Analysis
-
max time kernel
110s -
max time network
127s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 18:40
Static task
static1
Behavioral task
behavioral1
Sample
8cefc3ca914fa28b00d9f47873c11929_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
8cefc3ca914fa28b00d9f47873c11929_JaffaCakes118.apk
-
Size
462KB
-
MD5
8cefc3ca914fa28b00d9f47873c11929
-
SHA1
8f00b77b9589306c7195f2d14bf878031caefbe4
-
SHA256
5650b3af05a8ac592ed91e1d304675f43917776d04ca79b84c9106de50e39c59
-
SHA512
a18ddc7a66d3c3ef53391490ed85c83c27906f4ccba317890960baf9af8f143f5674e0e19242519ab859445fbf0801eda894d34d11e0c641f102435da0360771
-
SSDEEP
6144:i7UeJc9xx7uvINj1x2Foaj22Ww+w378dNoFLt85i7iRpIfQe677ojtfXQZSTI:i7U0MvrVubd33gH+Ltt7szJ3uAZqI
Malware Config
Signatures
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ com.example.android.as -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 19 alog.umeng.com -
Makes a phone call. 1 TTPs 1 IoCs
description ioc Process Intent action android.intent.action.CALL com.example.android.as -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.android.as -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.example.android.as -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.example.android.as -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.example.android.as -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.example.android.as -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.example.android.as -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.example.android.as
Processes
-
com.example.android.as1⤵
- Reads the content of the SMS messages.
- Makes a phone call.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4250
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
566B
MD53e5e2b39bd4e554247b3adce2b3ee3d3
SHA1e8d22583c7848760db8cb20233d2978d221ee668
SHA25643b56752cfa608b093ec0360f02d3e7ab36bfb3b739672e45c64383eea2500ba
SHA512de985341641e75b8ae4a598c81c71077814d13ad609f2e56a0eb4239499d428dbe132088707977afbdefd2f3b03d82fd0c26a4fc5c17063c5b999b16eec2484c
-
Filesize
310B
MD5e776ec9284af582e51a71be0a72d6837
SHA1f3ff6b6d5473334fe5626597e428e65bfb89ca67
SHA256d91f04bbb37edae081f364f88abfe5982392f18f3ab75752bcdb375cded79eb5
SHA512f7310720459b05aa47ce184878748e1826eafb5a1575e873d09b004cb5595e0d7eca5be5ce5f3a68ada00f9c53bea90cfce712e2f48550fee4f5bc6a4ebda6d3