Analysis
-
max time kernel
149s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
03/11/2024, 04:43
Static task
static1
Behavioral task
behavioral1
Sample
89b00e291cd92c8c7103ae2a91c82775_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
89b00e291cd92c8c7103ae2a91c82775_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
89b00e291cd92c8c7103ae2a91c82775_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
89b00e291cd92c8c7103ae2a91c82775
-
SHA1
5af447807a126a49b161090036beb3952775d935
-
SHA256
9034ef006ad45b803121b5c2a50b569c5cd421842d1ac8ac5cbd9cbeaf12e779
-
SHA512
9d441a1f41670d1f85564329d3deaeac62fb01868302dea3cf9689a5e086760222605f3fd6aaa1017d6cb4d8b7ba5ffdcc43bee5165f40bb617fa629c61a3703
-
SSDEEP
24576:PcEoL0otaYtXMRSprkM4FqD5Bl0ZHqU+yjro+X8jfChq/13tdHbZKm51Ob83i:aQ7Yt/rkruBl0ZHvjnsjfChq/1XHNKmK
Malware Config
Signatures
-
pid Process 5106 com.ebmy.hirh.ogps -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.ebmy.hirh.ogps/app_mjf/dz.jar 5106 com.ebmy.hirh.ogps /data/user/0/com.ebmy.hirh.ogps/app_mjf/dz.jar 5162 com.ebmy.hirh.ogps:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.ebmy.hirh.ogps -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ebmy.hirh.ogps -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 36 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ebmy.hirh.ogps -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ebmy.hirh.ogps -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ebmy.hirh.ogps -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.ebmy.hirh.ogps
Processes
-
com.ebmy.hirh.ogps1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5106
-
com.ebmy.hirh.ogps:daemon1⤵
- Loads dropped Dex/Jar
PID:5162
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5240c1f7b3cc65ab6cdfdbd5060f3cc86
SHA1f44743b20fe85e05bd815dc4fbe55e86df0fd90b
SHA256b8b35231d8b7fb66435623cbef5495a14d5fb24671350e6362e07c4bf0d8c402
SHA512b4cfeb43a134feb774c8c21ef7094d2cfeff4a2d7e622ec1ff3539dde43eeffbd680690c6dc7cb96835fbb777ecc62d13977cb5ac45058322597ebff0cd87425
-
Filesize
512B
MD5f6ba89709497864d440795f7d148f986
SHA19127c0896e7b18f6ca583aa5e69ae1376add4741
SHA2564555605750f30a5d72471566cb3446d9284200423c110b58935241d6f9b8f82e
SHA512ab2b40a696decde0eb91c6b1b8607efbce1e8949ca88762bc755bef30bf907f951a037716bb9777b7c1ec13687a98f9ddcf2055e973fef37844dde623de36a40
-
Filesize
8KB
MD526ac5da3a8745d11237e263e31cd99d6
SHA123b67b45c35c3e73563fdb7e23b667967d763776
SHA2561b5ffae2c3045746d07e4fb18b54de1b14a0b4efcfd54edf0f10db16efdcc2dd
SHA512ee817ad6daa9ffdb2b9bbc8fab92a64a46fb198178541ea5ba17cb8c4b7543cd2d37a4370b9da594871dff297428f790cd3954109fc19c47e4a826b635204c15
-
Filesize
4KB
MD570dc26c4d08ab1aaa226746cbb79c1db
SHA15c91393fd64fabe5700faffced1c00bae7dc5676
SHA25634bdc5c27d9be65beec3ed6921999d89d0200ca020e501195d500f94fe4b9885
SHA5124656099176cc908581968f43b47703b62cc0460b162147f27c42e4a7ea806c341caa2b181d6476f189835984062606b399dbb6be91a1c06f70e8fa5948480839
-
Filesize
8KB
MD50fdf090dbff45540501d022c2172d7b4
SHA1a287f842cdbdd291f8a9e1daa5a239c47f22553c
SHA25635522874dcecb030645cbda1d1ef72a4685e487fce861721bdf5bfada1ce8944
SHA51225f4b53a1717c3aa6fc54be0d51f6e6a7dfaf3608bf9822556586a0fbc9471bb92e74f683ec8abc8f4b4982694de7c3f1b7961d2805935314dcbc6c3dc287797
-
Filesize
8KB
MD5622cbf88bf41fc7294401b7edd0bc09b
SHA1f3a5b2c453e895f63e9eea96adacbd3ddf51c013
SHA256649186c861226444c4404cd65de7bf9eba15a0cb936b3fb47b946b98ffec047c
SHA51282c59844442f6be7e207eb69a3960cf5b321e2fc3399732748da2ec141f5b3c6236465ef9b4ff82097f3eaea6d455656ad791ed5053dad4b9b73b61ba5dbacb2
-
Filesize
653B
MD53e2d0dd76d5cd1310f6bc4c09c0f1a79
SHA1092be765b9eed08fb46a6ea4df3dbc579877feae
SHA2561c1d22d23e311f2b98b75e0d8b13b983ee09d9a5749dfc14c38e0590983becc8
SHA51226ff14d7f90e2345b93b00ca7ee41ccb500ae3e5c586add3262954dc3bf360198e8142178e1d4101c9a9d5ffa9a5018c1e440e2671473af91ef319602d0bbec5
-
Filesize
162B
MD5213628491fdf2a346e8d39a44db8c8e6
SHA1c167d072d2385f43367706d2fee81204f86e29da
SHA256c21fb2f84f54eac3c312ed6e47860f16e5fa397c839e45fee348fc25d02fbe77
SHA512ae7f8fd233026c06c4fc96da310c72e2871b7cbec2435821df303938bce654bcccd3fe0973a766a7528d97c88b7dbaf3da2e9cc86ae8e01ab0e2c621410fadc1
-
Filesize
350B
MD57f5a3416b73db0b4c1c91c117ab6bf25
SHA101028019a497058337d11006bf927a0cb941cac9
SHA256ec3f69102d51a625f520b5a534edbfe873bc4b3ff1bac3ac7abee8c5a74eee95
SHA51264b43f2a78203a97fdc66353b56445809a26ce955934ddf786150e88d39ffe840599f595e3c3565f0b84d67ef8c3fe85f5f261748e3997767f8799c8709d6d67
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc