Analysis
-
max time kernel
9s -
max time network
152s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
15/10/2024, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118.apk
-
Size
9.7MB
-
MD5
4a77aff65c0f6ec4e961a1bb6285ca31
-
SHA1
6b99bdbf40ffc332d4edd08c9efea9151f8a07a3
-
SHA256
56892ea3d02282d0b4c7a48b19ccd5ddb2ed4165ac742f34c444e754cb7d7e34
-
SHA512
435f936c853607110132abfc4a281290751feca4ed18f6b09cd5cf984b79927836e3ad89db106867c5050dde306370ec4de8c565faf4e311575a9372f62faf88
-
SSDEEP
196608:ta2YZfaepMIkVHMKH5k6pl8ueAFwusQ1HR8dpGbqHR8dpGbW+PpLYth:NYZfaepR85kuFwuJHR8fGbqHR8fGbJp2
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.spider.film -
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.spider.film:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.spider.film Framework service call android.net.wifi.IWifiManager.getScanResults com.spider.film:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 5 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.spider.film Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.spider.film:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.spider.film:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.spider.film:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.spider.film:remote -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 8 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.spider.film Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.spider.film:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.spider.film:remote -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.spider.film:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.spider.film Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.spider.film:remote -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.spider.film:remote Framework service call android.app.IActivityManager.registerReceiver com.spider.film:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.spider.film -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.spider.film
Processes
-
com.spider.film1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4252
-
com.spider.film:remote1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4320
-
com.spider.film:remote1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4436
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5fec5763c96457d4b5263bb45b3ceaf15
SHA1742b29ca6db4e43491c813008703c00693ede103
SHA256137f7ea44ae9be01afc9f8b98f61945fcf44f3bb31473737c8d6003d2896f79f
SHA5123ea01707a864ae31a7bd267928f00f03d1c600a4c544a91f45f90cdd14fddc37d78232cee89dcd24de04a2f29e51d8f7f325d316d55259690b30af147bc75ac8
-
Filesize
52KB
MD5f39111265bac6847e02170e132f8ea6d
SHA12e725a78022596f3066c34e5136da04ac3e7ee24
SHA256032c0940938c2ed883c5d91998d86bd8384e4adeb623b89ef27001f89868cc7a
SHA5122ca560fe43a3bc03fd73efcbbd874141e9a666724d554ab38d697d7fd6a258e413730e84f7462656963c03ddb83ba13e2eed82b434dcadd3bd86158bb03480be
-
Filesize
28KB
MD5021f6dc7c331907623bc9065fbbb1136
SHA12ab8176531d1e341a2e663f8386ca136e61e70a8
SHA256d96dd6afd4bf8bfabb3283ada418a20b2d4f532f3fd8eaf8eb87f7c00598865b
SHA512d9f5c13db3b12e8d93c32d4c0fca7ed6be8d7fd205b16e08936bd56574820ec528d87db21de0aebf651f9bef3e8cc54f3024d131dac6b7722bce7c376d31dfb3
-
Filesize
36KB
MD58dc66eeb615a16d1fcc2168a3ebf4e3d
SHA129c3dfdf888c4a031fe4c4a361353ee018ffc1c1
SHA2567abce0985434ff75c8ccca950761477c67f08ed7b2e790e52a527a031e0d68c5
SHA512d6b74cf7f175d257b44368e2a06910c61806c2eaafd100260e7111bd3ff674295708f8b93b7e4a3c8f8d3256fa62d83c9561ae2e4ca834f51c566085ee7bf3b4
-
Filesize
4KB
MD5a19a495bd87eee7b91f22ecc610704d2
SHA182417485f752b63b5700d54bcb39f8e2ee7ded96
SHA2560ed8467bc41c9600bc034bab1ac5f00d5329c1b086eedc23e3b88f4bcaabe8e2
SHA512677673874e982c780dc14b35f37046990a008763e83cac92fa17e8ae92b6f9bdb2f115c82e288c90dbad4e74641352137b951e823703bd0cc19ffac2832caa9d
-
Filesize
961B
MD59c22460b244f2c08f498521df4e21e24
SHA15eedc60141a7121ee041947e74c1710c946a7077
SHA2563cba2fe37375ee4c52f1468e5eb1a782f309cec91d1f24509f1e3d77c73f2064
SHA51272b0e21407b1525e32d49ffae05118ea7d363d8d025fc55d079912df4ca9555a6c854c661c82efd8fa9e6b247cc5cd6127b45ffe34b91e0c00a82fb7b8531657
-
Filesize
1KB
MD50d7ff158072e881c3a7ed13587cf09b1
SHA17c8d789eff288de7eb1cc04675ea8b86852cee77
SHA2561cabe022943f332ebb1ab2ca3c5670db00b494b8d8a7f1f646d8314d3a17df68
SHA512276b0124301e5061843a66f43b3ee0e5e3836f1e231bf8137851728c9e73823a274155dc135fec96c1acbb81def135064cb90dbab3672cbf84522e5070f4c696
-
Filesize
2KB
MD59cd0cb6a665e7a0670567b99133bfae4
SHA1ade2c0d0a33f1dab0e4b924fe27675e2c60d02bc
SHA2566e734da75274bf859a7d5af6bc5828469c59b67a9a62cacbf20dfe69f42de193
SHA5125a0d1bfd7fc223e7e4b73485a5d552ed7a74ca69893f5d4f4da3dea5b364f27f22379ffa7e8cff8cc70ebddea1f47f4aa2cc40ecdf7297cb57aefb266fdaf8c0
-
Filesize
170B
MD50a342222ba434b44a2ee2b712d12f604
SHA17a0d8628eae66197868097a69d5d3fcd708e1657
SHA25603bac30080a83ff1bc7d84f16c33f626939fad8339eef93aa59e12419a33086b
SHA5126618e12974915173d4dd7c3562385de8f84538aa4e9962c68b17c2d25b25addabd949e6632cf297c592e3646550b4a49a3e3239b9a168a34beea2e87a7b1098a
-
Filesize
549B
MD5064e92bce7ecb5d4e584470af1c64bbe
SHA149fc4dd4505cec37a66dc394e9e8db5d7f3a5f60
SHA256e1d63f839ddba60bc4f874d87da2bb085946cc227721876baadacfcf664611fc
SHA512102845916b4748d5676f4d5af91f3138c99a88f1d512448847e529d2c439ccc7b97365b53d92cde8dca1eac7bcb6c5c8e51bf2d8aac71120869db5ddc3c50dbb
-
Filesize
738B
MD536932b17c63442427497bb9cc1184bbd
SHA1d2ffd8fbdec9befb3eb8f8130e88a2be8d8e9b5e
SHA2564e47f261cafe992ca502c0990453024f6645e51bff405fae6c1d9a192e71298a
SHA512013a5dbf567d5b652112e62086f288bc0de4242d8a6fbcf2f9bda5e76f80b11b8f1636c3a57d324f38efa39e43fd2c5ca9993158515b0a69bf0f9d69bfca229e
-
Filesize
89B
MD5bcb11d609bb699d46a9dd7b0896c2e05
SHA18f4648c8bceba1bb94e0018c921017f58d8f5118
SHA2566b713642fdd4c639b3b98510dadfbc01d0bdc9cb4815f13df064177a50434b99
SHA5124f5c96c230e400ac60d1797b7d80f9cb33c857c25c1d48dec9d000d4febe274b35a037c0b1952d81243dc6d22db50a803ee751cd16d34f51a918ad12e06bcf26
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394