Analysis
-
max time kernel
131s -
max time network
138s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
26-09-2024 05:04
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.andmon /system/xbin/su com.andmon -
pid Process 4621 com.andmon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 29 anmon.name 26 prog-money.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.andmon -
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.andmon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.andmon -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
-
com.andmon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Checks memory information
PID:4621
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5d89b97c875ff081652b3b9428f001eaa
SHA14ebf43d141d6b4438a022498b926a5988598fcc2
SHA256c53b2f113103ed317647eebcf65a5e921d5537f66c9f42b48790eeb804c06447
SHA5124e9b232878cb8b27f89f4f11cb8aeff3d87f9875bc9bc05d3658d1105705a5ce512471240df91327eb64f10c96da1e9f23579fcc5b81b7bbe5e9e54a5ca5f385
-
Filesize
20KB
MD5dad5d1eb3fa8ffb777a3d862a67a1a52
SHA10d1fbf27ede5166c7b3fbc63d12f3f390ecbc800
SHA25607f241f53ad04379da93e2d95ad4bb8f99d220ff6c7e24f99de35ab86258b3c6
SHA512acde845157bbfb7ee649ba1a4d3ac688cd2a96dc1951a21dcbe6a484cf6fa319f345f611bf74f00be1ecfd49d0baef4dc12b294e6967943ff98912ad4045eb47
-
Filesize
132KB
MD55430cb1cc4a44463f86d109f3bc6279e
SHA1188c3eb1d2c9147c00a81a0fc6bc1da13774b212
SHA256ffe179ac665024224ac944669b403324909529c9c14b08c738708822378c4edc
SHA5123d99e5644ee3a2a4d683c40f1a2759033459e8d76445a66e3c8df49ae0908ae714428e6a6edd56b812a6d3289735b680c4bd2c62f5b458bac2adfd46b20a66be
-
Filesize
512B
MD5f3d7e2e00cef895a262f97f20d717d6c
SHA1c5b77d0eb616355580d2c43f83ec6e87713c4d42
SHA256c3f18ae7de582ebf28f3c41820a341b877830862b00a8e47b14cc9d726629735
SHA512980a53c2be72ddc4d385463522e9a59190be7d07f387e896c93f5b9ebf8f5c0932974c64f4c39226b05f4151bf79afb9ff9b5417911213e75cea5732570ec989
-
Filesize
8KB
MD52808ae860df3ecdd2adbc45bc6226a04
SHA1cb19d9e193709d79d88e855d9987d5ebbc9b04f1
SHA2567c12e1448b7eb7fbe71bbfef6c4c022d98cb2ed6f75a239d5209bf54580af6a0
SHA5120d4fd1da2b29a941553385b9ede9ff7ae1dc31b79baff45baa47f74ec44dea39bc0ae00d6ba9b47696cadd500ea210c7261d62087577bf70765416f5cdf788e4
-
Filesize
4KB
MD5488d3d73067dfd137a65cbfc1e154e6f
SHA176d41c3cc027ac56bb8b115a9009722e73e7f7fb
SHA2560359efc04cb2b208b15c0118c36eb0b00d651ac459343bb78d2755556a263f8a
SHA512631a05b332336ffe900ca6e715e0afb6a5483a2a5e055924df0d3410af451e82b7fd27dd2ce673e64bac3988db2e8c612501d69bc04d7157e1f4a64bac8ab65d
-
Filesize
8KB
MD5ccaa1587e89be464d402211e13c0dd45
SHA1b8290e0acfa475e69e17da2751521b0003c0b99a
SHA256d43852739708a60b6bc7d35c1c1653f47f643707e6b9e90d341ee21f7b94121b
SHA512d49643638888c30e1a5b3d9f0af5ca2130d8e60af03d2e79433579d8d0a4c54ab9a6507250664ee699cadc5092e1fc98ae307fd3860550a2765c48147c47e7dd
-
Filesize
8KB
MD58a00107d73cb085f659061fef96d3183
SHA19fd20e444736f82244525cf124aa0b27983ccaf8
SHA256530519cfd3642a48da4e701d1cfbd01e5dcddbc8470803eb9e7fee7ee121629b
SHA5129228136239c28fc8eb7151f9c5fe53635e55d21cfe892f157b1dbf38e039deaceee670f3f794f4ee40a03801eb742284b92e61c0bbf8b16d84d6dc6bdc443e95
-
Filesize
24KB
MD5293bb695865d403944f8ba4e87e8cd15
SHA1cf35f0bb59fa25543d32e6dd36529fb0649cf369
SHA2568f5a866c8ab124ded84703dadc94deb7c23f2c59d1163c9eca94d335ac4b65b6
SHA51250634cdfd361749ed21c49258859ce1ceae733e391060c236aa7ac84bd671a138abdd10498a93e7aa97602f52d235f4ba28b9cf3fbdea9e794e58139b177cee6
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66F4EB6700F7-0001-120D-70FC4220A852BeginSession.cls_temp
Filesize78B
MD5a7588a7f52bacde05dd16579257a93a6
SHA1229c4bf00a7f0b86b960a257ada6c3bcc103bd51
SHA256fb686a9a19cd2d68e3eceb98fd1a89c1485c82fd4dc0baeb13d9d9f4337902a9
SHA5120fd984a5867191b34512856dec215e58b44645308126c6a8ac03a1b0499560d35d57f05c37b4c0d37d0cb506a6e283fa32d07b9f4076568edd5dafa34a9eb906
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66F4EB6700F7-0001-120D-70FC4220A852SessionApp.cls_temp
Filesize103B
MD562f761edc3858ddbc0d946be4ca0a8de
SHA19aca77d394f1f38469ff1c18b6d77dc298939401
SHA2560100576da9a6ca2a6103a317847448dc8e02137ab34e8e8b057c1a5920a7c016
SHA512f1e58267acd44089c3cec54e1832d2ed1b8dd05fd1505ecb0a12de818fa843ebcfda7f0d4b64a7d8756eda849a998e64d67dc663acc7ce7bb824579c68ac5e64
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66F4EB6700F7-0001-120D-70FC4220A852SessionDevice.cls_temp
Filesize88B
MD52824869e2b48847ee06aa112458a4c18
SHA162ac324365ca456ba4e5308a446b3a95a30d2aa6
SHA2561e6829928e284cc18fd68989ae7a5a2a67970dc2c79cbb94e49263dbbc5621be
SHA5127028d0b43fb51081ac279a3846ae5a589d97657e403dacb0514ecf08dcd2b38c573c50b6b845fa67fdef7027bda6445011f0c6c7d3de8a8005ff7becff5c74aa
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66F4EB6700F7-0001-120D-70FC4220A852SessionOS.cls_temp
Filesize15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66F4EB6700F7-0001-120D-70FC4220A852user.meta
Filesize29B
MD5f5454a0160dd1c70ae6ca4b5eca84966
SHA14649dc7548bf4e3b473edb8faf645bd7fd1d12fa
SHA2564ab1a2641b9a60d3b60308e63592b192a71be9d10ad793158ec43131a7c7ee40
SHA512de8e9c47fb0c4d2e913bdf719bcefcebeff26aca3e79da3dc2acdf73a00c85c130487f2ef181605562ba6cf69d88206c9c0f592bb4ccfd695262c01239b664f3
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66F4EB6700F7-0001-120D-70FC4220A852user.meta
Filesize47B
MD571f360ddb4cfd7eefc8d66ad9ab29dc3
SHA12b476760bed51444e0182807942e6c0b516d8e4d
SHA2565eb4961a3f79e653013019b4c2f61a65ae930c33f51733f127b7355a51a13e35
SHA512e8b8f692c1fe6a6cd3d6c268bbed983733fbbb822771e2f6b5cb915f26d82a583759905bc30470a6eec71828f7d49b60406a5d5d323556191195cfff48bc5514
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-66F4EB6700F7-0001-120D-70FC4220A852.temp
Filesize88B
MD5eb8f9286ff9eb95ba0aa1e690ed83c8a
SHA1fe9ded7ffede4e24be04d6c7f497047b7f7a5309
SHA256921dca4f701c030b017efd7fde26d7410563d3883e9033cfbfe91b40cd2e6769
SHA512a1096697edb001f7894f2ceb5660daca6eeeb4f59ce4a409b8eb61c3a62c559d8046b002a59ab832ced3742aeb7b0c9d704f4a659d32526bccd79b0b9e312926
-
Filesize
410B
MD5acfe332b611569b177b67075e6743ed8
SHA116099eef8b8538b92724b67cfa215c8ef5fd7963
SHA256f098377d62554d529257acd40d9e6b9d88500ac976824cf1a2347ab347f29e3b
SHA512eb85f58956a117f438e2300e4408de03fe4fc9791159ce8acc2dcc627890378213e67e454d0adad30c0ec96a4e4170788a8796e4e6fcfa5228a11b9339302394
-
Filesize
1KB
MD5393aadf52361d902cc8b9bdf53d77e5f
SHA1db3c5101bf2957ea7bb9dd1c2ca438127e15089a
SHA256831a8acb6f3e34626090976335f654e4575584c92398a425fbdde9eb410bf678
SHA512ff466e1ee860ad4d8ea899c3dde378955460890010c95763690e1dacfbe5efbe74ef87de61be60e09a6971448659000c34cdb11097095dc55199df7d1db3a46d
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_18eab791-8bc8-4e77-b7a6-07e5ea77c0a2_1727327079873.tap
Filesize335B
MD5f45707c07a014e7af2d7414fb9fad0c7
SHA1bba9cfdac0fb79dc87ee7e756c10d5945e2ca72a
SHA256ef73ef40381acf45874dbec800cb27de1157a9f6e02b34cabe59db64e95450bf
SHA512cdc9f549132a60f9ece97831fe68f8782d5568615c248937032530f6264e7f64a264e1cd97f9ce39b4e25e63dc920dbe724c40091df35e3ee772ee770c2935a4
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1ff81436-3ac3-435e-a73c-016d725ca260_1727327091270.tap
Filesize416B
MD5def5e08857c6ca706a22d158f4a0b878
SHA1a580f4ad1ad6c954aec15530cd1bbeb71787f9db
SHA2561c4bd5cc491cfae37f312feb865ae8432441d5baf32effb22daffab0b54e33ae
SHA5127df7fc3b5825af9c87130158b57bee98cd98bb8b2778e31f83a10d96a7293c3325a4585616c0b02331481565550a7d82abb1a823cdd7060294fe32b9e42aa1c6
-
Filesize
46B
MD58b72a1f30c7675ec0f5670b4b75c81e8
SHA1c41e947fa30b13ba9b5a37afc822fb6f33d93cd2
SHA256678a1bbd9d3f1d5c620cb5d7366d23fc78c3ff347f553f47388c23dfd36751de
SHA512d3ada396d3f9dcf7e43d944117a0741bb6962419cfec7455dab02662c5a9bc9910a1df18f60df10e545c575c4821edd06b11c75e16c6d0848b899d26a4602c46
-
Filesize
59B
MD58db45e06cd98ecd0f367425247239c36
SHA1b4e38459381fec82f5b8789b3763d811ae55f67f
SHA256bf37275cca5cfdc05e670cdf46f47b3ace224044c28da2d595d65975151bea3b
SHA512a29741c6ebf00d9b031ce6d7c4eed2859ef9208c2c6d97f914385b4bcfb263a300717927a2c16ce55daa2a03f01e906f2cc0ad05f504583ce6164d091563dfba
-
Filesize
74B
MD50111af89e7e0e4a5325787449eb1ca9f
SHA1d8fef9a673d3dd0a7cea38f25ed70cac7d20b59d
SHA2569b503b35b7451da3642e5d77674951edad3d05a255001dfa35a57b60e4417b26
SHA512b454be303a8cf1b1e19e0f885180cfe215bd431ae5dcbfa0a41a5b065d21c5e7253abf4a18126f53434d97057ed871bbe996adb249228cb107e6d5b4beeda59e
-
Filesize
55B
MD55581cba0c1d2d499e4d5cd68d807d77a
SHA154096dc398124d5727a2c8b8d240ff95c9a92f1f
SHA256f48a4cfb2166a23185391ca93a1f9c283ce0906db2934387f920af8ade450f41
SHA512ef662ba84a41500046cf8a9d5982c4ce8084036420fa07d5553ed5923ad7abe543e805f4217b58191081fe171354c839ba59648d6283b26c50d47328314dfe7e
-
Filesize
48B
MD509ecb56ebee213c50f57e478c6ccafd1
SHA19ce49ebdb6dfdd08555b9d44aa079022765f957c
SHA2566f71cc280f473e3c505a171f338997b00a8323164e89ba6ccb69f2c9eab51c78
SHA51228452473f1151dd9e96835b8376bb47b33aa924dd23ebd923c52d00af7260a64bbbbfc497f321bf49a5cf38e6088393bc988179251280d2e149e1627cd7e5ec2
-
Filesize
51B
MD520f957538d1f4315c498113051928a4b
SHA1fdf5e021da0985156a7e960c5b7fa01e1dac4949
SHA256eff9a07da65a02103f0e23d94d168c1cf9614c69a2e7ff7bf39d7a53229da94b
SHA512630499df1a09f468822fbf53f88cee2649eca1c45f3f97d7d46564e331ad466cea124781c6ea22cf48b6b4c9c7618477c70b3586d82f85e94000c2c0d04c94b2
-
Filesize
622B
MD5af4217a530164f4f0371d01e35b13253
SHA18594d6fc923f7f44c40a7f1921ff891723eb5d02
SHA256be126ab827268f114c5f01d6a03cd318c3569ab6ee6085206066664cec83af92
SHA5129f11f48e393b6d976eb960b11f2cdc47fad6486919d5437eae59c392243252fe7b7069bcab44e8e0410006002f51850316c9314a3982f424ed5f6b5903ad0737
-
Filesize
3KB
MD586f839a24e95b242e5938893ccb973ba
SHA182a18191e48579d14ecb17a8d5555f9a76b5aa85
SHA256781278eb17fa40c4daefa103dfc99df3803670c7b3b1766cef5c0725b63e15c0
SHA51255d62dd191a4f5dc4769c1abd888e4f085e410eff7175bedf9964ea2e497b9b710d3001260f9c4248b8b9db8c84e5178cff7d9e939d72ea1d21d8181aef260b1