Analysis
-
max time kernel
179s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 14:30
Static task
static1
Behavioral task
behavioral1
Sample
aa2f097cc4c6c50db3b1f4920a0d7058_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
20121018133442msp.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
aa2f097cc4c6c50db3b1f4920a0d7058_JaffaCakes118.apk
-
Size
8.7MB
-
MD5
aa2f097cc4c6c50db3b1f4920a0d7058
-
SHA1
f543fae8e48478a35fcea987898480609085f6f3
-
SHA256
812db8231164be8cda509398440e5f56764645e54fa258530abbad520af5d424
-
SHA512
dc33aaab9457e9e5d69d999debcdaff262994a6274406689899ab129d4ff149954f938e6d423eabaf53edbf489d43745ca906cf1cbe77e693fd459ffedc328a0
-
SSDEEP
196608:FU4iLXLoa6Hp+g9x45devORjFziq0exspcdP62sovhQyW:1iLXsakx9Wziq3PN6QO7
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.koogame.lib.xiyoudescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.koogame.lib.xiyou -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 5 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.koogame.lib.xiyoudescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.koogame.lib.xiyou -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.koogame.lib.xiyoudescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.koogame.lib.xiyou -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.koogame.lib.xiyoudescription ioc process File opened for read /proc/cpuinfo com.koogame.lib.xiyou -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.koogame.lib.xiyoudescription ioc process File opened for read /proc/meminfo com.koogame.lib.xiyou
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
802B
MD5f4f96968f5e0d17d25f6c3e21358ee82
SHA126136b246ce9c9ba8178c158f96defdd46d1462d
SHA256108890d7f6d92585fe9e1c53198a284769d6182811128957a0961f2fa1f85f45
SHA5125babd2e35b99c27bd5d196907dd6e834c5082663b7f1cc64774be0a558984a8b2ffbdd3b7ea1f2fbdd7ae07ef7281df2ccae0e038b0894c0a9a66f032b011dc5
-
Filesize
100B
MD5e3b380a04eb549f8d1943ca5a0204c00
SHA105011dff537fc293d73467b8937679f5312aae1c
SHA256df73406a8d72f9a2d992f6476394fe12d07cc61e85224e3ed886d037c6e94e1d
SHA512fdc633b0ad0380eadad31974d56b5f43824de4f8637d486551428f9cb88970dee5476982ffc3be440578297ce5a0a3be2bb62a3aef761371c5677fc533e3bdb5
-
Filesize
32KB
MD52914b099371f6bad7952b1c6c01872c1
SHA199c0049987ae49edc65c06a909314780b9fccae4
SHA256a1685c7009a5778d293a84ab4da6d0d5a8ea161b52d4e4e4160988b3b0f62315
SHA512bec3b996b82fceeecd43333e79d5eb6f3b1afd0e5e71dc17663b5b2bec22ed3fcbe8b080adcb0a51a82eb04b2d8bda99387404a9f04b7cfd941fe10222561a20
-
Filesize
512B
MD522de8d5c7a60a2f2e879cf5f4da31079
SHA15ddf34d22d798bc85fcfb5e3274dc727fca7e245
SHA2568423c6230eb5d49144d4c1f0cb27b59fdde03948099ec336930881be18170aa5
SHA51248f3ed0104c5f7caa1b08c981118ec6eb18cac92b7ebb17c76c2f2a3e344eda34d905daffb0efc553a8e29fb4b57494eec39f07928f783b771b636a01e8aae2d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
88KB
MD5c1b8c988203545a070fa9ea79fb5adb6
SHA183bc4bc6bcd3d88967dab5b4a7075fc868c0d7b4
SHA2569b3c556479c3fe763c5f0747e1652fe2952e1995bc1f50e0eb6902c504279157
SHA512833127ba18b9de1c5561e8621bb6abc6d151e408397241664f985e3e9766d6a5cf63d9c6d951d1763c9f0d96a8235b5b608c9002ebcfc23a92fa1bc96188ccbb