Analysis
-
max time kernel
63s -
max time network
129s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
15-06-2024 07:14
Static task
static1
Behavioral task
behavioral1
Sample
ad48cc4795c3af1c7e4de278c7b484d0_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ad48cc4795c3af1c7e4de278c7b484d0_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
ad48cc4795c3af1c7e4de278c7b484d0_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ad48cc4795c3af1c7e4de278c7b484d0_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
ad48cc4795c3af1c7e4de278c7b484d0
-
SHA1
4d775301f50448326192fe100fe22c5690624a57
-
SHA256
95478cb2abec5dfab5d71994d2ca7cc89141128f63f5c1fd7c88706f7f5829f5
-
SHA512
a3517c29812f37af6ffcc5d50f0d6620b48c277324ad0c073d4be5e686f796946a69b0fa5f710252f7acfe57351e20d8d3adf03543d882b1b9ec2e95578376ba
-
SSDEEP
49152:gv8NYtSk6odCfsUFKv1Hm4DX6rvwuGxKPHl:Y8NYJRnU2Uwqr4va
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 3 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915adescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915adescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915adescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915adescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a/files/mobclick_agent_sealed_com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915aFilesize
543B
MD5a77d800adc6cb44c1422eb1b40dffbae
SHA107bb285d9535f41bc4b0cfaf04cc08295c287d1e
SHA25675f9130820e3f9704caf67c31af1ed3628282e51af1f7ea7518cf964e0c6ef73
SHA5125e199b4ed302094da7db7c18695ba0c1176c6a07fb3fa14de76f51a010f06e8d3f27a05756abd1f946a7835ca5fcf35cf6c9509a8decf8f03f3d661d8115de87
-
/data/data/com.cyou.cma.clauncher.theme.v547ca025e373c10b4aa5915a/files/uuid.mdFilesize
32B
MD5c678ed8ca6be188b69e93baddecd7d70
SHA1accd8e9f07f7d87997d01a5f5d78ae341241046d
SHA256a6dc0943b2558e2601993b44cf23e9e3e5b01753d5d77ced1b00a467eef65f79
SHA5128812be74c7ffc8309afed30530c11f7588363b078e79c202f2d2312714fc340ab23d85078f1d6262eda0530f0ad30543a1e23b9bd1ec874484f14bde2081a80e