Resubmissions
28-08-2024 23:31
240828-3h76hasbrg 10Analysis
-
max time kernel
179s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
28-08-2024 23:31
General
-
Target
c7d89216e74edf933ce8f5a467e9b245_JaffaCakes118.apk
-
Size
10.8MB
-
MD5
c7d89216e74edf933ce8f5a467e9b245
-
SHA1
3c4f5437fabecbb4b747896b0161f21c33f71122
-
SHA256
6119f226c79c0e1a34106c08a174dd55de90d6c4160ee0bd6d589a504c42d8d1
-
SHA512
8f7c9623f60019e2fe209806700a1e0b0a91e3d448400a081f558c9769ff18ac3e82116305a5d5be788f9d824d559c604b6870dffd38d31258ea53dd1dfcb32b
-
SSDEEP
196608:bjH9Cno8MNlQstqztOuYe7iPDRsUdB8GOxUviNISmkxoIlThOIYJnbS352sE:bjdCKlQsAztOdJdvK6SmSYU/E
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
android.process.acore1⤵
- Checks if the Android device is rooted.
- Reads the content of the call log.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142B
MD5d1cd791b0d73651372d054ab4f5daab5
SHA1ea3d686e83b459298173d6f1f7d028bad26007d8
SHA2565fe678fba5d446955f3c020637913c0c4f64339fec454437a2a87c9fd8193774
SHA512213fd7aaf3be2cbd6b93fd2b59afc8a81fe27cb6ebea13caa864ce2963a04bd38b7c5e392aed130780fb6ba57690b96905cd82ce8805820c4b79ef2a304c1671
-
Filesize
182B
MD591a7625a238eb8d37064dd727a960602
SHA1317cba2015c1acde363d5bcc8c6823b42caeb344
SHA256bd3cc4429fc0657e19913f38d333bbf3219168e9c256a78ea0d8b646318c1b6d
SHA5128028838a9f260fc89ee265e4c9c8175a4fd4d6e0e412ce0ca9b48620b7e72aa9245f64f79c6e11443458375af6b739f70be4d856fabfbb53f156be0d702aebad
-
Filesize
141B
MD5e4eca28890a53fb8560108f25553c26e
SHA1e29e7f394ec290f4a48e078664aadd147fc9e59f
SHA25614184508162d9fcfd8935f5d5912da6b81011eeff949ca5060b701bd168fce34
SHA512a2aa0a9a18a2f14b8e244a0017c05ddf242ed343b2444f2079c089ec0238b030ebaa81c95d5728cb23435b2c6fc3636100213abb9c1c9c1134b2bd3917342526
-
Filesize
13KB
MD54443f3729597d8e5b8c7503a92f00e43
SHA19d759cdc81dd276466610e4008d92de1b166d171
SHA256ac231841e89620b432ca2dc80cb04f98e374f3d95231272949da45e727c9d0b3
SHA5127419f5cd25b88321da9218d9abea12859481d7ef297df41db1791114b740de15ff02c34c2656869f5650ef45844974e98f175d2376cc58d9a19d57dd6831c4b1
-
Filesize
512B
MD5e8ba216d70eb667bfe72bfc0e30ab83f
SHA1c62034adda448c58c8a76b53eeb9c063bcc49a26
SHA256c2ebee4d9d9b1c5e65b3ba20387bac3a41e94d74a2a8c486d0141dbc2f8abc40
SHA5120234b6cd0086740deac6bd42ec4b4254e0f33d511f21568b27207867ceb6566486ff65011d803eaa6616d1343b76d7fbd2fb2c89cc5f4697a2321ec8e7959129
-
Filesize
28KB
MD5d254e39bb0751477c522a312441143d0
SHA19a5728e7dc365d733b877539ed5401b3276d2415
SHA256bb3f93c48f0199da27160ea0aa7eed3a383ba76cbe970c5a976c5d0e4f2c4c30
SHA5125540e5b590f927e04bcd76d2a1e302729818f70152a55dc6ccc24b45f3315fddb3b2780ed4e83a8c7a4112e85505191ca3e3c240f9365bb98bbd2a01d5d5e6d0
-
Filesize
512B
MD5dc18d4f17f9e89c7a40ee732f730c02f
SHA16ae9bde50503b36cceb599bcba08492190b6119a
SHA2564fc3f9708c4389946b2bbfa08462c7b6e876a0bf443147b3a36a95ae21b7a99b
SHA512a0bb2e798491619db71b69624253436d1ffe3cf5a5af75a842c0aaec0ccefd0e8666d4006b3320ab2f1034360cb845442f78e76899bb2a58139a7cea60a172e9
-
Filesize
16KB
MD5ef4ce57dd8c40a00147fdfac829b42d1
SHA15600b775017a633c49efa693e8f46759b2512f87
SHA256c7ad0bb410f719d80366e99a3c2eb1acf208326c949973729e47029725def6f9
SHA5120e0d3338d4b398bd060588c84fac6b440bed3bb03fcdb2d75052d49ed05ac0d9b7f30a7338d963ccd1dbbb74272ff3e85dd744abacf00f5716cb9a8e04b5c521
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5315928abad4b857c4ac44d8f22b0c55f
SHA1c65a01573f8285552e338ef312275569aa702d0d
SHA256db78ec02a7c0b2d6d671c8e600b5e770a13058052782ae6468866bc0a5b69a53
SHA512c5e70e4617fa986581186f8b1e43f06edde278a72b1ee548316e7e63c1a3af588e91acae6fa326f8985cfec86b5a8a986061046347e70035563cd7b3d5494699
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
60KB
MD558f6ef5b3bb623fdbfe58bff5b4e4a2d
SHA195a0f17e0e7638a749b21c132c5b6e007c405bc5
SHA2569df8782f54a09f66bfeba91a159cb7dc2ea8b86b2f2979bc59343335f1c27253
SHA5127ea57773d9ca114364a21dce0b320fdaa45318d3af9b40915a19a0c0e37acb7226f278b774a53b7eeae3097a7dbbd746694ce2a13ecd63df6c2ced727eb352cc
-
Filesize
15B
MD58045cecd3d5a4c893e3a75d47b17121e
SHA161f08d6c53ae857cfd4be1bf607a6c80e5e78b23
SHA2569bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3
SHA51270d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099
-
Filesize
198B
MD5c82511041c904d6710b1d9aab18bd703
SHA16b04d3011ff4ad5d1062f36f3fd3578a027291e4
SHA256069ae76e927e5289c954504bf36a4140f222da9626eb6ad077c4e85d1d7ba5c2
SHA51266cbd03b9dc7633e1a2fdf3cac3d7e6f2652b4283951e251000343cefb5055c058c242875a4d01a0d069dbde3b3615424ac01807bb4d15bc0c928caa10e789e2