Analysis
-
max time kernel
178s -
max time network
168s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
25/08/2024, 14:09
General
-
Target
c0e8863ba90e1f086ee28e43a69c19a0_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
c0e8863ba90e1f086ee28e43a69c19a0
-
SHA1
7757da1fcdf19bef7e50b0851665bcd61704b6a4
-
SHA256
210750dabe8e34822418d90e7e15fda6508342a9e88617297839b6137a074612
-
SHA512
e03e0ba88271a4190aac36d5fd789e53e9f4809b553b4d95c21cdff2324e2d49cc7ea1d57ec27543277087cc1eadfc8fdb3650593720e8b7385ef697070c42f3
-
SSDEEP
24576:g2ZqVoL0otaYtXMieqHJCddRtLKaAENssa3o+4IjwDMq/13tdHbZKm51Ob83l:tfQ7Yt9eqpCddRNKaVNsbLdjwDMq/1XB
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.cgne.vwyq.akeo1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.cgne.vwyq.akeo:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
729B
MD5f012949cf75d5de805923f62db10d535
SHA165c920541c8bce9001e063adc34447faf43e6032
SHA25637eae2a866b3a417c69c158638d19df32e3bd1f914274c113aa6be4fa56998b6
SHA5125b7a0cb84f7939e1240982f15136189c37dae1d6645f4c968591e5ce082ea7462ad28cceadbc1c3d28b6315aa354cd343ded4345a6dc515dbf67dfcf993bf637
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5cd2e0c560fb8059c28b961e686a54ebd
SHA10faf3dda5d7207f7ccb10b5288741d174d72effa
SHA25667332d85274f4a976f1840b03e2a6efeeeda8d093e3cc06b5efc9299ed5e6e97
SHA51217ccb1336d0458995a80b9fff0bbac06135c8655d47cb36791d4460225a01f60d35ec4afb3a21704c20e449e75fb366e6f95d32f9e88ce2301d592dbec94f5cd
-
Filesize
512B
MD5045186accfcde4317f3b658405600ba4
SHA1a9ff4e4f0ac644f6ca0b3a3e2ddcfcff4847cbe7
SHA25663edefeae511b7422028f7df8fdcc0c3397a45f5af4d38f3c3a151f3ea0b8c35
SHA512639feaeb64ca7ebf55a88d36e0c8d00dc27560d8be4b98cd735149419d500b1f4e0e06d15915506a82b7611aeb10d96c146cf8518df9a008d862eea57da5fc42
-
Filesize
8KB
MD5eca36072b3c7a4b11d87c4ee0c52d6fc
SHA1542f10c974b6597106c1645dc034ee48f867cd12
SHA256d1497b2635dd1649117d0ebccf66b49818179730023535d4abfca416286bee3e
SHA512d12db7a8e6a8922c1b9002948c4f8663901176c8a1ae53f56ffcfcb2dbf42f3051aea5502934a82bc18086df478050eba2de1e75b00aa5a733c17463f3542725
-
Filesize
4KB
MD5f2abd72903ca3b10bba12e23d041192d
SHA14b08416ce39cb5d0e4dc5f12cc3825efcea44b8f
SHA25622d50224ed16dbcf1f9ea912a86aeb91af8092c0b02d037c2b0aa8f93da08b28
SHA512707881aaea4b2d42d751a07d1bc56099805a4d270d335c56cdc6d530d4ce6107b80a373d77941211f30626315c38b6d194381df4ceb7bd2e87e212ad7f81e257
-
Filesize
8KB
MD5b17f4a534c0c4267776c1fcd9a71247a
SHA110497fd07f6df4db0d83945cd11c3f5b65e1d475
SHA25666a856e04e93779b3e9315a133a93f0a8f93dcb08473e454607550b684821fd7
SHA51296132cfda922cdb47932fd8a84759c9e0082b110036db7fee823fb689bf695c1287d564cb0a7c3c4c14121299d864b8d00356e30b9b9df8c8c308ae13a541d56
-
Filesize
8KB
MD5fec23fffaa239e7c1327169a8f8fecc2
SHA18408eeebd5c1dd6b12969e19f84b47138bcd840d
SHA256845e7a37ba6522915abe69a47ff4a5737ec8347491ed1dbdae40abff5fdaf187
SHA5121258d12c3438cb1aaf13f65a0d883f598a9cd610456659437a1f37b305e5d9080a54bb4836a1f8f56058002fb81d753ed80930d3e4d1fa16b6b6885b1f27fa12
-
Filesize
943B
MD59bf25a4dd9fdf41d220aa37c788f08a1
SHA1b23e27c5c5daf2cc0042af458fe0c82dad38657b
SHA2563865c6a2ff6099669b39dc2bfb07bf20083388c359c6a472c04891fdabf3e059
SHA512fb11cdf0c808e18a0e7caa32e1e4a39be02645a98f7d541b2ea3f141903069ea6ea4616d43b96d4e3a498e0e0958330287718c1ce3caab9be9c808f3a5369563
-
Filesize
942B
MD543f0862abe65c4e1f40da2544cf60994
SHA168a11c38aa324ea445f87105a9393ed26167ab19
SHA25619a93e4a684694bd73fbe22ea42912860ef3798e2568b825bed10bc7f1d461a1
SHA5124742e5e6fb6b4deeb33753dade8b27df3ec1aa2d88c1d7d3d205910361dfc94bb255692851911b0275f6864ff2ebcc03c618ee98ade3e71f6d8c333dcc467a0f
-
Filesize
162B
MD5bcc6025149f61dd0cb9b00d9166d5946
SHA168baf5eb3935d40fc93d9b4c1ddd7ee9a106cfb0
SHA2563f692f47a0f1ed62e0e90ff025aa9a48807b8a08f9b069820c81f877f38ba982
SHA5127f8db33c3bf6cc622ab8288162e6eb34a1efb6c8bb1a46c462e51a4f82324e8f5a644e7f96299c59b37780dde2c45b5f1cff27885829c138448552d311e56294
-
Filesize
202B
MD57f0d4fc538c9dc9529dfa3891c7673d9
SHA12a094621d5e0d2e44a81faf889b8ead46c80be51
SHA25676f6f6a0e5ac3e2d4b01f20668683066242234afa9498949ef66a9d4c240f3e8
SHA512ddd2568ed7818d43cab3cc4f54fe5a4ef95f2c8e32ca8982159f713e9397c0fe14bea83e2a4d50c29c648a21e5fd6e8df6bc2e443bb034ef961478129a4cc226
-
Filesize
348B
MD58127471387b51241190cf638f11ae810
SHA10587437e20abdd732db40ba5637cd51c86222915
SHA25606f8989713f7162d8e9111aafc48438a8c09e3475db395338859cb73d3879878
SHA5127e1f5f5eba2a512dbb33efa6ad33d23c32dc0ad02950969962ebc6a34acdb4eed35f25493bf0776339e315f594caf9fe5758a7152cf803826d7b08c4ef3c1533
-
Filesize
177B
MD5e4d2f55d2cc5faadc3b8f0e1dbee650c
SHA1b90af9dd34c8c6eace61066175cbbeb832fe13e0
SHA256064cb442834d0244f0af5a5ed96119279983cd7bf9edaf4994b25d9c92b2beff
SHA512692f43f9d47d3ab5bedc50e2603fd639153077984e53a83c6a455016198930fd33bb357ae0c0e00d74cca606ddda7cca82180f31d7adb98ee9696789a1b2b2bb
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc