Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16-06-2024 19:54
Static task
static1
Behavioral task
behavioral1
Sample
b4eb44e6ec16420e24ddc4dc06f07700_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b4eb44e6ec16420e24ddc4dc06f07700_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
b4eb44e6ec16420e24ddc4dc06f07700_JaffaCakes118.apk
-
Size
16.3MB
-
MD5
b4eb44e6ec16420e24ddc4dc06f07700
-
SHA1
a248723c3414b59698d5c0fc409ac11bf2c4b234
-
SHA256
d48013a9f5f6a9adaf1fa79c4d28e2ab112200b9a76d9fbc3a265aef7c95d83f
-
SHA512
e2878ae31034fd70caebf7f6180dc0823c133bfc1e0fe9d1bb46ebbad1239f14aebe9458294fcf764aa2c94f664bacaf860e90e033df7b887a12fb2ec7c820cc
-
SSDEEP
393216:csoa+g7xXvosE7kIo+twYbfU56202NIG8Q47KDnPHPRJ:cs+KXvoDkIo+twpplNZ47WHP7
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.kangxun360.member /system/xbin/su com.kangxun360.member -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 10 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kangxun360.member -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kangxun360.member -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.kangxun360.member -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.kangxun360.member -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.kangxun360.member -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.kangxun360.member
Processes
-
com.kangxun360.member1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4318 -
sh -c ls /dev/socket2⤵PID:4393
-
-
ls /dev/socket2⤵PID:4393
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5dcdb0a6572dd380e4e95d8c477afb7d6
SHA12d7198640375faf890f50f24cbe8b299dd280ebc
SHA2563313870e76e191e7476cb6664ae4324f06c4e00c5d5256ff91f184835c2aaae2
SHA512502f0127a447ea64d2b26491a13316ac9a2d749f0871a71c8d423762f4c065d092c6551fd16acc9bd1a7876b04bf7d429af41baa57bc4a0f9e5857ebd862b6ee
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD52f989c275c699dc54ac25742b506277e
SHA16758e1724ed57656b163ed1efade3ee3709bb4a3
SHA256644131d222a56dc423b2833803d8302599024327fe9944f625258318298bbbc1
SHA5121d7835d2918097118e3219eece15a10484f8fdeae0e467fdb564e790d4671a585de21052f8fe5fd6675aff11ce04dd1ec699ab845896dd8f9d9be875feb213a8
-
Filesize
512B
MD58a817ff5b4faa2bc6661588210f00f15
SHA1416fb9bba224f31c5688ca2cac5fbdf01e268f22
SHA256c354760e5a1e114e39b354a681635bd995c62b3372e1a3a863f76c8ff8250f50
SHA512cc73ff7e10915bf391a5ef83f8a45e0ec76e7792950ef7af93ebc4ff58ea79a4ec829424cf5a3f8b1ce7ffd8ea252f7a641dafe27abc315515c1fd2216497019
-
Filesize
40KB
MD520553083418b476d0b39a0f8519b0b4b
SHA1f82d2f1dc44db79ec50efd7bde35abb1b3247143
SHA25654565d956205b57bd52a74a96f71d41ff9624438d25652915d1b20fb5c7ea2fa
SHA512e39f284247496abe6aef464c4ba864d66ad6ad451bbebc570e6275a41e728cafb3696b8fc9efe427cf81f53790edcd1fb1d3a7dbb5004d782badbf444e92348d
-
Filesize
580B
MD589460f06801c27a49674b4c011df61aa
SHA1ea76989e27c87fef849f0da4a0182ec659328e5e
SHA2569c6edee16931809b5cc583871b66867c46187e75cce082683f86df4ed33add55
SHA51205272a446ab9e5a5e3c17ce7058dfbf75f7b998d0a7b387d1de03d0092406868edec829000fd4f454cd2b6f98e2f3fc0c2466bed66b32f971c3e6b6a380c73c7
-
Filesize
133KB
MD53383f022372cba2aa59b749f148d02fb
SHA1086ce0cb51083a7b02ff4b895e69cb3ce06e8792
SHA256aec9578202732b5a08832922658f857e2acdd1c20cb2b630b59c82ebe6db68df
SHA512b94a644fb65ba876ea872c44217304d618e773f3550707f74543c9fd3a00a2ed13698c0d7ba659ffda5a5039217fc96e3340daeed60ac4b4ee24e56a2d941253
-
Filesize
310B
MD5f793ec1902bb53b419e39d690a521fc8
SHA11b56ac4026a59d4aebf59a68cef21eefb3b643c3
SHA256652bf1034990774057e4e29fd696d418a369997ba9c210d386d36f5fcc91cc5f
SHA51281e37d4472952cb2ab4379d6ddc012c6d6387d3e13dc64d71ddf32cc553394d3068fba661a67c7956e89f5fcdb8446bc3eb522378581efe0da914a737613bf46
-
Filesize
48B
MD5fd8c393e124a375a7fd42cbfea6ae9ce
SHA190b1278e57b992d57f1a36542a93a1394470b0ea
SHA256115ccc07a620308d3640d53a5a6f06a7b8ed17a5374416d4ab2349ed219a73c8
SHA512433a7e84a62123d6db15bf0291b9ccef58c205d24f39427c55081d42e267bb42084f8238fb3d2537c470dec05eb6a436cb9d927c44dcfb7b10876f916d170957
-
Filesize
401B
MD54fcb9ea2c889c44747de7775f42feb1b
SHA1fc15343199db7e8adc1cd2397e68d514269c9edd
SHA2565559cfdddc3f5dfb99066279fb46d6fae984aaa5beacd7372d7d826fbd73af58
SHA512955965985d1a75be87a89d3ba6c213c455002873ae52ff58e9400871bc620bf213c5d75ff0f41ac1ea44ea2f9e6af7b46fb48933fa6bfe8fe6219025a9006af4
-
Filesize
500B
MD5e6529bca8bf395f5861c5edacb2b6db7
SHA162d0adfa43a4c25b52d2567eb519d03361362345
SHA2565af936c8928b1c22d201bf861d2ac57c9bd2525e9aacb9f18433fe203e7470d9
SHA51237b719c98d578b97895404b5707cfda37b86c2ff7c49e3c64d98ebf82059f61573e6dfa0ca83e3846eafcdc0e8098894564b7cd71c01bdce8dc280a4e8900237
-
Filesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81
-
Filesize
2.3MB
MD5e4787c80e67da0da94b736448c709c0a
SHA1f91cb0a9d89d95bb4bcb29e7f277208b0363b59a
SHA25619d02631edf05989268df902272a2079abe3d8451db63d001d1c0ab3385fcefa
SHA512552ebbda25b994edd84ddde030715f0d723c0999b5496b8624df5f8d29b3260244ac45084cc626ac6565f04fa4a9f62cabbcb50969730360e47c57500eef5385