Analysis
-
max time kernel
174s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 14:06
Static task
static1
Behavioral task
behavioral1
Sample
bc578bab172b8aae0329657e187d4a8d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
1.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
1.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
1.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral6
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral10
Sample
2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
2.apk
-
Size
1.0MB
-
MD5
2ba0797d94fbdcd6307612b88d5fca15
-
SHA1
2d77b1f41d0a3231b5a1f9af1f5b2fe3750ad6c0
-
SHA256
78cc5e34990e20571cf2885d9f6f9d624ff9b6e317e1f71cd8986c7532117c88
-
SHA512
440fea9ca7db9d809fe5c7844c1a5038f6ae6948091d8b0a78f802914473938002d73e58a5ca44d5d9a7c27ad6ae931c37d005348cde312463a6089514e8e54d
-
SSDEEP
24576:I2oRrJAkb//ZmyT1OWa2xZGyd54zNScnzbcYPjH:Boxqkb//wyT1OL2a0OzQcEejH
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.goyourvafly.classcialioc pid process /data/user/0/com.goyourvafly.classcial/files/sdk.jar 4441 com.goyourvafly.classcial -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.goyourvafly.classcial -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 23 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.goyourvafly.classcial -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.goyourvafly.classcial -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.goyourvafly.classcial -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.goyourvafly.classcial -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.goyourvafly.classcial -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process File opened for read /proc/cpuinfo com.goyourvafly.classcial -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process File opened for read /proc/meminfo com.goyourvafly.classcial
Processes
-
com.goyourvafly.classcial1⤵
- Loads dropped Dex/Jar
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4441
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD586752a4be6564d8370f2f0e403995003
SHA129f7d50675f6e59f3b808eb6dcc8619384412115
SHA25650484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA51279c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec
-
Filesize
36KB
MD54cfe777c9f6e7859f5efe2197401d8e5
SHA1bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA5126be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de
-
Filesize
512B
MD566306f13c30c9892f3d7e95b2590e52a
SHA14898e6b75e3a6151919b0c31e2e508ad101b65cd
SHA2565419988155606fd58b46525726e0fffb166ea90fd79bcd4c0a9b0617eb3e9e72
SHA512dd0889d0223b1230b7e860700c1c2d1441c5254f8e7ea2a5c64c02d54dc0a2ea1ea48d28cce73a69af89a2c08a50b0d9d6f3d3fad483589c251f10173c88600d
-
Filesize
8KB
MD57ed0c96e68eaa006520451415438f51b
SHA1ceaedf265c69edbc5823380c7cddb5e8858b33f9
SHA256accdf798281fc2b9769330cf4ab6c8a66b0eddbfc2be47915026fc216930e067
SHA5126ec90d96f2283c0577fbf3bf22a6a69fa541d92b85de6a3f343a3ae6c0e5cb718e8d1015d6a78104ad60734a9c8cb916775cb01fe8cfae9c2453f69a94cc7d03
-
Filesize
8KB
MD54d5a34c5c707b7bfc895ccb150c44acd
SHA1ff1eb122e3a43d30b48c1abee40b02587a657ca9
SHA2569055406336819823160dc757c41a53f3a6d286d2a9fe267f841e37325721faec
SHA5129b5ef97ecf6abc127f8bed763146da07542171c787f0ed25d3d0d1149c1303f8e6177224316736b3bb0a03f3ee7fca9d8433f602fcccd9be97bab8d0f03bc341
-
Filesize
8KB
MD5cfe80b443f8d77a0482e3c6651cd6684
SHA1e331d77787b180ea8f4e64a76675aa54b0bc47a7
SHA25636975d28bab6eb081984822d411c95410f15937eaefb04462ce3bbe2e4a5c5ea
SHA51218b8dcc8089eb5715d97ece82cead57b4a48d3ba03e383d66b963f928defba6ae16e0d7678b848d7062fb44e2fd2856049f9c8fb50f22bdaad95818556aa6fb2
-
Filesize
8KB
MD5ffd0b478378554145b613f5561fd17bf
SHA1b37c0e8feb4b39f6f9725a32181123b2829d3f90
SHA256287f6b41a399bde1c8b32e5f53976534d2beb2b2ef51095eed5ac88fe3704377
SHA5128bbbfefbaf470ea067d4fbf45af4d1a6b83477ffbab7de88051085eccc006366b4d521074317acc8a3a2a78cf6af11e606fc901a15f8803db9387e58e26adad3
-
Filesize
12KB
MD5f09f02f6764764341dad947748b3d277
SHA1e6ab96ab333d65a7d757b7d6d40b660444d83c68
SHA256294adf42ff41ce100fd06a95bbb077dcd22c07fb89d8e4074d8bdc62d569fb79
SHA5123e241e6fb5f9ff80b040b9dbe2f574e08089f99b68cec74f1ae9333bb5e4fc567c62d889d02d16062a003133c8590edc60cc5b3ab2c50044ae913e9abc5034b7
-
Filesize
32KB
MD5f9b800b7f1320838675f73d3b3bdde87
SHA12124bfc176a56aea91ec7e20d28517a17691f9af
SHA25687717de0ca7418bdcd749eb497a45b2285abb283298e3da3eeb03f267ebeb41e
SHA5121ab088bc6fb70c6b43e7b9f1bcb61b82f9b487f8eb593e594efdf25bfe2541db2c4275e17596a311fa3f5552b08f59e363d949bc4d53919b3a7fced869e5f051
-
Filesize
16KB
MD5647aa4427bfe804ebd68bfbb76428e59
SHA17f30d0dd0017a6a95c47090eaab12dcdcbb4236d
SHA25625df9afb804fc1680242a0a397398d3813a4d310a0e92c22ef26703a4ca0957c
SHA512517cecf7a86e5bc651e71fa2c9508ee1fa141031db65b7bdc9e54175db39bf63692c140c8eb0c5bd40d8d71d373b3cf8a56e4762a55ce22d18e6a60f1ebfea24
-
Filesize
32KB
MD54cd141af5f5f1ff6416e42d1aa8fd169
SHA1121bf46cb4857e644ebf1d78fbda4c226cc9d028
SHA2560d025277ecc531093a863bbbf75b61f5c22997f1e70fd5f8d70f3c0ec66630cb
SHA512c2362199eb6452beb82042280a58c7cf60143881673120f7029e461bbfeccf0c3f0b668b40cd93c5fb4b0dd2eb9a3fa41307bb19f276fe3729ccfa4db12c03b6
-
Filesize
512B
MD5557e07442e0cd50aa59cc5fcf5c2e4e4
SHA1df0222b6a34550c4883475e8e8ce0b215a5b2ff9
SHA256f66c1c2b44dbf80ba911e17206bb4f8b04e970733782fbb0dbe5be5719d55ff8
SHA512e66c855d43f25a408113f058a28a550819fdf450924e2d90ab93dab41de3c90baf09029398cf650a7ceebdec6f0ebdb06a689d7a67b34abc1147d75594eb811f
-
Filesize
8KB
MD5c59e90431bfb0813988d022b25bf4627
SHA190dd63b9db11596686fee91fcae686be8407240e
SHA256460e999adbbd5d8851e178ff99ac0ee6f85c7509bc5010876b5229a4b825c542
SHA5126ffe46e7eb802d3e918933cb138863426347b31f5c4d67d2cf51bfc73b9b4717f71e3e9a2b619f970d71265ca9f5d5284686d6d423fc6e30b2df0abc1fc336d7
-
Filesize
8KB
MD594b0ca1b85a6c3513e89887d81530276
SHA1fec72e2d2a09e639eb48d9989e17a7b0c3a0ddab
SHA2567ac1d464bcb5b5e9cfad141e4975c2b519d17e635b23f1a9df0144e7837cd218
SHA51261987f16fe8eef2d7c8194aa2ca62fd4614c4f31c0eeb456d3b5fdb8cdee8a7a69b3e8b9200be807deb78886c98de1c4e73c38e90736a1244e1f830f941f72dc
-
Filesize
16KB
MD5367d94156083872c77a44d69d4a02a96
SHA1b3061698a7d2ac6772ee0db666bd175d27cc3c41
SHA256574394c8d4fa73a23c0bd3b23e218d157238d52e8121f517721335e2749f003e
SHA512d8f97aff7dd7c4e0c854be27bd80487464204234e038c79d6d3fadd52eeaed28cc0e8e5e19c9240c63b3341665ba554f8f72dd03236c1aa97328c68411ba4059
-
Filesize
8KB
MD5c3b5372a99c00bf561433dad99bd055e
SHA1766e3138fae68efa2f7937881cfe30b3e1e9c6b4
SHA256dc1c76505bb7c8ff142ba55e62ce005e98915f8058a83ce7a9ca672be0c769da
SHA5126ec0751a5115b0a7af2f24141f975bbc408f1b450ff0c7d9953a45da088a75b220d5b88a2ef4d9b5bd9e56b1215c9190dd7a83f20fb6ae55b56e7a12c05cc64e
-
Filesize
12KB
MD5265f50e9d41958dfe3e9c70c2aed1344
SHA1fadf616ec629abaab767bcd6907de28b5b167d9e
SHA256e289e63eb429d2d61384eb7c5ff9545f874ac512dc99c2e3065ad346562d23f7
SHA51222ff2959118ca6d0c3a2fe6e34ac7baeb823f5524e2485f5b85ee49878151e33621399b4266231d35430dda820cf0d4a7711082392f4c7fea37d808e1c18fafd
-
Filesize
16KB
MD57b6ffb2df85bd49ba7b861595eba398d
SHA149b82d7aaf9fa381811f6bda6251a61132497169
SHA256fc6008a0920c66e7831bba43e06f50f1239d383039734ae76fbdf1c06d57f579
SHA51256184bc1c1068b7dbc8b08c2856f878ef6872814d6f64d4b30618ecdf02d299406efc32cd9f152b269f30fefa5f817fbf113c1602aa36200c1efed827b498053
-
Filesize
512B
MD59343483535c2c7b396ddbd4629f1c9bf
SHA1d929f27e75b83d0ef06a5ccd7fefbeaf5b807ee1
SHA25633f901685d88a74c1cadf5b552d456308b2cbb038a1f98dbda3154cfe9141a0f
SHA512b3b205b9446cf72efe2d9a36b7a5e28a6c9881ce869acb229098400cae6b3a4bf7c49c0755ff26b9f4d01af141669d4018b0814b85c01ee98bf3ea0dd8b5daf7
-
Filesize
8KB
MD5598582816b80f34c6f3e1dbe72d7f0d7
SHA18080146ef826de7bcf3bcbf7aacc6be3e2ff828b
SHA256b98351f24a08898c96cd9653ee62ec9f5ffcc18b219b55567b98e8bbd3b6dc89
SHA512b802a570dcd2a264139c0b256614f56148cddf49bc9a073e4d9c9f3d9d8df40d8de857d5ccdfafcd9d969c450591b6458e0d361373398a460084d2d9927f8091
-
Filesize
8KB
MD5a010a4135eb1418fa82258eb6e13c0a0
SHA1c79940b332a66497d5011f8ce1cd930b17274809
SHA256205677ac9b829d2e522282d35a313e155c752c064577fc7e642e506055ac417b
SHA512f60d128a362823a8c9372abf4771a1e4b8dde35bff00ab0c02b79456f85e4ca55de4edf9f8b37d5c7b9917a7f436b302fd50f4b895216e4fa1b461fb49ebde92
-
Filesize
16KB
MD500adf6dbb36b9512d1901ffd6ae2c614
SHA10edf17a38b06b029100f46a606aa6361846920dd
SHA25670ce8bdadc7a2746c2a7f4f8f37a4ba8527b9149e4891ab9a8b446b69a9117b1
SHA5124e1c5660224faedcdc7194d80a0218c5d367aa49b21f3b6914dde05658058399789368ffccb529a986dd4e8af75c5540b893f93c9539521ad26292c6fa1117fe
-
Filesize
512B
MD554bbb0bdd94f2fcf57e5ba3c36d44759
SHA1bc908fa76bf77ab9a7d69f0753622ed3ee7edbaf
SHA256bb0b3d1849ba0e254f2e538bcba7abb8a4552d4eb7edb88ce180c143e1824872
SHA512028ae799254bb403daf06e64a889b49a00405ab44c162beb6bb9c726cac8cfcb81288e44facfc89fb9e5c691bb4250641624ca6f871ba2b59b10aba7c6b61ec1
-
Filesize
8KB
MD513e3233874f879800058367a1ac0e831
SHA185fc9f6a3bb180ab015029138d9b53d7f96b67a1
SHA256fe73859b477464dba9d16f7031ba9e11d2c507f56591246fa1335ee9a7350f47
SHA512c2e1ea6c7d0f7772c4c27888421a24b3c0926bd4151046678694f79510df0bc125d4c64e6748257d87f817298aa53b8746a3d2a227cc496bf69db528e2f9452e
-
Filesize
8KB
MD58ffdb43981c45c7bcf2eb7220e376249
SHA1f50f780a43f62fb72b59c7ba939d633ce2d60cce
SHA256da3bf234a104f01b1f37025fa3b4d988f37e0ae8bb5ffc0fed6bb8f6bd105c20
SHA51237dbc423d8d3cc0dd26fcc9cec676e441be2cd21445dc303bc1f3c97079260a91a6d103486363ec5f906962c905f6719290a70061c022d0d0faeb9ddaf00b352
-
Filesize
1KB
MD5b50b28d07d922a2b1f5655e89427a387
SHA192889a0aa01a95539151a988f00936d1f15b0ee0
SHA2568b211a9c0753c1a06915c8151f561927273699364063a18c88eda608fedcff1e
SHA512e33413ebfa648950971752117c1b5b88abcbcf19d61808443724976348717bc179554930ff48187e6698ad2ca201d27a0e4a682fbe3829c6ccb4e55223aa543a
-
Filesize
162B
MD5dd1ab55a2d2e9434fbed61b1f7c01ec8
SHA183e7cedf5dc8e83341985b3235665b58e10c3b77
SHA256365e53e36489b302083da248759f60ac904399bb3228325657418f8e3e24ed8e
SHA512717e272789033989b3f3e9230f88699fabf38eae49dcacad7ddc6edd58727bedc98fa5f354dc02554e1c03e7fb2336d473a125ac3e4f2171fde7c8ee1e5a9bab
-
Filesize
113B
MD55ddb03011f2ad3706329fa5d9c70a814
SHA144acaa450f7161beabab98f62edd606a5116b9d8
SHA2567c7a6510d517ae95054acbd00b8906179a030d71dd46664580c574def9e440ba
SHA512cb54671495393ff4688b8e35c680435edcb3801cc4e587be413fe11c78524a3ea30c923b83370f7cfbb7ed958ebe5c6ef4bb9b068c25e0085112035ba5562a4e
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
61B
MD53d919c18fe9a2770f48bd99153a75cd8
SHA147542cd22f2b21e5a7378a4de83dd6f4a3872878
SHA25682e70ef64007805905abbf9656362a0913bf0b38673268ef867291408f7cd2d9
SHA51262f67ece2829265c250ccfe479c5121cc4badace7637a35186377c3f2632dd2f617e77749ab1b78abf22012ed8d2e1a7e008c5b969554ff4cbe50efb2e6a0b96
-
Filesize
85KB
MD51987b208f452541244146779edf99b53
SHA1d4863f60abf5c03c46fd22ca97b8556291ba94f3
SHA25690d8451f78c1f810ec6b9376fcb8047af6f2dfe89dd8320dc02486353d0833b9
SHA512f0eb1279363a73375069d30197a368907f2cf8bf9dca25c1d43889fce738cfb1da16e3d856dcc321e1dd0d3601e2e24121446927cc53b96b032577c889cac785
-
Filesize
197KB
MD5e60221130803590b5e75f1efa6a9933e
SHA1cc527fec395bf0996934b5a92eb8827038ba890f
SHA25646242170af1980a3ebf9440b1d5b6ab52c868cb7fea9e2f3486cf5c2d31c41c9
SHA512603b4aa4e04a44c9415e1129415064cc3ebdbcd571c8ff35ae021a462fc7f7854f9e78a78a2015f9359b9add4ccb97d38970d6bd54df69872b91595e9ac32826
-
Filesize
433B
MD5b65019101a03867cbe6fb18f2deb6757
SHA1651da21c46f3d954f817f7a18432563b8a0eb0fd
SHA25692723ce0104c85020f25efee0e7ddd2023dcebd8d157218d9e244a2152306f18
SHA5120f1278c929639c5ced10e02d64eb3cef8caac9d697bc116a94ac2ac1b3030c9d659ec5d1a59b4f212c694beb580cec9e75e3ab5f2473b6fb4684f66db309b9e4
-
Filesize
111B
MD5d31e0a3af7397909e514939d6678ddfd
SHA1cdacc0f8abd83fe83204555395b1e27151d47d15
SHA256ef820ea98d4077da1e78ec99583b348817a3e524c210110448c85157248d8125
SHA5121f0bef298412f8b0db687b8a587cbd5b305af419ae9ca0dbbdbeaabc622124e1cb13b4058415de1896e399d5a70a47eeb40638594527a2e5e56c621eb05b9d1a
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD541e79839cf0ff4018cda48cd33171180
SHA186769a2e31bcb96107f08358912bf585636f731a
SHA2560879b94789c62b0b9b89d7c0a35fca7b948b59edca23d6d38b4927deb597f56c
SHA512ebcc46d39eab8c90ca060f7fa21c99d7d23c4dc6fecf6ecc09fc01f65703161c11821c8606b4214817e8a041e28c8a542de38f5f642024930aa49845a79be65b
-
Filesize
408B
MD5995655556fba683c47d065612d815cdc
SHA16a6509620889174617d39eb550100b5aece7c47c
SHA256717d4e8ae07d173ea5ffeca8fb270a80cf334adc616397ab269d05a74f2eae48
SHA51283d7267de3e38eb7ab735a162a629f6e7db247e3784a512b0576bf3412a1bd30f6511b24d489c7e34f4e71c5d9e9462a7c0b6f83002cb02d654d4c6d8b5a0da0