Analysis
-
max time kernel
129s -
max time network
142s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16-12-2024 01:20
Behavioral task
behavioral1
Sample
f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f6a294d150c5c291e2f998a8cd4e4874
-
SHA1
e118d7785f84eab2cbf9e3fce144c08e05f8df3b
-
SHA256
71768a11c8503aef5ef025423e0dd41f526bb5ec27ddca2e128bb7c1ad033c82
-
SHA512
41b5408de4470a95d565a80c5a5596a4b87edfa00a105fa7b683a4675b043d5d39c829d42db94b9835b626aed30a9c36fa16a9baf5d72619013d0d6b63186fa4
-
SSDEEP
393216:P9Ow1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951b7:EwnhA0SZ0i1C8c2N
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.program.androidmonitor /system/xbin/su com.program.androidmonitor -
pid Process 4262 com.program.androidmonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.program.androidmonitor -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 11 prog-money.com 13 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.program.androidmonitor -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.program.androidmonitor -
Reads information about phone network operator. 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.program.androidmonitor -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.program.androidmonitor -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.program.androidmonitor -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.program.androidmonitor
Processes
-
com.program.androidmonitor1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4262 -
su2⤵PID:4389
-
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5fb3981450f208ff3e9aef0e4014d61e6
SHA1739044cacfb79c5692215b8f02cd8b997e8af942
SHA25603ac5402754668a4327c662f916356ee9b1901634c67b9b6c242b8d50a1db275
SHA5128487d7bfe0545d18f6b909e692a607dfb9198105bdeaea0cca5cbcfe01999d3750e43aec6403804c874eece5297a52ef8072402d13e95db61ab0ffdccbe55fa0
-
Filesize
28KB
MD5079700dd24e42c6c986319268907fad4
SHA11e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA2568c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836
-
Filesize
20KB
MD5cf128078a6a255adb99f13a06c9269dc
SHA11447fb46947b6b51676a5a3d238677277a540949
SHA256085e37808ba2a2cc3f06664b670a6e34ecd2a456f5b4a32bdc8fa084665c6762
SHA512751d7a4161252271940630ce4082ac971f09b61106d195c742fc7ead6414608ac986ace3aea582f6ce4be8099e1820272c8646185367af6d79c6bf0e3003214e
-
Filesize
100KB
MD56aa9615f9539ad8e71d37d9c061665bd
SHA18df86c55c31a5dd66f6bbcb9a5a8646cfe6ff318
SHA256cb6c76c7d4c18c326934a39ec67cf7cb6813bcd18f31c0062b60388bc9c57ff5
SHA512f927c283ec6790b606022df779f5b4ccd509452c532cc4de422accf1b2dc1c644477cecaa63574fd7ae1dabbf504fbd41de52ce1de68f81ef3e21c7b0e818836
-
Filesize
512B
MD5958c5bff84a82372a7f8671c794c804c
SHA1fd7f01258b78cabd07b621f6cf99809b28c46e25
SHA25601b52362750421b1015b8101ec6c7441ef6f05ca4a7bd825dd2fbe6912183f83
SHA512363cde261f848f1dd9a0c12c600d7f8923bd34c033030c1777a7120722d91f8a46eab1252bf6bc12a7646391c1656f83a163d45a52b79267ff3e40c2d4ec182a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
209KB
MD55f521fd3d5d5c4fda68204051d676d1c
SHA145e7767d5c0756c714b89ca0704cbe1315979147
SHA25626216a4ec47aa4c0dcffd49e8e055a0d7ed50723de69830dc5fcb4dafab3d8f6
SHA512468e8f41e3db53efc16431dde6d517ad224e599faf1f254edfdbba885b41006fb503240af874fedeba88b26f1d30378749a8a369046bdb334c617fb834c9c605
-
Filesize
4KB
MD511fa90b41a589721df95185fee9c9a5b
SHA1a5d8f3a9f2868c7d38942a9e2ea9c472b83d4e8a
SHA25663998c1160d295da7f32be4d4d7c5c784cb013125af1116aeaeca39e622a08ad
SHA5128c4475fbb2d21e44e791f533c222ed9cb822b0aa4b6e96695e5604f440fb7137bd1f06ed2c0961d9639d0e93d80d73579386d06867bd48dac82e70eda3c76c64
-
Filesize
8KB
MD5712026bf7fe14cf71a9419b507d3160e
SHA1e404372292386fdaa375f72cc0d32b8c8b36b67a
SHA25653dd28c00a52e17bdbdd99aabbcd1e64805724941d5e6007bb23b5ab8978156f
SHA512b016108357bb74aa0a7f67314927a87e06758abe84ea4d1e8e713af7c3f81b21c51c5b837aaaaf7e288b0ed14a13ebfafc147cc928e0ffc26de1615874fc051a
-
Filesize
418KB
MD549341673bb627743445a22e1bbf10a52
SHA1f95e686d2714f7baf706f4325bdfcd72e257f273
SHA256e5d66fdfc92bd7ceaed1087396636e41c5dc3f4ee32063959f816140ecef0407
SHA512857e2d4948764abd72a0d77ddbe16ed8ddbaebe17820b1f21ddf4b66acd02952fc1403d0ba58f07e87808fe11d4d8bb8929b13c7f9be545ac5b17654f41a47fd
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428BeginSession.cls_temp
Filesize77B
MD52a1316c796a87f7e392d74a9714de8f6
SHA1f5eaaadc76e07b29dd9aa931a2dae3592a2a2f95
SHA2568077bcfb2aa5bb9317cd6eb38644d6095bfc1dc59023547e389e7f62543e2538
SHA512b836ab36c3c8a58ddfa00bfa0f326a389aa547a8c9ecad0bf3db98639db4c6f7f6194daf80151469eb7a246c5e323a307eb801746adddfd1f7588efe728d6202
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428SessionApp.cls_temp
Filesize119B
MD5c7cfa2ba2a3ac116d99dc9935aa9b930
SHA1ffde15908903d3c11ad3cf745c836119e6a250b8
SHA25636b4fbaa92b655f048bbadfbfcfed928b16a5adc5deb4b621e6dc85e77b73d71
SHA5128e14358e70ab54c271435b3e4514d6fa9a5f3b463ffa8bb1e0f6b9ad1151de237606464ee9ed70a68bc65bd2dea6c14c9e13ad88bf867584325fa4f5626cbc24
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428SessionDevice.cls_temp
Filesize144B
MD5b13ddb8779abc65e846e659f0a98c939
SHA165e5836d42943592c4a637370be0bcc1e3d77323
SHA2563ebefa508b857dc71dff7723b773ad1c442527780e2fe657d60945c2b290d190
SHA512a4e94e70168bfc78ea0d7461c9dcd74e074fc8bc462c52581dc10a1ff3a569d339f6fc6a39c196e9a3bbf04db65ed5575f94f79e5f1684b97b516a6ac3ae655b
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428user.meta
Filesize28B
MD52e24f7e64aa1ff176b3d0bbf66b47972
SHA1d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA2562eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F807A0135-0001-10A6-0F41B0DE5428user.meta
Filesize46B
MD569de0fbc5ecc151462b35f5c0795f4a7
SHA1871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA2569c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675F807A0135-0001-10A6-0F41B0DE5428.temp
Filesize87B
MD5d058ac9d6b7cbda86f728255f3bb9ead
SHA1a3494fd3d070ad64c48acc67207bfaf5c51c5e4e
SHA2560e5a722eb605f3bb0fd82173c014b262b2417fd078629838a875339a3a7c96f2
SHA512d56820bdf883c8cc37811664b648b61fc9cd521e780177dcbc8aa38bfe1c31a2d5b0e33a3b8a91f7cb6faf2fd7b692317c2d13fc1a7b5c7660ce418bd79b2f67
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize4KB
MD5e6b1982271a221a836c41f75b40bd65a
SHA103492e4f872784e0e31c16ce9202f39576aed878
SHA25603374e954b8f969d40208576a4463cddd6a6d6f99526535b32ee8833185455e2
SHA51203ac63d018e16b8a2a40e11a26369bfb241953c906180d4e34c2942b23b4ce53a11487c26cc7a164dd926643206ac40bc50f639b95ec197475b1ecb1973d1f1a
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize541B
MD5f4961c8a198eee769009c96f4b5601eb
SHA180d1ceed859a1f7dd85e1e7c7c6efd370f2c2ebb
SHA256606f82291eb30613bf1368032548d4cf99d135b427ae785ac1f821617430308b
SHA51204459b0bbb5162dfbbf6ec38d4ec30e0b1db18f35ed63e2d72b6fb6755e349d43e6307c4d1d7775bc7008c7a731d4694feec213c04c960433d530c3bb6343d58
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_28e4240c-6f46-4c49-9d53-9f5b0909d3af_1734312058476.tap
Filesize408B
MD532809a16948f9de6a12f0c319322ee76
SHA1efb45d9ebc87d046febf6d4e9e173478dc116031
SHA25628a852ecdac85efe58b9b93f2518863fd231b01f869b77586610ec91a5e03630
SHA512a882cd582cda99238c652b8b867cc49fff19bfa90f69dadb7f709de2efc93adf47ae23040b579703a2984c43c15a00ffc15d4fe8b36d0e43aef38e6ed027263c
-
Filesize
48B
MD5b8444247c97f1a92eb050ddd16cae63d
SHA1ce9bad4d7d62b6684c640af1e17a63af9d8044bd
SHA2561c8205b729dbc4bb0828ceace0b714e7e69416d81343f2a578b61860070c75d0
SHA5124e979087a5f38a98ef899df6e3c0f3a733e55ec0601bea390f19822bb0515121b3f254b46c78922075a79f5c9cc3c60173ee8a0cb9c0f38326aa6b524728ecbc
-
Filesize
51B
MD525d1cc73463d8b20fe725e05a7b41ea5
SHA1bd2273030ea14ed6a8825695af4eef1ea97ae21f
SHA256adfb40965c90337d1cc3442928a9ecd0625c0e6d5d8443470f8d9983cc5f267a
SHA5127e5c079983c9e856ea8984a98d16d8a0dd924cbee0d4e56539ece84be9bf7e4947295c418b2c56e2fa13cfad8ddb5a73d666079e7121167311b8a3a59d1f6a31
-
Filesize
622B
MD52a8ce7fee0ab1c313116d092178993b3
SHA1acc8f40c9cc93dc7a51d07dc383fc67907720f4c
SHA2565ff2562a42e81a957a51362a17f07ffb20450fb9658290b79df7b87f553ee92b
SHA5129c3233bd0834ae0f0942a7061f862b03c2e8d2fadb2fe89e06d8c5885b78040dce8a6088794b56a635db5ea45e1ee72201238e3007f2edb35e0d94bbf3cb978b
-
Filesize
59B
MD503dd48fa87068f930715fab9f5adfb89
SHA1509fbe62acb5b1f3aac736ed9f40e983d57e4c78
SHA256ac3c2a50cb7e4cb486097ccf5c5486aaf70d7e230a46d66ce310134084fa66cf
SHA512a684be428c8d0aa758bc4300472801ce7b590800ee5171fecf0a80cc320edb9276ee1864248469e0d14cae24a346e4a3ea02b7cbe5547775be575831ac108ffd
-
Filesize
55B
MD5b550e6d702c468c43ca86151737b6464
SHA180e286f4b29aceebedaf56c1c80de0da0a41790e
SHA2564b5f695d958f8cc141ab6e11fe7dcc886f8f5fd5c71556fb4e8b16cf9213f13e
SHA51254f95f076957f473b4f21dbaef339a26f580e8a619022a3dc05d0aeb7234ade77d0f319629da6b57919b6bc7155a5aa13021c03eab095842b4e820ae1cd46b41
-
Filesize
3KB
MD59ce8d1d6cfc18b36dfa85273a44ab260
SHA1502ccf0e37aab9823cb04ccaad6b5c468fa20a89
SHA256296e23d58123ce929c41eacf85526109cba2953f9003a5596e031c45b3ad2c27
SHA51236fe3c8f2ecf238719adb4bb3341c8a31a84e3d103ebdad05ccb7917e0fb0f35bf0cd50c4a7137a9830aae2951505dc4e9961fe16f94312a93cbaee95029bac0