Analysis
-
max time kernel
178s -
max time network
190s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
17-06-2024 23:16
Static task
static1
Behavioral task
behavioral1
Sample
ba17ed2938afe4cf379747a953adcb7d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ba17ed2938afe4cf379747a953adcb7d_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
tcore.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
tcore.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
tcore.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ba17ed2938afe4cf379747a953adcb7d_JaffaCakes118.apk
-
Size
8.8MB
-
MD5
ba17ed2938afe4cf379747a953adcb7d
-
SHA1
1620463e5c8aa3f66574e0af4cb5a24afa37e101
-
SHA256
deb8026465b6d3dbc2bb68281afbb2f5dcd19b3969b15051c769a7cfdbcd4ed6
-
SHA512
cea847c68ff3837c6cbf70f6034cf8753e66c5160d4db8ce5b018625cb407b6b345d807d5ce2b28f8b2d5ea2707db93646faca963f2c782e1a6678725a4be2fc
-
SSDEEP
196608:N+0iqpzT+eERInoj502yteG8F2F5+STRrUUfDw1a4CCk1:Nhpv+7RF1XaJRrue1
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener io.dcloud.H52F4B3B8 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses io.dcloud.H52F4B3B8 -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 29 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
io.dcloud.H52F4B3B8io.dcloud.H52F4B3B8:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H52F4B3B8 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H52F4B3B8:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H52F4B3B8 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
io.dcloud.H52F4B3B8description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.H52F4B3B8 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
io.dcloud.H52F4B3B8io.dcloud.H52F4B3B8:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H52F4B3B8 Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H52F4B3B8:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
io.dcloud.H52F4B3B8io.dcloud.H52F4B3B8:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal io.dcloud.H52F4B3B8 Framework API call javax.crypto.Cipher.doFinal io.dcloud.H52F4B3B8:pushservice -
Checks CPU information 2 TTPs 1 IoCs
Processes:
io.dcloud.H52F4B3B8description ioc process File opened for read /proc/cpuinfo io.dcloud.H52F4B3B8 -
Checks memory information 2 TTPs 1 IoCs
Processes:
io.dcloud.H52F4B3B8description ioc process File opened for read /proc/meminfo io.dcloud.H52F4B3B8
Processes
-
io.dcloud.H52F4B3B81⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5187
-
io.dcloud.H52F4B3B8:pushservice1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5341
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD57c486cdf781555da50aa4c08dc30febd
SHA153d779c6705e7b1e42835666d969e27d0b0cf065
SHA256dec6ab9a299e696b44657e37257427322b06f26949c3caac0c608d614c15b098
SHA5124f30a95f0e99f85316f71ff8d0f9f65c4ff68b270ba6f47a284bcc5b7d1470ae67b394ba72f36f8d522f570cba004d15e6dd3b078c7053f6c146d2bc4167d5fe
-
Filesize
36KB
MD53371c13b33ef7159208fa83b1550efc8
SHA14400281b7f071b54eae0ee1661c6a5b7fd7a1f06
SHA25685532be942c62da94a2df002b483d573d1991904ead078d6537991c75d238401
SHA51203a8a1576e6449000d20cd9426d4877de093871d2dd59919d4b9a21dbad42ca5e772c6344485bb21d765c750c057cc83715ff836013cf65e6c22d1285802734a
-
Filesize
8KB
MD59fce459f582b486233e862ad5048ffa8
SHA1f6186aae8bf5abd593bdb1663222b29371f3dfc0
SHA256501833fd0c40b1e47435e6cdc748e3f4a68342c321b4b67a9f679ca6931193b1
SHA5120ec687c330c56df95670e5f3af59bdb23de4fde74f26ff11107eafb1ae0c3833ebe9c6e4c6b526ed4bbc4e9344ed8151964f9b60b0be075381e3f5c348ca71b8
-
Filesize
8KB
MD5b6d3deb0cfd0031eb2720fc1a0f0011d
SHA11ac1c4e2eb83f66fb630d556fa56ffa9f2c1c74a
SHA25649eda04afd3ce622d40008cca9058274ac83bb76d5a528eb8c6555d400daa1f7
SHA512163c3a41a3689ef59baa611b555ec3dda791ae157e6ab7ae8741cc4ebca65d64265a6e5b5799fc6139d98f5c2089aa74ff8d385481cc916e4163e222eca9ee1c
-
Filesize
8KB
MD5ee8c03f0a25fb73590c43a802e758971
SHA1f099cf2dd0a32812d22d75c7cbff253d7a9c16ad
SHA256a99d06b051e063306e8f54b5e73951986be456269ab324598de4bd48b064dde4
SHA512bb9bc1febf05788a9b9fe34a50cd20ed4f5eb47d8de2ddbb401323f896fcb4645bf7b53ada49a74e5c186afc63ff896866cc3f4440cf3729a5f47a0130ff9c21
-
Filesize
12KB
MD56ac76ed6c24aef2d4e4ccec28b726071
SHA1ef58003f274551c5281ec69a0fbb793b445bf4e6
SHA25621f55e4060822f016e4ebd0c79801359bd9f6a0ae5bed58df7f348064eee1977
SHA512e8c88b4753acd051ce4b155b957f6a6f8ee2bc218c7e24e33e694fe45f5fbdf01f98c3a2b50d28ba8522137023c11bc66b995379f1d5c9203f94c9041f8c583e
-
Filesize
8KB
MD501309539b3716117019ce784e3a6d360
SHA17b89305ba30cc1aa224d92f4173efbd324e7b5d1
SHA2567f3a1112d0a543eb5f35a80255401a7a3547ee609ecc7c8b992eccfcd64f5a11
SHA512f11ed53d4c22597ce0ab4a9ff40dd1ef26f2045a7c0307c9969762182df140683fa8dfe6dbcd4e47050e3c294ba74ad24f3658524ed87de170d8df7afd5f4848
-
Filesize
32KB
MD5398b0a58d49a27abf374abf1c06cdd71
SHA1b3d01ce982202197f01b437f7bfd8b13395618af
SHA256061dd15e685e13bc9011d1af275dd39cd76f91168181c5946dfee38980040b45
SHA512b0df56468ff007b7f46b651cbc0f964fef45c768c0ba1269296dbeadd1917a4595d93dfe22eda51281f551b8e5d95517e9caa014c80674239c8a404bfad2c9a6
-
Filesize
8KB
MD5d2d1d78b9e65c0821a8d11ab2d97f612
SHA19921ca2d64e5516a38eb533ba0f669a09d872a41
SHA25644adadd61424333a43d875afd4f3640f9fbaa7381dabdc36cf64c56cf9f49aaa
SHA5129a27cc417aa304c0528267af1c6cbd139c81b7edf82a90d1eae0a1333323710bf1dc2e5d20ccdd824c43debaf6a289ef558b6c247cd5ea961579bbdf69851c70
-
Filesize
8KB
MD5d99ae876840ec113287f78c089620ae9
SHA19e3b82434ef0d814f814d63954457103c831763b
SHA2563e77b8bca10a20cf4df1d4fce978a6c536922c3c7b69369c7e76b92383d78fe9
SHA512fcd2104f4e56fdaf6a8184078898c8daa407adcbbb15e1e309ae0c6a080b848935407b3be9ed7c12cabd94c8505993cb57f8cca6833b9a38f9c56b3c2c58291c
-
Filesize
48KB
MD51113f7427e92ea33716f5a07d8a3939a
SHA12409dd51882f0f0bc28254982044cd9439b1cc49
SHA256ccdc3c3713daa6f1ae82beeb7e27fb422b9731a33099fb2d6df6ef81eb3302e8
SHA5127f1ff87ef8972fdeeaf104ee7dc269b999bed328e5bece4b4ccb21871caf8430c84aa4614287fbe850ca38bbd52a7514b838236b6d71b16f74b378f53e808bcb
-
Filesize
8KB
MD59246de95f8eae97c892f141f55f196fd
SHA12788378da3a646678c857172a7be37ca7e5895d1
SHA256b516dcb94324a4ca97372832bbc45de5723b4099bf583202236e55c774d8dcf9
SHA5124fc47d4307db8b480bbdf7c35096bd423abf489524d7dcd07e7a33ed0bb794e708d4c99af62eaf5bb68466d5fa989ea5ced8ba111a8fc4d39d97dd6f7c553e58
-
Filesize
512B
MD57b2d51fbe8db0e99eb48f741b91a1ccb
SHA13872393e99bde394cb9db7c13d08fea6f0899652
SHA256387422b914d895282e90c39a74c7c317851b0167b53b2b66e87971e93e1c22a4
SHA51298511d385fed4373d2f80d47eb48b901bda4553962469da797c04d3585e24bfe5848b326f5326ba46cd7b7ff5da45c67d1aeb53482e546a993c83ab70adeb88d
-
Filesize
162B
MD521121ce8dd507c19d73af41d753db64b
SHA17948ca7f67a0817ab6e04ddaf44ccbd43650eec5
SHA2569c3b8af3a1a7c1b508886f02c5366ef8a06faf2443a201de57d812e0dc1ef3bd
SHA5123bd049b810770cd644ca96e3e9457ab9cf0db61d647c52306f4ac1d59a3eb23a3a2b86677988e44db5c92c5258c31a3389a8fea77d4fac8b81ad95353cbf839b
-
Filesize
435B
MD51b074efdf5d7d82ac457a871d9b0da45
SHA1016f74ef7072b28d6c72b8faac026d9f49cb1e75
SHA256ba7724cfba4e6fdf6685e940c61d97c2c80aab9f5b771b46ea1e98ecf81f0f8b
SHA5124e3e6773f13e5e6b07fc68845942b92380e520678d3bf87c8db51c2d9b0f9d80b69361f32c713ee263f83384c85cd02282f40d9fb4722857721e97fb32fca60a
-
Filesize
8KB
MD5e822ff7df26a7483241520f8a235feb9
SHA114a9a7c4aeb7880400f688eed978556b05170670
SHA25616a57179f982577f57d19f13d2dc682ca583f165e3d9422ec1477495e4fdf124
SHA512673888b74f4533c2542c5dee5d57aecc127b5416b7fbcbb819ec89662dcd795e4216c008885fab6b90695b277abafbf7d04d66befa94a222c99fca3f7f325b2f
-
Filesize
8KB
MD5034d94c4f90c2bdc1ac9b551500fe893
SHA1616b0c0a10f0a821c3c69100029f4315a89d8bb9
SHA25682950bd9e1bf74789358a6f5eb829d67e75a01c811e4df83e93f5d34e31673a9
SHA512fe32b822c3c9ebf6727599c694d56fb8b8de0ed91af4d4336eae67392d1445de42b6e8e3ebc7949fda299d8e2d2d7d6d047fe06cf9f5ff0a46c87f32a8dc183b
-
Filesize
28KB
MD528d88f5c5a0eea888e64f13f1b4bfbbb
SHA15a55a72e926192b8f14c572efb737ed3666c54f0
SHA256476450c1fe5c2d258750097ccb62cbaa0b2d042fe61c371b779be6b7a30bd8cc
SHA51236ebf3caca10a4e5501cf4223eb67c9d91de2e1e2180c7d741fec9f46f7c1a2ee9961c5054d5975a39060d99a6094ad112a910e8193dc03dad912ea921131b3c
-
Filesize
8KB
MD5a9b531d4846019f8737ba8cf6be97317
SHA168ac71daa0c9406106562d13fc0e7209516f198d
SHA25623e6a21a43fad9468f1b89cddcbe9dd865e7a576176f5f78fcd52d6f7f904132
SHA51283f6a823f563b6aac34cdc7f2360256ba9a9506789cfdbf5a0ae3b0e5e2607e40193d5a3860830391e8293e2208c325e286a4222986b9e2bde2be0f62c0d945a
-
Filesize
8KB
MD514213f02e5b7d8fd603a632ae68c6fea
SHA1851bd2a53bd193112cc186f1b687f7c7de8b5053
SHA2561014e685ce94f5400a5c4eacd53221aae5afc1741987fbdde45deb3eca5b3c8c
SHA51239882cafd6e06ef7ceb76dcf5d18217db53170f7b6a3c7efc58ef3e1e7f62e402b1243024fd7ce329f7a0c5402fdab28d5871efd3f885e7bf82e49d8bd76a479
-
Filesize
408B
MD5fb12fa8f6b2542fb350276e9efbcc0cb
SHA1e650af26b58460f8d8b5d3d99e6a1c3e89f80f00
SHA2569c1f4d1661adae8a0fc318d00cd924720ede6e9d5764d6f15c5775e9c92040f2
SHA512dd950e9a18a77fcef88e1011024e0c0ac97ade17fe2fc8a6b532fe4aee8c90737841e98541ed7fd0c7ec258fc60047fde571463e3eb5c6e32249ac5172c6e549
-
Filesize
32B
MD5294050f65087ccd046187deefc1baf99
SHA1073fb30dccb0121e43d29ed15083c1f04feaf8bd
SHA2567b2895058d33d26bb996576d192baa4df2cb96c89ca631005564bc69652da522
SHA512902c4270bd8d2dc0451363a0aa9c94b2f5ca69c69ca267a1ab8163c6ff89f0c20c99835b4617bfda6b9a011a92d9b1cbe7d9081525381624fafccc366b329ef9
-
Filesize
4KB
MD588a3203a9acd98cd67d39184dd654bf2
SHA16bdd49ba8ee9b2135e71aa708599b2fb904ba6fe
SHA256da385af40d0f28ce4618f588974ac911e8828ef12ebd5d0b16a992650f0d65d0
SHA512bb138f46ee162a6b87dc10698f2113e662f3281fb4aea44483652a302ca1ab01943f0eff863c2e410714a483c86683ba078ec620c3aa5bf3398caba4c5d3e440