Analysis
-
max time kernel
26s -
max time network
142s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
14/10/2024, 15:48
Static task
static1
Behavioral task
behavioral1
Sample
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
-
Size
626KB
-
MD5
42f114508beb3f136d349bc2e9f9988d
-
SHA1
c438a37b815bc1a36ab3a5b49f8b55c2fbc19ee0
-
SHA256
ab0ef2e67199a36c298c87ebf4802aab32fc56ace0e0c89b45dadb02539be0f6
-
SHA512
8f1a5fa7a0c91fc55ff31d36bd87ca1b93b09bc4ca1bec8b063ced56f979f5825ffed96b5a92d5a6e34add694269dca5486b60efab6a84923fcbaa54528888d2
-
SSDEEP
12288:hKl4GI+ToiBeB1biPo1cH6WOgGEhhBCm5aZeFN9cIp6uZ:K4GIYlBe2A1Y6WpwZKlpp
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/CTuLuK.bSYl.LJsxf/files/.ca/oTpiBCh.jar 4976 CTuLuK.bSYl.LJsxf -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener CTuLuK.bSYl.LJsxf -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 9 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo CTuLuK.bSYl.LJsxf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo CTuLuK.bSYl.LJsxf -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone CTuLuK.bSYl.LJsxf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver CTuLuK.bSYl.LJsxf -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo CTuLuK.bSYl.LJsxf -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo CTuLuK.bSYl.LJsxf
Processes
-
CTuLuK.bSYl.LJsxf1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4976
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
Filesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
Filesize
8KB
MD5e43a3d1472ae785a7e9385c7922cc5de
SHA1e6782d1dd79ed60a203e5bca68ee3a1e26b2b152
SHA256e96a1a9633dd71a8005fb3860a19087f6d5f9da4a3d285192a1bdb2ebdd075f9
SHA512c380cdc71ff7f9c225d942b815eab1f0ace94225c7b42daa7913636075ac03811ce8cfc197737cc663dfa011fcb7f77365d24ba57af0ac1ab32d260d6d18388a
-
Filesize
8KB
MD5e77737c1e426532ac8c716cb736966e8
SHA18c634b1d0620dccc50cf4f47fa75f9b5c1211337
SHA2562d60104415d7644eaca4e3210713750ac8cb614c72a67daad2e77ad504473a21
SHA512173599e4faedca8365d6980940bff1e88f019b8494f7bd8f445b3ad4f6d3c5ddd1b8d37aa567a1aaee1634f5eaab9693a78d684aa107bbdaeddcdc11a34ce813
-
Filesize
12KB
MD535c8a93a171cd99783b6c0835a2c547c
SHA143338ef61f4aefb3745d4691877147bf4fc9f818
SHA256c43ef66e326b8c5dc06aed48d2fbf1813c6f605c683a574a74f8b636cb65da69
SHA51209c7bb7732ed3a53223d8e5589043522dbcf4ece36558194ac90a441a6c3630575bf44fc2a04cf4818fa8372212a3aa0162fe31b640962ec790fd8e7d0d12712
-
Filesize
512B
MD53742110b5530d747fbd6bfc5cfb3a0bc
SHA136a9bc79f64911daf070bad66603b9372bb51471
SHA256181f42e376f3e4fa5014b5f75754db266ede621031f6752330eb8622cd2e1ee5
SHA51205ded2e252f9a912b9ef19b6b5b9f548300545b0bb8c2530f2988e8a5698c124a727f148150efaf3c6aa73fcb537fc0dc0a1b52305759950cd605d8163c73887
-
Filesize
8KB
MD56e582579a350063a8be50a1bafa321d6
SHA1a3a3d11c1187f9edc495a523cab16fbda4604a2b
SHA2566a536dd0095024b4752e1fc893d642e94868f0fb0f4707a56c4e51682de70215
SHA51247bd35e2f5d0c48d69ad310db3352adfe27e475d3662bd9fe3260650445dacb140f15d6577a7d141f2cbf51ea3bc120907609a6d2d4652ad9f743ad8832bc52c
-
Filesize
8KB
MD55ca1f50b248f7fef73fbb0341d6a1c96
SHA10297246f9c4f78f2216c40a52bc629d27143122c
SHA256c26e6715b1d7d52e08bf0bbb50d516c85dc237da8e57a9f106f99a933194d12a
SHA512b6a6e781accc2b544ee38659c251ad7a7de3f7b3d1bdef1e83036801279af55740e97cb9759782c7669f4ae8290e10923b6b74ade0ac53c4c5efe7375a8eb23c
-
Filesize
136KB
MD5da400e664ffe188af1a8b4b816b13e05
SHA18ea021f6b29ec591e2e405760430b9177b8d8ce9
SHA256bebb732971c524415c51c9c26505faae9ffafc78d861b13e63eeb762aa5d8f3d
SHA51219f79d0eadd410fa1e055cfd20c94992f59c2d69bd1e46539d197d315fd40c81e811a2a99a8fcc31c7f2024d56f0b172666774085b80f7f01a13199c332f647f
-
Filesize
162B
MD51c65243d8cedcd12f664abc1e1eb09b0
SHA135d9c5007bd275063897d3045d8f731771b977c7
SHA25628aa3de9b2e321281e0c5fb71e0617e333aca19b60993d098ce9f99eeee43b38
SHA51273d93bf8135027574d5823a612f66d441f19f515913c29857c88af999efe4829766f0d5c578e3b8be69020357c0a5492dfe70798e54788d3d5197443fde12087
-
Filesize
350B
MD5ae84c42850cf5e98b25dcb99f3539c19
SHA15fd0e5b0b56f75ec6c18e776b864de4795b5c29a
SHA25661fafaf71d164e4a85e5e6cf11268a0ae5d6005a48e16726f2d456a5b7d83013
SHA5121628982f67c0c788aa45f8a13d7fd2a1c823b0e44264dae9b2bb2f90a6acdab9a47ac36e209649b9126a901cc0ae49601dd0194623a10361fc2568ad15a5ec50
-
Filesize
322KB
MD5d44aeaef68de95cdf62ea164966321d3
SHA184baf39cb6ea7143d17aa70fb2efb2139761ce5f
SHA2563ca53073d7e0800ba56edd33417dc8da9148975e91a3264338f64c6bd480eca4
SHA512ba04f28a1128819c34eebc236497cf2a11ce031b3be486dff2f0d0f2987ca9fe545d142a9a9bd272657bacb4f125ac85ea29f8dee79a455cd1b175b8b3a43f48
-
Filesize
5B
MD551050c73c53b9b04bc45602359b3d0fd
SHA18b603388a6737a1185e1ddcdb7cfe6f2e7af137f
SHA256695981c90535f94b0ca66f01cf77279600a905f12ca0ff335852ec1abf169aa7
SHA512ee34e692bca6cda75a753d0db287e7b9a1fc256b880c4d199f2dbfb2e442d233e760b6a4b0182a6bdaf5a913fd8941051b5e0b8c29fcec1904eceba98e4528d8