Analysis
-
max time kernel
163s -
max time network
184s -
platform
android_x64 -
resource
android-33-x64-arm64-20240611.1-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system -
submitted
18-06-2024 10:58
Static task
static1
Behavioral task
behavioral1
Sample
bb917ab7b73a8740f1e25e35ba5f08cc_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bb917ab7b73a8740f1e25e35ba5f08cc_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
bb917ab7b73a8740f1e25e35ba5f08cc_JaffaCakes118.apk
-
Size
26.2MB
-
MD5
bb917ab7b73a8740f1e25e35ba5f08cc
-
SHA1
d79445d9da0bdf2780627c852f845ab2d20ed1a1
-
SHA256
1ca4a080577f193828734cdc1668ec955b1674f32000bc714460fdff3422f13e
-
SHA512
0a1ef5e58a9240d842198d7f1305aba49bd3889425e4582fb426338f57bf76918e0769624315e7ab243a3159f7cebcc210ab5215e8d0a1ee4d5054271697e779
-
SSDEEP
786432:amMVEPrFr3Byl4Ywt6whbpXEdSZqp5l3m+gsVYO:XM+PrLqwttFXEdtA+kO
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.ircloud.ydh.agents.ydh02833779 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.ircloud.ydh.agents.ydh02833779/.jiagu/classes.dex 4322 com.ircloud.ydh.agents.ydh02833779 /data/user/0/com.ircloud.ydh.agents.ydh02833779/.jiagu/classes.dex!classes2.dex 4322 com.ircloud.ydh.agents.ydh02833779 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ircloud.ydh.agents.ydh02833779 -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ircloud.ydh.agents.ydh02833779 -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 64 s.appjiagu.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ircloud.ydh.agents.ydh02833779 -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.ircloud.ydh.agents.ydh02833779 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.ircloud.ydh.agents.ydh02833779 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.ircloud.ydh.agents.ydh02833779
Processes
-
com.ircloud.ydh.agents.ydh028337791⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
PID:4322
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.5MB
MD574741f53f109c82bbc5c08625a1f7764
SHA15de68e03c738d4cc8af6c56d0f4a831987be2300
SHA256005c513831bc00f8e7ebbb33e1a04f25fd95a350a91d1f59f03391cd4bba0d64
SHA512b2af541b81103fe9fc465843b94679328626e00b5ffba77f35bc7def96207b08fc01b59fc5f4200993853c97938ce78ae5a3093b40ad686bf74987b963f13048
-
Filesize
3.6MB
MD57561e5bec28f94c91ef1cd9f6839ccdc
SHA1822825c4d5f1f931a6c3970a65f602b2307e6014
SHA256beb89f919aeca8dcc03099a295fcdc17952540d87790547b7c2112b06b2a7c0d
SHA512745867306a30f5af9ddffed55f889753aa22f2e4e3dddac566abfe6850a271370ee554a7709e7e2e3a79d922f56c7cfed14ff5f80210b29bda27d13f963a3240
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
509KB
MD5289fb443987b114ee4237b4dd97672bc
SHA19b898410845dfaeae3af212b5df41177ba9b8f34
SHA256a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210
SHA512debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508
-
Filesize
40B
MD5d825926bfb8d2c14905fa15658217234
SHA1f7554c83d06b8da57b0c5186bb6549e5c9cae760
SHA2563945735c4707949f6012e029034a126717ab35313bf614e9d30b8d0834090894
SHA51241dbf2b4910ad34bea7cf4c06096177e3eef09ba5ef4aebc9d81c027be41d87bb28aa6bbd2c2dce5304d5a616337b0db64c161203d68648eadd06621d064f86b
-
Filesize
32B
MD5690861817705b3cb19bfbb9d2cee12a2
SHA15b0341ee59f72d3b72ef0ffb28b7a0b5f248e745
SHA256c364add23bc1ff1d94bc003febca37699cd0408c90d7f271df4c5f8b74d5d4d0
SHA5123ad53d3c02b00699deafaab1630afc5fee3e979b50fd5c2057c460cc63537e8367f6b3c12a651635cf66aacb5216c61ed33497525caf873ea09430525fa61ffa
-
Filesize
32B
MD5da52af97a5608697113963c95406a3b8
SHA1312a8f18891da0313c0856541970dc9d70427b1c
SHA2564d37667bf6a9affd2dc1e7096babb7c31dfbb437e2bed15c745c71fa659af4c4
SHA51280d59e137314fc0eb7c8d4659eae09b3806b3c5a56695f18faabb633381a7df60be906ef444ebd9f11709f9f89d6111f866bacc0f5c7e4a8946a728ce5820364
-
Filesize
32B
MD5993b0e802181dbb5becb442e74409998
SHA18352c5be81e2608ab8f8b99d98c42eae7cbc07e5
SHA256e106248da263a16462ff76d32dfbd82b2835e6e77977be1082deb8e22439bc95
SHA51201fff167b318eae1104a8601ffed06c256334bcb71c7dc48876213860ea928cb2b8aeebaa569dfa67520505fe522f0c387d72a3971bc32a891d4cd58b555ad5c
-
Filesize
307B
MD5fef1d432f786c4bd4ca400658544b23c
SHA15900d29e822fbb53774829f4ad5a740faddcbc29
SHA256fa8b5276ca12f6d59c22be18b7c939c131197c7f62f33e916befb480b97eb289
SHA512f5563a51afeee25295c3584cf3ee588223f703ac5a77a2059d9b33a3b532484631b719e521c8d7384fc377fdd068181d5b98bf5546a7fe8e32c73deee79be6f7
-
Filesize
314B
MD55a3e7e8cbfe3ed440f7073d4ce056c9b
SHA1742d322e1d58ea2ed299db3ab98da7bd7edbdb68
SHA2568d892cc6c8bbfe07bd01ec817bfbf90138e87851c0518aeaa55e2b5d497090bc
SHA512c3eec6848336f814c93c48c9f6a59563bbeb55444dc766fcce2ca51c9ab31455998138002a83f9748e329e5e772ff51530e918dd513e4acbf8cddea66d37df54
-
Filesize
32B
MD5e771d6ddce4fc9f649ec1bed749ed443
SHA146fd3d6959f9bf1e3cf109f75db09a17819d9713
SHA25627113043b9b6add4f94441e528b411bebd8632f1490b70b0a742dbdf7a268de2
SHA512dfba6d80b44e1141e6876be6f4b69f6b929653068d99e8a682848c0f169eb5fc0316d5c648a7fa5def86c3b7b84255d4f19dc0a0e9f111cb4423f508b794598d
-
Filesize
27B
MD56ee12666dcb961208008b4150f6454fe
SHA17f7fbf981075e7c4ec229329c05db1ab83723bc7
SHA25662ac4e06d4d819042df7aa72879be4e993a584b63a2e2234d6c01e259b852409
SHA51244e5f639f08dcbfa8a12d7b1c9f6c1deb658e146a97649f342ed1b06a7062863298fa58160bb385692c2125a5283da94ad028925f3998d2a8ba8cb1cfb12e36a