Analysis
-
max time kernel
160s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 09:40
Static task
static1
Behavioral task
behavioral1
Sample
bb4468daf2835386a333a10c85ee3aaa_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bb4468daf2835386a333a10c85ee3aaa_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
bb4468daf2835386a333a10c85ee3aaa_JaffaCakes118.apk
-
Size
15.5MB
-
MD5
bb4468daf2835386a333a10c85ee3aaa
-
SHA1
1fe0aaf1a56c49df543d029489ad58bc4324e487
-
SHA256
aa6cb27d6f4f7f510fc0a9713686f601ba6aae467b0eb8898b3dddc411213010
-
SHA512
27c8c2d676e53630ab82d66bc55f507ddd8a23b23bf3bc53a216561881658282eabd91f9df8a5fb9994eee19fa5b749dddadeecfa99b56cb96cbc3daca8c4413
-
SSDEEP
393216:bVi3rv4Qksw48z2BCe7dM+q3DWxWkyapD1ZOCjY6M+XC/:be3FlAeC5tzcW3IDTpxMX/
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gualala.me:ipc Framework service call android.app.IActivityManager.getRunningAppProcesses com.gualala.me:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.gualala.me:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.gualala.me Framework service call android.app.IActivityManager.getRunningAppProcesses io.rong.push -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.gualala.me -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.gualala.me Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.gualala.me:remote -
Acquires the wake lock 2 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.gualala.me Framework service call android.os.IPowerManager.acquireWakeLock io.rong.push -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 12 alog.umeng.com -
Queries information about active data network 1 TTPs 5 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gualala.me:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gualala.me Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gualala.me:ipc Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.rong.push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gualala.me:push -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gualala.me Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gualala.me:push -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.gualala.me:remote Framework service call android.app.IActivityManager.registerReceiver com.gualala.me:ipc Framework service call android.app.IActivityManager.registerReceiver com.gualala.me -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.gualala.me -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.gualala.me
Processes
-
com.gualala.me1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4299
-
io.rong.push1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
PID:4359
-
com.gualala.me:ipc1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4336
-
com.gualala.me:push1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4426
-
com.gualala.me:remote1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4456
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD58da5821d4f0fe0cdbd404fd3b0156f59
SHA1b330b5a1548f68513112075cc7920b172a5db850
SHA256306f61d9d8ee986bf6d183a9a0bed0ce299ccfeef3832b3c79b254bacaabf581
SHA51220f82fddaa03949e9e390d174880091253f0e43dc5c1af5ccb74ba50fee4068c2b65804a04cbd34b035df5fbea257d3c10ae05d989f2eb0795caa6e03510536a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
40KB
MD5ee2c481b4aefd28c940319bad12995ad
SHA1f93cbd378eef61c3c27cdab7b6803d2f61032f58
SHA25630cd0ddbaa331abb58e9eb0b539eabf08e7a385aa3ca6a8eb08ae5f7f9aa87a7
SHA512f9e83ae13da711233c3f0e996965e2561a88cc1d27aed4ba61ae87d9735bc0a4e2b4d66cafdf6a55009867175e3e5c2f745967b3e4a3aaa2e3e059e61b11ef1d
-
Filesize
24KB
MD560acc5ed9b5201fe1e0738321b505844
SHA1de2f131311f01a1fb65ce49071c96530d8b95806
SHA256d1ce374282bcd9b5ea29019580b65fe4bdf4a682699bf7febe338aa33334e6e5
SHA512befd4c08a3c383ea4edcba58d3587ad3871ee903518e45ff4dc773e142442a74049224c67da0a31825fee770002586ce46e0be77bfd6cf5e279e1a60970165f7
-
Filesize
512B
MD5d9478933509284cfa0bf5d8d0e733050
SHA12c50f83e03185cebb3c6fdb88d1eef56b6db92f2
SHA2566944dfc0046c9eb22fd0743089e21b87ee133964a1bd909a075648faf1c6d344
SHA5128dcf18e75d0b8bc26f9bb9ee5ec6f113b8eb0847f6784c086454553e376625e0cc22757656a0d16269df0b3ea43db5ab12613d74b2d938bef16c0d7c8c45049f
-
Filesize
36KB
MD559b7d1d17b0f637e2826cbe2c3362c8f
SHA1363f1789ea2616d0b9df6e6aa234ffd2cb3b07ea
SHA2561f7465f8505148c2cfeb0c0f988e8a44ea7f65c3b78df4423c40854f41464c52
SHA512d3a7bf3f894bfc0afd6611b933066d5255300ebacbe39c6c4dc1873d42341492d4d34cdc97a93eeaa05f5002ebc2e85fc4a8be6e4ee289ee0e088d24b4e64d4f
-
Filesize
512B
MD599c92de405216c966b952acedf074388
SHA16b2b3d0d347ed70807e578afa9425c3907cdf24c
SHA2564bcd8c52a24f657652e1fc75d3859a386d5f340993e3909fd88b09732114584e
SHA512e5996ad6796af1ac31e591eaa5bb900b59361d55bbb6981e082999697bde430b5a9fe7f6cc9043c131a1f33009a5f6e5eaa60d9c222a381b47146a9f6273f098
-
Filesize
56KB
MD558f5791d25488655463b64cb79314723
SHA14785e1868f463589c89aa1f80e58c8acf5f8b2b1
SHA2562959bf4f4bcea9349089360e12d33064dccacc690fea7b63ff924d1ffa446455
SHA5122da4f2d3eb356de1405accadada8756f704d2f37f7a584556db18bd73df35a3bf7ebddc98340af734a9fa4036e3e2df0e9e93b3a3c7c2ca52e87e873b8ffb907
-
Filesize
897B
MD5d1ee67cba7a0f10f6ff5c9e032b239f2
SHA15adea2de0249d23452cbbbca4795c17b559a4500
SHA2565aba1bfa19e07316f5dc99dd8b808cd4f5daaf3129f1999e7aceea3ead67926f
SHA5124b5ea959be0db893a8a40a4963b653d5a8f8314ecef9aca30cf8b898651290a2bfab35eb6983199b2f45e8753cd9631bd4bc919ffd8c2dbfd561b13e2d8f7754
-
Filesize
162B
MD5db2cce3a91cc738a539f42201a9f49c8
SHA17a6a216f11b29841fbe8631fac7b4749f4ce1b75
SHA25605d13d62c92eccbee58e5320c610d58e9a0ac597920b770d8b6b9745930a8a49
SHA512be23eb06d5be6e22f3eb476342d32df505d242542a1073f6c4d253750e17719072cd4e2d1f42b7a23a7f70d3e29ae7d360c00c2c39af9684734842b2cd00f424
-
Filesize
525KB
MD50357e8edde36315c0e0a4f5385de625f
SHA12e6c6f15010e88dac5078f34e31a8ddf5e032f2f
SHA25644764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d
SHA512497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93
-
Filesize
248KB
MD535c037ded99b38e48421119e88d783b0
SHA14eb140ebb74eb1b9ae15439b4b94e2bdb0996107
SHA256d0a5a3c6549ea81de24863d14edc2331ddd27a6d7e1a17c500a7db9ae7904796
SHA5122606068291d5a7f8e434fbdabd28ce447e4e435bbbcc700cb16c182667cf29d76c18042f0ea018dc4ef11dd4a769977093ce291fbe11164cb1f1098b41120bbf
-
Filesize
166KB
MD53f1348cd6165c9a66a9892565c917ca1
SHA196f0c939438c494cf3fd89246d458e92c0c7203b
SHA2565fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023
-
Filesize
4KB
MD56a86f30539dfc9332cd235fc48fcb62c
SHA15c202003f6346edb85175b8df7c460793f5512c6
SHA25634bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235
-
Filesize
69KB
MD54e9eab735928758b860e48b2f9befd7b
SHA17223dfdd00f8059d3b83c28c6f7d78d2dcaa0569
SHA2561a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4
SHA512c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599
-
Filesize
10KB
MD5c16f5ca1517683c46e02a6b71aab3c00
SHA12d09a048d1b8d556d89d4d723947e9e234b5e59b
SHA25613d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9
SHA512a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b
-
Filesize
1KB
MD5883c30365d5d377966125dd0c079debd
SHA1d296ec1e3f4badb6e3e6166c1473fb55d4265761
SHA25650112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa
SHA51200b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f
-
Filesize
86B
MD5e473f2520893b5788c515d49ff4bd48c
SHA12d596a2a34ecd35b91c16cd5734e497ef7111fa5
SHA256aa33cbb479d7ec9d8ed3fd57b82bea4ec1b70a99bf1984ff08f6c6663fc79aa6
SHA512400bd3557a88857552d80fb0c9437d4352ad9adba06d7cb1666402b3861aec4d1f35d9c5339bd69064867b65af7706461ae4c412b3986c39179e346718b27d97
-
Filesize
156KB
MD58a2c79efb207a11c881711c482131b0c
SHA15ec4483a92792ea82e5ab6d7e79623f5dbf342c6
SHA256ed97f0e94d639722484d7deab4a57465af5b346e8ddc942684b48999e5fa4808
SHA5124e38d752fd5b45259f7555953e7d5fa8bb6013f328f0dcaca863d4f6e8fe8f28519bea19ab0c6980e13222f0fb85859f021bc2ca52592ee001ba60697bee52a1
-
Filesize
10KB
MD589a7429dac6030d016f75b8766bb4209
SHA1af7cd6e93bed8cc2cc7147a58cdf46177a963fd7
SHA25682acb0fa13cf41b516bd5536519f8122f463247fd2aa3138a44cc71181b0eded
SHA512fd167d38070572f310af90f43f4e849078b36c633d78ca93cd5194660d5ebdedf432eb454f9894888f4d00688675a4dc7e7935534362a20e69d2ded5c4748250
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
127B
MD5d54b7b380a5ff46c78283013a07d8e0f
SHA1f697c5f7028ba2679a96d6bc5291c38ff96d7982
SHA256c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c
SHA512ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4
-
Filesize
76B
MD5b6dc59027da5acb97826a82a3691ec07
SHA17973051f15940595469f5c0f84a740307c9d338e
SHA25608202d2a4815a0a737e832bd35468d897c5962b75d2bda30da414b1e259c1c23
SHA512f4f07484ab1cb47a4f53c80461c9599af0b76205ba9d41dfbcfa65182d87751d5a7a1ef91844332b195ec850794c4e6955d87be68f1e9484c98f96e97cd01a87
-
Filesize
512B
MD5d26a173e0a2bfe41dd225a9c6e7f3d09
SHA1c3efeb02d80fc8441798418884bb6f336e7dcdfe
SHA256edad14a6f7754bf4cb41398c8dc0fb37d5e74475682609be09ffaeeaffbf724e
SHA5123abc97e558a22b06c85b878a18d32ccba0a1f3c02c1f5316abe1dbbc24261be1c300fabe940694225a8242db2b7c840089c665c9e799104bd726d21a75181d2a
-
Filesize
48KB
MD52e8f0b570190bb97d6ec9f7677017721
SHA15034ada56715a1b8efae7608b70f0eda3ba12e69
SHA256aabcd455fb21f840323d0f804a11f20c57b0d8093efb78162181a9bf33e5dcd8
SHA512334bd96308f484f46a9715fc93c15181083314d99e27f036f1b6a7f1d1c2ffd7f4f06b536c946161f76eff4996341f4dac1d7708623dce3b136c9860c6d1e810
-
Filesize
310B
MD5029b4505583bf9af52748c320f9bbad0
SHA1c0e4c2299d9d266c5781477d247dfada41c7dbc5
SHA256b36b83f28e1cc8af0b0a9bce60b95a5309dac5f09eaf53566f6b49a639843846
SHA512767045b3194d07ba57844019938f1c993421e99eca6a849fd92c72cc3235a7130918b3cb4f7019fde74db3c5cbff184c9304bb88caa134150b240728cda9d9d0
-
Filesize
158B
MD53d5abc43c89f6723cc27a92f1dfd9a46
SHA1acf50d1bb0b59e78bacf9e1ac143b072df3e2f46
SHA256fa67d30f6ffe35849bd8daf177231a93e1812d8ea20341e02f24fc561b9458d5
SHA5129bac95de2cd3e574c813ff00b3a9c187bfe7a6911540c773723107d91263b3423f4daa5690104469b34ba44153ed2736f31ba32613bb8e83c7b6cbb27905d9e0
-
Filesize
52KB
MD555ab1d1e436e073bd6f7b21db35eaa36
SHA1e39c9baa0d41520426a9b2e71eb112ff7e6cd989
SHA2566cbca130459b4c245c9a54be226a1013ded1fe4f2f82eb495cfe6df0163ff041
SHA51267228b2977fd344e1a69d99acde9170c365540795215b3c168106f7ec2d02a46894011cb9487970f34a3a6bcfe1fff6927505fb72701cad453ce37b4c5992fc8
-
Filesize
28KB
MD566478214ef89f0170b4d4f2bef235d77
SHA10ffd9cab8bd652e814134ef7bba609af71aa7515
SHA256a65ced3d8b15832eeb80fbc702f1d9705fe3f35df0ac76da6bd0e828bee79902
SHA51244cad934e3077473340c9e25b3554ab51a9230d512a3660c5b35e3bb471b1fcd4fa86d4c2af17847d4d586071ba139bd72902d4c0a68e3f897ecdd137106c2a2
-
Filesize
4KB
MD5f5ae32aa1d107b065c2b758b7d8cc54e
SHA16f4c6201365aab1b4d6c1a1669213db716eaa1c1
SHA256d96bd17a72f054221436b1e049350c1a11ad752a4e2dda89019394efd248979a
SHA51235f7148afc30d4766733709af5daafe22c32039f358d2ef24cb9a1462e960141153ae95905b0516a15eb04c6f380445a52c381a0883e8f591f0711f3b7c6a6ea
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
89B
MD57b8296176f8f75cf0f8617692e090558
SHA153f448776a9d2571fd946939a404677e9a394468
SHA256c6654736cfe071a4e8e22b3abda4a88edcaf756d27cb38c36954aea5f1bacb4d
SHA51238661b6d87f3ba30b0f028bec8b0a4a6360318021a1a854c0e103707cb7ee6aa83b958c0bcc0773fe2c9d7057c20987a9190235f222724ca2e61cfdf313c672d
-
Filesize
96B
MD5c90ea076cbe57807bb54e971d1647f6f
SHA13f376bf2a9dafe96bae2a2a960b3606e0bde6de2
SHA2562ab3f17f3eef6e061d9e9fd672ddbb8247e8630057037aaaefc8d81aed1e2e5e
SHA5122b47f168aef128294a66f8a18fa65d24e46dd881b8c0bebc1563edbe8b5bfac67e146d33f27e38bd812ac946f3a6379b91509f97f2ed5bb729cd7a8e10524472