Analysis
-
max time kernel
179s -
max time network
167s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
25-08-2024 17:14
Static task
static1
Behavioral task
behavioral1
Sample
c13462c64ba98d3afde412ad9536a782_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c13462c64ba98d3afde412ad9536a782_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
c13462c64ba98d3afde412ad9536a782_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
c13462c64ba98d3afde412ad9536a782
-
SHA1
74658808829357321604f69de8a56591527b5eea
-
SHA256
5df2bc7f0850aac0a6df57770cff3c4ead00f8f77c4791aef71abbd0fd492124
-
SHA512
467cfa7ad5488473de573ca5f7714259eab31b9d8a89cb5967c95977525651265974c73b5ff867d0498e0408fba9077242ba170688776f541ecc76b602275482
-
SSDEEP
24576:vcEoL0otaYtXM6SprkM4FqD5Bl0ZHqU+BjHo+acjeBKq/13tdHbZKm51Ob83j:6Q7YtKrkruBl0ZHEj7LjeBKq/1XHNKmr
Malware Config
Signatures
-
pid Process 4995 com.vnsn.motg.vatm -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.vnsn.motg.vatm/app_mjf/dz.jar 4995 com.vnsn.motg.vatm /data/user/0/com.vnsn.motg.vatm/app_mjf/dz.jar 5051 com.vnsn.motg.vatm:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.vnsn.motg.vatm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vnsn.motg.vatm -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 15 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vnsn.motg.vatm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.vnsn.motg.vatm -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.vnsn.motg.vatm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.vnsn.motg.vatm
Processes
-
com.vnsn.motg.vatm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4995
-
com.vnsn.motg.vatm:daemon1⤵
- Loads dropped Dex/Jar
PID:5051
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
751B
MD59c8db95e88f5d6bb1f6035c6f34cb180
SHA15eb9e952bda630c99ccc6cda0bb53d14fb38cc6e
SHA2569a449d36ce548d2df2face300e2ae2896d91c4ee8f891c1452796795b8f49067
SHA512c15283e7eb61c9cd74e497917356f2dfa71c4a94435adf4856441ceaaa7ba1acb94d2081f1270a66ac550b3697d7a18c535ac5896a7f67b39b51ec58206cfa41
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD546c273b87cfacfca0a1b87179aebe749
SHA186949e645e525ffaa8d6b8e42cee6c38d1134117
SHA25672e5500eb7903fae8385210ca950189f6098395131739bbc7fbafd114dd92dc5
SHA512d4b039ccf5c0eeb6bf706af40fbfed3e0f5a74ab102f4fd3064f344ea89249269b2d4e9fd86a0ba5a3e50dc2368479155cd4c6d0a0ce6f1d8d6ecf6e76267d07
-
Filesize
512B
MD50b6c85e91b0e2cb2896e9813f4973bb8
SHA14087c1c9913dc995eded2f916b7a447d470f7e0b
SHA25668a709db32959e6759db0c1575f8b5e9d894938294924932e7687c92a682ea69
SHA5129719e6b194dc7e362263823c3ebe481fd52418a7f505c6b2de9247729e5a5661c7025855b355d8d30f019a2dffff5005586f1363f96f5635c397a5e56fe0e847
-
Filesize
8KB
MD5292d9b690c4066afd382a2eab6f37fa4
SHA1e4c404835abf7098557cb257410f96c63d8e5d66
SHA256efd30cb36cc9701c1646d8c414a3fbf1309831f37f73be19c3fe99f4d937ba69
SHA51254755c7e5135e756532c9ab671412c3744a763cbd19c1880ec4352f453c13df65c4fba9bcd01f4dc793b374ab003a3861334863d27198c955b6521ceee06d47e
-
Filesize
4KB
MD56a8266ee90b22382d6e6f0fa7459379e
SHA183429410f2fb72aa5a82c107fc155862f4a6b109
SHA256e4d44b9befa53d42332ce15f24602cd52c104d6b896672c149eca57860e0fc6e
SHA5129c2a5e03564d897b631ac4ca8f455c250503a5c654c5015adc0e741431179daf9c0a5c305036ef25d603266e74d1301c78103af58f5f7777dc916d2cc7772d6d
-
Filesize
8KB
MD52a6c2ac99364195993bed6ccf8406962
SHA1549d55dc4a36134ddb0584384c8ea77241ab2e5a
SHA2566c724e8d3148379e25853e7daff4a838cf91cb6533d6642d7e060638df27de65
SHA51247edaea5bc985df79e707d87e833a17692f149e6fcb4041f1c261bc21e41b13e81e6e2b4a30a3d8f93b63532f01bffe4f1ca3c678676b6dea8bfb99f6a245c5a
-
Filesize
8KB
MD573ea7162fd04a76cd1c722bc07fd19b2
SHA17a2f4f83c03a1e8b0e74052732e1cdc47c665f0d
SHA256870f9fee763de9393f362d3a990af0cf54483561d4f45f9ce815485baa66bd02
SHA512f3a49e40af4fe450f496e773b902211357d5deaf13071c376a609e982075900fd390bd0e0a13d2dc6ba70d4e1f70acb774df03304e319eb1e601f7f4c7e888c7
-
Filesize
940B
MD5180ddf2449eb987f49a7b6482fefa330
SHA12c46f13934f63a916e8c053e9a70892329a20306
SHA256f0aaf24d674580da44e4fda9781eb84aa83cc02a5e780faf346e969be5883a76
SHA51280d45933c70ffb2cc76c6339de09ad429e8fb353a906cb07845dc2e42f138164d2690732f8fb22055d53a386e6cb70d4bf11a3f1b29d51401701305722109344
-
Filesize
940B
MD5d833f984be07d7930b5f5b940a41677b
SHA1acb29f7d4a139027bc00b3661a540e4eb0da3675
SHA256061bd355af5e0986d0ed62778a4cb30b5c11569addfe2c6179098107f03d5fc8
SHA512fbbae14731f086ba9d6322ea956d93ed23b4841a2b6444a0feda67252732a89e00c2020d0cdf6e51dcbaeb6a2099a4705b17f28d70ee53e4c6d7f4ec0a1462d6
-
Filesize
162B
MD518bedc44493e6725d698e240dea76397
SHA1f7b1d0c8d5ee6a77716f98f9b503b54e5f8de413
SHA2565e2dd0e2863af94391c093395f986c46b7bb2bb984aef201adf5e074b778dee6
SHA5123382c293548fefec1e3441a9cd1166da2102e4a75e70f1da278d63a90827f04a84b1fc169b42cc393c50fde7b606ae205f24c00bcab8250380d76b0991c0c315
-
Filesize
200B
MD5ad82f1c0af1296c9376d381370783a31
SHA151279f565d8f04690c8fc7aa9fdbc62f74c7214e
SHA2565382ad584f9a73118fb96aa84ebdeb75b8f4d8b380f5e0b702506518b15beb8d
SHA512b23dc2c532fad4a303889be8e256711a1989054d5e78b7e08a0801aaef334bce54b4bb06866918dd74fbe62de835bf891916228b0d51bce4df9c4e9a45461f50
-
Filesize
344B
MD524e1786d0edba9e2c8980441c51c89a2
SHA150f1599e96ee35116e61f7ce163bcfb3b3c543c1
SHA25645ea61f96ec91acfa3fcbd22de05e44d0196855b72c92cffd257d273b7a8c47e
SHA5127f8aa28c3de6c58a01e3374ae18fa56d696c16a7055f91b1af9c2684d63a16d0171565a0b370f6b79452d5453ea6e81caa1ab0dc3b632822de20cffd0870b434
-
Filesize
175B
MD5b3821776feabc57a2863087609464748
SHA108de02e074c806a55e92216d4ee1a592188a6811
SHA2561ceb15fe0f94f0bf221427a15ec1ab749145f239c0fd36b94d67799ea6ec07b1
SHA512fce01fc14843bc96b677b2ecd9657cc2d6fc92bd96c7129714035e934a017320b85ac756a6536d03b7ccbfe4990b2361a65488e1733673cf2af67e90d86dc19d
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc