Analysis
-
max time kernel
143s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
15/10/2024, 19:29
Static task
static1
Behavioral task
behavioral1
Sample
499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
499d227e53e2e0df1dc808d2529507ac_JaffaCakes118.apk
-
Size
342KB
-
MD5
499d227e53e2e0df1dc808d2529507ac
-
SHA1
eeedbf4c50f68467e6ffd701a425b9ec8fd53a0e
-
SHA256
0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d
-
SHA512
864a01a2c164e33e97cfb36fd551a1dca274286ecf3242a2fc844b8ab2ce9f0cafb52f6e32a3193294c10d2be66d596032d6fecad307755a4123c4e8ee403693
-
SSDEEP
6144:2Tplw2P+sb/S8sN/Jlf+xHssYRXBlvNqUH/wD34KSvo3oEkZvBdkqj5:2te38Elf4HARX8UOIFvHLkQ
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener g.xqbooster -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 7 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo g.xqbooster -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone g.xqbooster -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver g.xqbooster -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal g.xqbooster -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo g.xqbooster -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo g.xqbooster
Processes
-
g.xqbooster1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4994
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD538564ad4c73e5619bc2264b0c44997a5
SHA1e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA2561820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA51230d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d
-
Filesize
32KB
MD5980e560befd1a01fee13025a03a396fc
SHA1570c3ff960efe4ecddfec15d024e8febb66403a0
SHA256a876727a5ae1821832849b6e8a4c9c2523888bc52d62744760017ffacd22b5c4
SHA51269f9db1ccfaf2f084d8643fc4e76da84d4241b2cf4155d1f345adfbf6bd0adcc45f53d2a0e89b4bce6d2a0789d71f68bf19abebc1ec396eb13ed12fee9660cf3
-
Filesize
12KB
MD5bb939029070eeaea1fffd317f3ac2631
SHA16c9fc4c90467aaf0d35694ffd0f2fa97592662ef
SHA2563f39db6015c7f7fb1b9035bbb9fbfbbc626909a5b8951fc926e3030964add316
SHA512146b169e3f6046c1f759112e10c9e1029b66091534800286601020c8a06cd340e6ff4a163dffb3cf32cd1535bea793a32e916f3b056e7f14e3072831316fe95b
-
Filesize
512B
MD575a6ba0fc2ed69b20adaa5014dc77248
SHA15b22b455afbdeea06ea56bc3df6877221c835fe6
SHA25698b2e758a177f773406b4755fda92fc48b669cb4c1fb79dbd6eb190b212825c2
SHA5123caa191dd212b6d187fc7ed6a5987d3483d7bd241cb467de8101db2ab4f37a02e7c3f7eadeddb9ec57e03d28097280e62a003ca369084d4b8fd1888e9dfb0b07
-
Filesize
8KB
MD53801fde58b06bd4c14401d88e3c20604
SHA10f40b68f2ff33375eea813fb93b59ecc9a2df4b4
SHA256a8afdaeba76053d770c20f582d93d1844f43f31d8989d500e61d28c8bfde1f24
SHA5120a56f4ccd268cf011b9eb9ab6441c810f6ecdd4d7ebb67172d12dd6d151e13bc23e7a08528cf9a1c0849a362d089be1a2b2e3af77657bfc4c5e96244a82d4802
-
Filesize
8KB
MD573a3de1936fce46f9743f023d9d3a633
SHA17da689510bc961b360ba1140065ed1c4e57a19c6
SHA25688dd9f03571dcc463c3b8167de5ff6213cf1b655719fc47207b707b47b093fb6
SHA512a1dfae48fd1cb94a031446d0fdfe669a170eb65d0d182c2bcf0934836556d60ef4bc6aaeb10e66f28ea0c2959b825da0255a72de2bed4d59aed4ff57ea6ed8bc
-
Filesize
16KB
MD5980b511153858c9c10eb75632a00f858
SHA1265c9e36bbc81e27dc048ae58ab9507c09ff6bbd
SHA2560b84407a42c161e4f5976686753fe3e03fda658215fbabf165d5fc483c480700
SHA51294feb5ad96a22c25db36f24aa4c032aff120a09a7bb1becf59f184a83c3227418627bff8ed7721c588cc2e2b3cf0203c1164ca7b1d89112147b046bc538e9943
-
Filesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
Filesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
Filesize
512B
MD56c65a8de9f8e216279bd998b4c3e961c
SHA15c35aa16828106b207c66f475a2781d07a67055e
SHA2563d2db116b1fb242fbfac883aaa9da589410ed2ecd7c2a4cb67d9ad9b45174999
SHA512e64f929e2b221ffbfbd419a978f905b3ffb8eb1522898256ef4fcbb31e947ccaf1a4d801c8fb0415e3e55dc75cdc578d73466a923815cd95795ca0712372e96c
-
Filesize
8KB
MD57eea89272a94aa2841c466582b995187
SHA1587ebb7bc8760f6aabca68365ff006d1d2171210
SHA2566e99837d40ce80e26594bf928b71a901ebc44ac641e93bf2d4682358daf579ac
SHA512ebfbf731ee49d6adbde9402196a4f9c8a8147e37f08a391fe542cdf141f905fd04d9970f1df2eb775e2f5c8961b21d4c4ce065d9a50c4247309fec96275ca646
-
Filesize
8KB
MD56a53fdfcb3b2db6b665dd7fd568911ca
SHA15575d441ee1a3aa332ecbf4041055a3feb8b9ca9
SHA2562d8f3edc5e105bf34eb0c44ed8869fc4a9cba0f43b4a405faa17e8a384a5054c
SHA5129e344848e10e99212ea92695f7d3bd9c9e00d6cf8950c18f1375957abf1188baa645e05d4e3d92b3e88d3847b4d44fa2796aa147f98796184a686b772a80546a
-
Filesize
12KB
MD50c5cae18f877097a06c881240e0541e5
SHA137e1d8cb9d95defc8d9d7bed695d0d84829362b1
SHA25640f83f3a7b51b4e1d62fe4fbf3a2e574100a9978783323ab26957b401f3d7d31
SHA5126fb0fb9599d2a697adc6a9f4e58ddefc9b889cf87679f400d601cfba93a79db2f46fbb9a63e639d510eb33c26d6fed4c1acd397090de9c73f095c2ef8fd0f251
-
Filesize
8KB
MD558eeddaa5c13c1849c48cbfa7bc4cedd
SHA1d021c80dd71b1665596426dfb60440d90b500879
SHA256a3e4fe7b4e81cba92ab2774d0b1e0efcc417e8e81166909c27428745adc45ef5
SHA512191ef4d86b7d02ab8a32a2d1c5409bed04057f46c2ef71888b3b4deb770775a19df7d048135c0b9c2ab496e2eb58110aedc11c5dc096fb1dc0a840c18abc6d0c
-
Filesize
8KB
MD56958e7cfa4c1b0f3f779d2de0b58dee0
SHA1c338cdbaf75ba3051543c85f96241414e14b1762
SHA2562de3d4dfebd4adbe2958a3bf40624b8047a4d5014761a9c0f2a1a6ce1187207e
SHA5127e393bac8fe2af52afb4bc6d08d02e2352bab70acde59502e22d502cccbdf0acace52e389b46d554f55bf6837deb0a85dba09fcf4a654ad6d298b363254a7bfb
-
Filesize
1KB
MD503ab41d4b93cdecc35539f711bc04f5f
SHA199f1b2ffec2e7a9ec994e03c5f090d85289dc1fe
SHA25697c7c0a038545ea2d6d33ad9eb6bbf441a4abc785e3eab82964a796bcd32c4a7
SHA51202a420e0012f4a61cfd03f662654fe00dc2f8c5f1227081ca3e8e6f380a7ba12fd82389766f766c578eef9b3f6e568e09c4ae493395bd0f08a702205f7f77a5b
-
Filesize
162B
MD5c4503dab92b509579a6387779bb43dfc
SHA1ac007edea707c9a12a746bff62c9c11b2f612884
SHA256c375aefde30a4efbeb00272ed3a7c009da89dbcceb09523b977b3501f3643f95
SHA5120597927cb157a21a4bb6193a04d9c91aa639c2349de77a09076007604650a4f8a0091a98053f9f2eab73fe5340b07a486737e70fe7b6f5c8e0148c80b1fefc9c
-
Filesize
53B
MD5e817597aa9e9c29b4af7f6bead1308c7
SHA11b5747d90b99072c080add45965d67e6085d4f71
SHA25637818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822
SHA51208555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5
-
Filesize
433B
MD5a3e4d765d9e22a2b327760a6a23c55ba
SHA14a9bf72e9dbf8fef7457b80ee8dcf2ecc0bda9fa
SHA256e2589f7b15f5b3450186806282234bc65f440102f0d73199f71b45692aacc472
SHA512e5ae31c91544407113ad2e81056e786e7828544934473840fadf90f2d2d312bc748ecb00cf6b88aef5df1b64c7e6348d36713b1265ed661cf5b5a75845b07138
-
Filesize
111B
MD56b671d57925a60542bc6d6a0c1b91b6a
SHA1f008b4ac8701643ba88daf34860fad2cd34f98fb
SHA2566644989a8e988bb6b6db5e1e03d6f18df0b276473ae8e570d94813a53d51ccb8
SHA5126c8769460cebf91749ad2b302956f0164c2ebf94a8edee8022b69890c19865e60a6b401d14206e2bd60f33d04b19fd5155ca3721e1ff96c556b3372a0c8a0e17
-
Filesize
213B
MD503a2eca7399607e1e31bccbb39f70e12
SHA18bae38625e610896faa23d9afebfb049e2ac27eb
SHA256648e754f6cbc41a2ee6048d0be7ec352af0f9fe3e081854bb8f8be352e29dc28
SHA5123a4c633513f4346eeed31197052d825582a0ebcf327410f46be257864dfa868ab122765fe82649abbef062477dec2007a824dfba16bbb444395a067ed7b9667f
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD50df63f381627f43dcbce3c3a301b174e
SHA1b6f24b1d270268f47b4e97dafa17c2716533e753
SHA2560cb48b9573e9d1c8ec2e8381a412fa6785009eb91fd38c4f9e4eb19c2b1d33be
SHA51247fdcf6ae7d8edf064ffb72b03d235c61d9cc116d2da4a029d6b6ec607fe90d661195fd9ecf1948c21d4a7f2da1031195c18aecd0c1d71d4994a63f5644e2346
-
Filesize
167B
MD5a18be682db58409e3fa7576c2bda6cff
SHA1625f308d4f2d88141ad8590c5c1670e4ef336f73
SHA256319470e6da1135fbaf8806f5a5fed632848942114841850a5d70b1df2380fc4d
SHA512a4ad92032e0c73b0a941cd4921540a48ad9f4f128826d147135aca13d4b0d2a52ae15f6757266d2736eaff14e637907fd76403a28ece3131211be1f63a03c15c