518a7b2f99be4648fd3e0bd5d4c89c69ae9392cfa3313d8c2e19618dfca2243a2d1797b94d29ae336582cd5d07c7f9613057c6032e66f5c56b42a2700ecff28

  • /data/data/com.kidswant.ss/files/ofld/ofl_location.db-journal
    Filesize

    8KB

    MD5

    5dcb0c577ba4a5e8a3b3f9aa8ce48545

    SHA1

    7ebffe3d8b2657c7ce0908946de7a6f68e48ab94

    SHA256

    0aadc556ab88b326dcb0e7534517bc27619658971b3587c170d95a2087cba52a

    SHA512

    aaf9d9a42aa80e4c76de1b117d7519dd599bf3620a62de334c5a7048ca054aa24d58c448c65082577f5c0e62e84ab0df97302ef813e50ae2bd2f6e9867ad0df0

  • /data/data/com.kidswant.ss/files/ofld/ofl_location.db-journal
    Filesize

    8KB

    MD5

    eeaf3b8f6d0ba1d4a362ad7ddf8eb699

    SHA1

    b536ae5349111343f3b6c160575c8b2358b4acd7

    SHA256

    246f3fa4a5445defabdd6afc6aa1dacdbb9f1d26937d310059e42be1f4cc7a50

    SHA512

    d68a61c9ac0b70b332c2da547d05cb92e2c1a2cd547ad91a94864fbd84902c3c0884fa3e921c3aa5081452a7caf878af7fd5c7d1b0b595ffb58f623d40f337e5

  • /data/data/com.kidswant.ss/files/ofld/ofl_location.db-journal
    Filesize

    8KB

    MD5

    0c245951f43f6fb1c19448ff6c8b1ddc

    SHA1

    8e2d663e17b9ef8d9b62b49a2b877cb658a7dd3a

    SHA256

    ceb9416a7525e30cd18ebb7d518acc639a5f877354cc6d25cfb93c01934d1507

    SHA512

    e8c2f12f1ba4cbd48ef584d980d15a67a92c0ad01c2f19ccd70790b02685ae9a70f77a9f42bce4c3f185cdace328cd0708758abba82defd5f54ec99cdf276219

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db
    Filesize

    80KB

    MD5

    744ba4d6f58e22f8f82d56a50e4b5373

    SHA1

    535e389f9b7f2e0d14e550fdd00011dfc255e0b6

    SHA256

    8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592

    SHA512

    e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    dc79db8cec4ed39c529f074ab0e4028a

    SHA1

    80e42c44f16d2c7db8ce59d7201251449e178ceb

    SHA256

    4072e775927ea32714df552a3f15bc5bbb7f5fd85730d552637403d8e7cd86b7

    SHA512

    a9b660b6138392faf72395df2a1db3a652466d8b9c9e0595358fb7bbd4a2256e329544874fe0e9722cdb57d60f174da565e2251e7df4060464da5e741618fad7

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal
    Filesize

    8KB

    MD5

    60172c59f274fcbc1143b90434fff57e

    SHA1

    7139dca4c924650eb8409b4ca4eb7de1f5540ebc

    SHA256

    aa57f1e143583b858df358a3326d974170257be40ce2e5f6bea53116eb779614

    SHA512

    863de0fc15f94669aa416a6d695b410f515d529be2aec8345c1429883cffe0edc7e58ee0bd2c6e769127690bdf57788502b716f18223ed2187a7881a4a9f5f5a

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal
    Filesize

    8KB

    MD5

    67a3e12aac2043f605e73d29995f4428

    SHA1

    f86f465592c367e8a45fdcb1e13fb883ee020647

    SHA256

    b5622259c9b235b956304351648f619f6a5dd8f9cb2a22658043ae6888ffc4f4

    SHA512

    afecd3c334324e9ce84ebac42f7422c993a0a47922aed59140667e20addba9cf7a741d92a40c90e331518dd38ddf6c196297cfcaff8d553ed192388155c6b288

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal
    Filesize

    8KB

    MD5

    36305a1117f557420112cbc12938d51b

    SHA1

    e2aef225de93566c5ed1131cc3482d1e84b35cb2

    SHA256

    245b7ee71af41a3a11834cf0012c7610af56219ab5441f3bbe766b795db7f98d

    SHA512

    5d68b464fe5a662e79e6d2b1bee1330e5722b96921d41dc729e2efb0c5061febc4dd1c51443d5ae7d74089ffd8112be5c4479bf215dc5dc3c82a399144c290e3

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal
    Filesize

    8KB

    MD5

    15cf6c884bfb49a61234830ac4430069

    SHA1

    e6b43135295ae8de2c811bca457fae776f951220

    SHA256

    aa093f8b27f77eed05e59be07effc9662f979aac8d8cb5837d1debb3512c0383

    SHA512

    d8f6e7055ec6234547040819cda3d38caa73a0ad076fe766a12da7bd1cf62b6416f75498091da619fe92a8fa682d55b366370c25a57afca5140a3d145cd7bf4e

  • /data/data/com.kidswant.ss/files/ofld/ofl_statistics.db-journal
    Filesize

    8KB

    MD5

    710689e23db1d50ecef0c7ca96fc2dd5

    SHA1

    55e5a69ce9339bf195be851f32c0da8f9a032c99

    SHA256

    452bc9d3e3972d1d97a5565eb53507b1ffffd3b71ab50da1838d7e06f574dc34

    SHA512

    38c26266798402efe5796f71d5e3a471ee51e34dbd71990c8a28bebfd0c857070448d75ac0f82cdf7c29185d33dd7f11912d263d09298359d4c29dccf949ec74

  • /data/data/com.kidswant.ss/files/umeng_it.cache
    Filesize

    245B

    MD5

    c915cec1e7df8553f5b6860d2a25de8d

    SHA1

    51b1e710ce7e63b214c31ab07b3deaa8c846d475

    SHA256

    8d5052bf0cc499dbb23dbe51fb2238088e6f7e0ac13cbceec6aa2e9f952e3ef7

    SHA512

    bb13097fdc7dee26eef78bfa7c5733f1054188ba924fa7f3b12059e4aa28db162bd1762981c8f6570690ebe87936cbc11fefd482e4f16ebe12d3fbffa09b7e8c

  • /storage/emulated/0/Android/data/com.kidswant.ss/cache/uil-images/journal.tmp
    Filesize

    512B

    MD5

    15266aa8a747d4d801445fc5442cda9c

    SHA1

    48a59412dd3616d5b8ef502fc480bcbf66039974

    SHA256

    0ec818a3ba13df50f6fe41f625d2474690d7c6e732b130885be4b1aa08345ddb

    SHA512

    ea0bec8adb0fdd0eca692fb747fa61b9b382490542348c89e87c93e114e771a2be3f48b57b0f14232b21a4b9d59d559711cc2be7ee7e823f4ce04a8ed711fb20

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/conlts.dat
    Filesize

    152B

    MD5

    8d36fc98dfb7c03549777a4957dff7a8

    SHA1

    f4f2129b540c8fee376cc6ded0286a0fd925ec77

    SHA256

    47767076c716756575ff7ed13178b462c8e74eecd63839d903ae5c3b0fc643f9

    SHA512

    bb0199cc1da2f95b90d0d7c5d6db8fd9d3dc0a4c40b57a7d844fa0277aff41d7c5d7d6bdcc07371c272606855ed1ef9b6256827c95bf5a6cfacf2c0e7c0e27da

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat
    Filesize

    418B

    MD5

    ce16bcfb70910ff3b1c83511db068668

    SHA1

    2083f30075bdb440c88bd8869407f1d1e60a5c11

    SHA256

    8a74abc89762e1aadebe54c76124fd3fb21a99e8af297bb6a55050699f4928d5

    SHA512

    dd6f64b48c3eed009acc5f318e7cd072fb1727933b7ef04b1744bf3266c02528fc66644bddb7ac4d88e3deb0c2dd233d9470564b4ad74833bcfb37d155e8c6cc

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat
    Filesize

    1KB

    MD5

    8d19d579e7b81902508ecb809d07cc49

    SHA1

    ebc5686e9a3e64023a3b0a6ad7e5460af994c352

    SHA256

    564d9431b608baff20c7353b7d4f7552e986e99c53766940e17d209a03bdb2a4

    SHA512

    afa22151ca4fef1dbbf4cc15b96de5a97b5faadca139156076e82aa36f3fe30d70b32b5f3307254804b60e913949a936b446a54f23bef85e34ab841aec965e12

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat
    Filesize

    2KB

    MD5

    0b2bab650dcebb2a88f409a7776daa33

    SHA1

    2b037d0b158b65f8db55396b893a511f5c331743

    SHA256

    95f7e57ba46a4c2526f06eb25e121cb66a26cb314a4ccb1d8d9a3eadc336496c

    SHA512

    552ad1e3284b7d5d3239cd8b523c0f7e019e9fe64db80eb32754ea4140edafd97874d4d0b9846d5edfdf1891161110df43b3a872d2a9fd1d2f4ee6c651797296

  • /storage/emulated/0/Android/data/com.kidswant.ss/files/baidu/tempdata/llg.dat
    Filesize

    5KB

    MD5

    1a88ef2bcf0a5823b2de0abfdfb4dd16

    SHA1

    d5966fe5c7f2b74110472c3a7fa9de5a45c1537a

    SHA256

    2220e8ec003528da7677d2aa412fd51f1e4ba55e27dab4dd2a4bb7b6513f7c78

    SHA512

    c386ecb400f6bc7ad0ddc1c5b5cb726ec6ccc485b16c42cd7be541d939a771822386e3ea0f4175e7d00a13976e0c19dcb5c8e9406b7c6c93ccc3712e31fbb039

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    a411b3ae19c92e5eddc22aaa5aa96220

    SHA1

    fc85e6eed9df85915de67dd77bd7e528d71c5500

    SHA256

    65d7ffdbb538fadb6c7d74f55ca5b2c33c200373fc9330b6127136864ff49b43

    SHA512

    decd895f0126309a7b0688455e36b3e731dd8afe96615ffa9eb54ebeb1efcb7e2996b68dcbb491121c51ffa4f989d3749009016e5a39532e0386fc24141c02e7