Analysis

  • max time kernel
    33s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16-06-2024 20:44

General

  • Target

    b51d2f7f86d4d11c293dcbed9e916694_JaffaCakes118.apk

  • Size

    30.9MB

  • MD5

    b51d2f7f86d4d11c293dcbed9e916694

  • SHA1

    77da5f055357768b88c54fdc67ad35fe7a0bab12

  • SHA256

    8a08913e537c3b6f872c9d12d56bd8db920f71d23502c9ab5bb507a45ae22cd9

  • SHA512

    252779621959c036a3458b136f3b2d2105ba71fd65a51d5773b66930c08d1b2ec50f3d92f9520b13bc02b2d2cf236f5d73da89480bbc23ae644b32563d39aaab

  • SSDEEP

    786432:G4/qDgGW+ITff98GeJ3Av9CgK/VCmYMxL3hwK/V4bCOg:G4tGWJ98JJSjK/4fu3WK/8E

Score
6/10

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.siwu.paimeetandroid
    1⤵
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4260
    • chmod 755 /data/user/0/com.siwu.paimeetandroid/.jiagu/libjiagu.so
      2⤵
        PID:4288

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.siwu.paimeetandroid/.jiagu/libjiagu.so

      Filesize

      363KB

      MD5

      acd3a64e22c56dc0628edd7615a74ab4

      SHA1

      ec22ef7fa9dca4b475af2724d483bda140370ca7

      SHA256

      c57cffd4175fcd618f29d48eeba1b8b30e2bfd4ce9e05c6c5b0bc4378914d008

      SHA512

      ec93027efd827742d3f9db70c4d4aba51e817191ff888aa2337939f2ce518b98f1c1f7ed3d49d25d3bff47738f68ead6348b1b309c54a17e18c4460cc2142e3e