Analysis
-
max time kernel
130s -
max time network
136s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
15-10-2024 15:03
Behavioral task
behavioral1
Sample
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
-
Size
14.1MB
-
MD5
487abd92a6412fc35a9518bd4c49f5d7
-
SHA1
094d5889f17421b96bd4fc383fc5932a29ecb7b5
-
SHA256
f995985d847a78ff1987d7c60786d5372cc8a107b2a9816c5843851e355eb300
-
SHA512
ff9d4dca41fe0e409756d482949887a0c8f1593e83953248c3e3857ed1b7a91a7d5415ddfe58ba2e787627162c1140f5b6097751fab8780f0d9cfca7d65957ec
-
SSDEEP
393216:wYS4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhI3:RSinpjgqvvLPr1WzNJejkhA
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.dromon /system/xbin/su com.dromon -
pid Process 4258 com.dromon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.dromon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
flow ioc 5 android-monitor.ru 7 prog-money.com 9 anmon.name -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.dromon -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dromon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dromon -
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.dromon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.dromon -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.dromon -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.dromon
Processes
-
com.dromon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4258
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD516264af6b4d878bf23d39b6355594db9
SHA1b21d39b00485b55ce133d1d65ecc0d33812dc3c9
SHA2562e39d98ad582d91453b3f066aceb2b97536b062b7a37136bcaafd92fb59ff5e7
SHA5121da00145b8429cc21a0b9acd08cf267e4139d8780e6c287a6a7b4b016cb43448f4192a31c07b0655fbeffcd730d0e8a5b7da12971403b9cf2a9baa04ad5120af
-
Filesize
28KB
MD5079700dd24e42c6c986319268907fad4
SHA11e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA2568c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836
-
Filesize
20KB
MD5adc8534cde45e339daed7d29156a4e35
SHA1960d1a599ec8f38f52684a349ab528f0e12d1246
SHA2567a0fd1cae9fc1b3224c6cb193b0a9ef3721c594b392f0707a1cbc7b4db4f64cf
SHA5124ec7218f836f333cb24347c718543808e86f73ab1f95f8c27c858927be05adc6357b101c641cdc20b0d7c5e8d69983a7e737a37ac22741db4a2dbfb72ffa8218
-
Filesize
104KB
MD5314aadc81535964c661557cb8db3bf0e
SHA1e5973b4e304418f2294c7d180a874e5554c2834f
SHA2564c2d190b9aec8f12ea9aaea0a94e547009e6859936c15836837d695b1f4adab3
SHA512296751773dc5e10aa0411da3f511dea502e70b38789301d3e52be061a0c02174564ca9b92d19468a2d9793fb9a1b39f6e0096414de6fea8aae523d4399c3d1e7
-
Filesize
512B
MD5b9f7ac368bd7f26b88e13f3ac7573709
SHA1c889d208c0ec71dc1dda374250823cbf3358b166
SHA2561401d56932bfb2be60c029c10ddc6fde39b578e9c1ef850526d046ff55c12227
SHA512369cdacee08ae0bfa59e23b439724c26ebe89bb846ec48cd347168fb5c093888e22abff123100e88346af28f850e82c18db8536cc78784a4ac94d6612556a06f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
221KB
MD508d26029bef1c8a694d6e6b942a05ae7
SHA19d28fb68e2cb7d88d98c086c50861dd151057fab
SHA25638d6b7fc53e6ed9e8a2fac004214f2b249a4e9565e31de32113b2dd00cc2a155
SHA5121ec6ef896f0dfd175c4977aff05695b9866cbee37d7326ea66cd963bc42efc554de10106bf716257ce5e71c5afbb900d3ffed5b112e9df3125aa1558c78ccda8
-
Filesize
4KB
MD51a50945d6ac90c66e415619169a0468d
SHA11a420f6b8b94b80f1b5f18df7d59d08ce8c05556
SHA256ca4caa3c2cc3c1951cf37230b7b0b91a0ae6bcec6dda7ae4aa87283b86ed17da
SHA512545fa61dd5b4cc0ceefb6a07eef7f71a5cdf5e2d54a635d22509eab43a88b10fa4029f7cc6086bf1152bad9986509a1853abaeadfe0982ae4e19f03c628bcf67
-
Filesize
8KB
MD5b811836a63aa0331c38ba97c0a07307f
SHA17f05bcf906fb24f2bbfabe2e86019c7c3782fa8d
SHA25605a5af2aacd08059041b042d8a903209415e02e6899e7a6772a8b0c257769792
SHA51201bfae8938c9d60545b1f48ee3d9b32f3d23ad6a737f4bfbb403d145ddc08dacc00a5c793151c9e08a20a8290c44438ab4d0d9c53f6a400c55f0bc05088ea715
-
Filesize
402KB
MD5d88e88a62dc45df73e4710929baed0cf
SHA1ddebc670de5a485d1c6dd503e3b3d2dbeebbdb6e
SHA256fee2f79c011e3813dbab9e5092ee2c6c6ad3736fd36f7699a2ab06a50811eac1
SHA5121bca4db24671cd1dc39d0e10966cd9e4435dd5c9e8965df39baef63c5c75cbf10ac530508e692da2e760c4e5b37d996fee9ab2cde181b73092584afa3741848f
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844C039D-0001-10A2-AF3EB7964BC1BeginSession.cls_temp
Filesize78B
MD5d226dbde76c0eb5b64907d5d772452b2
SHA1c4348f4ec76a69b5422243ae1d4909031867946c
SHA256b734765960f8e03e044c1a714ab5ee31a19c7475d4b19bb86df1a3abcc98a6b6
SHA5122de26d208ef12cc2b0ff9a31a676398e11e87ab3343d6741802f1781269bc5713800918b8f3e36f5464f8edc22c4787fef6240fbe762c9a6957b074ddab0230b
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844C039D-0001-10A2-AF3EB7964BC1SessionApp.cls_temp
Filesize103B
MD502a80cf930a0f6d07bcd5a9621b21c1b
SHA1c9e6af011cbfb347066a3a3742c4ee448587a5bc
SHA25660aee5c0eeda8048ecf6e1ed7b3e1a517bbd47b748436959924d35261f219225
SHA5122445a41700e70ced153ba8b56d1511d5f58bc0f6209361643d8f208471c77fd484b9dd3a32401e9785e5203118f442e3714037fc017396ae33c626e7c8d2c550
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844C039D-0001-10A2-AF3EB7964BC1SessionDevice.cls_temp
Filesize88B
MD5e01d5f537048077b1aff7074b0c7a60f
SHA1f6457677955c41b9a6110a716d5343efe4eb5528
SHA256fc193504a4d48002cdc5ad48bef680e56dd60d7e2cc69ad6068391fcb3f4c6a8
SHA512dcde27215d059ebfd6ffb25d3c95ed01dd26ecf4e6fe93fe46bfe9392c51a3461804b46e478978ef3c32bd1e75799fa08be523a60e7370e9b1f66f6f6ff9f334
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844C039D-0001-10A2-AF3EB7964BC1SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844C039D-0001-10A2-AF3EB7964BC1user.meta
Filesize28B
MD52e24f7e64aa1ff176b3d0bbf66b47972
SHA1d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA2562eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844C039D-0001-10A2-AF3EB7964BC1user.meta
Filesize46B
MD569de0fbc5ecc151462b35f5c0795f4a7
SHA1871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA2569c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-670E844C039D-0001-10A2-AF3EB7964BC1.temp
Filesize87B
MD5ddc0c1004d2d6e17f9b3d6d602ef77e9
SHA10e5dc3235c5125183979e96a46070a78ed186145
SHA25616498faff475a574bcd195e29edbc95bc6d1973e3e3de8a49c18d4174d9bd7d9
SHA5127703ffb222df1926bc28ca7a9f81448ae1f89e4158a7e4d2b9dc9a1356cb6780916c93336e705d1818099f06ce3786d5e9c4ab65339cd72361721e8138998c22
-
Filesize
409B
MD58d03a86eab129ddf132268646c39fcf7
SHA105b32445b84445c9d09e658c915960c89ceea8d3
SHA25608a71e42ae53e0565f7a91aa9421fbe47fd667fe9f49291701d7607c03cdde29
SHA51278fbb7e55dd5bc9cac1c23a9c48fc2770b0703b3123e8e6ecfbb007f1633a0d20302a14886d83a725a96d3a31a2879d93ce14446cc371879c2a8c766c66a4f5e
-
Filesize
1KB
MD5091ac6b0bcfd95825d2657eb5babe2e5
SHA128bce8ed2c957ff7e255d3d82d2a48ddcbf3059c
SHA2568f4e8eeb03208d3b7ceae0b8c186626eb0574b207042423c4f319fe0c9713693
SHA512f9c6e0ea78c660392907a356a45699aa9a800694b3a5124b31f6beeb19292be25d1346a80d7326da2a89cafc6608bb32dae87bfcdb1785e398e5cc6835ea3059
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_09d4ee1e-3004-486b-8596-140d9aa7ab50_1729004632774.tap
Filesize414B
MD56aaad1ee9cee2c12ce8de048432dc329
SHA1d963e7aa66f0d55aa367c3dd02fa8473b4a4befa
SHA256dc92d02a60ced38334ccc800529ba136df19dbf4aeef705e26b3a67cd2a7ccfc
SHA51216b7f6026e8b59369fa36059023615597d43dba2977adc700da8b6863af6399eb1528a10b8fce44c3b110d87213bfecb0ff9aa1f4f4a8b3c7e68737b3ef6b44e
-
/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_87844389-a035-468e-be8d-96f6f604bb94_1729004621553.tap
Filesize334B
MD53b25dfba144cbd12189554891c16deaf
SHA151fb65dda537ae9db7e8995b94c8c11c7c0fa245
SHA256568fd6d48a8572e025693f59a6ed7565a953303b065c15650946354cec90cf8c
SHA5128592cfa076fe78387d4c64753ef6b158021a66222e8b5a746e5470e7408dccbc99f3435fbff400301611bc8838a770739fdc3c03c01cc6d2c706d67b4bb304cb
-
Filesize
46B
MD51e50a9cb85bdd640ce4c56767df9fdb2
SHA122d548c2f85dcd4eb84bee7673a0ea3cea68f097
SHA256ec10e56792e31fcedb3752a172bb43489ba0d9a9a273ff5f18b27a8ca6fb6b39
SHA512d30fab9de1d38b682ec0895523b7f737fd4e5890edacf5222e54d9b7c99824bf4dfabbf4cb7fc0ec1d07b3b6ead39d6e2a0367880d1aac984962c81f3bd8dde3
-
Filesize
59B
MD56a71a736c95f381b6df830846613c2a7
SHA108d06dfbdb9b9d046a4f77082bd7b1d17a4c5c1d
SHA256186c671b300e2a5793e690c2dd1683489852a10f4fed63389fe11d5a3543a3b1
SHA512ad708696acd6603c7180e6e00ff085774b4d1fb4710b1f9607063f8d7636d02fe47400247805008cab750cb3e46ff7ecfb87bcf73c9a3a2aa144c3be798c3f5a
-
Filesize
74B
MD58ffa7997151743839907a57d92e293b8
SHA1ff08cea4f2882ed9f8f1c40392f6641a70f1143e
SHA2568ab4c817e263036c6ce206599ab5a86dcefd17bf4d7f663ce7d83b3e661a6af2
SHA51215f6dd5d615ff877dc67b4094e13cf723897a0def8ccc6d32115d3398a1c9d7b2a7147233a8928695f7407c826268c6f3d647727a89e5ba0b87f3690b9c03ee1
-
Filesize
55B
MD5d9830e4bc3408fff88e87c4f537646bf
SHA1fe43e252f72c1804381e906f90c41cf1a27d030e
SHA256fe4bf0b9215270d594edd0cf91144af353e8de83aa80da6647c2fbf2367c4de4
SHA5127714d5065060119c86cd0c0552b3ed6848f7d4dd26f4059d3bfb63fba47a10436b4ebcdc1750463bcd3eada734ab253c71041dfb76f933e0ae112500221858f9
-
Filesize
48B
MD5ef472cc04d901a94fc2f50c4c575e83b
SHA1707954e94199e5c711da3edb915e4b8dbbf4ff7d
SHA256a33126dea60b808e5a20fe0cc3eb85890f78628dd653b809326edd93b3438634
SHA5129086eb91dacf9720f6b421c5d923258277ba0f90334d075c0264ff85bfe09dc1f5c45efe591a1533411d0c40bd6f2d717f4a576ced41d1e5d20bb89f3ff205be
-
Filesize
51B
MD5e6f68f2bbc67bff16f54ba11e37ef8a1
SHA17ef24a5540d93381d10134fff704cc6056f7e527
SHA2561109856b76513f58f056cc7b6bcc4dd28c62a7ff358e977593a3151a8d6011f4
SHA51279d3d645312559be8205d92808c2cc403739e95448b9ad978cc71a66ce06905e40ebd714f44c9df9a9bf2f3e61f234304fc221ec2e1ec90ec8250a4a57a4c188
-
Filesize
681B
MD52bb775f1de4c1237f0e23ba5ef6bdcbb
SHA1bc25f99a072832fd18a0af59ece19776c3de8013
SHA256be259ebc695841b897219d94e7b776c8041a9483610821a6de2e30086790b7e9
SHA512327ee722d8f0317c3b641c3e59a1757a7c8eb288c1cca814e9e5ee089f39291e983ab86bd9aa5890751277c48ecb709e43e0ab155163d234a9168e403f1e5af3
-
Filesize
4KB
MD536360ef9a8a3f27b9523a5b27808c6c4
SHA14561c0c2100b62c62e976e1f320c6ae372cb6a48
SHA2566142f8e99977d25fd43b8a58d8c7552e3f53fb4fb06ff2ffca8a1dfd7a10a8a9
SHA512f7890e5417de56183e2b50423e7c8984e5e8a7829a00f2d8e1e4f3e5608feb9956b94d25a09722d0f5ed188b054d03c585c58c627577c5bf1172acbc2854470f
-
Filesize
1KB
MD55c26d5784fad26e65bda75a5046a42a8
SHA123c6766532bf9bb14407592d290fa38e8e9b7831
SHA256efdcfd9780cdcb2f5d3871d8b740a8b3ba7cf0d4c90ddc91f6d33b5b46202e0f
SHA512fc6767d481722fd72c4758b8883323169bf2500622cb55421d357ccbf17ca87038a0ff8def6fdee396584d775a3552bdf3b40a046f6be5a861140362bf9f0bb0
-
Filesize
204B
MD580e8b4d1d06ac01d9ef53f513c23096d
SHA13c863f28986b1a2da6577e6a51fb5f983ac136e6
SHA256cf574a679024b0546db23235231eda013b105433fb3f8766ad740cac4b9f2d2e
SHA5129b1a7bebdd0bb7c9bde5b0be73ebc74652a0adde23b0ce763a45c00dcabe806f2045b343a8623a2b4e54c5cd7236e78f1c7f9bbe9d1d166d6f8ddab7e7562575
-
Filesize
249B
MD573b4318db514a40d8561d7430457678d
SHA116a734c183cd6df449a58cdcc0997e01ee241052
SHA2563c277292ec24b118dde2746ee7382470c4a0c6a37351757dde5076c45cd69882
SHA512d7c03c1360ea54c2d2e5478bf37b9877061a018f802c6afbdc7142f9a3f6506db7923e2a381f021608a10f580bb412634b8cfece16d2e157e231ac09c5ddcfda
-
Filesize
10B
MD5fd5b98ea58e94fffa1df623df684d3b4
SHA1eaf9952ebeeeee38df60c9648aa728f2d2f7a52a
SHA25673a03ccf7af8d3e9a1270d54680f56749588fb49511b94a424970acf69908d59
SHA5129009ead16766df475cbe0cbde7329aa905512f833b938194603242efc9f33d88ee441495066f66ed0dce55f4d5248fb3bd66233e3176c57ede357663ad705718