Analysis

  • max time kernel
    63s
  • max time network
    129s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    15-06-2024 07:14

General

  • Target

    ad48cc4795c3af1c7e4de278c7b484d0_JaffaCakes118.apk

  • Size

    1.9MB

  • MD5

    ad48cc4795c3af1c7e4de278c7b484d0

  • SHA1

    4d775301f50448326192fe100fe22c5690624a57

  • SHA256

    95478cb2abec5dfab5d71994d2ca7cc89141128f63f5c1fd7c88706f7f5829f5

  • SHA512

    a3517c29812f37af6ffcc5d50f0d6620b48c277324ad0c073d4be5e686f796946a69b0fa5f710252f7acfe57351e20d8d3adf03543d882b1b9ec2e95578376ba

  • SSDEEP

    49152:gv8NYtSk6odCfsUFKv1Hm4DX6rvwuGxKPHl:Y8NYJRnU2Uwqr4va

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5031

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a/files/mobclick_agent_sealed_com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a
    Filesize

    543B

    MD5

    a77d800adc6cb44c1422eb1b40dffbae

    SHA1

    07bb285d9535f41bc4b0cfaf04cc08295c287d1e

    SHA256

    75f9130820e3f9704caf67c31af1ed3628282e51af1f7ea7518cf964e0c6ef73

    SHA512

    5e199b4ed302094da7db7c18695ba0c1176c6a07fb3fa14de76f51a010f06e8d3f27a05756abd1f946a7835ca5fcf35cf6c9509a8decf8f03f3d661d8115de87

  • /data/data/com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a/files/uuid.md
    Filesize

    32B

    MD5

    c678ed8ca6be188b69e93baddecd7d70

    SHA1

    accd8e9f07f7d87997d01a5f5d78ae341241046d

    SHA256

    a6dc0943b2558e2601993b44cf23e9e3e5b01753d5d77ced1b00a467eef65f79

    SHA512

    8812be74c7ffc8309afed30530c11f7588363b078e79c202f2d2312714fc340ab23d85078f1d6262eda0530f0ad30543a1e23b9bd1ec874484f14bde2081a80e