Analysis
-
max time kernel
138s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
15/10/2024, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4a77aff65c0f6ec4e961a1bb6285ca31_JaffaCakes118.apk
-
Size
9.7MB
-
MD5
4a77aff65c0f6ec4e961a1bb6285ca31
-
SHA1
6b99bdbf40ffc332d4edd08c9efea9151f8a07a3
-
SHA256
56892ea3d02282d0b4c7a48b19ccd5ddb2ed4165ac742f34c444e754cb7d7e34
-
SHA512
435f936c853607110132abfc4a281290751feca4ed18f6b09cd5cf984b79927836e3ad89db106867c5050dde306370ec4de8c565faf4e311575a9372f62faf88
-
SSDEEP
196608:ta2YZfaepMIkVHMKH5k6pl8ueAFwusQ1HR8dpGbqHR8dpGbW+PpLYth:NYZfaepR85kuFwuJHR8fGbqHR8fGbJp2
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.spider.film -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.spider.film Framework service call android.net.wifi.IWifiManager.getScanResults com.spider.film:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 3 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.spider.film Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.spider.film:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.spider.film:remote -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 11 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.spider.film Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.spider.film:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.spider.film Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.spider.film:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.spider.film:remote Framework service call android.app.IActivityManager.registerReceiver com.spider.film -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.spider.film
Processes
-
com.spider.film1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4933
-
com.spider.film:remote1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5010
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD572815a237407ad685f5fb7ab00d2516a
SHA15307e0f3e27d2533864deb31051226dc0cff2c14
SHA25659b189afa75918a4c199cc256aa1419d88f2f6c68264efe22b4630426ac03d75
SHA5122f53634498b75f2e51e1eef7b1b878349c519c5ddc4d6bdcfb7ca193bcf32a0c9919518592c080d8ed31769b5a1b605ffb925d769baa6e781dde7e714d4b2936
-
Filesize
28KB
MD52cd47ada17ad7a4e3d5e2717cb2762c6
SHA17cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA2565f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae
-
Filesize
8KB
MD5550525b2bae27ac6f6e21252d48ea341
SHA17d5dc4dc2ca736bc2e4a3055bfd568393cc8a472
SHA25619b74893ed0d7ffce272683f7fb85566136cb73e3456849c8f4ae011184b0453
SHA5126d780d35539692faafe601dd1e06b2c24fc7073debb8694b174e8a727985c738a91cd6336acc60c55dcef21c608b3b6e7816dd4848e6415d22eddab1d77e483e
-
Filesize
8KB
MD5d04524242e3432e10c8a143b1d607895
SHA1f61b6e641bc1d2274f5f7060ce66fb75fc9b1969
SHA25613d167011b552b6da67ef1790929e5531ccbbeeea035f03015e1c1cbf2f145d2
SHA512cf4eaeeb5d4eeb964b353764cc8e91306e01f83d5d8b6b718c007b8a295048504fbd48bdb3e7a195451754e09667ab5247f96d26cccba5da55ef11cd9256c0c4
-
Filesize
148B
MD5706f1c9e0d3acb7fd9fb1bc29bddc9a6
SHA108c4dee0b63172608e200219bd9eb9822cd85539
SHA2566949b3524d7c33813433a2979771da86a033d7c431610743954f1635217b1f47
SHA512d504d3ceaef2afa50a43889dec24440b8f65e9c47a95938aefdc0dcc37a251f3d2cec24b8226e4417f5cb689d73fbf2df4291c316e4520821e5a3cc8a7cd64e4
-
Filesize
1KB
MD57eb6f18934950e535b91e8e78afcde79
SHA1be7b37693c3fd99266486675c5a453a9695102e5
SHA256cbd6a5c142c8cea001121568d2c5ab1058ca46d20e7cca683415fedf5e08701e
SHA512a4d5234a85fd074b88d653f7c16a468cfab4e0d9a70a960baeee1eb399c9d05c05d71401564661c8827598e91de0e56d32111de3e96d7916fdc9e15d9143636e
-
Filesize
3KB
MD5d884a9bd711c4187a9b2fac04f7f1b78
SHA1334b10ef88819ed61307e12da6831af5266fb4ea
SHA25607d11913cfb1e212d315966721a3ce35ada54edfa10298c6fc30ca9118564014
SHA5121371658687e18e9e8c34e8db34211db8d2947ffc9a3d4ced7fafac31feb32760f6368daf0dbc365753458f4663c6118dffc90256ce1de1473c4a88421c1edc3c
-
Filesize
8KB
MD50b762f8c93a58c13de1c16fcddefeebf
SHA171e0ea4cdf5b1a96d516f80895590af0eb145db4
SHA256c06c655a77b4b5c683ae1d2688b1d7d8e6e61957ef3809bf74046e903c66eb42
SHA5129b4396daafd56aa98743510fd961036556e33553fb211616653e5ed7b66930d506eaf1d409655dcfa07f0792afff9c001b85a0e16e3f1b2050ff7770a414f0a3
-
Filesize
4KB
MD5ae70da98e5ac4900f1994c824b31ec95
SHA10d90a169b75ab596f67f2f5afe3f0baeacb67574
SHA2561295702feec88e48082ca39225bb21c4aef9a45ed45280f0badb427dad8ef248
SHA5128785fa2dfa8d6464cfe1bef92acbcf2a60cd259a599348bb8760926211ac0d608fc3daf796ab4495f2b472c80afe6f965ea262f2642dd5456600b1dad047c09f
-
Filesize
638B
MD5efea7a61735c1edca11acdb972f3cab9
SHA1275d66aad0717ca7318e6d4fb29858d00838d3e2
SHA25647787a90961259ef7c224e47abea51e572c5c67de04d17d3b3af5fecfcb92ca1
SHA512f547b86aefe3413b6c2789f77600cde9f6a3ba40e7af4abe8c84c83c534065b9d36f2d8fb4005e3651bda8dc561e2510125ca54a7c35088330a44e008c9959a7
-
Filesize
982B
MD58c23c8d703f96f07c5bf1fc3f69fbfcb
SHA11b14b1c2fc937119b2efa43bc17ee234fb1b2d1b
SHA256c13498d876e9d3f2c5ce1fd7b858d9e775aa39c672a1612fcd6110241e9907ba
SHA51276601f6ed614fc50ea92b082f7751f756510fefb7d9506d9ebc4945e8d1ad02f91cdd467cdebadfb7f73d5b81a33b96879cf5fb0bc80fa8770e80f1ca93ef9ed
-
Filesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
Filesize
152B
MD5bcefc81629a40f837239e09e476fd377
SHA173d209db018aa3df28efc8b4ec95afac7c22c1c2
SHA256686b946ee0d3fda9bea74807f20d8d1d28a34a295d4bdab6c9c3c6d9a404d8f1
SHA512c4ddb4860b171910480e6b49824598a6f08738d6ba17b36a848e16af69ec3512b8199ecdc869d80fa93317c1d51e11b4541e27ed5d723eb0037b590250dc0383
-
Filesize
523B
MD5ddc1816a56a0ae97b0691e9eba756d87
SHA199856e456e562a4afdfaa21a8382177f1a1f6505
SHA256d43de04eaf7da53c0b38594b6474c7a96a1f9b3d74e3b40c151a0a0464845576
SHA512932b9ad1a7dde7b8093d246e5b2554fb5d64923fb85162ed645a05db5e45dd5afe9255ee3669f1e9d9c5e85194c02ebe6061ece3c4ee784dc71390fed245d080
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5