Analysis
-
max time kernel
129s -
max time network
150s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
03/11/2024, 18:08
Static task
static1
Behavioral task
behavioral1
Sample
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
alipay_plugin_20120428msp.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
alipay_plugin_20120428msp.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
alipay_plugin_20120428msp.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8cceef6859cdee6be42adbd542de77db_JaffaCakes118.apk
-
Size
9.4MB
-
MD5
8cceef6859cdee6be42adbd542de77db
-
SHA1
bf0feb57ee3ca52b06c3f62d5d206b64f898cb50
-
SHA256
f97141d8d2262d927c34db678fdaf9ff6960c264e715bedbafac7f783d7499ea
-
SHA512
b56effc0217660a1d2ebd426285045b6454c3fcd1d1bc3b9947df52a4d94243166275de826180b79cc994c781390c954de7d6fc363ca754b9d936422e5c3bf6d
-
SSDEEP
196608:ZsVdlwQp8iTLoFeU4YlDBUADbJVs4qBLG413Ji7FTV1Lfk3SVqKJ:ZsJd8YLNAlDRbJe4WN3YFHDk3SVqo
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/ncache/afeq34u312.jar 4613 com.swanfly.lobdwjyx /data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar 4613 com.swanfly.lobdwjyx /data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar 4613 com.swanfly.lobdwjyx -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.swanfly.lobdwjyx -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 24 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.swanfly.lobdwjyx -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.swanfly.lobdwjyx -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.swanfly.lobdwjyx -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.swanfly.lobdwjyx
Processes
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
167KB
MD52e005187eab28668da44a87ce47551ca
SHA14b81ef675d8b1e285716b3879320bd298e4a6293
SHA256efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de
SHA512111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068
-
Filesize
137KB
MD547156cf1a64f54cfb14fe9b28d58e589
SHA1286284ed2e5dc22d30d1114cc035251c54d63924
SHA256fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269
SHA512dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2
-
Filesize
95KB
MD5e6b5ce59b96d66f7e496bbd7c9c9a5fd
SHA18207be6cdefb7d5e05867b6b9dd63572aa118c30
SHA2564a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47
SHA5129d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96
-
Filesize
51KB
MD517e76adc46244c2eb8240f6fa60ea08f
SHA11b3f04099dbfaffd44b175f2c70443d64652c02c
SHA2568c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e
SHA512110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c
-
Filesize
169B
MD5392a834784e5d25321eb62ddd2d4f0ed
SHA17224a17c3568ef56adaa543a1750bdc8feea84e5
SHA25636be2a45949edfffa0cc8c8d7c00da6e13b611b33928605cb9775e7c1e168eea
SHA512207266f27849ad635191e93c65df35be4b32d4a112fc4774f28450d34c8eda19f7ccb9c074be5e931b43176add11b67305c17fa7afb5e8f35307bce6f0a28bf6
-
Filesize
206B
MD59f3421d238f0f1602a47458605bfd743
SHA1787933ffaa32520662392357e0f8a75d099e3b5a
SHA2569831edc32b30dd1c486ad2d74743d6a53db9fe4d8a0a2f2d4be31cb94633ed4b
SHA512ff06c3e17418524b0974851f734f4d9fd51cd9e19add5b3d596c1ad98dd0eba03c445e77f4941caa2b99a104f09d493470185849db17224418b46601a701d59f
-
Filesize
95KB
MD51ba088e6a5c9179048c6f0dcb9126b9c
SHA11654ede1e7d91aefd6284a26e80fe1810233fb5d
SHA256d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138
SHA512218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff
-
Filesize
51KB
MD54c04c839c4c1663e740e6b9a6f2b6938
SHA1727f1d98bcf6619fea747d1e0e1744c8a79b04d7
SHA256a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e
SHA5129fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb
-
Filesize
36KB
MD58508b7d63a9c2cbb186220b68e949b32
SHA16488fa58b7bed1d2402e0b0cc317c08d58baa3fc
SHA2568603e6c0266f098980e94eb4e57e5559de1ac8876bd0d7daf6d58d2573f5acab
SHA512001caf049a4440e7e6eaf5e5a9237f5bd53d8d41af0cc80294b98adcb00675d2504dd736ece75cd272aeaff6cec07baa46db274ad837de4983fdaff91f9611d8
-
Filesize
512B
MD578ac76ef722b56c66860add0cb61a708
SHA1d29440e4f3a17e89870b8ce0842d8110682cc466
SHA2566e9474454822990e638f4e4297f44e2e65052046ea24fcc35138b111eecb297b
SHA51217bc3a55ae9cce67a354ac0ba0bb24e7614aa6d0f2e8762af4ff9f0a564b6f8ccd01fc5d09cd7a009210906d3d4108d4fd2bc82ade7e55afae32c904161968b3
-
Filesize
8KB
MD57d6595b51045ca6e12df8e69bc8c1745
SHA15b14d879bba59980145edb4aea92bdd8ba1ac358
SHA256840fd2096aee61c10fd95e323d919e3ca2b6261455625b227e2fa5b01e3e6afd
SHA51217582d50316501e244485d3f06d3ee4f514dc60b272ed0544329d6b8d8e0828a50346bb78e0f7e310af1a41c9d744314160434c82bdfd97d6d7d32da941fe33b
-
Filesize
8KB
MD5a8623889c99bb337bc626ba4b385b09b
SHA1d56c6d778ee09c5fc1c66413bc530b45896f1523
SHA256060a15f4b6b8af217c062e660e4c5b1a1f0b9ad533fcb104c493c76a5844906d
SHA512acb2782b302ecd5215ea32dedb9b94c4007c978f596eb11f705ec859bb9d1893242193a4635cead99398629b6b2997a0df4f711f4c4ac2b61734a96d4739f0f5
-
Filesize
16KB
MD566d087265d934aff4e115f7d05d4e942
SHA1e5ce93eb8300cd38e04ee643028c4a40ad206e22
SHA2568aac13fd62e571f5006eac4bed36e68f83a0c541904b8d6ac0cded308bc65f2a
SHA5121b4382fe657425c0b237406960b58deb3e7a63f51406b8c72c30fc2376fe4dca42ab562e6b84aee948b02b501b42d54c82307a08768b0fe150ed13aa56e32093
-
Filesize
512B
MD5336ef43128b4499a1935678ab51211a3
SHA1749ced4d5dd1e66a96ceb3e1e2b793780e77189b
SHA256dc96867afe2b34436bf4ac523b793a5240e2264765692947fbd4f05f26a7a660
SHA5128f7ea59eb9cd40269a4be37553a2d879c3662208e1ea4a1f665ae81ad9d4119c9559944445392bd4dda7f8c69028671887fef05b808d5e119df19e2c0ffa9040
-
Filesize
8KB
MD55744d11b9140cb60277bbc7162712954
SHA167e767fa09a72150580f726369cb0906575e9981
SHA256a4b8a9ac8c1eb94c6fd24e7dd5244550146a50992f4a6a24402aa48860c0c4b0
SHA512600324cf2468904b934390d7efc4a3f3319cc5578d3e1499e69b0835f4d34a8d8e323d7a207c2d2506f811753a4075f13c064a88762b0b71e237eba4abd67ea4
-
Filesize
8KB
MD5724272c2041a815ca92433b10142aa26
SHA1e5fcff1060d60fd2465315bc0b9ab3745ec90534
SHA256493bb3a841b3b8143e4b96b4d5ce8cd52279c9c33b7a3212bacf039dd4b234fd
SHA512f0d475bed8b2a777daa099e0c1c64249e736b08cf89e788dc485cca0bc301301f6a6e9598f58ff0daeb35d6779337742e9946db604fe8068bb378cf74ed5d841
-
Filesize
16KB
MD5bfe7e926b6b988fa64897d3254eea58b
SHA14f61ca809629b70b79f474de9fca76a70e8e7e1e
SHA256dc40c5bac576251ede36735ebe437d409a3b395ce89a1876bcd21ebea1a3fa9b
SHA51285ef9117b777a01440ad9733b0e9f07635e07aeb93b0b38b78f8fd32ec738ddb5380a95458e285d45f408b8a667b926434992b8c2336a3201ebf35de3118243e
-
Filesize
16KB
MD52510ba71b1f0658de7c95a10e9d242de
SHA1d8b79865d80affc313401eec8c2adc3791109d1f
SHA256008fcdc34eff53c0ec7746ac091ae2db4753492f8e09653d96685b5717c03458
SHA512bf67c4b8f44749eb3fb0e54e8c889b5095e19f3c439b51a3fb2b9a9e66b5e9d4811cdb3cfcd9e7fa3481057547024288cfc79e1292dcd83944f374cb33f7dcc7
-
Filesize
16KB
MD5a09d8cf41db2b6a70c8e24dc3ae032fb
SHA1ceef18a9444b47b49cf5d4aa4165ce1505b3da59
SHA2561a62040aa2488888a81e3d64330b3830e70a9dfd733f8feacbdc5936f55074a9
SHA5123d57f7a38103f39440b62a4ee537982cd935a2a3cad8583e5bf01b2575a4848adab362106e1b882ada3f6ab9d09d28eb647c21ce10ba81a2060a6095f613ebca
-
Filesize
16KB
MD59840b286b389b2305038de206b9247c4
SHA1887f58a38b53fd4dad03fca806e378096952d664
SHA256f4054a41928f1eab01aa630286c1a9f6475defd5d7d83281d6e11c334eedea99
SHA51278ecf75dfecff61d966f8887199fb2f439a05b49fe4ad140dbfd4baef270db88047aa90515b97b9005c2da7e1b4471879f45be109ab4ab2eaf39c40005524906
-
Filesize
16KB
MD507a9e0cb4f55b3545faf001563ade433
SHA169e1af6af1ec9d049aa679399351b04b960b1418
SHA256f8b7efef249bffb9db8eb26d3cb5e6917980c343777cc6c75aa35774bba6a461
SHA51266c6b0454f76e8aa82cbe9a0b0bba9039ca6d625cf02adcfd1d4ad08ac3165713dd01bf1f4885df6034cf5ed24582f79b104093646f0a8abf6ebecf01b99a244
-
Filesize
16KB
MD59729c4c85d555c3d3d8661de3ff5de9f
SHA1f0ebf83c2404447e23ec5c14af30c107fcf5e32b
SHA2560d0b715cca732d38e4776e6f962609ce789e9c9ae0808030aa4e4201ea8a464e
SHA512db6acfde5dcb196c8985f0adbb930757ec7f83b46fc84341b3cc1a03e3ae6250be44fc1c526b4dff2b437e9c1644792575960b3df66acf019fdf91cebaea1dcf
-
Filesize
512B
MD5311866b8c2655d935663fd8a0fdf8e45
SHA1e5515f14aa1915c49e4a539ea05a9545bbe08c2f
SHA256b108c88eed7c00b46267c549244ddd9a5a06d3af73fa32be44e8e83171bd69f3
SHA5122cd0df6b037d86f43f6a239c4a2b00efda7dcb7b85a78d7041af6b3eabb220eb945ecd65bfe45ccac509ab5d534f5e79661e382ad2a1068cc7c613cf93e7114b
-
Filesize
8KB
MD569e7e46b726f69e4c23ac07a07ff4469
SHA12168eafb8350383e031eec3d4c7b64fb49ea1c4b
SHA2568dc96c097e13edd4658da6f5259d934ff7fa8058394a736ffd583deeeaa2e7a9
SHA5128dd48ae9a621b6b0591aaab04f95f54281ce286555c7175a8c44406a445b82cf204ca45ccdf205b19402caca9aebaead1fe94ab03a54180291dee380f5bbbc0f
-
Filesize
8KB
MD512646d68b69d4fefe6b5f78390c6173a
SHA1291a73636da4cd2ebdd99729d3edc9e5fc9f3cb5
SHA25639fa99e8de7dd56bfc399c3d40fe35cd6b2da20a61b570afa2ba8d3a0ca4c327
SHA51296dc6d4f64359528ee41f89be2a5ef314ad2cc66288af2b76b73fe35db58657936ec135affe24b78cc8a130da970486f2c3d235eb955c49b4bf3fcc1d1fb669a
-
Filesize
8KB
MD50c1c826d10594c643c16a526b1362e4b
SHA10b3581c5cad75ff331de7fb02aa2e8c8f5c9838b
SHA2560c1e40d6a4b3dac6e525ee701eaf2e38340d7c3607d5fd9287ac1635039a7695
SHA5120282fa0a233f0864e29270b36ba1a12b574aa3f1aae70f0dc1e32eef8be26ed7f6118855cf065f0249feceb42f38894f13aaaa78e1a83357340f686d19ba6366
-
Filesize
8KB
MD57f3073d25c34626a5ebb3cbe8ccee143
SHA122a0c18aeed8d1b32b4ab5df6997864b7571a425
SHA256f6398c3ab1a4f20029499dd5c0a5d4f089102d07008b2809469c74c42ddff458
SHA51282cc35abb8b8e364967e71ec10c6ea93ee24824a15aa7a85e242b2080aa7099b972100c33b7633be73cd961fdc3a9dcc721a9684d4aabb6b4f27b1be7c826a7a
-
Filesize
8KB
MD55580f2ca9b14a2ca5df3397ae32ef6ce
SHA1ff516dd8bc38b68afa342439803dce754f70e745
SHA2569a0a5d981ec19e11230755ab4239140e4b8e1fd56dc8fdcff402794447559142
SHA5127d0f059caf1de771402051d7a778ddc9ec8c3b37eb03ede145e9962827b701ff63a14012b81f033ab4d5303517773621b48d5cb6d83dd2350026dacbf0d1c2c0
-
Filesize
16KB
MD5cf8498895508c4e8e8c1713cc1dae98b
SHA1793fe23a8c560631103c9ab9c95a5e6bf2d7e162
SHA2561815b8d59fa14ba1707856e8496f7771a5751891ea8d5e6dbc5083182abff4e0
SHA512cfccd5eca126c5f6b8f1f0df4db637acf0ae9209ea01a163139e40e8ba5febd72ad879ad51613be99275d0efe5a633a7c29febfb8ee0259374fa209a60a66fab
-
Filesize
512B
MD5d984fe2d0f600ab3325ff8b6dfb8ab08
SHA11542a5b086beceb8adf85221081177ca48c56bd6
SHA2566483046a3977fcb172dd18681d76cd9f57f6153cc9eacde41cf310989b97590c
SHA5128ce6f6e4ad30045a6ecbf9388dfe2da0ba9744ef9a06850abc730d4ca0a821207c35302d77736bb52bda170e875e0414010b93399872551373f6ac18234f5d9c
-
Filesize
8KB
MD5c4efcad6682c985ea8dd635c7a0800ed
SHA1413ceebfed8f91a5fc1c8b8c3b455ee4c4ecaed9
SHA256bbbd8cca190f3f6645539f7a653637adf17bbdc5f757908a1acadba65736604e
SHA512a0eaa830ec63fa0b060235e7dd44964d39f02abff9396d9476fa9454e12ed6b7e2a38ef8228f9ae37eb3c21dd7423fd4089a4894f6bceed95cadd9037de6fe6a
-
Filesize
8KB
MD5ba0f6a1ca84a6e2dc902985c073baf2f
SHA14b917177ca776cd0eb4720df838d9b92ddbe4ec9
SHA256bfd70c3fd882fb760256fd486b0f1dc862981740c9833c38b69cf45d71cd96fe
SHA512ac3b8c4250fdd9f008901ea490a55b0b1dd6efda9a785129ca03004007bc4f47f217df59ced35233d12ac6097239ebc326b77db0834b88f97b5a7abfe2bcb769
-
Filesize
16KB
MD539707f2da3cfad7b0d02d04d87b50e90
SHA1882de7008060c51b1b431f3a2bbeac077d53b3b3
SHA256710155a0978a808a919c5f3cc3205c0394575603df6d08ee2286bd8a0528fdfe
SHA5120bc923fab2d09adab0e1da0e0a525c5dbb66c6c9c3839277eb576bed14863f69415e33e7f971697d2d70c34ee6f78acb7b04e295b2f8c3f3e6c2c4dc72a506b1
-
Filesize
512B
MD5cabf748b495355b1f36273de3ac9f55f
SHA11b33293be449712a9f7f5814fdf32947850c0a55
SHA2569511397ad02497f8a68ef3d1811c9722f941430a9138afc7bf126cf88e08c467
SHA512e89f59c7e7f7ac1a7b7354ebc51225ce31485b0b974b586cd6397249d4af5384ab52ee52f628c528ac7df39dc9762db19a299f4a66843e966efad1c7ca972e0d
-
Filesize
8KB
MD58c5cacaacb90fc6a28acffe080aa01d5
SHA146075d7edd35a2dac6baf0bb26cf21b91686838e
SHA256b5be1f86bffe742b076ae5eec56710000a30b0578d406861971e6aa292fb874e
SHA5129dbd72d494cd3bb2566b2f74c82f71235ea72de9e511b4351b967445de371a2c0840eac99db0217d5320d3dc783e53217bd5de28741c635a294d9bb85fe8bf0a
-
Filesize
8KB
MD54c3a4f0ecf381acf0e0ab6f03d8963f5
SHA1f4024f9d921d93d1aceb031705244c89e96ea152
SHA256ae1bcaae9bad87dd105836da1e605d3f5bcbdb582dadcb6f814cfb125145b61c
SHA5120e104e03d757d17d2da862e2307b11cc129dc2a15875e328799beae847821042a1db683d2da4a071fccb3dfe7a940fa8e622d52eebbc4aabbc055c6e305b4792
-
Filesize
100B
MD5b97846ccc034849505f8a849f49f33c5
SHA1b0bee0f52ca53ae885a6f9d79298a121a02677f4
SHA2563b8ec71cbaf24960782aa898bf6cbd0028b3c9ccd8411793a55dc2c2f562659f
SHA5128f23143376be98d532a723e41da398555cc830e1a1726120440fafef5dc9839c0e8a1acfd34e62221efb0b2aef659902fb8c9231a5f2ca02b242787f548a4bf1
-
Filesize
15B
MD554bbbc1fa8b9f11de83829f1153b0fdf
SHA187d64a022cd3b2543117cb90052130f7b71e42f6
SHA25609c23687717931078626212ae30cc601f24635cf54b1019d882af1ca892e60cb
SHA512197e6fe6db22e8fa0172aaf4c33f96eb6a44fe8acb5a2423ff876fb441478fc8419ccfec5fb2f4f3b227212b80b8781f4cb4e471b54639de3cb935dd1409812f
-
Filesize
50B
MD5e2fdade929168c6bb9f9b3ce99677ca1
SHA12d861e42afe0dd88c5d8a2e066b57fa5026ad0fd
SHA25620c7fabd0f36b0affd72dd3cce29e615548b6291ba1d13e842d984e27328b18d
SHA512b7e6d35b93a17797b8c34e694939258666a316492408a2545f427d6476b06fa8047a5842b6383b968ed7e07045220104eb7c52415a7b1dba268a18efd435787a
-
Filesize
7KB
MD5ce8bb67556e0b26dc28ecaae54476bb4
SHA18adc1899753a24d2028959a63a1e9ef98d5fd91a
SHA256eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827
SHA512d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea
-
Filesize
13KB
MD512719079037e160d993cbc122cef5ee2
SHA1260a575f54b79624ae822b4caffe5bc25977ba49
SHA25654ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51
SHA51264fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17