Analysis
-
max time kernel
126s -
max time network
132s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-10-2024 17:12
Static task
static1
Behavioral task
behavioral1
Sample
31060115e0b126d878cc8c28ab072fa8_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
31060115e0b126d878cc8c28ab072fa8_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
31060115e0b126d878cc8c28ab072fa8_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
b.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
b.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
b.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
31060115e0b126d878cc8c28ab072fa8_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
31060115e0b126d878cc8c28ab072fa8
-
SHA1
f4aeec239475633000386d500f551dd1e57025b7
-
SHA256
023ce9a368ece43992682377d3d341b75b7b54452bad1dc90419a86fd97c980f
-
SHA512
9be7b981b20b9efd1529ee789b3f90eda6895cee4da627bb8401771a3db9979dd42f69da374bcdf7c82c1be5c04f7c494e9fa185b5730a7d77d15102fee8eb44
-
SSDEEP
24576:+8TnIAQH318QfU3zkEriqUfgMpULJHx+zz7uHIA9giY00+QLxe99IqDAFjQGPfU3:+82lMjrOBYSU9H0zkIAChFxIVm0KC
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 18 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.szds217 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.szds217 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests dangerous framework permissions 9 IoCs
description ioc Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.szds217 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.szds217
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100B
MD537198705753e361138503a16560f905c
SHA1989f359d48ef377805548fd74113eec5ee3841b4
SHA2561a1dbf464b4ab91de9005ab17222ba08ecacbb19f421ebd2d262dcca9bf99b92
SHA51259ba9660f2bfb9bc85e9276cf1c349607a4b2799e3c9aa982db29abbbd35f47d375090bb6d06ffef2d545ae73d10c5f70fb49954c4ba367af31c2ab391e5c7cd
-
Filesize
9B
MD5dda4ec9229ba618a3727c93d67e39678
SHA15bba8f1c1618050ebd8d2568a610bae9c83acca0
SHA2569e4b5b0e78e3b4d58b66da469bb510aae347bf353208260a6a53cf4609888eeb
SHA512f4c5f42336aa76115c0054eac8cf4dbfbd7a9e54b34027c56a6432b23a03f961c2eeef144c7e2cb13320bee92fb0bb0411ead8c970ea295cad7aaaf91f08889c
-
Filesize
13B
MD5daa91eccaf8bee195e9de77f0f2a0315
SHA102267bf85b93d05292f53f32762fcc5f58113b69
SHA256ff1daa25e47ead77e9aa13e5ce646fd16a7563c8fc44c9effb4f4ba6a46dd6e1
SHA512f43cc8924137520b6acbd596f7bae09a3e7e87f6afe01c3d0de0d98e1b785b9033cc02b90c28147d93826d9e49e0ef8d95866801dbddb825d3785204ace05fb9
-
Filesize
12B
MD58158e0becd13015c610dcac2b31affd7
SHA170624584d84e9e90bb140d6b2396b0a1637249c8
SHA256e58ca2bfe78d163fd258d3c4896fc4ac821d7fa7ba6d052955be695802799734
SHA512d3681b92edb7ae8f22417ffcd5c75fe6a57201c22662bd08580fb6962c7530130b147518e8c998f22d3ae484528ff5105b6f6183f9a9ccc4390fd512a49022a3
-
Filesize
982KB
MD5e6658f97192b31a14f9142cdca67f54e
SHA1900971b86950af115dd829b925fc42d51773d0b5
SHA256e2cb52fcd8a17d6854c048d44a22f28c45e2f7d20e6f2914f735c7f268988383
SHA512942d2b2f56c4dbb3acbad8176852426e3e461fe1b4e0689ec023fc8b59e4b41b674e62d11e385cf16eb6853f191589c5be71ed5750c5aff017e74b1c89f193f3
-
Filesize
1KB
MD59d3aa42ed6e7a379823ddc7f347da4f4
SHA1c05a1f06b7fc0a4a4e64c9a74a556e26a9801ba0
SHA256bf6a8cfa0e013c49b3809d4607235319dab24466a01d55970f6c686fdc34af35
SHA512b951b1424e2bd221cea73fa347d670e0d655acb7e369be134aa0a437ed7af311e78174765d3d6f0f8193bba2460248c4be023d27a8de319aebf6a6f756cbb7b4
-
Filesize
1KB
MD5f7e1a18c70f3e778e9d4286ef843e9ca
SHA178b1bcc6a11388333188a99df5d2935310b3bc22
SHA256923031db4a7331ae56a78d31221c8e8202fb04224861c309eaa224fd41b5e098
SHA512e242fcd677e62b3d0ea97e4507dd91a9524d1ee9772b9393c14a93772f4b1fde497a8ac9047c065494d8af416a83fa1189111ec5be64c092989ffb95772ed3bf