Analysis
-
max time kernel
144s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
15/10/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
-
Size
187KB
-
MD5
4a864138295774262f5075a9afb8c1a3
-
SHA1
0ff1c3bdac72eee7144d60d68522fba7acb52cd3
-
SHA256
c5e0fa3a4fb92d9875f30b137abd841ac546127fc22098c1fec8481415a0deb4
-
SHA512
f9736a110d5bdafbf1c8d8413bbda246580b461e945f803254dc2ed8f765653a62875622c4c9d9534a8358415730e30980c5eb4675a2dd85146f5beff3c51b91
-
SSDEEP
3072:RiuijdGa366TJrKNwrpx8OM3bozCVxemAoyvMk5+j2dvtluD5Z+JsfAUU:R053jTJrHrpn8Vx1dy0eFlEOWvU
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar 4929 com.baidu.eddw.tencent -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.baidu.eddw.tencent -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 9 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.eddw.tencent -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.eddw.tencent -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.baidu.eddw.tencent -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.baidu.eddw.tencent -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.baidu.eddw.tencent -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.baidu.eddw.tencent
Processes
-
com.baidu.eddw.tencent1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4929
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
Filesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
Filesize
8KB
MD5ab41e62288ed77a08a495bfd937b9f4a
SHA1a05844e4dfbd6bbc06a825d425330b4e46eff6cf
SHA25638458f4b3fcd1461b1728f5b59d899a885c93e1a3d2f8ef830bb4e59ec42f796
SHA512e4c3d3b94370b64cabd1314f8f35f3e498d6f4b6483154ff7ad451eb8abcb3216821c406c991afab8d65e943cd897f251b5a3747a27e8033aaafe17f5e4818d7
-
Filesize
8KB
MD53d74cb168f8fb8af0d5dc58ac184da9f
SHA13b0b1fb5404d25ec3d91e9c18e7344c0e2b48974
SHA2568284aa75006fa073156d3ee83da4f37cd53eea8bddc3c8321f5b7d9755c1de55
SHA512610096709a03743419e567113f5d3630a3d866ac92e74d72c33afc39b0af530a8c021f31378b93228aec5dfd196cc695514e7b204cded5ff9713f5025876d9c9
-
Filesize
12KB
MD5de99550b2f79a058756b0c831d9d9580
SHA115e5d16ad200566abd3fb58a87570d8328a416d9
SHA256168ed828db70686984e05c0b1af421acd3413d03a71bb371b8b736c543ca4d2e
SHA512bc63e09470b9081296cf0ff5b4a7f434a0851d65905d5f7d0697995850b4404cdc308fef414aa56a0648b31365218d3512157d49700c656bb6f591d728674653
-
Filesize
512B
MD50f7f14d9b7e930f52c4989484ba1b03c
SHA1c98e17e1f0945e92a8d7087127d88fe8d1663a4f
SHA2560c33ef3a1e53bbe0aaf2337d162ee8ab5c1e752bda2706b6a39254faef67749b
SHA51294441c20cef0a9068f208e3bc0a9c45231bc79e791567785f139e014f46117e0672394fb03ccf1ecffe744cefe62ea486da9bd5675cfbf648d24cbaa384ed1e7
-
Filesize
8KB
MD5d67e7466084397b9964cf75142678e0b
SHA1ff978417239324dc3d781f9684939b23d16e1f01
SHA256ca3be4ff9a2d067a5f8ae1ef2b6a65dbf5ab7b168f77ee1af506248d0f58fc03
SHA51246cc4526655f395f018b84d2f2424fe9e3b7f6294abf10f2286eed475356e01ef96e383d346dd5868d4bc4b951e9788f8f78116ccb9b3f0bd0f81e27658faa70
-
Filesize
8KB
MD585e8717e4e5e5b4b1e4f77e222e92355
SHA11a5fb5922f8881e30ffce04c0f4ad468d85ee6f2
SHA256192ee1ed778a21151ebf4ac67b968fdd984dab616f8463a1848760d691fa24a5
SHA5123770e45e432ae55a4438c166922a72b3023a4153747510afa00c00fe40d74b19ff05ac041f1924468823905ff53cdad52c919fdd9af8775c1553898a579aca3b
-
Filesize
113KB
MD5ada2ce821b8e511f8f6add01283da13e
SHA1cb40774aca66e6aab0cf599ad385043cedb4b3f7
SHA256b5e870d67328f1d1026a294a8925eaecb6bbc71891176cd638f09f320f0b3251
SHA512864701c7cd5f335f25ab71a734fc6a13499e7e772044baf8b8dd391095e4cddb048fb0760f729df8f5cdf1a1d38c1c5dff70d0588dc1a4bcbb3beed99b93ac27
-
Filesize
1KB
MD55b2dbcfaa2789745b8de37e0c61cdd09
SHA1bc5b0fe021073f8fc0ee6fce6efee104fdfa4f23
SHA2568dbf043dca0a2c9e0c5afa22d7d2b51b04eae058489a126ca5c35bcc1ef3a795
SHA5124a23489f22d4e614896e8ae62631536ce276646f16e03127d565fedd4adaf4f5cd48b2503d1c50d35f92ae8b7c1cec2c05b9f5fb8132dfa516c7826f3c521be8
-
Filesize
162B
MD5ad52fdb4f8003473c1cc8d4fbab51828
SHA11f2fa17eb284f5f69b525a5f294d0c160bf62e59
SHA256e79c7b0110aeab00da4a00bce418e8b64359ba749b4f95f280f84851cbb229b6
SHA512566bf04db651130db009ae53e7875dfe3609a7e561b6075af7ebe6fde984a68e20697c8b63a6202dacad8897c7811c386a3e8b5225bbc30dfe2b964e75229006
-
Filesize
350B
MD5da6898a7e193189405129f32227d128a
SHA1cde9a89efa381562030da709e8eaa2e067b7afd2
SHA256d9c7aa4fc1edd73403a3578717805744a28bb1c902952f2103c930a5ffdb3740
SHA512ce6e0a6ec74ada82621bb2a1a88929bb6c732d140a23cbcc6fa54401d66105cdcbd1d7650e27364caa316443c643e3be7da705b99209705a4e10c1512c316ef1
-
Filesize
269KB
MD54390d216408575cdc9ed228decd7b7a9
SHA1de6c0a98808f1d0d22e6c5fb674799eb84666711
SHA2565d75cc5a1349c7205e168a3f77eb36862e872420de05dcdcf50bf36d551c2fd0
SHA512d2a4df330e0beb72e1483caf683fa104cdb0c92894c8757b068fd34720d062532cfe47512c805ac682cb8b9af8c1104c27950e7b7ffc83d5c54dac9b9865470a
-
Filesize
5B
MD5cac029e0ca8add40d4d2aebd45308572
SHA158620a1744a6814de3441b4b379883c24c3eb145
SHA256d22f06e7707d70996e4c3e407358faf5b57f9eb359a33913befe74239393abbd
SHA512293b62180db178e80f947acdf96a1da42a33ecacd789b75185c4e79d7d615d284dc48b19d435c0863c6fca3627ae66933dd7f130e0cebd1b0e3010b139dc5955