Analysis
-
max time kernel
4s -
max time network
139s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
15-10-2024 15:03
Behavioral task
behavioral1
Sample
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
487abd92a6412fc35a9518bd4c49f5d7_JaffaCakes118.apk
-
Size
14.1MB
-
MD5
487abd92a6412fc35a9518bd4c49f5d7
-
SHA1
094d5889f17421b96bd4fc383fc5932a29ecb7b5
-
SHA256
f995985d847a78ff1987d7c60786d5372cc8a107b2a9816c5843851e355eb300
-
SHA512
ff9d4dca41fe0e409756d482949887a0c8f1593e83953248c3e3857ed1b7a91a7d5415ddfe58ba2e787627162c1140f5b6097751fab8780f0d9cfca7d65957ec
-
SSDEEP
393216:wYS4HEep5BViqsS5vLwuUT0pvWPRtqOJePLkhI3:RSinpjgqvvLPr1WzNJejkhA
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.dromon /system/xbin/su com.dromon -
pid Process 4506 com.dromon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dromon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
flow ioc 29 anmon.name 21 android-monitor.ru 26 prog-money.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.dromon -
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.dromon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.dromon -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.dromon
Processes
-
com.dromon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Checks memory information
PID:4506
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5250cfde9e18fd4cf5da230122c8cb503
SHA19cc2a314ee1b96fade77706a93a240949a123240
SHA256eccdc5a4ec4f822abd83407b4210d9492704f3bc7feff29ef8269a9bd2de23ec
SHA512a3d4833ce4f1ec02cf307ebf44cc8df4161d299aedb11b688970bf9dc9d6c2416af4add124a028c632d701093c4a7054d05019d5dc8ed05b6cb9dbd7b2ce5531
-
Filesize
512B
MD528072e8b681dc94084ec8e2b56f966ce
SHA1fefab2cd0fc50510dda0862c303734f037b6206f
SHA256f2c0883a6706eb2595cbf8a3f4c13530adc61df4c83da192fe242f8f14e2e634
SHA5120e5db7d53bd7f0c3eead073495455dae80c36515b643a397dbefd2b24147e1f58d671f71452347c637c03551322ea95205c917a07d146e9df13682d451623369
-
Filesize
8KB
MD5bb0cef5c2d4556bb81d3503874ea174a
SHA1a18f0640a61982c34b3709ca8aee953425f434ae
SHA2569874f14914b25e2b19cfb073987635acce5fed37fbf24abc4821f92e53b36f1d
SHA512d09de5766d698f6bc53f2169edd28b705a128020c5fe5bfa2ed3ace6e186d17a0b7bacc0f3d6d70523d69c0f55e2962ef025d168f24979a1b64dac50a49878b8
-
Filesize
4KB
MD5e0805f7eb5ba0e721337377a0dcd6013
SHA1a53fce3c7e9d4fdc9b449ead75acb38d6cb6f5a6
SHA256dea108bd8ad1fd8e83d25545a3ee2aab62f9bd4df824b7131c86369d30724b2d
SHA51209f04ae85e6388714dc36ce48156f3ecf53764f0964a918806650bc6a1545655c4bac6de9f30029677143b6d4179c8ccfb6e892a5f61eec052efe0f54a4b47e0
-
Filesize
8KB
MD567e25b8167e6eae87ed04ca6895660d7
SHA1715663a49f38ba7b9bec193f1f5d5a66e1c97ef0
SHA25624cdae926d13edba776ef438fd762ec3a8c4ae2ef83e9fd68de9f6f318eecc8f
SHA51295f76651505bd0510fb77addf59538a46c9c2b671cc1ba43874e3aabf50e88bafef63c826f9f190cd4a94dfe7719bcb1c5f1df709ac8047702186ac74493e80a
-
Filesize
8KB
MD50ec39b4494c9ef6b966e75c148a3a81f
SHA1d368f01fcc9be8c6e393f9cd9820dd6ab687cbb9
SHA25651be048c512c4be3f4774089e96bca748df5f3e7c349998b35c9ecdf60dd3ed7
SHA51288d37e5dda340b132fc397c6c0da8a6b2b1c87f2366c405493038ae82cef0a75f749f0c20657ac556010ea5dabd2fe5e16345719306b66cb516ed12a4a23e9a4
-
Filesize
8KB
MD5e2f2c6e3c44f9daa2e546250bdaab65e
SHA1fb1e182e5d5124627b5721c0deaad83c4fa3dad5
SHA2565da129b5c3fb7c5e632007b3d30830da52720971cf4497b8d9009de76fbd2795
SHA512c43eb3ae5e6b9b8ae824ce70db2ca49710ff81d70312a169175d5045f29d282f8bb93f5ae24fb6124aa8abaf6dda5f32ab501ad5055b1c53a5623413219a080b
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29BeginSession.cls_temp
Filesize78B
MD5442c043e488c2cbb929fc93dfb9c8cca
SHA1e290ff04a9270321760da5731a6a8476f0eb9aa1
SHA256dffa8b8e93fcd2c6a2e2f4820dbf6dcbd1fa3cb8681e2d43fc76a9b1fe3c004d
SHA512fe97b0b15584e70f766f4d6287e000bc6ef0cd4ce415183358e93357f6f0e39a91854f810c61d4c498d1c89e821e7dfcaca35f3ce860d6f0216d5734049b8277
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29SessionApp.cls_temp
Filesize103B
MD56f264429aa60a94d16e5711ab802198d
SHA1467da41a06aee4491c9924d5c53400c0960fb32a
SHA256cd60af88c578e2a2647b0f21169f9306fba5ebf3e91e5278d5dfe977d1e7d8c3
SHA512e02d08e791b112919877e5d476073857e2b6ecc7dcaa672d9f1eb0dd6b02e34d39f4d34a8f4622d45e85f93a72a5c1f36a62c1bc38e8d19984774aa1545a61e8
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29SessionCrash.cls_temp
Filesize13KB
MD58dc7d580b5927bfa0efc29ed9c23915d
SHA18b475b77aba5e112b873be2c3577af5e26f916cd
SHA256375ce719a3afc9d067f3713469cf1c3926107168547f99fe81ddda143a7fa424
SHA5121cc3b5d40bc3ee8dabc33f251440acfd8e1caca83e6ee0f029da3a067133e99ed31b0d0174e8169060e6b603a7d928e370084f666bfcb488d2825dbab287ec28
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29SessionDevice.cls_temp
Filesize88B
MD525e6025968487b9d7fe1c848159ea635
SHA192f9b42458198eba0a61d6e8574656563cab28e4
SHA2561d6d26836e39113afbea58109c7fece85ef3da693d64d3c4247c3a7556a5749e
SHA512c88b1a584292b6531e6d6c4f4fcd28f34c4a6f33351bfa90481ad8635da9c256e49fd19cddb68caf5253724867f92df065633af0cc438d8235edbb0cd0e941ae
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29SessionOS.cls_temp
Filesize15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29SessionUser.cls_temp
Filesize26B
MD5b8eea30f6e25785206ddd3d19f5f96be
SHA178f94313acaaa18d9bf8465550765a0607d6df43
SHA2567d1be0076508145d14df4bdc7e37ad98c96aafa4e2035b78c2f1d7bb93cc1cdc
SHA512d0a43886b318320bb55a2a268405f093509af76c852607ace17eb1ddab34c4ce69faa86044f02a08974e5db1be861332f66400bd8d6c75c94b6f9017170aee7e
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29user.meta
Filesize29B
MD56f3bf9dd98b2e511bff7eb204ec6d254
SHA1b1eaafe8cddf7b98783a095a725d6fc768133d00
SHA256b2eb715b3b4b639f36fedce1ae2d09233544a0c234821be07f96f16adc0659d6
SHA5120bb7d5e43f6441afd011935a0edb8a8482e169f10e3860ca4b70418aebb7866138fb2f257c72bbe66b9f736a9898fe226b1673c8e11bc6c9845b4821877ea372
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844D01EB-0001-119A-9F920A64DC29user.meta
Filesize47B
MD5fc144e611da462ed2c0aa3aa355698f6
SHA1ab574d0a0c2a2d2facdd725509f0df60fda6e011
SHA25632482b6a4b7a6f806e6ef7e4b407e910fcb188507fb0c3d3dd1af5e95c75d86e
SHA512fb6e0cb39e8a3e0b847796ef8e1da209e9c33dbed5dd1b193cf1a14c24be364548358341e583bda6e27612a56c4865f15d91897a0a7591ecac243e6cc3a895e5
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/670E844F01C5-0002-119A-9F920A64DC29BeginSession.cls_temp
Filesize78B
MD532f2756b9de9a8da5b25abec81e30511
SHA180029b144deb5982dbef8a16440c8ee588bc634b
SHA256141a5a6f5eea4aeae89db0c66e41069d7b2df2d510e0c92f467372f2902aa763
SHA51235b64543df06e56e2f860b98f82ebdf8273ddff20513396332f9e28350799e0086e23e938a33652f5d60538a392e27d1bb8f02f9bfdd107162316e23e7bd9572
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-670E844D01EB-0001-119A-9F920A64DC29.temp
Filesize88B
MD5070a60c0cf7b2baffb5c44be6ea521e4
SHA145129c494643429e07f2463d49098854ca73e457
SHA256ebbc4afc8effec61cc379f929b44834be982398c9323443a7d486fd8be93bd94
SHA5121ca87c42ff91ae60c4f9d4ba661ac7c1e24bedcac7eda1448d13517241826f83597f490a5479d657a62086916fd17cfd2cea64ba7c154d77c91935850594becf
-
Filesize
410B
MD50949a8a0617da37ad76534e8f7d3ae50
SHA1eafe5142db7a847d6881085c55f0a97ea3a24292
SHA256f24eadae8e94f63f645cd2553d580d50c2b92a5a49c49b0f8336227ed3f5bddd
SHA51261071322bb0349ea6b184bcfd954f1179930546d28fb3925ff1e0b92afc9136b7aa1003a44fc722de61a299d892572f0781ac1a80c7ee9d730b84297b2617d9c
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e8e6d826-62e1-46fa-96b6-b21e3279c8ac_1729004622080.tap
Filesize335B
MD536c6c87052500535917cededb730ed3f
SHA1bf577930d20908bed39c90ad60146251ecdab99c
SHA256a097995044e24bb2b87f4f85ec6ed95e7727b7bd4af78bf862bed8e0a25ecd68
SHA512025fb0d7669278759db50b217148ba722ebee4400752f11ddf21953c3c83755108664f0998fa14c11d6cf24324256260fa96ed4c17c167219443f6943c02de2c
-
Filesize
46B
MD5cbe8ba5c2fe507c676f6f05217fadb08
SHA12da62e27b69a4db117a78bd0ac67ad4ca292acae
SHA256e8929117b022552be880afd721d1514b5e6e887907d982c4d7fbc5fb389f18bc
SHA5121d243115fcc9852c4c8f3bfeb339afff0ddfecfcd0c9e045847a72ea8b6fd0a6d98063d2d3fa395f6f494f182c1a1c5a5329006470b933517c22fede9822c23c
-
Filesize
59B
MD52bd6227cc235a74b200add328bcf5724
SHA1d848841f2ab60dde032d6e3d3a832c18b07fc112
SHA2561020f28ef53deb50c4c0941986708b1febdc989fd227fb7da4e6fc4864316db4
SHA51287aa8ae7bb9f985c2d4cb53f9ac752b5326d1d1a6cbd05d4b837bf8e90887bd49a9a266068b8cb97fa76ef2c9aaaa7add2a7fc5b6fb97a2b7d294d3fdaccdd23
-
Filesize
74B
MD5cd371eaf255b0f91196c23b3b06fd6c7
SHA14efcf56e68b692d4eaa536483f8b35fa0aba63c2
SHA256fc7dd64af30dc83d304248c9abc8e337c04ee27e3e66ef4b1c8dc66c6db705ab
SHA5122b894a8d373c5adca34c2f076fae20898de71b861ecdb0f79ab350e3e50843d33286dc0493093fb374251ee121b95deb1ec7e6d1bc60bfdca9deb4210172ed01
-
Filesize
55B
MD5063cb98c6e0ef139ce50b5a1a7e97853
SHA1ce621c1407e9b1881244ae3237036cba89af292f
SHA256847e0e1f4dabe701b8d6cb7c0428bbb4bd95df57eb73c3fb078118bb1d71f195
SHA512eb10ec97a1168ab7506808b197e867de3b3fe65c4be68f0ed70e6ff322607d7504bb40c93dee9bd4eba8acd3264dee20e28d5aee9dab85a0c4148600a02ddb81
-
Filesize
48B
MD585393c34530125c909effd31571a2e5a
SHA1faed423886c3882b2b42882113411832cf50e2fc
SHA25652401d37a4167af2032bf4192884ea40b544d042491deb37602979fedcf2fe81
SHA512c73915bb4fa5995fd471a2c5562c6e23d8f62238ced4489a74b3b5f6c1684095d33e5c119cc1b49f009679707eae019dbe734c88801ca6273f51bcb7a2656bfd
-
Filesize
51B
MD5e688004a44ef7e62c17fb3a8fb623d60
SHA16c64e9eaf906d6eb932cf54ab93ad0d0b9dd8f13
SHA25622c8155fb95341ac2f81b3624a46c499b24322bf248024b0b130e81d61070c51
SHA5121f5940aa2a88c32d1c2997dc24af31f431c87e66e25146f4d611cb4eb3ec67b22432c0ee794466a3bd622802cae6703e8a3528ea5b54d7230bc3078cb0ca1ea0
-
Filesize
681B
MD5f90555d35a4fc9387606ce40eca58890
SHA1b4662091744d5244294760e9f3fe4a88b5429df2
SHA256fef0e951fd7f51aa4fa4d2bc08aacc449cb30b76759af54d6c998e15626124ec
SHA5126ba52af36de8f7cae9d741347100234da49fa960ffe8ff57122fcc21b0df045c797399db3e598ad453125a61d85225aa8ce546ebd14f2d77035b9e64161350cd
-
Filesize
249B
MD573b4318db514a40d8561d7430457678d
SHA116a734c183cd6df449a58cdcc0997e01ee241052
SHA2563c277292ec24b118dde2746ee7382470c4a0c6a37351757dde5076c45cd69882
SHA512d7c03c1360ea54c2d2e5478bf37b9877061a018f802c6afbdc7142f9a3f6506db7923e2a381f021608a10f580bb412634b8cfece16d2e157e231ac09c5ddcfda
-
Filesize
10B
MD5fd5b98ea58e94fffa1df623df684d3b4
SHA1eaf9952ebeeeee38df60c9648aa728f2d2f7a52a
SHA25673a03ccf7af8d3e9a1270d54680f56749588fb49511b94a424970acf69908d59
SHA5129009ead16766df475cbe0cbde7329aa905512f833b938194603242efc9f33d88ee441495066f66ed0dce55f4d5248fb3bd66233e3176c57ede357663ad705718