Analysis
-
max time kernel
179s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 04:34
Static task
static1
Behavioral task
behavioral1
Sample
ace42ec76b44121cb9b3cd6b1f0b1ac4_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
ace42ec76b44121cb9b3cd6b1f0b1ac4_JaffaCakes118.apk
-
Size
10.6MB
-
MD5
ace42ec76b44121cb9b3cd6b1f0b1ac4
-
SHA1
a252135c56107d7a0bd964231ed8aad818b49f18
-
SHA256
2a393a1c17096432cb99715fd17b5968285e64c51ddf6e3e011ed241d19c429e
-
SHA512
16eb4121d10a725ca672dda83524e57933233294a92e43a4ca851b73e8d9eb0143fe9aa3d0150d65f0ce8b3f2d5ce2fc6f087af1c92addaa524f4898f127500f
-
SSDEEP
196608:6ELuKd6XPuJ2HXwpqFiX5qpLIRPBs6jDuFAan3wpMZEeaPP2VwPLknldE/nMZqAm:6ELz6Xs2XwpqFi0pLIBPuFAanApadaPB
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sageit.judarencom.sageit.judaren:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sageit.judaren Framework service call android.app.IActivityManager.getRunningAppProcesses com.sageit.judaren:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.sageit.judaren:remotecom.sageit.judarendescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.sageit.judaren:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.sageit.judaren -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.sageit.judarencom.sageit.judaren:remotedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sageit.judaren Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.sageit.judaren:remote -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 8 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.sageit.judaren:remotecom.sageit.judarendescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sageit.judaren:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sageit.judaren -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sageit.judarencom.sageit.judaren:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sageit.judaren Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sageit.judaren:remote -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.sageit.judaren:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.sageit.judaren:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.sageit.judarencom.sageit.judaren:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.sageit.judaren Framework service call android.app.IActivityManager.registerReceiver com.sageit.judaren:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.sageit.judarendescription ioc process Framework API call javax.crypto.Cipher.doFinal com.sageit.judaren -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.sageit.judarendescription ioc process File opened for read /proc/cpuinfo com.sageit.judaren
Processes
-
com.sageit.judaren1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4272
-
com.sageit.judaren:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4326
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
48KB
MD574e58ede1666ca3e5ca062f7e5cd362f
SHA1cd1bacbd774627836818a4670cb10857c9f11c4e
SHA256f0d8fa2da5d2c06bdb34769d829e92f95bcd763de9fd4231cae9aaeccf2a567e
SHA512906574d90d827ac0823ea19c932994f3a38006baafe2a493c9f9e682086f98ab42a782372a7ceb193dfb86f63803c18f0831561ea0be164c4375b020b1eff779
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD528edd63d184822ed927b12106409f790
SHA18dbe7054d645505560619fc3246d36c73c2205d8
SHA2569fe05c39cc2a9f88301b5e019f2c098215936d76717b3289c221872d756833fc
SHA5124da683d036397951e07b325dedd0a9f7e36ea9ab0e74c92446c4bed6b0d11513200a9bb30d12930b7c7440f0648f3f39370ef174fef60f3c9c93883eb163a6bd
-
Filesize
76B
MD576edb062b330f4d46f326b1705a2e116
SHA18adbc40b844268b1ad104fc10274835768580ea8
SHA25690f3be77b6914d1e253d3893944c0d0f98c652fe14bf69f26b511ce3ebcc91b0
SHA51271df24733a70c01b7d480ee9d9aaa3c3d1d06470b6218befdcaf8cb32716a639d54021b75ab73c62d75305a4cda105269243cb2c604048a0dbcd34ce3f939031
-
Filesize
235B
MD5f11f6b25d7832c90448b76f42b6c575b
SHA133e80ee19bedba54e058346ac86f15746ace1206
SHA25663ef4ad5a2f25812cf55a01cd76aa6a69896f8820a91d46c6e3893ec3da91371
SHA51222b1da4ff20885e6ebfcc26041d7e52f9b1fd39be763bd051562afd48389bd7a77d531bf6a04d1220824caf749803681519391f0d68cd6b1e97c52d7504c3510
-
Filesize
32KB
MD5a94381b5bbc4309e48dc05616faddfda
SHA163de39ed02603e30d794e01b48b4c3677f835c20
SHA2561bd3574c5055a9d22ddfb77b6fc835d8b28296eef0045cc8e85d1724c22374bf
SHA5126eea15e6e735cd306dcd42a1c9541ac6a76eeb8f0325393ab62c8f9daea59f2d72f5b51790d308621c137d01b87d6e4816d5b25b74a40a1d8aa6539095a33f96
-
Filesize
156KB
MD5b7ab9d1af6952c3554616da59332c246
SHA14c9f526971a4865117853a326d1b5458a637463d
SHA2563ce64a2d3ca0eb16c9222b8fb3cc5cd31ae8aa923f31d29e6f5a4fe3ae6b3c11
SHA5124cf77ca8ce0106a44d5e18ae13482ba61b17c6b3b9d38ddc15900d7fcf896bab87b61d0efc3d9113c3eb40c0898958585fe6acaa90d08bae7a43639108dc690c
-
Filesize
512B
MD563a3583e9aecec56b51380a68764e2e2
SHA11b2cd8b22d40c27aab8780252d15e735adfb15fa
SHA256234959b26acd9e551ffae17fe21329bacb096c77088ffa155dfc55af8c81cb04
SHA512b035d94c42bd7b3b34670d1ddc1f75ba2a78ac898cf57de660ae9b007c51d8bddee509d5a9fe063c4c9fd3b75863af36e303a7a51547636fa41ba1906c16ed81
-
Filesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
Filesize
155B
MD52b6c767aede06e091acfb6a649fec5dd
SHA1d12e1209237a7b90c8fe6ccad63348e1505990aa
SHA256fb46bf11b0222954bbdec654dd69c22a5c5464a500646975a0127b0098b91d19
SHA51228051d65d6b16c49e37d216c54d67ea841b37082b16d59ed4e2d296524f728c45deb1bd4635b8ebb8e9cfe677624ffb01ebda52e29b7f729167b94ab652ce1cb
-
Filesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
Filesize
442B
MD56c117be37ea17ebf2aa6594412fc5950
SHA1bbf8845c8d6f5cc67b5e413b72c89decfdd2c79b
SHA25622d4bf8cee5a23a8a760c57c308a532d7cd02aa4186fa8564e203aa7ec1ec1cf
SHA5129156f4182d8f8d83a99569641de25970ab5a4b4c583e4dd9ddb8bf469f7c8e9b4c750f2d0f7462fa27b3dcb92626836e3bdaddc50fe54b2a650effd8a00fbebd
-
Filesize
1KB
MD566268a9aef5078256d96965a3656a3de
SHA1e5f8c1191e7840e185142fe4f975a49c1ea12669
SHA256b8eb167fa8a0050d6896d3598c606774522a0a7151569bc1b28e044b3416f2ad
SHA512e6da4789b3304b9d46fcfb32bac72cd995986b45c6f088edbc621e27d66c1aa1376d125864ff431b9ec8df140c1f64a2c00083fa28511b9c797bbd2161169f05
-
Filesize
512B
MD5123f433cc708e389acb576f9185859e9
SHA1ab254533bb542c80060653ec315f0484adec4478
SHA2562d9b4c9d79ec33485228550d78f908ecb89ba73da069df3e90c56c538089b30f
SHA5129b6590f3cd069006347b131798843d95fd9c024a8a8d43538efd98046a548771aba0ccc9e5128b71fe3f6a43267ced246a47fd6aec3e70b12dd729eb5071e0b7
-
Filesize
28KB
MD50d3e99204c6401ea499fe9e6d9855497
SHA109829f00ca458eab7374d5079393a2cd69a2348a
SHA25663ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA5128d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68
-
Filesize
32KB
MD5e850dcd00f5447576584a802d3bcece4
SHA1dde9675428c868184f175158eaf340ecbe32738c
SHA2564bc6ec4a3d9e0c10def057f4e0f75e77856d45a8a0ce264f45df1e3b65fe21ba
SHA512c97a16c7b61d4a9212589da76297f4ea93b97a662407584c990002d4f3c117c7cf0deb1d680a56a33ed5c614cc830661cdab702e35ab59e2552793b95e2edd37
-
Filesize
113B
MD5932a1ae809dd27b08cc41f3f7dfc0f78
SHA1388ae991515efb5ff6d6e581531cc1cc559d1f38
SHA2563c884bc5d0de1fdaf2394bd3ed31461581f3a0444e8e3f06847019f494d5d06e
SHA512b867e62f67b0b7b94db4331e743b22d6a21fa8a93355a7926cb269a729b6a3c53886d9117b6c187c455e47e6ec31f1be0d19e69d0eafc0b2e9b75fe1fbb316b5
-
Filesize
10KB
MD593eab46eb74339b66b6a4ef613983108
SHA1d253c225d34b04b4e9e0b2970f53ad3ece02d4db
SHA25631e9c454d190ca8d74d201da9c6ea63786fabaa296c3eb51adb3338d3793b2b5
SHA512850326cffe34f8493650f8028582df38025c8ae6b07b110e9c947d5a005fdef05c4106843d09ff67474085a4164a9ee2e360bf81622436d33098147d552250c2
-
Filesize
52KB
MD51106f40f06b948a31bdfe7f11ae9ebc2
SHA1fcaa329e3a45f126dfc50a2437319dfd747d5f9b
SHA2564faaab6ab6298511011006303989c3df481b52a136a18405e8e0c055a4406bc1
SHA512090e042e4d708c9f8ff22caedfc123eb7ae011dfe74d831888fb8a5e05515d8a411fdfd0a928b464a6373df3cec4cbfe7f865ef4f6c7c1747e24749575894152
-
Filesize
96B
MD5fcf6954a0812e94ee14296c8cf503f68
SHA1d1d632bcc4ba1975a87568c58480904b41aef949
SHA256380c22e21dac3f39772b87155616528d7b3fd847bc2270a6051c596e4d5a800c
SHA512a720c05137d3828e1ee89ad1d378049c46ac6778cac48b956edcf9b7addebabe649c714eaa7cb25c6fcd4387c7c211c99333553848081401e45f60c3f0d86b51