Analysis
-
max time kernel
56s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
16-06-2024 19:18
Static task
static1
Behavioral task
behavioral1
Sample
b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk
-
Size
5.7MB
-
MD5
b4c6b383e262e14182ad09d91bd7e70a
-
SHA1
4b5940ae51498243dc8cbc371ea5563a8f0f1c3a
-
SHA256
29b48fb0b4dbddb296a29db4d170a0db8b0292bbb54d3366be692de4e6024525
-
SHA512
774f6f2326fce794735ab415a54fe63c70272e82dbee139bfe6182a31574856296d47387c7dd755ebaddd139ecfcefeb8348a5054a39b7e1d8ae6c9b5d2cc310
-
SSDEEP
98304:hrN3jgDXGmAVDGByJBuIOGYmwUypXRf+/GS4aAvCQhnq9hIwDDZ4uv4L6b7v:lNUixcyKvmwUypXRfWVAvCsn+WwXrALG
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 6 IoCs
ioc Process /system/xbin/su com.kevin.videoplay /data/local/su com.kevin.videoplay /data/local/bin/su com.kevin.videoplay /data/local/xbin/su com.kevin.videoplay /sbin/su com.kevin.videoplay /system/app/Superuser.apk com.kevin.videoplay -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.kevin.videoplay/[email protected] 5120 com.kevin.videoplay /data/user/0/com.kevin.videoplay/[email protected]!classes2.dex 5120 com.kevin.videoplay -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kevin.videoplay -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 23 s.appjiagu.com 35 b.appjiagu.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kevin.videoplay -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kevin.videoplay -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.kevin.videoplay -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.kevin.videoplay -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.kevin.videoplay -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.kevin.videoplay
Processes
-
com.kevin.videoplay1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5120
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
480KB
MD56e8ea47d2d8500b7fb8855394fdf0526
SHA1d3c719bda605cd787c4acf30507edb76b7fb6070
SHA256cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46
SHA512385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70
-
Filesize
56B
MD54033de806432b74f105dd13e6082b7c6
SHA1c06e90cd899c531d4f07668528925b2720a1d02c
SHA25670d12d547804728a76e7f856f979119d9b47350d3cd698762554010529e25f82
SHA5120e43bbd334569089b9514bf89c24c7d024233c379a5202ec8a35cbf22f72d06ac142d24f803290cb3d9b63a8bee46f93606f0f71051c79bca5aeffc70607e1c7
-
Filesize
56B
MD5a694bc2f5d2d77df12ac4cdede954105
SHA1f540b49316a2d8933c7a3b8e70fd85c47353ee6a
SHA2565414d72b21871a20f8af65efe4163d8c1a6f8117081394f98eb4475eff28085c
SHA512cb282f347885dfb7ba08b51c79f9ea8b919fe461da1db2e65eaa8033b9766b6d7618bfeabc1138896a313ae061addafd24cd042c01668c86f76bd654a0dc1a05
-
Filesize
84B
MD5bce23881558db9ebb017640091f04d94
SHA14d2e6ae1069f545d5bfb815246c7bd11d0c954a0
SHA2563c9050ccd3b021df78b282658f2058c475e36937a5add65b3810c475b2af165a
SHA51245c1e0d61f450a993f6e8d5a555d05c151e0d2945ab0c801ed7e1d030ef703d8af675b163d4acfe10e59bef65bf62fdcba449eb567ec9150c2dcdab51cd081ab
-
Filesize
84B
MD57f7432ea0a03e472298ba14fc1323fea
SHA102b208fb80e9c5d24171919bc65b9e8484522e26
SHA256d1f042faf2c354816475d9555bf9e9331fe41f5807307227949f75695c115dfa
SHA51274d3f3086f2a297309de5678cced1713612f5133aa44158a154d71f63059410caefe64a7c53f7c4d077d73cb076ca855b990c9549b76bb5fec842aa7059ee23e
-
Filesize
84B
MD53f0450c64623d5b744d8bc15a7ef73b1
SHA1589999a8d019e7725c97388ba5fddaa038304ba1
SHA2566d0bab52f0aacf47956f57ca46980f9284f338c6af7dea52dffa3d9ee0e2fe6b
SHA51234ab6107cba574ec7a5101a7c9f62301882d8d65c0f737b5b6009aca5cb44010109221e57be168c0db594b2f3ae310506206a1b4f8b85f5a8e48808c7992d371
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65BeginSession.cls_temp
Filesize77B
MD55b55191a8b95fccf9e031ac7d6fe0513
SHA1a1b0d2d2919ec879ea1c4d85b90eec70da8fda9d
SHA256dbb11dcc3362a74e0add194ef1404f1aaa18979ce19518709dcbabcd385d44dc
SHA512eee2999d55984eaef37f0c87c9a5cf75d96601053f93f7c9b2cff4d070cced82e4555750916956effaba518d411011b8ed4f4ebc4be9e9bd4b96c39a04c3eb66
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65BeginSession.json
Filesize132B
MD5d7ad9b35bfc992c08e4b99180a8fd138
SHA177281885db016b542b0a30fe6ba5e388bb22e0a5
SHA256492bb1f6f144ce69f56e1bfcda308e1e9df0a3dcd4d8fce67b43e28a66923e98
SHA512e1af6e95e5793546046d08f21da4b3c06ad1e462e60efc1433697c150bd97d5f6cdf6b505473ef2f89ec32b5a5252ac8c3ac853c06df5ed88e1a38b0d1c14ddc
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionApp.cls_temp
Filesize120B
MD5f6002ef53da2acf27d2ce63812d74e85
SHA1eb76ce7eebe4c8ca83b624b3d80eb401fbced3a9
SHA2569e45de90719b1afeb38f1f6457387fbe1aefd04237ede3ad5b43c251a8f50aa4
SHA51291584ff3c9e3acba1bd2d034806265c3b48913155e08171d443493cd79505d8e6d5b444125d13012a14ca8f7fac24e3a7e3ebbd773ef76c514ec420ac96344e2
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionApp.json
Filesize234B
MD577a72fe852cd8b47480b4358c40c97f6
SHA1683be58ef7aacb7d072ff7182f3f48fd0cc3aedf
SHA2566aea6890ae75c8400f7a22395dfb6f777529fba085669f5d83fa5446bd2c9a39
SHA5129bb2a3ca7994eccc5d1af21097e090178e54add4dddb77fceadcedba8f73a91f5ba09663eee3c5297e0328f84178969b6397e2536278ab2f4596e553b4a8f78c
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionDevice.cls_temp
Filesize48B
MD5eac6d1474885f59437574c5c4d66ada8
SHA101ff3f4a28aab0cc4e573c911ef780ea4724b40b
SHA2562a45113737b67eabf415879225bc555ce3d541ed8e3e2170a3039df7756fcec3
SHA512eac4b3d971831de5dbb9e15adcdb4ba2d1b37db98f6c9449d73c3973bcf533f3fb654a2abb1458591b7d79735680a2ffc94194bf679fd2a0fc302c009ebe19d5
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionDevice.json
Filesize202B
MD57035946b6c3aee2746d9e33c794ee882
SHA124f8081cac43bd874d2fc52ebb8accaeb3e83848
SHA25654f361d33ee3d44858e934e98391fff56914442e2cf83fd8091c41fe5104608c
SHA512ea06098e819716d7017cd2736ea7d71291d9abf20435f27ae084bc3d66494b824e9f3fc35e16bcb00a6f0bc27fe5d2e44aeb4e9eefb299813e660bec5d2b614c
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionOS.cls_temp
Filesize15B
MD52566d27ce8c28d8961f082c375d7535e
SHA192fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA2565acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA5121c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA501A3-0001-1400-ECFD05EC4B65SessionOS.json
Filesize55B
MD55caea4b68c57072f7f52a5a41720566c
SHA14d9712f1702c7238949da43f7d8ae6efb233a666
SHA2563223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize438B
MD5952256f02a07bcbbf693f02cfa2b0a88
SHA1a151f01b508739e87249dd16e3018e311c329eb0
SHA256f82638449834873fccf2c8eb6a25177898bfb2ffd6fb9f8075f403bbff7d13cb
SHA5126e530a5d4d2ea799c1e1ce5167f66cc6f2c1da55d1025ddc9d3731f4f6a5bc09c522e78d32ba16f13ebfccc95775d28e64cf1f880f9cb0d7e91e18ceb411024f
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize899B
MD5d181067a6dbab9dd0091be46535d4129
SHA1f82ef2a2e68ff17e8257a10218abe5383a222f61
SHA256f278f2d74cdd53ab2a439178dfcf92532db000f0ff1caa0f0a4c8e4b641b1095
SHA51207ad65a99a5eda3ace4281d0372fb11b1e70eef030ccdd012973f352750c97e3c702a811abc10cf64abb2c00c0de5d74e1877a20efd09f31e4964ca7609c1918
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_36fad8ed-57a9-4ed3-ade9-5e6e747fb9dc_1718565542049.tap
Filesize348B
MD54c110ee2a193a230dfe7914383312d22
SHA14f3d780edeca761f1cc9dcf53146ae0accd67173
SHA2565df750c37d8059229d81ac3273c4347e3b5a29c9d00199df6ccffbb652aa09b5
SHA512f67c85ff1062160a3c5e5a8a7993c4fa887798cf459e973995d454323cd32151b52d8324f46b85b53558f026fdcff15a673a7cf92c481239aa2b9a04ab361c37
-
Filesize
40B
MD52bd73a6218967d79fe092700f01637a1
SHA191d914c50932fcdd719c0119bd5d2fe31dbc261c
SHA256e19ab9ecf32821c854e497f4cda9ce8fd50735b486d989b06a564019bd667cfb
SHA51245cc3a6f9ea76b7139764388f87b2fea771064d3667cd74ba184adbbb486f44d9e70645014cfce6eb0c346ea475fd172c47565cc0e3cb0a2c911360fc7171cfd
-
Filesize
40B
MD51c05f0c150032ca47a982392d0303aca
SHA123d2dfebd80fc3a308f91685ee6af6595abb365a
SHA25688596ff524e6eb149511d8b9b00ccbeabd835a5040bf7d01cc71b4fa3af066a7
SHA5124071ba8f3b3e1235bece92f0532c61ba7e4322eefaf7f89f9666370aa26bdce8ca165604d4784e2510619b6180cd3621803192ed5f3b185a19740c7a37b54d39
-
Filesize
340B
MD5c2321329c21ee59c030067c6bef76a47
SHA106eb325b4535c327a678926f961536200e99f883
SHA2566614b762c0d75b337c2838cda1cac15d44da25614e01db032daf02fa1018fb35
SHA512ec548137487c2cfb3424f165ed28786c534013b8bba2d7b594fff2cbbc49a81301a9d942e37c617a23e94409f01242bca1938de521da73c9a977091264e674cf
-
Filesize
340B
MD52f6e1d026dbbc3933159ece78147504c
SHA18d183cdc012a11f1685f1ad6bad4bd2a417a5870
SHA2564d646572a08e1f1e5f4c63439dd786400bfc4feb6986cd3e5d445c0350bde732
SHA5123884e68ef092fc4feeb4c2e6e0d5d44a2d1ede668af540a1d8a3ea4f090d2cd22b07638adae78e3c9fdd6ccaeb0444246d3b76016519548c254a50518f457b9d
-
Filesize
40B
MD56dc46aed34fd53b969f27ad3bf9dcecc
SHA10de2e9f964a16ca0aeb6bf818dc5797dd9f067f3
SHA2565a0273b0861cba688818af475fca957cc38b0ef441d97a6c26bef3d246caa953
SHA512c966c05427771e05b24d6eb3fdea8e87fd6c716a2c21dc7365dd4e11de1e4bf8855d11c48063f94368771d90c532143cb6919b258fa2d31c1f8a42838f3314f2
-
Filesize
32B
MD59ccc135a3e6de847524f6da9b4337766
SHA159cc1d91332e942dccb23a91c73b7e73628719d3
SHA2564d843959096ea819a5a0b07d4f7a63207758b502383bff96aa71f2c3025dca90
SHA5121c85750a77f3c75bbc4fe9c414a81dfca950b8da2ed4c3eec3eed9a0a5b07bf559a1c3a167bb4994ead1dcb1e51a04e685a7c120af12f170a9c9b4b3fab37d48
-
Filesize
314B
MD57e17b9ac22b8d2c8b5a07cb5388d46f9
SHA1ff076e2c6d2469b56259c103922588c795febf22
SHA256b55396a86fb3f67dddc2a3b3f2b6ea10356f38652c7bbc2ff92e4f1e1e474003
SHA512e1d60c2bcdf5348719d47818e85f1808f629d6a7265a18157cf26b9fc857ff275b93cbce7bbc45c3055c6ee23be3d18044fbdfd9361b795b2a28e03116046fa0
-
Filesize
127B
MD538e0829f817d2fc1330034f34eb5a0e2
SHA15afb9beed41848197e8404bb5728cc63a9d6b8db
SHA25624a92db8be0416ccf16e956464147ea7365798a8180c363424b5789441ab3b54
SHA5128b95c3575dbf73e503413e89ad69f35b2a6fc4b50b91c557bb64ad47f85fedce3169e7dcf15495f2b5ab860beccb522be809582c88a7606cc0f21c5227fe5039
-
Filesize
32B
MD5448e391c59eef34ee1defbe4dee4c41f
SHA1df1f890987371d7d8e6963c68b787856e42bc146
SHA25655612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7
-
Filesize
27B
MD52acb72b54bcd4ed0955a5d4fb3121d11
SHA10801e6bc406b755f3dfbe4140eea823300ea08d9
SHA2560761dbf7a5f1c56bfb23b8f1a96e4baaba2709747ae919f2998076ec1d8bb43b
SHA512959fb537c0c41ec74c1ba58c5d5222820f6f1c8df77fa78623dfda5d17b8caea5e34e082683f006d4057476666c2f85a9f26bd09945afce06cfb56d36fb81315
-
/data/user/0/com.kevin.videoplay/[email protected]
Filesize5.7MB
MD5e35953ad80f4c415af2d91291ba183e0
SHA199d07afe283a5a42c29d5914614eed9504d9d930
SHA2560277cd5e6846e76d59b9c56ca461e2f67c5d51743a5fbbafdfffd13020bead2c
SHA512b49a118a3708229b56a7056e42f51a2f16e033ca1c0d1b8032912ef2c6f3af58b723fdd2d6733a9d1a2b5105e8116d11f875784d8305cd072fa6c32668af10de
-
/data/user/0/com.kevin.videoplay/[email protected]!classes2.dex
Filesize4.1MB
MD5537719937e6e68ceaa123d06e4d78a04
SHA165ff9fc8be81f4045768c19e769e68b0225a56cd
SHA256308f2d300f5c47210325633bdaa1454925b68bc8d293cc62307d3ff17138d4f2
SHA512e71427cb8851982f960014bc27cf7e55eaf6e270296f97c6beb2fa913e33c24615a264b7c73fab8a81ae89a42a59aec92ae41d0f692effa9f0f7d53fb516fb03
-
Filesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
Filesize
32B
MD547e97e321471eadce7899ee4af3ba8da
SHA1f78a675a0345b846cc24b088121f966452d5b151
SHA25693b7da159d6547e4f6d890b95f927fb75882c74c8c429c7822200fc58a2f1fb8
SHA5120a4c7c16e9be7fed76be52a75bd9bf294deb37deda739517102a133c0636ec84834dcf1e78697da9f07003777e7c659b21ed0cddcab39a0217ef45916dea014d
-
Filesize
20KB
MD505a4040505666c4df276f037f5c10fce
SHA1e4cc27b812ae6518b2ff0ae8b74accd5c28b73ce
SHA256c0acd34348ba3ccfe695d41dcd1db06c51ed19f31f2c530a4a0880bc94d46f24
SHA5128294fba2b056440d8024c97e1caa5d43548aefcbcb59e03c8c0514bc8f2fcd35566235c154d1469ffd1096a68feb96d29c284e3d75672e996a946ce66d8c4cf2