Analysis
-
max time kernel
104s -
max time network
134s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
16-12-2024 01:20
Behavioral task
behavioral1
Sample
f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
f6a294d150c5c291e2f998a8cd4e4874_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f6a294d150c5c291e2f998a8cd4e4874
-
SHA1
e118d7785f84eab2cbf9e3fce144c08e05f8df3b
-
SHA256
71768a11c8503aef5ef025423e0dd41f526bb5ec27ddca2e128bb7c1ad033c82
-
SHA512
41b5408de4470a95d565a80c5a5596a4b87edfa00a105fa7b683a4675b043d5d39c829d42db94b9835b626aed30a9c36fa16a9baf5d72619013d0d6b63186fa4
-
SSDEEP
393216:P9Ow1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951b7:EwnhA0SZ0i1C8c2N
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.program.androidmonitor /system/xbin/su com.program.androidmonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.program.androidmonitor -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 45 prog-money.com 47 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.program.androidmonitor -
Reads information about phone network operator. 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.program.androidmonitor -
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.program.androidmonitor -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.program.androidmonitor
Processes
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5f5bd2af0588d72a3ba832891e6fcf151
SHA1f46fa8d9d3ec61bf806b92d3eb606b5511989dc9
SHA256ee3ff376411602a2c14a0097f41d6765ce2acb95c0fd454260bab19de1660d75
SHA5121ce2eee4c5d847d153d52f17f3e15cdb9f9c855f714435d4f0da24c3e9f83f4d11a80088d161b5c180f0bce8cfc91c46a5a1f567902505758ddb87203189090b
-
Filesize
20KB
MD597100cfbc4443e8f7d0c28b0682a96dd
SHA19662c9065026d4c8b1160f17880b8a971ffa98d9
SHA256c65ddd08c3568f94070aa0d66f51bef141f2b5f4f1cf521a17808d3d4392e2b8
SHA512f3398267c43b08d54ae8374253d77de4d879dacd9183e8425014ee6f284fe35cbee2d21695bf1075207a23829682a3d8ba6a63438a697da9f6523ae3dd2c59d5
-
Filesize
128KB
MD5204501923b5486a4ffe0f99d224f4a01
SHA179f1421f77675e97a623d0fa1552f04a2baa1849
SHA256c61b2eaa4a9b983bed0ea2598cadd14ea6a6e32390bfe283ad14090cb9b9578b
SHA512fa6a26811b855409f1c5da9d5f2853a095694e6c05e8b7bb9e61026063f7465d3276517e3672c6a3c929094b0d06da54972a048177b0984f677dc947909ca8f1
-
Filesize
512B
MD537bf8b340010957aadc5b315374980be
SHA1a293edfe55ad46f2b62438a7f5cdaa7932c8b9e0
SHA2565afc7d0a31af11443a8ed9250789af460db81fb16744641168f315c40a5ed77b
SHA512f8ad7055264d2a6930890aaa37ed74e2d389cd05282a9247d7826c7351c00e5f3c37252107a01a0efee3af6f177019bc8ccc10bde3922d58d04f6a3cd3f6621a
-
Filesize
8KB
MD5011d1e62ac5668ea2bb5207b24bfdd64
SHA14d9cb5a02dcbee744c144a0a837e0d6b21d1dca6
SHA2567416a57bd7bbf376c66cbefd47ca9507459738a26f83b265d0451549869b732b
SHA512baca211bd9d6d242d6b43cec48f9049b8b04f97177d30bf1e28ccd84eeef42c10425370eba0900642a849f99e544011634def5202ea33855edbd9a643b345949
-
Filesize
4KB
MD5dbd87b5b05169499a5c4658daa646dac
SHA18b5a35ebb2056329786c512ccacc9fa83d6dddc5
SHA2564dcf65efc75f65fb3e1e3887f3016a2150b8117af2fe52c4c33a47a56fb5ee1a
SHA51221ce974cd30e6f12fa236616083b06f033f8fc8997117dea59bd6f15945881ed62a64803976e9cf3dce8f2213516e0ed2debe296ce163fb651885de4625ff4a2
-
Filesize
8KB
MD53c61d5ed9013ca1de316cc8432bc2a12
SHA1257664308738d401ae0e724be23a7cec4aae83a9
SHA256fbd34b15c36f5b67410e1a96012fbe2cd74ed330f40e98303601cab98c3f7c52
SHA512afb4169c98beba84b9317de7b0b872fe30f93610f3ee1632160775888cb253e8188ec369674d64a8b23ec3bb7c0c0be722d1974364624821d2a47355e459be5a
-
Filesize
8KB
MD553eb7347baaa1ea5595683addb7a94f8
SHA13cd492a0d837e0679e65e97abdc7fee74f24ff46
SHA2566aa878a8d27bc4e478b5fe8c2c772021944d621bf4b9f8af56a2b2b27ee2b0aa
SHA51213758357e35145bd30b67b7cf721ab75a28df641c9a787571f7f5f399249694c6db80c71623330703ebe1fb97d5078e553503ec4bc476f2b9ed7cfb969ed726a
-
Filesize
24KB
MD5e4818869603be8cb5cd7b1506a1c71e2
SHA1b0263e460b1fd40b1484bc9bceae94073e5d2f0f
SHA256ff7e8b5378c00202919abffe372e3a063c227050a494c37c6ed587c68d0969a2
SHA512f69c8e37201b1bce2d9e66858218572a153ad5f880b9d0d2247bb876c79ba0c3d913ca2bfc4734bebfcbe3153e041ef9e9789c805df7502f62750b5227f12db6
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0BeginSession.cls_temp
Filesize77B
MD50efd5f5e25c3597c63e3dc173136e1fc
SHA161ce492bb7a6fddd228ce87f896cb4e7c9acd306
SHA256b6c60bb14e1cf729b760973cbba8044ff50b61e100a8d9ef588bad4465a09407
SHA5128ba7c5f0e4ccec6647b5fdaf60c77df9ab216dcd85edf06c65aea9ee1379501f69d40bf01aff7af78d9b8e19c8dda30a92881c8d5c786bf5a8f5ee39e690d007
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0SessionApp.cls_temp
Filesize119B
MD57fc1f6644ef78c134c03e6e6c2c7f79b
SHA1e1061f8f4e9b2ee3f7f6507e0be05f9aedea7e39
SHA25676aff657278d5df9761b61892dc4e6e157a39911b6167eafae94d3a65f30e061
SHA512704fe9a6c8585b6cc9529efb06d1689bc6e0b7e119b8c37387453cdbe5aa518313d63d14f36bb4ca367611ffd309bf95df4712c746c28ef819e22ccb01d2ea78
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0SessionDevice.cls_temp
Filesize101B
MD5bb49d2f020f4bbacedb2c44e6da9ff94
SHA12156117eaafa70b9a5056cfaa7047dfe53b18c3e
SHA256f1d4f82514c7a656b067edb48e90f1fd27181f1626dd8b561183e9774b88a9e1
SHA512cd8265005a5fba6968d44b9dc3e1ee505195a4d0a35b27d6ca1880273bb56dd8b1045f6109d5b6306ab17c4b05978dc0eac4d7b5781ca82f67441babfb9e4cd0
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0SessionOS.cls_temp
Filesize15B
MD5f8b3ebea29c91d82f009e5a9c6d11060
SHA199d88c4b39d9143084e777b93d9692a59a3d087d
SHA256b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe
SHA5126f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0user.meta
Filesize29B
MD5221f923f8e79d072a7b240f9edadc319
SHA192a61491632b6b4e9cde67673aa795a20e8227ca
SHA256aaec999ab0cce9e96a48553082c025ed0179de3a34a1b00b4925246c02c1ed29
SHA5121a593e865d411d98e508ec1e330a7b2790e6b309f76ac59fa80aeafe9ed7581d3f308a9dbdd11ecf9e901b6b67d75f732de1d61fa5e62fd538b7b64fe357b64a
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675F80800294-0001-10F3-7A94D112A1A0user.meta
Filesize47B
MD513a842d387f69746a8c9880873427ade
SHA1204027597b5246dd5eae1809fdffd0290dcb973a
SHA256e1aa39072a33740919711bca1e58dd4d3ba079b449637f353b3f1e755401b971
SHA5125af2a9fa930d5ee45c208104d9d6b71812aec5a8a5a7d7d9a7fb2b82cd5fb294f360d1eb88970066fae5a71907a1b05d91750f9eb7fb91c74b0bf01a5233fd82
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675F80800294-0001-10F3-7A94D112A1A0.temp
Filesize88B
MD557ebe120d6e68a1926cf29f4ce48b63f
SHA128a241b9a7b396bcaa44adba70082907bdaa6272
SHA256d4016ba855b9bfa8f9c1eb735d69a23a413b49a3e8070740cfaf635640ce3a95
SHA5127d38598b01963dfa01d65b1cb04733eefd87366c7c15070fdb5b74ab5e771282457d96c94c513542e18b847511f05ddd08508133219605c96fc551f6553a7fcf
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize3KB
MD59291fad05e93d3e3464f6bcaf69dc8df
SHA1b7ee73c8701dd8fbc568ae6b32cb0663c566b560
SHA256dcf70bc06d4c3fbf673604358a5ec309c67290605c54f344c427bbd5231ad104
SHA512b0e302d24d035c911ecb3336eb57079825c3e6b59a288c7f0d7ad03c6687fa69c810860e61f671d01a4f9a66acb8f1108d47e7ffc64060296c05777570a8b3b5
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize488B
MD5b49ec12e4146d129f8da3740d8afb6df
SHA13b4869043c217019f5d523dee03e4103737ba36f
SHA2560d7a114bb1f4586f91e2fbbf8afa9ba18a00155b69df3d98942ae2379a8bcff0
SHA512dcab32a60a21cc00f334cebdff9938a4c25ca5b486c1bf17e47df49dd48063e11c5d92ecd5539c6f44d3e7254fffcc9f83b67c7bd3f7a78f7d0b3327fc554aea
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.program.androidmonitor/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1796081f-fb84-45fe-a467-87af376e8c66_1734312065186.tap
Filesize376B
MD5779b3495c27ac429dda782c989c4edb3
SHA1bd44ba258daf9f6b8474bbdd8aadd826ca3d3afa
SHA256b760dc71060e345ef611b8f520e1a0428dae75783efb58060268376806b76cd6
SHA512a536bff051fa0be3231913eb950f55d886a72ef39370c904ace9ec5f65a62dfeeb0467b0dfe380ff75117f05d3ba20cb3e6bb9c2e70f2d836dceff1aaf9c127c
-
Filesize
48B
MD59978c774ba90edcc66bd37a0f3487a01
SHA1b251515e011e7a1b6c07be913696bc001fb2d3d4
SHA256c030abc45a8c3c3fc2af6f998f99bfc95535c639e0db664c4aaa89b7af5ea831
SHA512449ad709b82da504f667e3cb8517b27347df67b70941e53bd31935b2d4ed905f04ac1ae7aef504ced07d5fc3798f2e511fcddf5b4cce9094e65d5c5605a357c3
-
Filesize
51B
MD526e20c1992639aba3870041f0bd65471
SHA19b8af9b521cf0d9606e7c14a8858fa2199fb51e8
SHA256c08fe1e5520bb3d8c72b19637964d1df37658b2d8677f5ecd062789b71c538e9
SHA51229e8045bef0c78c4c527f4bedfd82def7f3ca945cd8cacc993bd73e46be43080adc493fe1beb23a5bda96710de9055de1bb899355bdb3f93f20753c9164ecb27
-
Filesize
622B
MD5311cf870b8e937ea926b45a7d8166584
SHA1b7af613a24d7f4621941c6b68186bf6b885ff60b
SHA25622b926ef8d0a52345c9b7e6e380253e5d0ad444fc7e9c0b169c0ebf9a1a9769a
SHA5125f29f95823273e11ce1874685e68f367d25a6a461103f96d1a465fc623ea5450e28c3c6ab3e961aebdc10738dd9bc98d3b91f6a12660daff86cd0086e9a60823
-
Filesize
59B
MD5f6f186ee663a08f5ba1a28ad40de1212
SHA10220b8f1fe9f72a68746bc875e3eee1a6c435c34
SHA2562b3b4d3a31d1dcd9373f8d48eee829a46d096924ef487684d674db2774561f3b
SHA5126c0ae1969727a0ac444bce663f2af90d13863ff9faad66ab4608a9ba908721a83ced0314d478c9068a31707db4d8ea5790d752a5a05f2bc4d4dff280c9833073
-
Filesize
55B
MD52a769d5a81ccac9ea6c3346e347e8a67
SHA12dd5180e699fceed58e1d31db7c6b605954964c6
SHA25680d175d933cc4684ba63cb9fe01d2deee4603cf9b8030372461281bf6884e4bc
SHA512dbeff0c1f0bb11bccb837a51193e5abadfebe843ba23a826060f25adefad44a88c2c710e0e8ceef4529309d9c9676d97ff12aab9c4e3028e8cb8167cc261b294
-
Filesize
3KB
MD581f0814c532690f699592c3c44ae80da
SHA1d12ba775152cdf4c066b1de47845cf448fc2479a
SHA2563776b02e93b12df80aea2d9f7cf2017735d15d77f489cf698f6babc84870e7e3
SHA5120d8d57b5c1033c7571e5d2c7940bea378f2bcfcc237e80bb260464c52c09420f2a2f10d4982248912c5c94c1ce454dc026bf65bb2ca36d4ec7f46a5b7d8c592d