Analysis
-
max time kernel
130s -
max time network
136s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 13:55
Static task
static1
Behavioral task
behavioral1
Sample
5249a2f95a8c71ccc9ebb240d4ee9be8_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
5249a2f95a8c71ccc9ebb240d4ee9be8_JaffaCakes118.apk
-
Size
3.5MB
-
MD5
5249a2f95a8c71ccc9ebb240d4ee9be8
-
SHA1
b94375e52ed0577f3cbdfec13aa01590d73c5f67
-
SHA256
7487720d131e66166b5e6d22849b3cd7597d61fc02c43f71fc05de82b9f817d8
-
SHA512
2b80a94895dc557361eafb928c81a5f3b7d8717a05ebbbdbaa2b749d346084186e0dbbc640812144b73fee4a003008d28ee757178c5867152ed379b85b86d002
-
SSDEEP
98304:W2rm9A+3XJaSNH6HtGKprsVQcKZk8VIVsb/mSQ:Wem93XJaSNHItGK2VQcULb/NQ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wta.NewCloudApp.jiuwei52474 -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.wta.NewCloudApp.jiuwei52474:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 18 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wta.NewCloudApp.jiuwei52474:push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wta.NewCloudApp.jiuwei52474 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wta.NewCloudApp.jiuwei52474:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wta.NewCloudApp.jiuwei52474 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wta.NewCloudApp.jiuwei52474:pushservice Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wta.NewCloudApp.jiuwei52474:push -
Queries the mobile country code (MCC) 1 TTPs 2 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wta.NewCloudApp.jiuwei52474 Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wta.NewCloudApp.jiuwei52474:remote -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.wta.NewCloudApp.jiuwei52474:remote Framework service call android.app.IActivityManager.registerReceiver com.wta.NewCloudApp.jiuwei52474 Framework service call android.app.IActivityManager.registerReceiver com.wta.NewCloudApp.jiuwei52474:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.wta.NewCloudApp.jiuwei52474 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.wta.NewCloudApp.jiuwei52474 -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.wta.NewCloudApp.jiuwei52474 File opened for read /proc/meminfo com.wta.NewCloudApp.jiuwei52474:remote
Processes
-
com.wta.NewCloudApp.jiuwei524741⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4241
-
com.wta.NewCloudApp.jiuwei52474:pushservice1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4276
-
com.wta.NewCloudApp.jiuwei52474:remote1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4290
-
com.wta.NewCloudApp.jiuwei52474:push1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4501
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD55ec730d41d8a5b69a912cfbe8ca8ef04
SHA1b4ead35969b65346f1c6aa07f47b709a083a0d59
SHA2561010cabff53a6112640732d92136a4fe03f16931065b9769d6b1588eb7130a77
SHA512462567128611e6f6e2d4cc535075f4779c8bb16de7850f67993a6fea629ed61fdcf833428b3c14d782974a770ef77f118c1c687b40a2e6db98f05710682b604f
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
64KB
MD54f1f760d3147d11bbd1439ee5a242399
SHA17759de0db7588e2126ebfe7a40d1537babcfb2af
SHA2566551e6f709f9562187fa52bb173f56639a1d4e661260517cacfa54f972ca830a
SHA512c04823b2f6fb472679e0dd9abf44ba049752fdae63725932e8155935c78387945fd526120d7ad07fcd5267502cdeafcc8ac497a67faab7a0125da5ceb54b8a67
-
Filesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
Filesize
512B
MD567510f4b3efe77d8168651002e757c1b
SHA1dd301f8e542b0869e73e4e319fbc4c6287a046ea
SHA256469195ea3469859816be5d43fff35a60c42e5a8ca93bc67204a2051835c82fdb
SHA512af792f064cccf4e32cf3dc166951bb8ecbdad1259c7c5c64cae7f3350ee32932cbe94c4e7fddcb2a1f51c2c5f9174c94563ec20b0395e5decf8506381f2e0a28
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
40KB
MD5b3c4811265fe617ae130e7224402b40f
SHA16f1b30a9154954c561c78f928c44eebc1eb00a98
SHA256de31f1e0f3dc0403fe5728572e49362be4c25710eab4e4ff2fbc600ec5b356fc
SHA5126c6f4576ebf5dc5dfac9069abfd6bb38c40d6129f89920fbfa15eaf2d74348ba290c3eccf4d8aadeda048ebe57e613d4327d93a3c2b08e202ec4c72fb71e606f
-
Filesize
4KB
MD5b10387619dc04736792f4e1c6a5523bb
SHA16732fb55484876dc10344edf75743678002dd459
SHA256b0828d460a03d6cf151140b9a0929cf25293eebf7b4bb57a1a4a5071542ed2f0
SHA51231a47f9c98f93548ce96bf4128d73fabbdc7afa679b162239ea765fcb291756cd0626b57c28e3e53f1393efe2770064da9283d450fdbed91d3b096cf105868fa
-
Filesize
512B
MD5f2de4c1a3b21119b689ad32ad9476016
SHA10abfee9790a4e2bcdddad4a1555d0e6d625cebd0
SHA25651083fa14509793863c970c77ef7754b16474d678f0553fe4f15c7b7f0fbce5f
SHA512048726f3fd97c005646ed0a34ef6c52a5407eee2aa1e53d3a076e54da91aede852c80fa0c81c03729e6dc6bdb321fd07db87bbc5bcb80b2a3e11fb0e3558b400
-
Filesize
393B
MD536397318fbb6b0fbc3e7bd17e38175ae
SHA131cf5e8c97c2e46c129b25ab9eda2ff75587e1d7
SHA25606a5fb39e722f9368852d02b0c9ba98bfcf4065405014ae31d26fa1a4445937d
SHA512c500748d3ac2b557276d218289e55bea5d878eec004237f3bef17f5268a3860cd0a9cf27203f7410754a0d8f871510b4f8707491dcad3be3297f4537d88976bf
-
Filesize
111B
MD5090b2da58a57cabb6674695b3c1a5a44
SHA1a5f00aa9591ae37f24335e4a1857f6ff3bf8ee6d
SHA256146ad5db27faf09f687c51be6659d7e9c35801bade1d6f03d14bac0e78895fb7
SHA512008cb7f19a8e4aa358f5fa7e0f7df361776af53162bef53ad07f4ef94a0b68aa656a62f2bbd64af4ce0f32aa93952e315377de5583f65fd82205abb1c892ac2b
-
Filesize
381B
MD5b4dd9921626539febf87cfc252544462
SHA1db3a3b5e78f0b6f9881bbc1210552b54063fd2c4
SHA256dd01bab60e9819abc33f37f6795950cbfc146bf074a4d3af3c4484ca92c3b655
SHA512823172305f7bb643263aa81d2ddd642e4407d37043c3379e8dbeb9089495216ae307b6681852eed3b18a4771bbff934965a0ab4854ff20c712f1ff348d585f6a
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD594e5cee67cc43635c4f24f85a9b0ac59
SHA1413a9b7b7743b140517af04cca4c2aef235226bd
SHA256a18bae74f949667aff1cf8e0207d2f23acd4ccc503ac033a6c9f4f102eb5f3d4
SHA512f4b690117fdb1e7052cd874d968b09b27933cc41824d671241fcf92b0d578e22e67257b93f7c3af03dd3ebd352fa94ab1fbdfc7386663d6609a12ba9919df586
-
Filesize
80KB
MD57235c7832f318a41b62e8449a6a32b3c
SHA19858340ebfe8a02f61ccbb936d0dbcf4be6187f2
SHA256f291faa647ceaa5cc07502796d5b0eaabd717fb43cb331eaedecdd54cac14b90
SHA512b29224a18484f4085672472fe5efa15cd1e6afa09f86822c3c7611b96178dd3289b1fdaafa11ade962a2a4acecb460102c9d433076a3a4127c07bd23e825da6b