Analysis
-
max time kernel
175s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
17-06-2024 23:16
Static task
static1
Behavioral task
behavioral1
Sample
ba17ed2938afe4cf379747a953adcb7d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ba17ed2938afe4cf379747a953adcb7d_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
tcore.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
tcore.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
tcore.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ba17ed2938afe4cf379747a953adcb7d_JaffaCakes118.apk
-
Size
8.8MB
-
MD5
ba17ed2938afe4cf379747a953adcb7d
-
SHA1
1620463e5c8aa3f66574e0af4cb5a24afa37e101
-
SHA256
deb8026465b6d3dbc2bb68281afbb2f5dcd19b3969b15051c769a7cfdbcd4ed6
-
SHA512
cea847c68ff3837c6cbf70f6034cf8753e66c5160d4db8ce5b018625cb407b6b345d807d5ce2b28f8b2d5ea2707db93646faca963f2c782e1a6678725a4be2fc
-
SSDEEP
196608:N+0iqpzT+eERInoj502yteG8F2F5+STRrUUfDw1a4CCk1:Nhpv+7RF1XaJRrue1
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses io.dcloud.H52F4B3B8 -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 18 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
io.dcloud.H52F4B3B8io.dcloud.H52F4B3B8:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H52F4B3B8 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H52F4B3B8:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H52F4B3B8 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.H52F4B3B8 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
io.dcloud.H52F4B3B8io.dcloud.H52F4B3B8:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H52F4B3B8 Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H52F4B3B8:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
io.dcloud.H52F4B3B8io.dcloud.H52F4B3B8:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal io.dcloud.H52F4B3B8 Framework API call javax.crypto.Cipher.doFinal io.dcloud.H52F4B3B8:pushservice -
Checks CPU information 2 TTPs 1 IoCs
Processes:
io.dcloud.H52F4B3B8description ioc process File opened for read /proc/cpuinfo io.dcloud.H52F4B3B8 -
Checks memory information 2 TTPs 1 IoCs
Processes:
io.dcloud.H52F4B3B8description ioc process File opened for read /proc/meminfo io.dcloud.H52F4B3B8
Processes
-
io.dcloud.H52F4B3B81⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4257
-
io.dcloud.H52F4B3B8:pushservice1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4385
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
36KB
MD50bc367ac4fb1b93d0f24c97eb07d25a7
SHA11786e1bf7172dd5dfb159db15ea2b7e6ca638bfc
SHA2563b7be70429ff1996130056998a2c4db0d44c5fe6fefb88a99e384d30df8e79ae
SHA512a00f79393a1f3d046534be2c55ecb97b7aaa6ce8f7ff8fe0807fa5edbb7cfb9604f96b8095346878a03e680ef5d670c7426ee2af23cedd6adc1a96e7b903783b
-
Filesize
52KB
MD53cd8409260f4f0d75fd310f0fbe58ac8
SHA138bf50ebffc3ab8e5791886e9b69aee979b0dec7
SHA256fdc7ef5636f13b80c1b36ac8426cdaaa09567ce43270832eff73eee412540f86
SHA5125f500558b3f13420048b918b5cae354bf91241c2d19fccdc8235cb5431459d990c2f4ad8f4bcd937234eda3bc067f0c369d7fff35da1de66c84a6d17657573d7
-
Filesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
Filesize
16KB
MD5210c225de4e90f99ee8ede8083e6828a
SHA1d3ca6496ea9657bff254eb1063c95e87227ae02b
SHA2569d6a570ab3887158149dbce7326310824eed77f421ab32b1ecc890b5dcdbd157
SHA51245e250060b83ebe9f8551cbe98a476e414bfb16471866cf4e8be7902e6d909cd83d4bcb8a7c5a4f61516a8435badec27f80d45e1ded6a23ca30aa86847573ec7
-
Filesize
48KB
MD5d1ff9786342f456ed3a85cc5c09c993f
SHA1a3b64069abc986adc59eee828d925b657ebc913f
SHA256e445574b1b5414c227fb971fab84d72e9d59d2ef539d265c26d3915902263059
SHA5120c8872b87651556d8694dce966255f35efbe23627766873da9c806583bf2e8772a5452433a618f8ee13c5e40dd4b253570bd89ba01b4bfbc5fd7f9cf7eceef33
-
Filesize
193KB
MD542a74b7857f5521fa1572f0837883912
SHA1dd851f6ef7c656a257d163ca7f23ec7072238714
SHA25647de80aa755c0dbd21c010e046b287375ef99fb98fda0ba7ad0ff105a44f4f75
SHA512ede1a6074c50770f3c9d3c60b8271e10e0cdf66b583ff2521589963f27cb0cf12979a101fbc1398e8538540a4c43fb8621c7ea92c4ebf8d5ae4615dca0549701
-
Filesize
512B
MD5621b551e858fd7065f4456dd85667339
SHA13b74d8e75775de58edc1eaf325db1cfc70730854
SHA256a532781499e2f7d3440563e3d2f9575a014d714b02807676a22f77a29a91654c
SHA512cfcb80a4aad66ede39c77ca97f292e7388181e9c132705c2b64625c44e2c0a7e6b3710e3c4aa2904b82a7168fff15d5c40cf7611a5b55e777b33ba34b640c61f
-
Filesize
162B
MD55bc187a8c732e534c9d1356a83f85dab
SHA18ae94db0a1e85ba5d09783acbbf905a6fd04f0cd
SHA256e3dcdac22ed656cc6f17b81862e6ae864b35d055f3b9ef4d4d3c9c78bd0c6e9f
SHA512bb429db688fcc02b85b2e8ddc3a174a34b1a8eff3605fca334691e441a9057c5acfb1b4973dbe5d6f8bf36049a1a88785449f9edb569d115c968acf1c612c66a
-
Filesize
32KB
MD598136a6376e118e652278a3bec067b0e
SHA179186173f58245238e5c8486775e4648fc9ff846
SHA25675fbc03f90992a25fd06f265cdf0a4c004b7f1fc586c7ebb938942892446be93
SHA512c72392ae70a61ded8ccc0b9ea08727135ef347df6b72d83cfd8611c6ab65772c69071e6c377841caf3afcdb0ad0f82b59f5b3cc340fc163f0484619f79359d48
-
Filesize
32KB
MD5b1290c9b553a718fe63b8ccfc1b6a1f2
SHA1adc8fa4bfc4e9efd420caa1bb22da73ddaf61ac5
SHA2567e090158c80a6ab562b80cf27929b138529c2d7d00d471ffada58ebb43929054
SHA5123356ecac18125b5a66090fcbe16fd9e4e13dac70a18fb52784ff8a620c5db95bca285b417fc893dd8e6dc8b10adf0093b78793e00af1c969833972c059dd5d07
-
Filesize
44KB
MD5cf66905d5513b278bfb945a64635159f
SHA1bd31438f156c2270870f5e58cd0d2580963550e9
SHA25678335a40a3accc5de125ad8ff559d87c585c6ce6c18aace82b436fdd546e48ed
SHA512f8a7529fa64e81ab9b8cae5b69f2131f7a6dfa8ecb0b440b60ae2c802a75f4c7527b2cc7f2ed8f178a59d590cc86b1cccbbc909a1ab1400d4a783df93c76df70
-
Filesize
111B
MD5dd94c7d76af72fc57edeccd1db041781
SHA11521191a376ae61ca0be7b5c8bee91920deb5906
SHA25629ee26c12f2db4834da115a8fea226257499a3dc7b3a4158723ba7e0dcbb65ef
SHA512fd0776314bf7826350e438adfe157731601cec2e0abd0a60631f7078b7ecd72eb26c90fdac4a2851acab9a46c15a9d3e070c959289f9cff02df0e6dc743567d4
-
Filesize
512B
MD5b14bc70e54078b453385cd1956e55441
SHA11025817a33948fea4ca6935401417451c6a183c3
SHA25659d040cd0f9e07d127d929a830f7c3656846b02696565364cca9881e7e422b4f
SHA512d67122905ab248f392bfb7ce8d954a8a9fac300dcc52c719d195bf7107890efbc0bebf828d48399265721b5ac47323a81854948aec3e1748e8766884555554d7
-
Filesize
111B
MD5efa1a197dfeece2bcbe5bdcbeca057e6
SHA160c4f92e56fd6da7024408b5571ddb0e5e55cfd5
SHA256dc2691748907de8ba5ef7e1e0279e89c49cfb01c0819dadaf93034217a19dc51
SHA512e20246ff81a505aa63c1ed380ef9967c6f7f1fcf59a9bd45140c0077176d6693879ebbdd88aacb77f19179d58bf27ae4ab52b7070f367bf863ceb0b898291fb0
-
Filesize
381B
MD5e6eb3cc78c6f0ab1f4d08bde98285bb0
SHA10f402e3b23cbea37e46404e9ad1cd0db6d0b5334
SHA25697686c4557c48fcdd673b7255a2981704792e4e229aa3d822dcfbaf6e332a53c
SHA51242f14618053ba7b0710526130a7782257f89db9c91a1f844970433289047475e09e1da3625e6709c8ac680e95e01add63c724769382215748fdfe811821859d8
-
Filesize
32B
MD5f9158115cb3230dba9f59d282fb2e6a1
SHA1cd4459da9322775129d452688702a5321b1f1d10
SHA256195647e0b2372f2e010b4b725f27a683496451e1134ed8ed0e36b1501b1697f4
SHA51274bee67950ba04c808111ee6f5bf4c2a21be634d5656dfa06d0c79f597ba2367270370bb7d53ac92178ecba1aef72b6a68c6006bd55de3ae9f747dbd55c886ae
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1