Analysis
-
max time kernel
174s -
max time network
191s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 14:06
Static task
static1
Behavioral task
behavioral1
Sample
bc578bab172b8aae0329657e187d4a8d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
1.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
1.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
1.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral6
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral10
Sample
2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
2.apk
-
Size
1.0MB
-
MD5
2ba0797d94fbdcd6307612b88d5fca15
-
SHA1
2d77b1f41d0a3231b5a1f9af1f5b2fe3750ad6c0
-
SHA256
78cc5e34990e20571cf2885d9f6f9d624ff9b6e317e1f71cd8986c7532117c88
-
SHA512
440fea9ca7db9d809fe5c7844c1a5038f6ae6948091d8b0a78f802914473938002d73e58a5ca44d5d9a7c27ad6ae931c37d005348cde312463a6089514e8e54d
-
SSDEEP
24576:I2oRrJAkb//ZmyT1OWa2xZGyd54zNScnzbcYPjH:Boxqkb//wyT1OL2a0OzQcEejH
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.goyourvafly.classcialioc pid process /data/user/0/com.goyourvafly.classcial/files/sdk.jar 5136 com.goyourvafly.classcial -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.goyourvafly.classcial -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.goyourvafly.classcial -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 17 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.goyourvafly.classcial -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.goyourvafly.classcial -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.goyourvafly.classcial -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.goyourvafly.classcial -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.goyourvafly.classcial -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.goyourvafly.classcial -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process File opened for read /proc/cpuinfo com.goyourvafly.classcial -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.goyourvafly.classcialdescription ioc process File opened for read /proc/meminfo com.goyourvafly.classcial
Processes
-
com.goyourvafly.classcial1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5136
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD511885e460d728500f999180f2c78fb3e
SHA1f746a1b478b1c2ec548eeffc0255671d6367fd16
SHA256c830279b57e72404b1a0a34b57c83f5ce49e372bb46c3f940033dcca6bfdd7f9
SHA512ae594ff27f2e86c3fed4c20d1912eb87bf21026044a34116323325430452e96b3e6abe982e69aacf8fe52cf2ec629989dd4e6b3ecc0d5374fb635ab41f83ce3c
-
Filesize
512B
MD561b2c866808db971a5166790b12b99ff
SHA1ce1bf2f02907639b5af322fd7d3e3e31fe54b925
SHA256bdbe9fa30b93522d06197dde2835913e16b2940ca9c7f157c3dab0a315c9f445
SHA512b25fb8bc6be84dd10b1dea89ff9e417a2f1d8d415d567238a7fa5c1aab82a3fd81ef32dd0df4481d3cecaa9d594ede474180bb24b9626bcb4bf2978732be11d9
-
Filesize
8KB
MD5e4bab99f57ddd551e350d2ae94e44079
SHA157ca1af099248025d02bcf20ae71e8a6d4d24b5b
SHA25612211d272df1e30e156f6f2b132b66f22861bef6bd8b1fd7b751802d04a6d6d9
SHA51206331cd5ca738f7d6cc6585a9002e71d19694dfbe4115615f0423b2478fa6876c31234b344a7e8b615c7660f1910f31d2d29d2c21da80e48dd6624afe8b90051
-
Filesize
8KB
MD539ab25e6bfc89a066d47d8d08aa72c3e
SHA13faf84dbe7fe6164e89380c988b54007f27eb668
SHA2560039890d6f9329dd6f115c0f87864ae002c97641a5bc2f040b400198481d66eb
SHA5127e8b4f84dcf32b8a55ea1d7b35e94a569ed589c55405491efc75508614e53b3a3f637c50e51daf90d129b19ab9a86cd1b8228abe5c8008aa18c170394eb1641c
-
Filesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
Filesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
Filesize
512B
MD52e28373cc293d1b885f1299cef943ba9
SHA12e96fcc2b944223931faffc43a83542b6d0f5fc7
SHA2566ed66f0848804e9d4217e3283ce7e788926278a54d5acc27050f934858b1f153
SHA5124de55408b127070399a385056e796789e1e01ea870d9e70c83feecbb19df4832f68f35ef6ffabec5e505455cc8d4c91f90706cbf8871476ce8e5c3037a2d8076
-
Filesize
8KB
MD578e776f0194fad37449289196a19d05b
SHA1776b5be60e2837029f5a6a3bac4195ffd25ab7d8
SHA2569a790fe222049625f5de2c269e6e528b999d04e4c6d40c8f8bc31b619e23b03a
SHA5123555b00ea42cc9307dc0a10f133682e319f82d370c15dde1a7c89dd74b904264ee55543ee4fdc8d533dac220c512750383a9a2da4c3403756e66c4c1f6f364ba
-
Filesize
8KB
MD5315d084e54bce2508e71f090d05c1d00
SHA17236913d6b950bb78f3c27d182796a70d1fe7ed7
SHA2566277d43bb9899764d32326c39965724807342a91e87261abc637e2f3920b423c
SHA512322f3216b2e14053cdc05857b0bf604938e4c969a5035f2806af0beaca41f3444e364272f0ba4b147fd332712d51a5572d14a0c323a4dce19a1e45cdbe953d25
-
Filesize
8KB
MD50df7134d150f1aec277f129d8d1d7be3
SHA1de11c0650542048fdacd975b9bb3fbb6f05946cf
SHA25632686a1fd20ecd946a2b4355a3925746b0c28f47c1f399c6712babd796c3d834
SHA5124883bd26ebaf1165304ac993e5735a098ce38332c133f103e4e53f58b68b28d9bcf4d34953242c450b749fb19524b0d1be2f5c10712f4d953e81fcd444bd977c
-
Filesize
8KB
MD561246eeae91784042ed8d4b58d632531
SHA15c1af7242f5b778aaa39b1403c1b1d4534f25d81
SHA2565d65d4c00de5171df298578be13f271c59202cafba104854066fbaf71c0c890b
SHA51280bbf240c3999bf419aa9bb2711706347a0755dee6d6aec497e330aa769d9e76a55354a1a1a6177f39035bf60f05645ae8a897e8e89d0860be60946bc3a71c07
-
Filesize
12KB
MD54f9f11a22881f4f85696c69fb6e52572
SHA12bb24878293f896167ad58b481eef659e9ab2de7
SHA256bf90655ffef527334bf4df0efd9f2c4aa6488c0be4b534684b2f848cc91a969a
SHA512287fb124889163e73a28bd923d9b9cf0c00f1b7c81fcea3d674864c443f0e16edbaeb3e691e3221ff86f3a6500454263c454765ebd751c6bef9572df1278978e
-
Filesize
16KB
MD5e114ac27629c9bddad3e48db258a476e
SHA15cd9df67d90dfa6324d03b1362243c79e29bf0ff
SHA256d0c5449074bfa3e6e1ed59f3306d23768a7fdd71b27c071240b376f8d5b517ef
SHA512e87afe99a4b7671ac4c22497edf47ee91746b087cf1108c7350917ce78e6ec16170ce3907e297773289488ea1966d32e38018239aaa5c2ce9638125a835afc29
-
Filesize
512B
MD55c7958909ad75c1e31c95ae2d6e7af53
SHA165f2b479610a9c08db42f987990e6c67da8de660
SHA2565335355fb511bcda5a93efbb7c5d178749e7b2784bdc1cdafcda56bc368a86b9
SHA512aa03b506981dc579145b03ba6a224229ef22276c764e8188d3a6f611f36ef77d0348518c4ed3c52f969179271b8ea21028121bbeaf8523cf7fc3b3e9a623311f
-
Filesize
8KB
MD59d86b30b6808cd52ded30b4601b6801d
SHA1cecc220a105dc4d7aed8ba77195fb26e1ab562a4
SHA256d16d60cf79425b85b10ce32286f74ba4d1a60fd9339d5f394f92f0d2cb7ddf4a
SHA5121a4b7e68cf06812ef9af350f9b34376358b8f62bb231b51e928c717966f0b46dbdb66c4028d444fb79f34f6537d9e26ec5cc4de77dd7e601820041a82651645b
-
Filesize
8KB
MD59562b898c4b8cd52bedf916c82d967f9
SHA1093d32034bc8a1f61fd9141b845a7f88d5e517c2
SHA256810bf5d2737c5fc67a62ca4a050f5a8fe60e421040326a79385bdd07e8393dca
SHA51228672b282f8f6e7991e695ac12ce6844d8198fde42aa8bc659005bb585cfc1e98aeee8f3394914ed9245657bfbdd6120c8a91402392da97b699aa3ad28d59f7d
-
Filesize
32KB
MD584eeedd680bf12d0739c2e34d5d88ed0
SHA184e68c6cda552e18399605cb27bc5cedb2fea1a3
SHA256383e6ce4a1dee901691e25ab71c6aebbd6dcbccb32066deb1435f1df234d8bf3
SHA51254003ff00ca592464894ccf95e65dc84641fd40daf1cbfcf16921d5e36bcc1a3c6a7972698210aa79577ddffa802b61029ff6a1690b1f17418c12a7018091f22
-
Filesize
16KB
MD5894a65f8a6ab62f3c7c86ac70ea96d7b
SHA190bbb1cd66e1e3ea5df46205f36529dc00940cd3
SHA25661fbd71474b37eef11c2160dd1e87d9a3d1acddcbaea76337c9514417a5cd519
SHA512d2658af1ec3ac4f803c7dd5e26d523f3a6bda162aa22584ccd40d3e9f844e3966267c804bd3f3482cc9f5df297cc4a092d36de27c7085da92123374fceb06cf7
-
Filesize
32KB
MD5d4aa9ece6328579081b1e15d1987d3fd
SHA1a2b5afe9c0ee7967336d55116f5d23335c453878
SHA256fa5140568beb67357c0a441eb4decc9b64a015c2d7c4ea441d1cdc32057dc6d4
SHA512e018c93d36712de842cdd381fc58fd16acf8e975e89338080fae903b67a2224a8081e77318a89d906e9a5f3b3c596d66c9824ec4f5f169e8eaa52fa74d587a97
-
Filesize
512B
MD5b39cca80274ebfef5195bfcd79b307ef
SHA12355bc49a02fc3d5d99d72c2f5fb6ab98545bdd1
SHA25632c508851a383650bbaa81ab533bfae6d9b3f8d5931f8b40651c86346d50152b
SHA5127019984af6e09d92bf1321dccfe05772469f32edf9c2fb3342a32870b3ef2e20cad51a7c963335f9f049b0d3997da646908482e18bedd49e31aacb39b67f26ae
-
Filesize
8KB
MD5e975b38f4a31e9fcd15cc2575ac5241f
SHA196f7a25683d5389c157b29698262a60374f92e20
SHA256496b62109390056bf869699c0af6aa35117cb1b7841091f419cffc4d40681d7b
SHA512d85d04125c965bc1dfd0be8884d25d95252852b92b9c308c615b4eb7dbc1bf95fec90fae5b117a272e3998ae4d36488fabd5e94c84d654eae9b15c53b3db9340
-
Filesize
8KB
MD5511d0ece3f411dfac7b9c6f86ef25700
SHA14fbc910f4399ebb2b9242f9c3f93d0524ed96ebb
SHA2566235d8cc7cf8b5e004b845c7f800ab024492f97122fe436b5382935202d9548f
SHA512ee6cc90666c898b0bc19fbc1ffb38ccf72613c392e99fdbfb4ae84f28668c0244f0dda093d1eaaa4b788d7ae45a1d85dc479e7d71001c24a4e1f8f2a685d6308
-
Filesize
16KB
MD5395e9ff37c2b59467c59a55445056ca3
SHA1ea12d3881c53a8a346fca0d24b892c6e3e763a95
SHA2569fc6128bd2447eaf4f89c806368000fd977b657b8636214c8bc4ed34e2feea3f
SHA512cbc5f4f5b74b4358817f084299215ae175911941644cebeca677281845c4d844f7b05629b1162ae75884a882af91fde2b55ed1f1841b40b1172b1377e7b75b36
-
Filesize
8KB
MD56d796c4dd619cd531a1ada30bfb467da
SHA12133acb8e280e938a5e1bc00272b08f5cc9815f2
SHA25606bd1262026e3cdb3dcc2b0bb5e5c3faee18b5d2f504cbaa49e29a2bf329b132
SHA51299422d5eb51fa7b96133cb28a970d8d4356fc8402d3330effd373ae8e462fe83c9ae82ea558657cd4dcfc3c8031f83cd389fca37a53d44ecd4a63ed21adf9614
-
Filesize
12KB
MD594b0b44ca6c89fef0b7829089660e73b
SHA1f8d10564d26b81252acc3f026d224ff15680ada4
SHA2560693db8b9d2d342366b4bb34dcc310072c707346f24e8e53f06f0d80418e5c33
SHA51274d9c5c6c6c575efc1885f9d5ee8f98c5da36d22d6d550b0ea210c86b7a01263972f6177b4446f18a8494367864fdd19952892c5114b2af11ec89fd406a00009
-
Filesize
1KB
MD551ef8f24c5289eff038ec279d8e3af6f
SHA12cb3f5a05580d2309a3be91871f25932db40042d
SHA2568942b6e8309a6b2226b4387d49577484987fe1f3e0bbdbdb0af3dc2d4b9d5638
SHA512f68c1fdc197c9a7641dbd40a625cb7bf1d1464fb3319be0635eae027b9f659a17d312bb9799ce4a7af1f04dff29794d2cc1b8f597e89357d66d71c6b9192125e
-
Filesize
162B
MD518c0154d3e70e3df7bad3fecdc8b91f4
SHA15b1bea4edbf5c6db386c6f57e7a48774a2e1cf86
SHA256b58c58cfa9b9925559534e1b76939b8eb0b8a155c643803e31e8e0dabba83cfb
SHA5121e409b9bab93f22908e5bfdf8691abb74b49a3ef175c42a583957ac327c3e05af267e07f508203db7f0f3d6386a1dc5d526ac2b6a357bcdf38ad7c4dcb14090a
-
Filesize
114B
MD55df31b255632726344b5f3c2b1fdbb31
SHA11c30f18b7eb7f002f6be8a43140628cd4f1954ee
SHA256de770614995f1d5b7fed62a4b05a7dbe1546d1a211ce77ae05f6081176c12e18
SHA512aebd070d66df0a963705be3409c182d4f332f91779e96af2b2efacef89ea38003eed2b1499813884d78f53dbeef208c416f1c827383296e56b5c4957cb2bb7d2
-
Filesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
Filesize
61B
MD53d919c18fe9a2770f48bd99153a75cd8
SHA147542cd22f2b21e5a7378a4de83dd6f4a3872878
SHA25682e70ef64007805905abbf9656362a0913bf0b38673268ef867291408f7cd2d9
SHA51262f67ece2829265c250ccfe479c5121cc4badace7637a35186377c3f2632dd2f617e77749ab1b78abf22012ed8d2e1a7e008c5b969554ff4cbe50efb2e6a0b96
-
Filesize
85KB
MD51987b208f452541244146779edf99b53
SHA1d4863f60abf5c03c46fd22ca97b8556291ba94f3
SHA25690d8451f78c1f810ec6b9376fcb8047af6f2dfe89dd8320dc02486353d0833b9
SHA512f0eb1279363a73375069d30197a368907f2cf8bf9dca25c1d43889fce738cfb1da16e3d856dcc321e1dd0d3601e2e24121446927cc53b96b032577c889cac785
-
Filesize
433B
MD58f896ca2856773e28f2dbae3949ad812
SHA195f34d61dab393d3e8f061d8cf58d441ef5ec57a
SHA256cf85dfeb0b87c60412ed75b1a53d47d13589ed11e753a7d558d7926110f59cf1
SHA5129913d41f535de7f6f9370d5da51339251a78ed89ef3d1ffa638fae3ce435d5aa4c2b4fcd40fbca813ea7eee07ecef26cb9908598ebc1b1107fb7ab4120bd9f53
-
Filesize
197KB
MD5e60221130803590b5e75f1efa6a9933e
SHA1cc527fec395bf0996934b5a92eb8827038ba890f
SHA25646242170af1980a3ebf9440b1d5b6ab52c868cb7fea9e2f3486cf5c2d31c41c9
SHA512603b4aa4e04a44c9415e1129415064cc3ebdbcd571c8ff35ae021a462fc7f7854f9e78a78a2015f9359b9add4ccb97d38970d6bd54df69872b91595e9ac32826
-
Filesize
111B
MD5cfc8f53f512dd98b7a056c28683b0585
SHA1177ac3c2e88d750587935b485a7da7be59d3fca6
SHA2565bf6f9899d0244d63d679d11ca8c5376d13cce120f267a77618f71d9b758f82f
SHA512a64ac49665c88adc25469859c349f7148d1559977ec0c539012e8218d2576386701783a80d45f46c22220a70676caddcef619959f1cda5be926a2b1c90bf1760
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD59e7782755a348facd8a61a4d40f567da
SHA18584928340b773f82b47af2e91240a6bf43e93a7
SHA2565ad90231ab3d76ce6824e140b741499691484853af3ae7bc6cb750d65b885c19
SHA512e581166b6a2bd28c8958e27b8c5bfd33ad1be8adde3ea3def2f5e02f47e9572fc0e0f5c073953b4b92b8740969353627e969470e638551fa3972e6f679098ad3
-
Filesize
408B
MD50f455246238b9455c7f726ccc22941c8
SHA1fba733a05ccfd23f661e5a52ae752482e15f7478
SHA25632022a73cb4ed73e470ce44f759778bef16e48d421be36deffd6d424b62368a2
SHA5129f9bf3c1eb0902fc3286d102998c645f5726e7f0c9ccc65f4d84bd315d4b084c3a93cf3f0e418c43f8ed9d06ec74d424599bc38155f388224f7faa6eeea0d1c6