Analysis
-
max time kernel
142s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
14/10/2024, 15:48
Static task
static1
Behavioral task
behavioral1
Sample
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
42f114508beb3f136d349bc2e9f9988d_JaffaCakes118.apk
-
Size
626KB
-
MD5
42f114508beb3f136d349bc2e9f9988d
-
SHA1
c438a37b815bc1a36ab3a5b49f8b55c2fbc19ee0
-
SHA256
ab0ef2e67199a36c298c87ebf4802aab32fc56ace0e0c89b45dadb02539be0f6
-
SHA512
8f1a5fa7a0c91fc55ff31d36bd87ca1b93b09bc4ca1bec8b063ced56f979f5825ffed96b5a92d5a6e34add694269dca5486b60efab6a84923fcbaa54528888d2
-
SSDEEP
12288:hKl4GI+ToiBeB1biPo1cH6WOgGEhhBCm5aZeFN9cIp6uZ:K4GIYlBe2A1Y6WpwZKlpp
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/CTuLuK.bSYl.LJsxf/files/.ca/oTpiBCh.jar 4637 CTuLuK.bSYl.LJsxf -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener CTuLuK.bSYl.LJsxf -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 26 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo CTuLuK.bSYl.LJsxf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo CTuLuK.bSYl.LJsxf -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo CTuLuK.bSYl.LJsxf -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo CTuLuK.bSYl.LJsxf
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD586752a4be6564d8370f2f0e403995003
SHA129f7d50675f6e59f3b808eb6dcc8619384412115
SHA25650484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA51279c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec
-
Filesize
36KB
MD54cfe777c9f6e7859f5efe2197401d8e5
SHA1bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA5126be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de
-
Filesize
8KB
MD5a843338db49f8441d640fbdb4efb0a02
SHA1ad13ba5c849e275bda08a3315c286818cc92262d
SHA256c784d80faa36fda31b62f4d4178f6d85b9caab503133c4670903effb47b66e59
SHA512c825ad03d3f40294179c5bafc27154853537451e603e2b81e756ade9f43fd2db3b9763ac7e8b86beb9933860ec381bba3709390cb9173a1fac642e8530e557c8
-
Filesize
8KB
MD584d215b29f6df424bc233cec7d38f1c5
SHA1f2f3cc72552534a26583ed2be2b437cb115e8665
SHA25689c50c27f93ead7c21daf27ee1d36dc200100d33efac079d0bc1d44d27e38ce2
SHA5124679279f1e376d8e97d4a4db985af7bf8a6f20b75c9f051360c1dc5cdda0dc3707a1d21f72a5bd64d6052af3c8bdfb6838aa687367e3e22791ad971b0f50ed37
-
Filesize
12KB
MD5bab0471622bdba3086f659a6474980f6
SHA16f3e9f2a20f15a63faa7cc4693f4632b6656b02d
SHA256e69904a56b7fe9c7041ab8c2bd4673b8b308aa69527ad2cc8e2af20c2d5d1b4f
SHA512ad6dc0f1f8b0c441460fa9a410339630fd895100ab17b61179108ce008fc7114b7f8f390e3fddbdcff5dd3e4526594922d1f701b5e9cb4b26a4366119e0039c7
-
Filesize
512B
MD503b204a5a1dff0fe44fa5f642a46b5bb
SHA1a4de65b5dd4131012c94618962d7d50997bbc282
SHA25674ea74b4d457ec6d3e6d1ce4976786f08a72ce6daaa3b03f8ca0ea133b02dc6d
SHA5125f68169af410df8328d48c5959392f0e309da717ef41c2de1e01541854b35db921cabe085fdc496d8295b037fd862f88277b69e94b2ceedf71a6423203d57586
-
Filesize
8KB
MD5ff24f64727861a635b890ff828e80489
SHA1cce728e8d1ed020c130c6bec6ead0bb20f6ca5d0
SHA2566cfe67275ce5b4be6d05bbf417eb68f4706f490dbaf70199c28f2cc0dd645052
SHA512a4876d480a768f57efc3d73c79735be73c272e97eaa774bed4a7bfd894b58abd872409977fefde83682d5e87769693da7cb5eeec58193e7cd1d93b222ca3b66c
-
Filesize
8KB
MD522dc821cb690f95e23b81317618ee5d8
SHA102f117834bac0fa91a6b4ada75a03fbedecc20cd
SHA25669dc15ebd96c8ab6c95f71cdcbc0e9e55a8ce5b6b8360416963617802f2e16d9
SHA5126838747aa467825ec2da9fb934f047aa3af411ec9e6710915b6b754fed3ae3000119aa5ce382c103e9ffd6a036e8d60f827b72c5fa480f81855136ff25ac5373
-
Filesize
136KB
MD5da400e664ffe188af1a8b4b816b13e05
SHA18ea021f6b29ec591e2e405760430b9177b8d8ce9
SHA256bebb732971c524415c51c9c26505faae9ffafc78d861b13e63eeb762aa5d8f3d
SHA51219f79d0eadd410fa1e055cfd20c94992f59c2d69bd1e46539d197d315fd40c81e811a2a99a8fcc31c7f2024d56f0b172666774085b80f7f01a13199c332f647f
-
Filesize
322KB
MD5d44aeaef68de95cdf62ea164966321d3
SHA184baf39cb6ea7143d17aa70fb2efb2139761ce5f
SHA2563ca53073d7e0800ba56edd33417dc8da9148975e91a3264338f64c6bd480eca4
SHA512ba04f28a1128819c34eebc236497cf2a11ce031b3be486dff2f0d0f2987ca9fe545d142a9a9bd272657bacb4f125ac85ea29f8dee79a455cd1b175b8b3a43f48
-
Filesize
1KB
MD51c3895ac5c60e5dbdd0fec6bbe26a8ea
SHA161f2edc890eb39ef5bed376034e84c31019b979f
SHA256a45f311ba7e5bd597af3ba1d4d42599d5ee6bceb97272d249ce6d2755efd0a8f
SHA5123da106ef9837df9725c01b9e68a45af51a766abdb1ef6102af1d2f7c8e27ad04e43a72a2046bb8d0112ff1898694e6ec09cd333b5055290cfc79f2034bbee21d
-
Filesize
162B
MD5481b24168d951a75ccefb74b7f217e02
SHA17649babc9a4f1a31fdab2b58898512e249cf772c
SHA2564d1df4bb7b75f97add618dcdc2e8d7aba38208699655d144c51f3e77b160ccf8
SHA512332e16e7ba9362e7f6f32dc5b06b9fe1b47dc1a3bf4e8b0b6d661e94c2c51021f63a5bdb3ffc182cd63047ff00e0cf62ca3222d031f5e5ce8a093bc42068acef
-
Filesize
348B
MD56415d10f7089766f0c803ecd4a53ef30
SHA1063602cea0d1706be783bf9d128e235dd7d96b91
SHA2566f76a3ac5c52db102c834459230dcf33d0ba1be5cf874cabf7b25722cc381f62
SHA5121afa1018aa22a47bbd95ba4ae8a4e0b500d451c4248bfc3bb4667c96c624f4bd32594ed4e523656ff81517448274162d1fcd3cdb986360bcdfadff18dd2cc7d2
-
Filesize
5B
MD551050c73c53b9b04bc45602359b3d0fd
SHA18b603388a6737a1185e1ddcdb7cfe6f2e7af137f
SHA256695981c90535f94b0ca66f01cf77279600a905f12ca0ff335852ec1abf169aa7
SHA512ee34e692bca6cda75a753d0db287e7b9a1fc256b880c4d199f2dbfb2e442d233e760b6a4b0182a6bdaf5a913fd8941051b5e0b8c29fcec1904eceba98e4528d8