Analysis
-
max time kernel
175s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 14:06
Static task
static1
Behavioral task
behavioral1
Sample
bc578bab172b8aae0329657e187d4a8d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
1.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
1.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
1.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral6
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral10
Sample
2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
2.apk
-
Size
1.0MB
-
MD5
2ba0797d94fbdcd6307612b88d5fca15
-
SHA1
2d77b1f41d0a3231b5a1f9af1f5b2fe3750ad6c0
-
SHA256
78cc5e34990e20571cf2885d9f6f9d624ff9b6e317e1f71cd8986c7532117c88
-
SHA512
440fea9ca7db9d809fe5c7844c1a5038f6ae6948091d8b0a78f802914473938002d73e58a5ca44d5d9a7c27ad6ae931c37d005348cde312463a6089514e8e54d
-
SSDEEP
24576:I2oRrJAkb//ZmyT1OWa2xZGyd54zNScnzbcYPjH:Boxqkb//wyT1OL2a0OzQcEejH
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.goyourvafly.classcial/files/sdk.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.goyourvafly.classcial/files/oat/x86/sdk.odex --compiler-filter=quicken --class-loader-context=&com.goyourvafly.classcialioc pid process /data/user/0/com.goyourvafly.classcial/files/sdk.jar 4383 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.goyourvafly.classcial/files/sdk.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.goyourvafly.classcial/files/oat/x86/sdk.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.goyourvafly.classcial/files/sdk.jar 4317 com.goyourvafly.classcial -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.goyourvafly.classcial -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 7 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.goyourvafly.classcial -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.goyourvafly.classcial -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.goyourvafly.classcial -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.goyourvafly.classcial -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.goyourvafly.classcial -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.goyourvafly.classcial -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process File opened for read /proc/cpuinfo com.goyourvafly.classcial -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process File opened for read /proc/meminfo com.goyourvafly.classcial
Processes
-
com.goyourvafly.classcial1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4317 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.goyourvafly.classcial/files/sdk.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.goyourvafly.classcial/files/oat/x86/sdk.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4383
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD51685ebbbaba07b2ce6e4c5285484eca8
SHA171c1a9a25146e816933ba6f5b52417b32b5643de
SHA2560c72774d8a6a9c9323d215419551d225d21aaf73afc250ec853220507cb27e0a
SHA5129306742681b53f830b859765e35d892333e78d6010aabe0c9f6331a36dd87c78f28d2cefbd408452fbca6329b2718ca2d3e42499a87cf6a0394b45aea408284b
-
Filesize
512B
MD523f3c613c086b87ac3ffe932cf943cdf
SHA1867be0541aebb68f477830f25813311168bc03f2
SHA2569321843754c7c8e5d9535137634dcfa023c9cab2582ae9d72a782c971edf3446
SHA51255647a73ba21e305a091bc9bf045905cdba4a2b46302469671c9f953b6714abf074d1bec1cc1aa5fb129995351e72bfa05c73e570bf9955898470fcfb9701b75
-
Filesize
28KB
MD5f1d0d3fbf7dd72dd8e2802cf9f3088d0
SHA10a09ad2ec3b1c33a8d9d3d6f97004551dedad7b4
SHA256dcf2b2c7d21c4ff10747b03aa874c7a621155968b013ba5ffcd71c10a75a3418
SHA5129f1112423fdf3ece2b8a2f143aeb6786dc5cb1a615be1ccf172928be35b3314cb43c811bc36ccb11b98f3b526261784efd96552c664dd820ebfb86333561eaf5
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
512B
MD526a37c2df126c8ee8a68dba2a5559fed
SHA12c56c8c0a2dab27d2af0d0ed07f9e71b29ea8edc
SHA2566c79c167053f766d1674cf9c41d7b9863091064246916492749922e03be80bfd
SHA5125b4130a26695857b8662121bbed3e0fc6f612b3e4eb185c581e4e00440742a423f411d18a2704482b0563c9b241d7172c89013cfdd1e3d4c3767affab81f32f7
-
Filesize
48KB
MD5aa446e07a0190f6efa09cc782734764c
SHA1ecc35c0c3bfc3b2dc3e5d8eb224aa48343ddf225
SHA2566632672b9997cac01665513311ad84414338297d3071549d4f7a07fd3a05a6a4
SHA51224b2dd6d5c7ba18f5265c760a643d68797a6cdbcafcc8dc45a0b44febe66d87800d0cd68d16bd7fd2f3e54dfa845ed3ab132209f24be5b9e8a7bac5af401cd18
-
Filesize
16KB
MD5b3374053a3add2c5845c7bcb5d70f0de
SHA1102f3255cbec5bed63a2cd3ae15dc4e9642a48c0
SHA256a0bec2dbe5230be100f8eeba95b96ab17fd479289f112a6d32aeaf46f025b948
SHA512aba248c235d301aa166226c10f337ae320e93f66cd952986bc2231351b94b9377e51dde8ab2ddf61b76ad82f52ddb2cafa1beb73c983bf8274a9be42b71ac0c6
-
Filesize
16KB
MD55713265f216e44e95dbf7bab00f903c7
SHA1f53c88ec4be513808469dc8769d769dc4372c2e7
SHA25668c56ac305205828c6519a5b7b1a81e147c608e2f01f7650eb54e0a6d725f23e
SHA512511aa9b22a9091f0d4f9926abfd1464ae8e354211a4a85f0d57fb2f0ab82ccbfdb283e9038cfaa07558040f26a4ec8b3c42244caa51a5b81589fc46cdcf716f5
-
Filesize
512B
MD5ec2682bc8adf0cfd2381314d3f0615ab
SHA1edc90cb93b80ae9e2a2512871f282b070aa4acb3
SHA2563a87bdf0cdf824cf3313fb440be2d6b89ec31943d7334c0e3265122ab46088bb
SHA512192a3655aec157234b8e558ebc26e6bcedcf8d7a8b755e15fee6a67554108ed33058c560a4af0d51403936fc5ef2e894ea665e9eb20f9c6f16975ddd47db6432
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
28KB
MD5d2352444620d94f2b607b237a51de0a4
SHA11adfa325d3cb96f51fe5a5902160cee022b78cfc
SHA2568f55875de90f9b0e88b9abc6d350d0cb857db0817649122ac4024be5422e002e
SHA512655a92cf4b1b13ab9ef008e85d01aad0e359f0537aead622787399cace5c7518989bd8b1a848dbe09bb01d87027eb180db4f8557a16f1ca4b02e625bd86316d9
-
Filesize
32KB
MD5b9f1d4d352a7a2d4d0eabc4da77b576f
SHA1fe9b865b43239764e0f720eab82a1a4d1a91ef37
SHA2566b2f2238d0579d223d9bfc87726e33d86e619193edf62032f507faa952061095
SHA512cb284764948b03cfd3cbced684c918571c4c18c402bd4818f6db1e8b58ff0b57effb0c3b94f85c97de7b35cf90e54f163f61b47982c4a9181829ed071a585481
-
Filesize
16KB
MD5c5d1f74c6e74cbf22547ec7eb4909c90
SHA16113218a25d8490923a1cade998d42491f4065c1
SHA2563b64a0949048f630c52c49e8e20d99f8be7d15da0d7fc56bbb53921951f86086
SHA5121e5bdb35460380dd6814f9c572a7b486f0100edb94ea7453cde3414b1ec14003e36110dfb62f6064fba5d67096eb8f203c927ffab7f275e0b195c3c8173844dc
-
Filesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
Filesize
512B
MD52d58f6466f6db00aa199230ae0b83406
SHA1eaf2deddfeee57d12a888a0c849239ab41da72e2
SHA2568094c40707e1f3f1f84679c6c35e7ab93dce7ae5df300908191518db74dcac4f
SHA512fb8078ce94fa70b7dd2e949462aec2b2d3d1774b5206455b75fe2d05a26afe323097267dbcd6d5eb6b3278128f0261eb89b69eded05ae910ef39666f378150fc
-
Filesize
56KB
MD52e9397ac8ceedb8acc5bd7dfe4ed73f1
SHA15e234202137efc1fe4e1d3cd13e803ccb7265d63
SHA2569f887c5a847be63866f408de29dcb5c3a0009005ec6563360c07919d50d97e43
SHA51258edae88af1f506797d145691963b43c231caaec3840c58f70d9114e978c41e267c6d0a9d315b86781975569f32c9ab3538803834b081f5186cd2fd0f268f0b0
-
Filesize
8KB
MD5ca0cad7c86e083cb39cd7b00d5ac6436
SHA1e0375b798440c09fbcab1b0d961e69f74c690dc7
SHA25693449c0d66055c72a43618ecca7dd37c4ffcd43d3e89f8c406c3811c4ff85243
SHA5121d6f1f37bf0464207c2311ee9fa60f18b6c4f076e1a40759b48a8830bcc84c36f2bd19876fa19d32d680a52f12a2f6e6e346369bce0f0450b808d8426c00ae44
-
Filesize
8KB
MD52a3d88b316422aff3ac59a41c3f621d2
SHA1f3e25a2dd9fa15cc223df459e6d3208b58dae328
SHA256d1a927da14c56bd9638e3bdfefb2eebbc2ba7079ccc7558bc70d54f09cb70898
SHA51234e3e2bcec8e806a827dc3fbd9e7d2006df6510a9df5ccaa0ed9c5335696de30e8b67e5b08c2b94b4a91eb45147814f4562abfecb62d349595c858d2902cd22e
-
Filesize
1KB
MD56c1b3d5820107ee6a6351dcf6baeb3f7
SHA16fba15437a3cbedf131883c13c6221051f2c7049
SHA256dcf3ddba0e1df578a7f3cd1ec1e9acc4ea15bf0b0c55302948e5b76825eda539
SHA5125a31983c7fd3670989a9fe31b9bf038d14a84ad33aa3e8c61b0b7f403bc7308ca6f3a13b67c27dd75d7f6b28fb505dadc521d0c00a812f7484dfdc0a6e016c19
-
Filesize
162B
MD54c842115f455d1ab5f2490613c0dde76
SHA1f5735c664467fc3a5132dfef0c0712870b11dd15
SHA256e61a3ec6577d8144604c4eb481d321411c04194a7b3a4f2efa61b01666485c14
SHA512bf36abaa6f5c80b141427220f1d463d0d33d9e744b5fc2c7786fc56abf91a87abfa6a3efe8c8ff222efb4a4366437ea6a25eca7de24b456aa27484cd6780bd9a
-
Filesize
113B
MD53b39a4c3091af151c956d55a675ed55e
SHA16b90059a054d440571a5605e54ec5b77d09db588
SHA25653369c6427c5d8c1b8b6b01c72a51f80e0988f984cd348350621ac8a7fa79bbc
SHA5120ba7636780c529573dfbae212d1487dfbf8e117752a773e98d6ba35811d4d0290478d807cd8691197a71fb3d76e01f93ec6f08b466a0f5e0c3053f560fd0d65b
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
61B
MD53d919c18fe9a2770f48bd99153a75cd8
SHA147542cd22f2b21e5a7378a4de83dd6f4a3872878
SHA25682e70ef64007805905abbf9656362a0913bf0b38673268ef867291408f7cd2d9
SHA51262f67ece2829265c250ccfe479c5121cc4badace7637a35186377c3f2632dd2f617e77749ab1b78abf22012ed8d2e1a7e008c5b969554ff4cbe50efb2e6a0b96
-
Filesize
85KB
MD51987b208f452541244146779edf99b53
SHA1d4863f60abf5c03c46fd22ca97b8556291ba94f3
SHA25690d8451f78c1f810ec6b9376fcb8047af6f2dfe89dd8320dc02486353d0833b9
SHA512f0eb1279363a73375069d30197a368907f2cf8bf9dca25c1d43889fce738cfb1da16e3d856dcc321e1dd0d3601e2e24121446927cc53b96b032577c889cac785
-
Filesize
498B
MD57b35252babfb93f9aa73da80fc375e4a
SHA1852edb2190f476836fc9c710ed2cfbca9250fd05
SHA25688286b79fbe4c9b3ecc4a1b4ae05185a1a240fbcd99b04ee5e3fd6c5bf48a1b6
SHA5126a307fee9ee0aac821873394c10d3dc5fde3fb07e8e2aa56b58a89284e6d745e4fe06a94b2b0e3531a186f308fee9cd0c96cdfa07c63ed24ced48598d9e59bee
-
Filesize
197KB
MD52328a8d12ed110c06e3abfdf65953250
SHA1791fcdce9a83c436420d70f4bbb56cb36c32a203
SHA256be696ae19b4acadc2f61bc7af2ca621405d37014fff82d495c083f31f9dd727f
SHA5125e42d1b99238a0292cf5417f3bd014e81368d69610dfef746ee15dd16a391c85db9147703c866e45b1fbf5556eddb1738245ed65a5979959bfd7a0553fd36910
-
Filesize
197KB
MD5e60221130803590b5e75f1efa6a9933e
SHA1cc527fec395bf0996934b5a92eb8827038ba890f
SHA25646242170af1980a3ebf9440b1d5b6ab52c868cb7fea9e2f3486cf5c2d31c41c9
SHA512603b4aa4e04a44c9415e1129415064cc3ebdbcd571c8ff35ae021a462fc7f7854f9e78a78a2015f9359b9add4ccb97d38970d6bd54df69872b91595e9ac32826
-
Filesize
111B
MD5a79aba56c56523ac521079f818327658
SHA1168aa2400d877bd56388869229ef9de861514c06
SHA256fdcbe9d8f430c6172b38c6855b38437404bd8b5464b90be3eda47f9c153c1dfd
SHA512927281cf8535ab50fc61a9cada02ff91fef0f82559b6283a51e02173ea3e5919bda055f6af533c6c398643abe01f25712b0cf75753fbc36804bec252277c6a54
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5cb77d4574b7e5988c9c9f0726f945b30
SHA1ab992c7eed1d6091be0ce009b29a406ee03f3773
SHA256f40b010e6d63445b3241466095d58ba74409e0e79b30a30b1d838d2d83739b45
SHA512d8bf39fb99770e3e0e4f0e8ab57910aef0fcce9381c3e005fddc7af4499e1fd89db1bf1ad35c1416416611b4e346efbf9a1b001c5d5fe58a40a9d6fbf04a4367
-
Filesize
381B
MD5c6b00761c410dd01a878ecfb895c8d30
SHA1ebe8719cadf2f0cd82fb7394e0058ec7d72a8014
SHA256a16ec9a1bc4218f3e5a3722c291b4afc3d41b38bf58d9e24bf66408ebeb93d37
SHA512621c80391679105ebe2a479dfdedbfcc05b4fede5e274f3c88e1668c4086c5227a376f5dca29a95233204a37702fdff0e3af556ec94a9546c6e3996fcef15561
-
Filesize
89B
MD5a1d984fdbd7df5f56899ae1b85888e4c
SHA1df0717352ee5313fc6bf6bbfc1ae64325d7311f3
SHA25660c1f13c5c9de8b2e0c70caf1fe0d350ae4f1d1d042ad1073877706065b4bf04
SHA512cf80ef656469c72087af751a457df1c828cb17cc95cda908e11edf1b18b1657af98a46aaab9cafd4f32fb63eb0e54f62d621f23ed07acdae9992afa8348c6d6c