Analysis
-
max time kernel
144s -
max time network
143s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
15/10/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
4a864138295774262f5075a9afb8c1a3_JaffaCakes118.apk
-
Size
187KB
-
MD5
4a864138295774262f5075a9afb8c1a3
-
SHA1
0ff1c3bdac72eee7144d60d68522fba7acb52cd3
-
SHA256
c5e0fa3a4fb92d9875f30b137abd841ac546127fc22098c1fec8481415a0deb4
-
SHA512
f9736a110d5bdafbf1c8d8413bbda246580b461e945f803254dc2ed8f765653a62875622c4c9d9534a8358415730e30980c5eb4675a2dd85146f5beff3c51b91
-
SSDEEP
3072:RiuijdGa366TJrKNwrpx8OM3bozCVxemAoyvMk5+j2dvtluD5Z+JsfAUU:R053jTJrHrpn8Vx1dy0eFlEOWvU
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.eddw.tencent/files/.ca/jnzPLoJZce.jar 4487 com.baidu.eddw.tencent -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.baidu.eddw.tencent -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 26 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.eddw.tencent -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.eddw.tencent -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.baidu.eddw.tencent -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.baidu.eddw.tencent
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD586752a4be6564d8370f2f0e403995003
SHA129f7d50675f6e59f3b808eb6dcc8619384412115
SHA25650484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA51279c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec
-
Filesize
36KB
MD54cfe777c9f6e7859f5efe2197401d8e5
SHA1bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA5126be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de
-
Filesize
8KB
MD5c4fa8b7527c5873a36cf7d9132d71fd7
SHA1dbac2301f922fb1add70bcf0055e64e5b7907977
SHA25662f609c8bc556b4d0de87a2d329f20e4ff3b2aa5c859f7f368b96337032e92b6
SHA51203fac918fefe8463b239d7fe1daea8e6133df27870036bc9dc49da077d1a1dc2ae3f86431778cb7774faa401c086a95dda4eb2f7963861614302ee6cac9d110b
-
Filesize
8KB
MD502dc5d5415ac692ee7e75552ba53dfe1
SHA18ef4faebcde17e7f03e507c57fad2c8caa8d9c68
SHA2566397125cc58fe8e1cba96d3887747fcaabfb45c466bb680aa15f3126154fd53e
SHA512b44fdfef82677bba8c4171444f48eb1b7b929ac001da97c3042e671895234d3ba70d9cd868a369bbe67c70f08eb4572726582e5a0b42183f397228ab1688da87
-
Filesize
12KB
MD562b10287740c913aaf4ab50a4ab50009
SHA1c3785c2c4c4e7f8e40edbcf3febdea616bd1d5bb
SHA256fd99f1f1a3bf553dcc421dfabb3da9813ad2831103e5b17c64b2615d744d67a0
SHA512cb03ec5962c1fb90e7dfd140c8ec82d40f1f45581603ca711ad98a0df9cf57c8e10fbfb46223e66245bc126110b4d3147be59e0a8b4c2cfffb8802ea51cb4c71
-
Filesize
512B
MD57cef16c15b1798b1c4aa78a5a1b44003
SHA10130de0652f8684e81f62cdb10a7cc5989591d28
SHA256f333b2f378398814c5b8832f2a0af806559f146a7fdc28ae37fd5501710673a4
SHA512ca54350b4ec5122a5a0ce7d5a4ab3fcd407afaf3930ab8b27824f16c9881757b23a5a42e1412d4ef6a64ed4fd6771289d239139e20bb9fd6afda59c5439166fc
-
Filesize
8KB
MD5109d26012b959eb22d1b4e32041e0cc7
SHA1dfa2f28953d99e222392ea74ba78fbf99a919f61
SHA256ae292437efd8ab19145c473f893a9c2017fd684b8f59500474c30c96af16ea39
SHA512583fa08a5daf7423eb8b61e74dbb0b9467f603ba38b0668517d188b124974d2e7c0a5aea247bc3741a7f4f65a4ef290288ef0f7615412a78f921afdeeb9f442f
-
Filesize
8KB
MD5f0a6a966c3b73731eaef554fc5540479
SHA1ccf417ed9f7b6dc45832b5889660c3548b10781d
SHA256c59e77173fa4c2a45d676790c5d96713c02718c3d8cb5a7418e1df45e0da3655
SHA512c992b777008c297c500d3337191aa60109383dd0e45f46013cee61cf59e0091e2ed5ae832c2fd2ddb03604a531c9b1b2451dbc22c7c4d4b10f411ea4e8be16de
-
Filesize
113KB
MD5ada2ce821b8e511f8f6add01283da13e
SHA1cb40774aca66e6aab0cf599ad385043cedb4b3f7
SHA256b5e870d67328f1d1026a294a8925eaecb6bbc71891176cd638f09f320f0b3251
SHA512864701c7cd5f335f25ab71a734fc6a13499e7e772044baf8b8dd391095e4cddb048fb0760f729df8f5cdf1a1d38c1c5dff70d0588dc1a4bcbb3beed99b93ac27
-
Filesize
269KB
MD54390d216408575cdc9ed228decd7b7a9
SHA1de6c0a98808f1d0d22e6c5fb674799eb84666711
SHA2565d75cc5a1349c7205e168a3f77eb36862e872420de05dcdcf50bf36d551c2fd0
SHA512d2a4df330e0beb72e1483caf683fa104cdb0c92894c8757b068fd34720d062532cfe47512c805ac682cb8b9af8c1104c27950e7b7ffc83d5c54dac9b9865470a
-
Filesize
1KB
MD5dc27ee4855185e623f28200b40b42891
SHA1deab050ddfc766384dacb90625149890f230d4a2
SHA25639b5897cd124e021467bb0b59cb42937f0883a16f3333b371604333c29c63fe9
SHA51285c66af9d6ffce49e6d7986562aebe9e32b25795647cc9549e245204d82f2d59d7685cbe2826f62b4b6da754f5e61e0dde2714d248eec7f6b4d9d89d8ea8876c
-
Filesize
162B
MD510b16aa098da8c0b5e2e7ef4c73cd205
SHA17c3e863df9b6ea48124cbdc00552fb62e6890677
SHA25638e472e6f1af643d784e5609d4c9bf9c6f8e997143d582898d19a498d34d3423
SHA51229dfc98ea2c16bd71085cc1268afb4a089e5e550ce4799c1286abc611e4c14d48609557d1709838f86c548a1312b5fd10ce94949b038d36f63aa828144c94a73
-
Filesize
350B
MD5682cd01c19fe72dc5041d4c1f375d93e
SHA1cd45bacb0ca44c37ff66826502dd6c526351614f
SHA25603e0035367e7d0898945cb4377f16e36ac5223a109416b1fe936b02cfb2b4805
SHA512e95358943275d640bd796f36d4190db5ff34e01cc3f5c8fca176df44d0f26a31d1b155a85ca345a538512630bb9f50e8992d48e28a2f484cd3a947621bd27e5b
-
Filesize
5B
MD5cac029e0ca8add40d4d2aebd45308572
SHA158620a1744a6814de3441b4b379883c24c3eb145
SHA256d22f06e7707d70996e4c3e407358faf5b57f9eb359a33913befe74239393abbd
SHA512293b62180db178e80f947acdf96a1da42a33ecacd789b75185c4e79d7d615d284dc48b19d435c0863c6fca3627ae66933dd7f130e0cebd1b0e3010b139dc5955