Analysis
-
max time kernel
135s -
max time network
139s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
16/10/2024, 23:54
Static task
static1
Behavioral task
behavioral1
Sample
4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118.apk
-
Size
17.1MB
-
MD5
4fb6927b3601ac7a98ec2cceaa115474
-
SHA1
398f29ee0bd5e96e9e618c73c25a72ab01075172
-
SHA256
d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1
-
SHA512
d86975828a245de4ca4ad54ad5c8215816a3315c1e70c4f1dcc37a39d776e3994eb87c4a3446299c7ef2933176f52c930a472f1a217fbfd857ae28b705a5827d
-
SSDEEP
196608:aMAUyIsdATjO8eBjxpfwdk8pi04Y0O8eEO8epu0ENY8go7Kds2A/C0iMKbInAbB2:C9dWjO3Iji04Y0OiOIYlgn/CNlT1Hhbo
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.feibo.yizhong -
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.feibo.yizhong:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.feibo.yizhong -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.feibo.yizhong:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 13 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feibo.yizhong:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feibo.yizhong:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.feibo.yizhong -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.feibo.yizhong
Processes
-
com.feibo.yizhong1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Checks CPU information
PID:4360
-
com.feibo.yizhong:pushservice1⤵
- Acquires the wake lock
- Queries information about active data network
PID:4399
-
com.feibo.yizhong:remote1⤵
- Requests cell location
- Queries information about active data network
PID:4498
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD5295e29cf91f97caca2fc29f2e75376a3
SHA1a9ca3fa80ac9b2590ed590365b045fdc9e8c98bf
SHA256f2161b4b655008dda0957347ddde1dfac07203d51d1808f2df968773984daf3f
SHA5120010aa369fd8ffd140bef281fedc742af705cd2a99df671e1913a43df6c8c4d344bd51833588dd8d27e505d52f09c2d5245c2fdf8dcdc667bc4a77d1acceb839
-
Filesize
44KB
MD5d6bf39c0754d2f6200557ef64fa852a9
SHA143ec3de61f43b703f0875773b5e5c78c16561022
SHA256900b127a967e7f6f349a0f350e622f20abd2b89c8071036f8ebbb2dc4e185340
SHA512fd58989338fe57590a67a39aeb5fd08230e8b87132c88d951b034b21e1196007b591a0c82098e8a94662cb6ad8accf292839d3f8eff5397313de7602d6bded6b
-
Filesize
28KB
MD5f8df032b186b8daec21b955238836997
SHA16670b787d78d0391ca067ee9d89c1fc99ab248b8
SHA2560eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283
SHA51297472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8
-
Filesize
8KB
MD5bf5732f3cc5d0975fd0ed3bb724d86e8
SHA1d970e8b2382ed4bc22a59b129700dfe8505ea6fe
SHA25691f246cd893f498e5b5b3a4a4da653ddb228e660d371a7d434b1cc6da0a646fa
SHA51273c09e0e1fca1936ab84155f07a82809aa913bceabd3f0e4cce526499d8a69072ca8592dff0d8c6edb3b0036e2a169c9e376efa90ef327f7c0c87dd50b4ab854
-
Filesize
12KB
MD56cd63654504b86ccc7c7c87dc3bde98e
SHA1007488da78856255d572c4368d14d782e0e2a76d
SHA256c387eba5d6949827389efeb265cec93a48cecb08b706368a107b16a8820dcf36
SHA512f38eab93894a859f0b31388e1ebd8f8ec45182b6d728e9a57f2de5f3f28e56ccb99a81baeb4afb5f74816828cf29a0b8c87f33b059a372eb49476b2e2eb0cc83
-
Filesize
525KB
MD51286e76d616974e76a3643a3114af65d
SHA1978e3456e210d4629b71d63743392695c47e1cb3
SHA256219d9e84a44aa5fa66da56e153c9b38673e996bfcea69966977208ca6bdfffc0
SHA512d9729c799b36a7312f2fd54178ba3467ab924732e2f2b951ced40fda79a60aeec4d90beb7e7ed218dbf868e9af242865bdec12aa5613d36bfefba242a53e6712
-
Filesize
248KB
MD546a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2
-
Filesize
166KB
MD53f1348cd6165c9a66a9892565c917ca1
SHA196f0c939438c494cf3fd89246d458e92c0c7203b
SHA2565fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023
-
Filesize
4KB
MD56a86f30539dfc9332cd235fc48fcb62c
SHA15c202003f6346edb85175b8df7c460793f5512c6
SHA25634bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235
-
Filesize
69KB
MD59e4145050ad63c003ced385ad1fd1e15
SHA1fcb4b897fe91f80fe069d4e2c5afd32745859474
SHA2561a11dd1d90c3cbd74e0f06173b6ad520db0a75f132cfcc56c01b4fdaa1701c28
SHA51289c215b24382882159d97262ba01dc03de6d90cdcce967ced4e33264fb9c16fb8b57b40aac572b1adc4108df07ee8e46f8072f1646aeb5cff4ce0a1a26463247
-
Filesize
28KB
MD54a5738275ba2210055579a5cb2b8f245
SHA18684e24b58caa38f49e0e3dc58722d542517020f
SHA25616969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef
SHA512768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488
-
Filesize
8KB
MD5f26f25b3d8f199c763a64445d2fd6a26
SHA18adfa6d846d455993df459049a547d7ea4138a45
SHA2565e9eadee0da357460553f076414e9ded212deca90c24cc48f1cad2913b15feac
SHA512fd8ecc438cef3f415a5e16c710a27b44f6ab6f567e033949f57a5a280e47ed61d701fc5448d3ba8073816c8054b72352fa12d70765bf28edfd18984cb2e06c66
-
Filesize
8KB
MD5dbb3f277995a1569270e6bf107d230b8
SHA1c4adec10b015b5a9298ac50d39f4f82bd5844f07
SHA2565e5d3ff1df5d19a952643c271617ffb18aac10f37a8ef17f22964006bf036d9e
SHA512169aae782be14e09536b9c3a29f1f4fa9e76c374fe3dd42ed3d8ea396f1b41311257b24cfe5e17c99e533af1cea6931c530b87bf30a7b3ae8ba3ea5cd27bb922
-
Filesize
69KB
MD565685a117c72fe8fbf5a92b07073c99e
SHA1b115b527f74e4c291edcaab19b316a446aca8f5b
SHA25619bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8
SHA512e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253
-
Filesize
10KB
MD5dec0840e55fea03ec61038fcea390fe0
SHA1faa917ab7c5a55822274e86cd099bc0a8d873057
SHA256ec8af3d61b6c9230a276b381adaa79fe132f77391307d4bdb78b20877518d036
SHA5124246416ffb0dad05e0017d1e2ab0aadcf41daf1697a8964a024f75be07ac16b86083de852bec7146f8dd17090cd918a1c55d35096fdb8d6567634e1b31f74032
-
Filesize
1KB
MD51c6abcbbd253448057930ad1cc59ac75
SHA1a5845d1c4bc87b8b4785b456d76edcb8309eda4e
SHA256a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136
SHA51271aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631
-
Filesize
80KB
MD5cf2cea7e9b08ffeccdad60248f536765
SHA161f97840aaf57a7d1c9ce994a5176ccfcdd7188c
SHA256b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1
SHA512c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009
-
Filesize
76B
MD5a49e31ef1f8f98b5b9314f63d8a8bd28
SHA1e5f9fe9db80743d04368d84a49448dfe6028116b
SHA2565e33330cc805b5b87dc0901f77dddf2cba67da0048c5a6a820044c5b139c0e1c
SHA51276fc692681f8f71da66ae0e28ccac67fbc155291680abfdc44253cf1b2418c83dcb38f07ceda84c637d09fc169c97bd384541eba4018fcb25542ca059b84669a
-
Filesize
235B
MD507674fc744e677ee0ff687eb31578fec
SHA1dbdf478b73ac2972fba51b65e97e8c55fcd40e42
SHA25640f17c80c4fd3b5580a8ea1e0bf4dcb77fb70fb56305726b94fb939230c38d89
SHA51274e139ee355e48d108fd18552723ec7ae81283bbdf3d0b51a3e9faaccea7208165a649dcdb23c21cf0a2aee3fa51ef36f8993a9b03e1638427678221a22fc759
-
Filesize
8KB
MD5e5887f7ab0ba3cdea40223dee8e73858
SHA1857c8484c7704ce10f77d3cf354ce81605e3a50d
SHA25685a54d96c5ce69bc7440a2d64bbf568766ec2fbefdecbca72412903ed92183ce
SHA5129002761f848a4e1a97c62334e225943961d315ded29ebd49ba3904f005e14c91d3e6f2a83bffc67c6536395291a897d341448c77fbdaf2220ef8ea4224db4830
-
Filesize
8KB
MD56deb20d802270ef8f7c3c4e485d9235d
SHA1bc806993b71ce8789c4685ea1bd2c35875ddfcf5
SHA256ac45059b38c8bbe9221497570d58b11091b181b2e967b6a6a62cf823182a94c3
SHA512f05826d359625990f36ed79c1833eb47e881956b3a1e16a347f6de31e92c0b9852fce7a0bf0abefdaa63bbf082abfebbb32cb94d681f3c50c47ca7c80090cd1a
-
Filesize
512B
MD5449832116524c14afa3c50afac5b2a62
SHA178877d2128f03029a4455cc6fefd0b265b588c22
SHA25691a27495ca0dadd072a156a4028028a54f89054951a8ba2053e5f6524a3295ed
SHA512b2a7e6d204a5a5c473000914fcb81cd032c8bcb225862f6c2ab05acbcd36a30b94fe051bc0a898d245880d5d121267b9d198dba0ca11ab275021b1b1392ef98f
-
Filesize
512B
MD531318983c987856766f9030449e45210
SHA14c3cd9cd8f53a49e3e5cf97766868bc381fdc00e
SHA256c5f16cf29428d327f40f9cc1ff57af3e0a74cebbeb5acfd177068512dda6fb34
SHA512ac739961dca585024afbe147d561c385ce0a4339652229fc97698dbf91e5bb258ad645ce1929e906673252fdf39bbb49ab9615bed54b41204bebb13c13873ba2
-
Filesize
8KB
MD5c341bd0dd9587d71f36aafabe2d1ee09
SHA139e818a794695b4536311f5b91f657a116e53907
SHA25655fda8ce6cc3a39873822773df8bb5690494d9dea18c9224ec97c1d7f21f6c29
SHA51271ad42528d1cb22402cb56fc8e3b7591714274e9ae3c581613163c4c978c6b7e30c5684d1cfb25e26848615a1bf0122fd6e0ae4e27b662597fd88988d3cc0cdf
-
Filesize
8KB
MD52cc2c15f66650a558f551251c7b8335f
SHA17238c905e3ab1cbb69e08d227756ab08c3f4e521
SHA256d1a2c4f260095220a6879a963704eb0ecee93c16d474f3778c50d6241753f49b
SHA51297eecc03b9a2247d6f55e22d309da8d1bb29c74f8818bfb3b82c4aeef03ebde28f10e3d9e8e60f7cd798c966267ec1ecf883b9e2d956b70c84289b6fdf105c4a
-
Filesize
8KB
MD53272259d1d2693b4372176d824d4296b
SHA1d76e768f05871e4da240e74c77a97948ef77f50e
SHA2566448b441d75ebc7d2ed19565e9e687b5eafc30a5aead03dafbfff5b8da3944d1
SHA5122df570e66f190ba3d824ae731ea656aa692ec06261c5e275af35a5bd5dfb4ce16f785d878e92c23326bd3658d37573a57d3d0b035e414ba07959ebe385814000
-
Filesize
148B
MD5b7e55eaa1f8b788668a6a83efdfcf593
SHA168314fa05369b4dbe84454165c0f8c5760d169b7
SHA2561a5e5c877353d0264f3e94af859cc4da57b3046c75554ba4709887c54aef786c
SHA512d9921634ed86d1983ee1bcb2573fea1bc81159a20b8801167eb5b513a332bb184dbaddb76928f40468afb64a4cf03a62dad1498c038a7976dc2983da918a72a8
-
Filesize
512B
MD53d1b99a108cfbff4713bf1d858a0bc56
SHA177393649005d5b2e993d85f5fc6480b0a9d7c527
SHA256c547e039908cd5b5527169c160ae26b90a3b1c6795f984ee71d951233bd51385
SHA5121f230b1604f105f61a1ec0f3e18253cc192a864082aa6079236bafd6f30acbc0164e6334068fda513e21377e28fdbfddf2bf6ac14e5a7eee45e6e1b099c598a0
-
Filesize
521B
MD531a94ddcce9d64723a001aa0c72e39f9
SHA10215e5317ee36a565aae69e7e18062d553806b72
SHA25645df306e688e667b1b92273d73e5fb76ffd31657bed2f8a96ae3e6f23f8b3b10
SHA512a035dd5ba9e7ff5bd8881c05c03aba660e1d7a4eb85ff26c515a762cde4c74891a43e2626a11b67ade89c3e06d5f5ca4d44125106c70a8a9ec281c06a4cc15e4
-
Filesize
430B
MD514a318c1a115d024ca516c7829b4c753
SHA16fe594e38d5618885887650df27a6a355a3c8b80
SHA2566175586f83035a330a1f66b3635fe3099999161aa1f86b4d0a8dcb8bfe52ba35
SHA5128efef51931fb0ba6cbe7300a9ae6507ae706fb1933622e324938c69cd43c9ec6f1e702335cb77c3df3efbb294edb6a5f64ffe52772f86fb3c1d2eb32773d4ede
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
96B
MD55477187e90008940c015b9bdbad614d0
SHA1bb4ee68a9e9f7d1eb996f46ab3774b6864895924
SHA2561b470687188afa873bb7e6d3dfa15c8637bf2da62fb801c0ce9ce295bd1fbb6c
SHA512c22a37297a23f62cc208bbeab7e493c77416523933624adb1a797e4e1553b58ad80367755c1b6d9701de4be4c804753307f6b5ca6e3c07d947ad9c09c15e0950
-
Filesize
154B
MD542d2ed65ea3ebdf604ba1b1127e1882f
SHA12c91b670baca73c8874b3827331731ab57325612
SHA2560ccaec198e8d1b50268ee8f5000b530f932c4eaa61f51694cb1bb4cab5af4958
SHA512da10a92d6325c94b627ada59e7e5cad76647466cdd87b7d98cb83f67dcf8a0208d864bffbd16edc4060739f485e6fc13659685855af58494ff3555a9c88051c7