Analysis
-
max time kernel
131s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 12:16
Static task
static1
Behavioral task
behavioral1
Sample
5206349eb404d2354beeff09e62e7490_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5206349eb404d2354beeff09e62e7490_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
5206349eb404d2354beeff09e62e7490_JaffaCakes118.apk
-
Size
1.2MB
-
MD5
5206349eb404d2354beeff09e62e7490
-
SHA1
06cc6f9c9a209cafca7b9a23b98e4313244694f9
-
SHA256
85337950be8c219d72af0798f0ef27430606398131f28454149a8d06732d6d82
-
SHA512
d3c2c9312be0343837d8e1998b3481b20cc42fce6b062760589f67f09e152df27c6ce7f8e2746fe9f17691cea89d3b1f2944f8a3402ffcd6167b04ba1de25925
-
SSDEEP
24576:4XUkwar9ymhCgd5nbfDlnBFJd3sSZk4K+aXQcM6V:YU129ymhCKbDllJssI+avMi
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 20 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vbplon.laedinpr -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.vbplon.laedinpr -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.vbplon.laedinpr -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.vbplon.laedinpr -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.vbplon.laedinpr -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.vbplon.laedinpr -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.vbplon.laedinpr
Processes
-
com.vbplon.laedinpr1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4312 -
getprop apps.customerservice.device2⤵PID:4340
-
-
getprop apps.customerservice.device2⤵PID:4434
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD5db6ee123acb656b647cf0b639dff7f61
SHA1f72851a071f1cee7125ca5afa319f5cd8520b1d6
SHA2566aab4382b905f2f43d864bb1524ea2efaafda3f48e84f2e97f9b245a3e4b9fdd
SHA512a80ca5c13f26df43683cad1cc6d5cf87cab6292c4413621daa76736df166d0d86e66d57c624d0b221f0f12b1f3ce8a212d560ebd89ff64c004d3149ee6bfb13c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
48KB
MD54eeebc1122321ceca59516b340d54505
SHA1806558c974508de55b3adf8db1d20c9166dc6dc8
SHA256a9b4f77bcb42fd87e169f76cceb546786f18dd6bd43be90869106d4c221b90d3
SHA512e86c210f9dbdad931e6a8021d1929fabb34099b6ae2a7d58d7e70503c05bfb4d49ae8455339a1aae2825f8834c7fd52d47d11d592215c468ea380928590d284a
-
Filesize
16KB
MD55c7caa56e7ab5f099970d4045e0550a3
SHA12a3e07fe007ca0e3fdcd6da2633b9d001cddf90a
SHA256c6c04a1a9b6b0510168e00db179c29520469e9d607370e388a4e4bccececad95
SHA512f0fdec077efebbf1c7026bdeaec51d5a6615a599ccbbc26c26cd7b8a52b097e8a0ca5eadd8880f35bd8349f7bef7516aa106398bd79fd2761b2869c6ee75f315
-
Filesize
1KB
MD5025beccc3cf7f2019202901671589f25
SHA1b14091120eadec31834e00863123d0d290330685
SHA256f4a2151a5a5418c49b0cf57c1b2ed9d53e8849a0c3adb206bed8786956f791b3
SHA51206a13b75a6b07563490f29d1607985a052ccba9be524bb78c0532e7d0e54392cca476819cd062dd8f7cfd53c98b23893e79a1b8b756525413ba64a261514a11b
-
Filesize
162B
MD587927cab159ef959b8d3cd418d29ed33
SHA1875dc7ddc3c3f3c52ea971e1ff62ec438b17f17b
SHA256e7ce481567997397ca0b39e63c4cdaeebf473706c58e90933ff586cb0df110ef
SHA5127cba38b383a9ab8ae7a5e173537d3a229e54ab4274fdab6c0e9db56f366f1bc7e07189d49ada3da5efca5bfdb95d04c36582b8821783f79dd7107f66f0c9a393
-
Filesize
3KB
MD5f0e5660a365998ae4529c3ca125dc2a3
SHA1863dca6415d2446acc0791f21f9e2abff7ef9774
SHA25659b79fc3a5792925ac032ef65764b2356569852d988ee49e5fbd095ef93fbd3d
SHA51250fb7fe113057667199f3227491d939fac9a78b5f3022e711fd3e17f511df0b40a1bfe964d11824b460a3426ea4703810b7c28fb215808e83017f6f382efab35
-
Filesize
415B
MD517efc9e853bd269452066e7757784b74
SHA1c280beb55e887bb5ad42e4882e891662d2a26f82
SHA256cd04cf1add42d34e72296c14b60e9faeec4686b8644bb55f7c983632f3c818cb
SHA5120195c0deba2f7deb509a9a6b6758f60977dd55289672a84e84df25ef73f1b1951eb7daf34137ab7bb701a724b002782983137950be658cddbebed71e253030fd