Analysis
-
max time kernel
149s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
03/11/2024, 18:08
Static task
static1
Behavioral task
behavioral1
Sample
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
alipay_plugin_20120428msp.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
alipay_plugin_20120428msp.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
alipay_plugin_20120428msp.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
-
Size
9.4MB
-
MD5
8cceef6859cdee6be42adbd542de77db
-
SHA1
bf0feb57ee3ca52b06c3f62d5d206b64f898cb50
-
SHA256
f97141d8d2262d927c34db678fdaf9ff6960c264e715bedbafac7f783d7499ea
-
SHA512
b56effc0217660a1d2ebd426285045b6454c3fcd1d1bc3b9947df52a4d94243166275de826180b79cc994c781390c954de7d6fc363ca754b9d936422e5c3bf6d
-
SSDEEP
196608:ZsVdlwQp8iTLoFeU4YlDBUADbJVs4qBLG413Ji7FTV1Lfk3SVqKJ:ZsJd8YLNAlDRbJe4WN3YFHDk3SVqo
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/ncache/afeq34u312.jar 4984 com.swanfly.lobdwjyx /data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar 4984 com.swanfly.lobdwjyx /data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar 4984 com.swanfly.lobdwjyx -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.swanfly.lobdwjyx -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 10 alog.umeng.com 14 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.swanfly.lobdwjyx -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.swanfly.lobdwjyx -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.swanfly.lobdwjyx -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.swanfly.lobdwjyx
Processes
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD5e6b5ce59b96d66f7e496bbd7c9c9a5fd
SHA18207be6cdefb7d5e05867b6b9dd63572aa118c30
SHA2564a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47
SHA5129d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96
-
Filesize
51KB
MD517e76adc46244c2eb8240f6fa60ea08f
SHA11b3f04099dbfaffd44b175f2c70443d64652c02c
SHA2568c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e
SHA512110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c
-
Filesize
156B
MD5b1bda862c8a7c92de02f8b292f238e72
SHA1b2f2f103d29e397386707c589fe8efddeb588983
SHA256ab014b44f98c2c13f32ace2a29dca468bed50eb93211900bff210debe201d0b6
SHA512e2462b18bc10ca58098c3c352fe98944e9f6e36b9d2c660a7ecabb990adf46befd1f32c5e3789492041bc18791743003a1a423516ebbad9aef20d12833558efe
-
Filesize
222B
MD5b266ef76f04079c5cb73592e366ae0fe
SHA1ebf19d5c56ab379ada8b0a163c3be5b5a649585d
SHA2564d7a66e865718a407bc72ecb76d27172f807270c88cae2e20f34528185c5db99
SHA512d5a7cb18c1e1711c7bc86d0e7ca86029fa6d4ed22b94bdf1d81ccfb0831f882230ef490a39756d5cc4a434b614bdc7a9b5748b640b8899198f74e1925514ce3d
-
Filesize
95KB
MD51ba088e6a5c9179048c6f0dcb9126b9c
SHA11654ede1e7d91aefd6284a26e80fe1810233fb5d
SHA256d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138
SHA512218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff
-
Filesize
51KB
MD54c04c839c4c1663e740e6b9a6f2b6938
SHA1727f1d98bcf6619fea747d1e0e1744c8a79b04d7
SHA256a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e
SHA5129fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb
-
Filesize
36KB
MD5828a3377f8f4e7fd850edb810b63b1b0
SHA13e65cfc37a562650b1fc8d46bb477f197f50ad46
SHA256ee34b7110ffaf02a8d776f8722d57b89bca9c2d7f968a6492def1485ad16b0cc
SHA512db8419ccf538fc4df35dbc91965ac6db3fb0cda0a6d1e38d7084e390c2d9105d3001ce80dd485992757e1e37b23c8b5704d3e6dac7a9d093d2d8ba532248a8b1
-
Filesize
512B
MD5309a3013d4e391f43c9cb600b0ba4271
SHA1ec8c007b7271ef6cd126c369b8ff00f95e3a69f6
SHA2562791d5109c1585484e018e7a02108792a92c8c4412ecffbb424062110ae2d0b2
SHA5124caee921ed7f69b71ea2c3b087cfe9b8280f3c3adbd8f80957fc2e6afe6d6cffe6376e4399cc4a4a1aa30412d7fad82c54373d485f75e41bf2cd751840a5afab
-
Filesize
8KB
MD54c0c5c8af415505984cf3e4c36c55cf8
SHA11daad045c0c5f83d92ba4d02469f3f4ee0a4cecf
SHA256791e467d949762b409dc7259313e7d6ef85a608262271282ba832201beb13a40
SHA51281f9e1fc55d3f45fe904f42c45563f998a837319ee0a58b9cdc1aedeadd3f0ad23a941f9bb830f0f2fbc4c276518ed1ad91e48491e3f99a6647594b215f6b152
-
Filesize
8KB
MD5b576d29ac9576a70487a6c9becc6e59d
SHA1af123313e1cfc1b8dd23d10e3b66cca1863509e6
SHA256a3f1c6bd8b80d04ffbd29e4b464994fdd941a0c36126383e319a357d426b6f25
SHA512887a48b4bdfe7ed35e1f71ff06e14a1f21f4d275b8197b392a49b2a91837a444d8a4461c2f38f7ad5bf9f7d64258a02a374e461c9591717549b6ba79ec36a926
-
Filesize
16KB
MD5836c017001d5ac97e3b54dc2f3b12978
SHA1d64f6dd5da45b5c5c0447b210f832a0d7869ea0c
SHA2562366d651331a36023b6c4626317ee2be80e923a4ff1c31b3d862cbea43cb23ff
SHA512a972af0e002db2aa9f771037222da8135e86a44e2119e5e1aa1748fdf3c981921c7b703860819d72ee62671f0ae5c07354128aca411b2fd71a285c0acfc03816
-
Filesize
512B
MD5b98f4e8a799e3af2fe5a8d616fca5791
SHA113727089416bc5d1980cca234e4d681a8e448a7b
SHA256092df4565721e5c6db67a3714aa3321a2ea86bb2ffc5b50425044adede33f135
SHA51283781f0a37acabfc5dd4b2dc3f173383b10b2d91282a64d3a67b4a727f0081b7cf05768366d9078c2e70625433f2ade3393829e002cdbfd75be56533b49b94eb
-
Filesize
8KB
MD5b2b91b17f75c88bb4e687aade4465f86
SHA1a270b4d5010afd630730596b0a7239016208e959
SHA25650a5c5943c304e4e9e282d758e89dbd511706d84d39f73c47423ea024355d62c
SHA5124bb3350424453754082567caf8e256b77206688cfec3197d8eb3868b7ae281e1bf39ecee10205f5a11cc08fbb971cf90718297b1db82b21431bd8810131113fa
-
Filesize
8KB
MD54bcc3b2f64f769c8ceaa61c395f64a76
SHA15fe70846ab662d33c2e2c6f75b66fef5efc892e0
SHA2567551b2f6eb350447e53ebbda4908a046d2447ab51094b22aec6d95baeea0fa4b
SHA51283e97439101b67777991e0ded10d961eef322310db010b121dae6fdb2de88581ae6706604bfd8e79adccae7bce8a399befe97b191cbda216818ca0e81b32ed4c
-
Filesize
16KB
MD55851311e22834ac729a1a5d75eb5d05c
SHA16095b1fc7703aaf9bbdf939090ce1bcba8138e91
SHA256e9c46143925c3035add920c0e7ad2acbf33062ed5ab3980bc431df3d79e13854
SHA5126c0713085a0523a2251bb0bf9d744c5737b62e36636f9045a470e6b3de406c9799a83c00152d9d1b87e153a8247b020450c54d6296cf7a7717b40bd21a5af5b0
-
Filesize
16KB
MD5d956ba30eb5089b4a7a5afc787d1bcdd
SHA14864477f7d5ff33e122da80431e3f11bde0b40f8
SHA256f60a5e3ede360ea32c900ccea423a9a3b695c26596009026ba4378f8fad070fc
SHA5122c9d6cafa6943784b956721a96964d6f71beac0af918af3e61ada73a17ab3ad5e5acb31565e4ef34ae55509dbe20d2953f1737706e001cc0fa20d07c8b6e18d6
-
Filesize
16KB
MD592f7285aa715a2cc741e8546e9c0c98a
SHA19e06b9ed238964a698d427306a127f676d2e9861
SHA25679d58f6bcca991e71cab76432c8a25570c7230ee4ff25eaa5a6d2b27421beb95
SHA512c0c54ba58f39b4d76815d82b9e39e5701c2de456b958660d7440caca9a6d0776d8faec6c9344394514880dcd1ef24e50f3387004bdd105a145bdfc87b7263b1d
-
Filesize
16KB
MD5b8c821ebe129ad926ff820c152c547a5
SHA1d22241fe98c5d774689c0c656ba7db4fee0c0635
SHA25645d0f15c0b48a8f365638fae728d4feb5bcc52e89378420963d450c61956513c
SHA51260d52504798cd28fcdeb04a20a46cc5d48aa0f08b069201f242ac156088289646ff07184ba0d6e05042050f29b6f1bee9fb9ac43699cff1a0bbe8185ff1547cf
-
Filesize
16KB
MD5bf6bcfc39cbd34468ac7b8a0811b217c
SHA1033a1909d31ae58973e9064590f85e7e4b0e49d5
SHA256979c9674686f9eae6ad0c5b984b690bbcbe127aee9eb24c72620e38b8b9a4846
SHA51214290d48b6480fd73067562744d64f1a116ecb5358b80155dcb0fe22b46c087e93605317249f3937b9e169e73e865625031dd6252f1a40908a14f5998f299367
-
Filesize
16KB
MD5b40932ac844959e1ecadc327a77133db
SHA152b783d163c057180c2ebacc340cffb027441648
SHA256cf5b1dca39dc951f1a6f97e8e968f2e5220996cd1df5a65cb7efaa280f47114b
SHA512b781a97d4bed572a36ea55b9941528a257410148d9e9de4360ce5cda831f73f3768661343bc379db6655a1db62415f03a285cd4403260552b1d34a352a135902
-
Filesize
512B
MD5d4f31e4840668863f5043aa3f12dc67d
SHA13b6de50905145ebae3c6974df4c8299deab9cebe
SHA25682f66afa89d5d8aa3b949481d4a9ceab2f1425de596f934213fecad64fddc17a
SHA512e2320d60aad28b6ba3429688b3b46377df596277addb17b3b76486e6ad062465a05bf776abc11466fe6be2e80591381af9d55807e3436f51c7f7cc320079868e
-
Filesize
8KB
MD5c43333ddecc82078a23696547a78252e
SHA14a8108cead72a6a71c1a70086f2f80ff8406d4d8
SHA25673b851710e1d99b9eafadeae3454c58ade7d9707bf7d2c1a4897b75f54608b3e
SHA5128dddc15f3bb10b03954024745d2ae38552a5977610516bf9d10ff98e617f5d9074f50d4efc44a78f36e92c80544e6d5424552b8b7cd61ea3235f2b3868baee79
-
Filesize
8KB
MD51396b34c0ba363ad24fe2c5690da8648
SHA124f928cc29e73dbfc7e58b1908bdfdb63fbc2975
SHA25695333af9a2d60933474a506d365f0ac4aed54260d555a83040038b8c2effb078
SHA512d53b0b5b74d619b4a0045723b1270c7593e7eca7ab4baf627d8086f27dd938785c7096c06142f13be12b4a5180c474955975f0efef14208c21c32a71a980bf3a
-
Filesize
8KB
MD5715334f098358e4e0b272058d94b76bc
SHA18a02187453239f848fea6c0d48e98a02d693a272
SHA25693b923ce2f507a4fa431f9530299adfa27e7ca6e84bbcf0269fc52ded72cbc03
SHA512642c28c784b9a63d571ab180cca53f2003851efad4853386bfebb9666eb3c3cf46a4be5b10e9800ffbac08ab98c1eda559deeab498ec6eb55850de6b474cdfb9
-
Filesize
8KB
MD55fa8df6f354cc40efe96c370c35faab4
SHA1e5e87ccd0361494234ad6c62e0502ed26bfd4b63
SHA2568ea32ccb4ee7e1123d1eb9869380b156c7238eb4bcd74ea0fbd0057885256bc4
SHA5127cca16c27992b1c3ffd30917339026e0bc0838a8df57ee6e14891656a667c7efdbe8c537b0dc84e627347e63db1bfcb799324eee40512d231e8f2bc879b7af36
-
Filesize
8KB
MD5cb44816a94597df8cc4dbf771d55673f
SHA1cc51bd49812e9f937e213baa88d35b9b03a2019d
SHA256823f7ab5ca1b7d25de42eb9417c55a2f51a069095ccf9aadd8e53546b3ed318e
SHA512b71e151d33d3b8a5c1ccab5e9c2cfab2ed8b7d6cb7ced317f4883f1cc76ba2bf2539b9b1b8b9cd61eccb32b52c5cdcbd52d7e4e4738059f1a0cb560afd97ff18
-
Filesize
16KB
MD50dcc5340a1ac5d879635dec84942e38c
SHA14d7665573eb63e711041ae9e7b2768dc44f88579
SHA25667d724ab3ac680718a3a7ae115d60ce6559e4aab87f0f3ee6f74d515871b7734
SHA5127f0f2396d2cc5a2efee302147a61b5c447a3847e788ca8aad877f376a3e4787ea32cd43f18652a5a5d6cf1dff26c1f809a1fbd4359314443626a8e4bdb7a6872
-
Filesize
512B
MD53215bfa0c0acc85c5f94f4e7884fcfd4
SHA15298a2041ea412119504f53f614772b9042d8e33
SHA2569061317f4e2d1cb663b086d70b5bcb59d17aee1071224fc138c63f4475d0f22c
SHA512c627d51da2f0ba246db1f3aaa08965287461f4f51de58208a4c78eed180ccbf51e4c6960ccf6a28c5ca94e2aeb2e8d6601b8285943d25488fbc0255c5fa3721d
-
Filesize
8KB
MD5b5870593ae1f52ea67905b12d555f87a
SHA15b5b6ec209226870d0cb120da60d855e02e872e7
SHA256c1233523d304d177dca7e7ac132aaaab6bb73d4d04688b797fc1b6fd7c855006
SHA512229aa01117b829ba2e98a76fcad294aa8fa09a79191ee3a7b0bae2ea3e8b88989aa018860e3280e9b9951699710968e93cda7733d976702b5d6b4a2b84ebecfb
-
Filesize
8KB
MD5606af2b2ad022fd81132e18f86b45611
SHA14ac5ef87aa3e12397e6d6eaae1807b3f27676d8e
SHA256812a6bd798f262e20dfda3b1d1e719216264cbe87e76310862ab5da978c34c12
SHA512baad372618f3818c6ee5fe1a9fdd59385085f36150aafd770c6f5f3d1f94421d235c004bd97329c714a79ee99ab6448075cd0fb30a3345ff065a43e311e64557
-
Filesize
16KB
MD59337adc71beac340e3e77473f69535b1
SHA13d5fddf046af5edbe15a2b7df1fff12aa65fd461
SHA256bd4279c5600507ebc3b9ddea96bbbfdb59d171b46aa94c033954c89488548fe3
SHA512acfe24c9f945f02074a37173a0ca7d3598c0393ea8c016b573bc4d408cd8bd7582fd91fac7a292c2d3cd12cfb399946d3af8a4c4dfec36c2f0ccd34a37e424dc
-
Filesize
512B
MD573b3452db36f2ce1e3fe9732c1a90986
SHA1638cb89e37b371a589ecd54972631936cc5d1222
SHA2567ffec3aa229b426d5bd29a7e6ec76337e247413cae98230f5b1d4684d06fbaf2
SHA512114ab3b526fd30b80962464535b907d522544251e66ff5076f2c4440ce97009dc5834ec09255f7a5ffc2766ac69fd23cfb0f3e9c3e1eedb8c45cd7031cd8d44b
-
Filesize
8KB
MD5d6966c34373069944c0854d272c23a7d
SHA173e8f00f2760b1f308136b3f123ee6a64ee9b991
SHA256c1e1397eadd8187f776bf2060cfa80b11562b590578c51b3dcc91404473e7b50
SHA51273b717683f7ca3a83147b60e1ac0866ab44d66bc4b4403708fb99f9c55abc7235016aa11ec2dcec335e04450adf70eb6b616ceda88a6fdc962f5dc57e5fe3e93
-
Filesize
8KB
MD5c0e6ae85baf4826164a1c892e701eaea
SHA1e334685a4f8cf111ae0260c2d500684f4f50d943
SHA2566ee789b4d55fa74a6b6a55183bedb408ad6ea2aac4d0a4127ea28814f60cd18c
SHA512dd2b5d6961f89ec49af0af4274e462dce027ac2c1f87f6675d40472b1ae569ba8ee1e01a5c3d65096f1da0cd9c9a74205c11ad72a8d9e664c6e4a5149b393e04
-
Filesize
100B
MD5c21105ff16ac38b5e6422ccb8194f86f
SHA1cb6bbf7a7993dfad788bedaafdad83dfa4d0dbf5
SHA256c9358df6d8bcd4e25e794f0d7e27a1497dd721cfb3f48f98770fde619a0133fd
SHA51268a51ee0765e0f944ef5ea2514383cb1ed0401518f20d57c9c6292c4b6227fae23113b04694a18d3da85368741b86eee59ff229aea8f842d7b6d4e212bdfba27
-
Filesize
167KB
MD52e005187eab28668da44a87ce47551ca
SHA14b81ef675d8b1e285716b3879320bd298e4a6293
SHA256efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de
SHA512111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068
-
Filesize
137KB
MD547156cf1a64f54cfb14fe9b28d58e589
SHA1286284ed2e5dc22d30d1114cc035251c54d63924
SHA256fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269
SHA512dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2
-
Filesize
819B
MD585cc7fd869a82010dc886fcda0c2458d
SHA14e629d76d14a72379bc7b8ba60cb6a2799e054fa
SHA25682aa478a713500d13b9734ee26c359e7bf9198209eee87f9fc4b3cce34939e01
SHA512b2947f82e5010f75cb26213f541c6f86c09d46bd059fc4f94fa9fdf1df42b03d6fbd897ce1247af0d2278771b2e0e0abfe3b25ea1280e714442b83cb4c9bf3ec
-
Filesize
15B
MD5b8fdcb4c12720e8389c2012be5f22ea1
SHA12cff8b9f393f2108817b859c16ec82bac85e5c51
SHA256baf6ff5c4968cba9439ead4c1c57b0ef235c61bd5b2612045751d683073f29c1
SHA51229b731fff301058329dbf2bcc1cc7b99a9ee3e24fd0f2bac7365d591d986fc2d3a73ac17ed8f9631ee2716373b183443f1ad1a6a46e8783425a03db9ec081323
-
Filesize
51B
MD5c3e7642b31696b39a582cad83cc459af
SHA1962e157c96db5d0ba203f0daae88be3ee4a88c98
SHA2562ac74ee07f3a351d52e4ace5ee316368178233ca610b51ef2b3dd28af44a72be
SHA512a915e829ed3b4cbbf15361664e7aff766b445f95d135b1c1e0c7e1e2e8e9106a9e7d0e042e35fa4f4cbd26a9986bf32ec9dd5e43c1054549eea98512fecec8ee
-
Filesize
7KB
MD5ce8bb67556e0b26dc28ecaae54476bb4
SHA18adc1899753a24d2028959a63a1e9ef98d5fd91a
SHA256eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827
SHA512d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea
-
Filesize
13KB
MD512719079037e160d993cbc122cef5ee2
SHA1260a575f54b79624ae822b4caffe5bc25977ba49
SHA25654ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51
SHA51264fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17