Analysis
-
max time kernel
149s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 05:00
Static task
static1
Behavioral task
behavioral1
Sample
89bf2bdd3cd00b7b3bed1ce7ba2ff29c_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
89bf2bdd3cd00b7b3bed1ce7ba2ff29c_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
89bf2bdd3cd00b7b3bed1ce7ba2ff29c_JaffaCakes118.apk
-
Size
3.5MB
-
MD5
89bf2bdd3cd00b7b3bed1ce7ba2ff29c
-
SHA1
4eb78db11e032460f2216b99dc8959ac52960350
-
SHA256
480994d381ca8b5bc03f38e557210ba6e48b2091f447ca8b0b57829e72a5eef4
-
SHA512
46e740d5c40dfbd69da0ee645aeac03677cc39967f48771d13d6e415156ef0ee0098d12e1c086c0be139c4a03775cf326de092ff3ed704d6b575d1078fbccc95
-
SSDEEP
98304:EZFveMagFFAgQDzkZcLZbUdcm6Yga4U8hhZOmOttZuSS+8NG1ZE:EZkYtJga38OHBJST
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.aioapp.battery -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.aioapp.battery -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 4 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aioapp.battery -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.aioapp.battery -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.aioapp.battery -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.aioapp.battery
Processes
-
com.aioapp.battery1⤵
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4250
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Input Injection
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5b772e05059e2a86f5b33b1881ac9690d
SHA18050bf67fb39be103b2ba226df8ee83cad22f2e9
SHA256769b5864aaae4ec418d687e40e5aac043729e85dde822b1fdc4fbeced6cde5a4
SHA512a2564cdfe01e01175387ad81abda2edec9e2c869734088492785646dfcb2dc4312547a3fff0b42173f024630530a6129fddf64308dda1438438cbef60163d4d3
-
Filesize
44KB
MD5f58c3c3eb2d8ecd82b77940f2245fecc
SHA1f71d845ff4bac224f05b27353e000e2a82f50ce3
SHA256da770d1c303b3e5dbff8905c0ebc4c383909a84eeb164563f151b0da4ed5ed48
SHA512f667c945645c2c25e5705d56ab1be29d0ee2795c8de88ffe477bfce770a23d0b00ca14634145bb8a649e720150a11601e488f63cd587257b3f8b5896e487a141
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5642eb4c174ae9d3792b750d243340624
SHA15d34b7e6e556d88b53a0d39651aa0114fc3143ab
SHA256c099f559895476adacff6a62bb432749d664a204449faf9a812b6b2982120e36
SHA512c031cca9a9a75610da9a39012e47cc59b4b55113556a816c3dfb20de78f3b111ebbd307e3284ae04f0a4a01c8ffc93f40d464fdbdd7484be184e3d75787962e4
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
20KB
MD59c9295e78d7f2497812b286725647428
SHA1a106062c3dbc9ad845af75dad452a744da741a1b
SHA256e92ae1d3690236e2c7f731399256fba0bacffbfdbe6a0e0e85429fe13e44d129
SHA512a01816860daac0d85f95e028a6929e33c5981fd64a320dd4a746521a5b3b01f18a65c22f2a2a1cc705a9a52bedc9755b062b4e9ecadb439aecf3d34ee60a9a89
-
Filesize
742B
MD594d4734c87b3354fee575c07bf21cb5f
SHA1efbaf44eaa9c85a392b93e4b37d8e5acb9ee7ff9
SHA2566477f80e297450a64b6024d13b19643c6a2b8218d6bc4943cd7dd3c70a9159ee
SHA5120ce44f5f7d1e1739b6d4be908638ae8f5dd7871a52a3d0995ac369dec80bfa619e267b6e935a06a3bdf70a672db6a2c1e36dd605a4a2f722256f42ac24f5e2f5
-
Filesize
162B
MD512806af9272a35f8d3914bf09baa702d
SHA11f393a1825d2957d987f2ff738b535c846290b5b
SHA256286cb24a1dfc46ec56aba55939ab8c5af7a9f8eaff46befc70517e2b7854a726
SHA512c80da6fbdeb914382ddfac0a7f318279df9d362c6b91aa5d303b915ddc2414e4c625971d44b6d6bc13419c662479239c55ee80a197fb3ce2eb45b28830481bc8
-
Filesize
2B
MD5a50fd48289342edbfcb04a73054c92c0
SHA1853fd953986170e03f7a583c06df5db61a3b5595
SHA256f2e1f83e93d224a7240af6963ae223028639fcd69cf42493d94ecdbc3c4e1b4f
SHA5124878460194e19a4374cb71304313b448aa36cac202faff2eb81a715201f2aa0f141ab29c853f1210d4e93a54475260880b29b0265eb7cca7f887ff525a3a352a
-
Filesize
144B
MD5a61faa4e347352a7b546c57345a7f8ff
SHA1166b96c862e4945dda4122a9dbf370ff79b6f643
SHA256928e153cae9ed2efa1b928275c8fa02266d03fa95568a2d993ed6efa40bcc99b
SHA5127410e7eeed34188af7d8b4c84ad4b193d42bf68a05b3c294f75489840028c568448e1b948f196cfb6c104fe5bfd6162c7e19f837adbeb5e0cc8e8e428d8734e9
-
Filesize
415B
MD5240e9a3007f338f4a5bcbb6cf5679916
SHA1b70f640b976f75bbacf3fafc36a8c527f217edcf
SHA256070a6077bffb57ec62b38d9d2bfdfb4de1ff857fbe2cad3c6f2220d8ae741b5b
SHA512932ec6313111eadd5e183e50b98f42c07ceea3aa33323e369787b2f4aa1d6f381e9956c937af8a4b6c675925f4cc670d5abc7de0def2bbc01dfef1f85ca96019
-
Filesize
512B
MD5a45db51d8beb4ebad6fe406b4601ffe6
SHA1279aa2fa1311c6f0d5131b05b42d9efc2f25f81a
SHA256b994bfebd868e5fc71b1c496ae2b079b8f1a9ba1cf12717bb805944db7b13f8c
SHA512e056ec8cb9320634594d0835842ba651cd6a836bc6aae475f984c236f75119d7ab6e7ad65919092303e055b2348facf95992a281f1d85e328c67f2992e3bae5a
-
Filesize
40KB
MD5117f86298f74c154477196a07d9b20b8
SHA1def027098087077263876f434ab147474f3778b1
SHA2564b9e04b1db89c8fd49e1d73740f6ddeb59420d24d15a322cacbae70f44900414
SHA512365635b11a9f4c24fbd583915ed72e42a29bffddcddfa5f6af1ccf3a2eefac74418c608dc9b01a6310876033cb9bd7ecb97834c00f8b223e51c19d034515ca80