Analysis
-
max time kernel
113s -
max time network
152s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
18/10/2024, 15:41
Static task
static1
Behavioral task
behavioral1
Sample
583f100323ed26b0f6eaeddd1f73c41a_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
583f100323ed26b0f6eaeddd1f73c41a_JaffaCakes118.apk
-
Size
6.8MB
-
MD5
583f100323ed26b0f6eaeddd1f73c41a
-
SHA1
8a27d444227769babfd3feed229b81c22ac08dd8
-
SHA256
1d0b79d3c3346c66e464bd08e275b7cafcf91b4cdfc133ddd1617ab40a57f0e1
-
SHA512
feebc9d78b131a0074daa655572a2bcdedf7d568144268eadaf0e6cec29b6c5d9def9730e3f81b05e79cb40427fddcee9b175bf5a944bb88a38c1bd5e456d33a
-
SSDEEP
196608:+DHQMqQZd7xeuVcr73aLLsqqXr3q5LzicB:+0JQ/PVcXM6XTqJziQ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.cheyooh -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.android.cheyooh -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.android.cheyooh -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 15 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.cheyooh -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.cheyooh -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.android.cheyooh -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.android.cheyooh -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.android.cheyooh
Processes
-
com.android.cheyooh1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4237
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD51b26914553c7e180401a925debd70eb2
SHA1770368842a61d68a935482aea208af38553e714b
SHA256356cdbe60ccbdb539dc7c4d9088c0427eccaa65e247504aad03731236f0faae4
SHA5122b5535f4240b27a54d82af385ce618528355ffbecd55e38f3d4b7db9012d1b2e80fad5195837587ac509b0b300bd66572969b598c8341ad8f61ec0f1b02167e6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
164KB
MD5846d0636123930cddc809801ec961f3f
SHA196d4030e9d24a141099e4148f9c79226a2c5d9b4
SHA25606b99554c0139ec6da19a30647ad0da264af2494c3cf806341f498f074155789
SHA512b0cf54efcf05200558225ee5e82c5ab5c9412315c51ada40a65add6e794d6ad12de558498d956369c387b5cb7c30b725e2edb8f36fb67f56879bac954ab925e1
-
Filesize
512B
MD5cdc95b22d467d1e7b50104927125bd41
SHA10072bc5c97a02013c11c9623940c320e9c9c9dc7
SHA256a9c21cc8436863079dcfbbef34dcb0a7d5fa7fadc62fc5ea494e5fbea81ad7e8
SHA512f82a84192ab5fd718cdb93473cab0ca79a9fe6b74b782c3873876bf554ff3ceab3ea0ee8735a6f87229b4860678643bd6c746551d4630e18fbb55d683b4918eb
-
Filesize
32KB
MD5d024669fe3b52cbed2e36ec07bf4e00d
SHA1797027d569955fb56b97c67be648ccd763f55ffc
SHA2561b633e5c9b98f4cbc7f1e3a9a898560062321e81b595e50672530742dbb965a8
SHA5127156837f5e615c361d8e5716c7dd17cff16477256e08673ddee3086f0900e0e063349a9fa8a4bcd45ea7b64b40dcb2f3a3bc51ee4e104819c598df78f29dcc68
-
Filesize
149B
MD50e0a2feca1852f55f1ed797116734cbd
SHA1cfbd7373321c9683744a1c5ddfafa256832ba885
SHA2566dc99bf1ebebe30b6d44bf0a1520a32abd0f88f933667339d9e855c866cd51ba
SHA512bf6884af8f3e1543b31c71d573ca84767490076df923583592a7d2100593c7afbb8c550e25232b41b21cf54fc24f2342ff2441502c3000e89be4a05a8d57fb16
-
Filesize
199B
MD55e46b7d14fa9fa36f1c5e6348ab3e8fa
SHA1a0cbbe9b0fbff163ba2eba4db881227eba4a13fa
SHA256901ad7f246b50a9cc0af37f6fbf297aca858295097e86b8500581f0723772fd6
SHA5129d84ab5df19a34a9523f5894105703964312f206d47099002ba914653c58d1dcd85e3d9045729f59b678eb89cb7c0ffd93ef4ebb9f34c407ac9f1db55cf29c8c
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
381B
MD50c823192e040c664232a82249e6a421a
SHA1d691e472b1db55cd1cf13bb5717567f2a2e33cff
SHA256a9fa6fcafe406206e8f522bd375d63204796ccb4b962364c6fdcb91212eb9f4b
SHA512587b58c3b8ee12984e23c23008b09f3027afd9b11ff1f7274fc038ba0b73dc8ccacfbfe2803a118ded4005f52566ccd37b2238cf077061e57306927d3d0bb1c9
-
Filesize
480B
MD59fb769775de8a97fa8ac9f7831281458
SHA10add0b1faf06714fb63735ccd6b9a76cf98b1a31
SHA256e4a4e429550ea52ceac239599b2dc5c6a4708fd479cf3cea19c387242a22bfaf
SHA5120b6b8af1bdc0879cdc1add77907b212925abe560ec0482501e0d5b03124e3f1aabcde81b76b53c4c25d5ae4e30977edbb8403430026a5b35306a225085b05883
-
Filesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81