Analysis
-
max time kernel
130s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
02/11/2024, 11:27
Static task
static1
Behavioral task
behavioral1
Sample
8535139e782e91ca1a80272110a540c7_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8535139e782e91ca1a80272110a540c7_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8535139e782e91ca1a80272110a540c7_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8535139e782e91ca1a80272110a540c7_JaffaCakes118.apk
-
Size
3.5MB
-
MD5
8535139e782e91ca1a80272110a540c7
-
SHA1
f0a6c93260ed95aa8d4ed65f3a3827c995a8633c
-
SHA256
efaf275c986c600620bd21851c23c6e03160d874de29e3d4322f73ba95f81d7d
-
SHA512
58325d82034816e354886dcc2094cc32b575c9dd71d72175da0d9eb50eb6a586f5f629c3bd6df20fea5153bf71f8db990c178629bccf9abf9af3610f150f0c56
-
SSDEEP
98304:kW/fGzIoiYjG4Sh+Ppq19JcPxIIt7wu1REXHvGol:1fYJisG4C+Pg13cp9tN16Pv
Malware Config
Signatures
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 4 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.holy.idiomstory -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.holy.idiomstory -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.holy.idiomstory -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.holy.idiomstory -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.holy.idiomstory -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.holy.idiomstory -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.holy.idiomstory
Processes
-
com.holy.idiomstory1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4253
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5032abd6bc70ad7c9484f10a7daf57bc7
SHA112e3c03375192814883d5fd1671e2b0c64b0ae43
SHA2569cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976
SHA512aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f
-
Filesize
512B
MD5552481da9fa4313a236977e222d0cadd
SHA1d8f3e78be70a2909baf25fc8fe739ce724e04c89
SHA256a5b77b51bb4f37a98f1e8e8069ff679da4b835d9e760cf29c9b1dc8077b53483
SHA51268e6615f67d187ce1a44684a0e2bab5dd100f515e039a8108c9566597f83f37d7a202067028b0c54495d94f30b86ed45adfcaadb13c2549fb84fe07f7bc807bf
-
Filesize
36KB
MD5b1c6b666eb3dc280f44ad385a7eaeb43
SHA12b57da35ffc002b9428fab890a653c544e9e97d6
SHA256f7d1eb417551ec5bc5a638f09b4988277751075670b1462ac17c23012a846118
SHA5122694303ace549dd89de14fe4f641383d98b4e9e631e944d50c0fccecc4f9f2d54a9cf876641ea50944fd4192126312f8649f610d963949b3b9b73bf37dc157c5
-
Filesize
512B
MD5c064bad85d4c102d83d8622050576f26
SHA19692e0587bac2adb265c5009460bdd1a34f55f0c
SHA2561508eaa3150ad250f8506c29bb802f76066b5a26407451544f77b1a777a8977c
SHA512fbd7f9174d2a7a64a9326459be4c9d99b9d1eb1c392224f41563f6d36564f739d153683e99e54fdcc5aa9bd76de65e88dc636f2c2294022fc5a5024c7d0fc488
-
Filesize
36KB
MD53f3f9dafe500bfffcfbc92c7ed2b91ee
SHA1f7395433732ced49e6013b5a9d9ccde70ad26456
SHA256e6bdfdf6c70e3861434333f20fae928b800c45909c3e234c74c48649c88836cb
SHA5120fc882aee82d8878ad6c5df94e35e58e3c2651978b27c72c591ce952db90d0890b420c6e71a4a6d31d12d50b3e29eba8734c249d1ef4aad8fde6d3fe6ba37cbb
-
Filesize
512B
MD5920175631bcbb77e679821435605822b
SHA1eeba7088373856ec9d684cf5e1e671f2018fe424
SHA256b0645cad7bc2c7d7099116211e4ac3bf6ca685b076f037f8d5fbdab42a9903b1
SHA512bdbd74859cb2df1308b136668af6b7a0c8b05a1d08cbbe4b82e2bedb8eba09bbb20e10467c2ec406f5f2deaf3af85d1be8d1cef98d8e1729b131c1a79d4f5b0e
-
Filesize
36KB
MD526113e8ae42335a9cdb94e788b3f570d
SHA1d97a9a816aaef8825b17a3ffe1dd8b17ad0e8dcd
SHA256adeba0e314aab1e4f3f244b22d370227d444a45ff1b7fed604c4757f38ecc3f4
SHA5129740b4d4a1d50f611eecab57c30c07998dba89c752439b4b829ecbbbe8d597921360e3515654268b904b703a636fa1aa145cd879e189573b3cdbcb026e758693
-
Filesize
5.0MB
MD5ed1b04d64c7dd2247059911fde78eb34
SHA19ce8cf3053c2fd14992ffe482e08a429cfdd51c4
SHA256d094042dd6d3d367e07b7175e07bfb3e8987b0a0616a17a48dba9726aca609f3
SHA51262f9c58640e80eebae80efd6cb02777730c33ee7e7fbc619d63f4eaca2feb4884de9865cd673a54a3dc3934d4b23b825ff456d6ed88e80661bed5fee0f692887
-
Filesize
1024B
MD558525b0b4597b452992097a5f9b499b1
SHA1e84670da63b7b0dee18e8bb8a2307e389f2d5e2b
SHA2569cd7a77d3a7c9c98480fa3af1c0b8f08869762ec06be905eaad95d1e2c3ea869
SHA5124516afca30c4f93eb590c5ccccadb8b4d967b4d21b3eb6d57f8e25bb1c793b6408df5d59c92e1ccf4a29b347361ba736fee0b971d22d7eb16d19da868ab4ac4e
-
Filesize
1KB
MD5a6a04cd7a847bd67073bc83e0e9026a9
SHA1ff2fc5ba06b35f01cb6ff5580b57d09d07a29b32
SHA2561d9f2fb8987825614abc043e625b8c2b27d296ab344fde9d103e6db6b5f496ad
SHA5124791366e720f7215cd2fb64e2afa84a73e815511ba23588841bfd8b180101c0801876baa2acf38af3ed97b85e8ca703e63bce725f6dafff6265e38d8e127da50
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
2KB
MD5fad93134f47e6a33971d16e97b9368fa
SHA122f8cb389c1221ef9d8eb1f4b162ccf2d42f66f9
SHA25670b68770eaaece54842478834b7fa6f08bc1015a62f5f433f3a9ea45c9a4b36a
SHA512ba5189c60297c3744ec64e2cbc7f016908150b111c793929e37b2d1cc1f289333989a969ef4cb5a6fcfacfae1dc4c26d913eea9a763edbf16fa20600abcf0a0b
-
Filesize
24KB
MD59c37108c041a67252d4fb5059436eb9f
SHA1f65bdd652f9b2a098993d2aca0be2578e8eed20a
SHA256f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55
SHA512d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548
-
Filesize
512B
MD53461160b3d8002681b05cd1df9e12dd3
SHA1fead5b48075b32279f136d855f4a6fd530f38be4
SHA256b747e7a3f4600db4cb5e725caf9c69bd1f3e3bf3e259ef573e2f32edec1c6383
SHA5125cfc36fa5bc0ed2b5b25ee6690597db586eaf19c36dcd9dfeead84955cbcbba0015d0c890bd99ccfda3d2cb2815898082bd9c31106e85f840d3370a84ea960a3
-
Filesize
36KB
MD5167b4df5e556f711dac7694e8828fa4f
SHA1661e8d64b6a71c21afaf86febcafba3a5697930e
SHA256babbb5acbd4bbff2913e866d1eea959109d6916c0e63852fabe13b85966f1a2a
SHA512cc84e63836969f8da6cf758d23da63def7888300c129338e5faefed21d97fa37859fe78bf27bf209117af4c471a508a52b7fa5755b3fcae7e37936bc6b047a2a
-
Filesize
24KB
MD53f46387c5a9161a06c35918e4715e9e4
SHA1f03b4527b29495a3f50be85d6afba301e9e3f1c1
SHA256687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9
SHA512614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef
-
Filesize
512B
MD5797af2f12574227a3722977ea247208a
SHA18f3f38fb9e64c21daf6a7695a6d196c93fd91a00
SHA256e69164293134fda5e25f7940ecf9a4c28d5715a7b13ab8e3508086d5db8a189d
SHA51218f63ed1f74f8ed7b2d5b619d52355f72166afab90967ee0bc03c391353a30e9e887e42e0e4ecd5002f27e2745ca79d88f8b1f36f9588a603052dc7fdc182ab3
-
Filesize
36KB
MD556881ab62bc5f56c42c0c010729c1cd7
SHA1dad9fa826b1664cdb2c69dc855996f44d1d7fb79
SHA25692f22187560b2959a1c0786f2f59229487151111654e0e25352d03ad8ee1501b
SHA51228ed6c6f504dcc8d767686d098d11bf4cb0e97b914bd986f5979f6abfc94b5bc760377dd016cc9b7a8743be8aad3d1e3a81cf0b4211b55434757e06297191058
-
Filesize
24KB
MD559413190ea19211285b5c0fed44c19c8
SHA1ee67b7590047c3c17309f6e6eed48556aabe4c92
SHA2563511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d
SHA5126a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e
-
Filesize
512B
MD50a8b4e329b9c7b0c02c4bb2a73368ec2
SHA1546545b3fe8bf4dea680a4eeedac1897cb707435
SHA256117653834965796d8f94924cec4d2e9b1d1e600f9781738531940fab2b1c612a
SHA512c7a8609ad06bc1e924f7c7cab6ea17f81820c2b0e64cc320f5052a132a9bcc64fa7510bf1b2df529fd20232c285e7433757af2fad89ccfcf0426904b6b691151
-
Filesize
36KB
MD53e57af5ec2fcead58a41e34dde161c96
SHA16032c4f68ad8de7525341fc5acd620a0d26048ef
SHA256cae077bae1e285f617cee1e195109471883215dce5caf03f6fc1f1c064b26e55
SHA51273a31cd9a696bfc1210046aaa838421e339165cb97ab7810cc6b6e9ba47bcd206b9a4f4916f852413a5b9c644cadd8b5de9eef115b5e1aa94f39fbfaf892fc82
-
Filesize
24B
MD5bc51a59f793204e53617040d713c7232
SHA15920db5e438f7486bba3ed204dddf9206f24d388
SHA2564ca23b0af17845231164e7d8531b7177f1e27afbd3e0f9b6fd4c2aae457363e5
SHA5125ff5ef4057e87b6e8e2f0048694fb56eb86c81164ebc792706a0f328985c54f8fdc3851afe07559af875e9d108c608e03d84ab4c201b6d750ddd8c5008ecfec8
-
Filesize
121B
MD5e35456b65a634c2415809226d22929df
SHA1281023687ff4237d8646bbfe8e300fc5fb91d167
SHA256da9c84aec47e8e7579dd02bb1df8473cef65553318bdd7fa55522af111a8377f
SHA51249582a5a207fff8fc0a9f5f34c8413076d42065f77cb70c0984de6de4a1854a7a60160a820702508084714a4219ed3d4da3016f495fa307b6f3ab14b0208caed