Analysis
-
max time kernel
44s -
max time network
93s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
16-12-2024 06:29
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.andmon /system/xbin/su com.andmon -
pid Process 4995 com.andmon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 12 prog-money.com 14 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.andmon -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.andmon -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
-
com.andmon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4995
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD549372c0b0623769ffd38f65a79865f78
SHA171dcc6d2392923a01f9f7d96f36925f41e4bf1e5
SHA256d6ba706b7d55ea2409d59452d33d65048bff03a41249c92ab398630b5b8ebab7
SHA5123fab18084ee746b13baaaefbd0ab3bdbef7b1fe0355fcef79b326a6a3e0a941e0d0b92e27ccee4bede257ca65c33d6ca12b22c8f082ee067c006a1d4cdad062d
-
Filesize
20KB
MD5c841e41f0166c8f3a193ae33b35d96c5
SHA1ff7f3bcd75b23c4796fd0f44030f4d8c08e4311d
SHA25654939929148ca5357731964d3c20f85c7056775570b845c3c5f13ce74386f61e
SHA512e69aaeac9680630d40641783c1738a60ff29247c341abed3870b4ad472b1eda5314a68fbaed747ffbbe747b746089a1521cfc8e377e0a2de0599dfdc8b940d4a
-
Filesize
120KB
MD5179c5fa1a63f724d95b561d186465445
SHA13a685f9ae6365676e615751d441d50e3f72da7ba
SHA2561af9f8e214e7ff7cb6fd526db3b3c9470ce5d9797613f1ab12ae971972c9d265
SHA512f82a4611cd10d982489b0332432447daafb7b685685f65a992b28d7bfee8ad8f7065163606b2e30c6ae83d5e209aa2ac20739fab4ba22d1332bf4bf30976af1a
-
Filesize
512B
MD5b663dc5054bb8d8e6f7557e3e722de04
SHA19e5b35979877458f478e139bed9dd18e9aa8b8a7
SHA2562064ad68400696aa71d952c957f93ac7b9dae4c47db63e772b4986a27d539c5c
SHA512bf56fb17f2ffa805f63438e9ec7f5e1679996c4fdb99e41bea3b44ae242472804ac895eb4417381a853bcfc0e540fc5e088bdf1e5aabdf3bda8b4e1b9bd810cc
-
Filesize
8KB
MD5dc195a03a2ab46c0229dc9020786c09d
SHA1f98a70324c6708bca5b81a174d16930cd353aba7
SHA2562d0396921f964ad49416e5777e090abe2423e8c22811ffea24c77bb3b5832ed8
SHA51284216cd329c71adc263ed121d30a75a92af9680a191aa6c553d9f675f4c7f04f3f9fe64d59eb775fd3d40dc014eee9fb4e6b237120a4e7d6016f956dd724f371
-
Filesize
4KB
MD5cbae9a969ad16230405ffe9c0ac8d502
SHA17b2dca1f6ac7f5faef479fc44184475344796d30
SHA2568e598f0debd7fcdb0c02aaa17c2eb4374ed9387378eb892575a58df0d09cf222
SHA5124a8ee05ef87eedd9e3245db9c009a7cb70ebe6daf05d59ee7d2af65c99751cdaab7647203bbc45d15cc519da8fc809a07a425e57a560a80284c87535d58b8d41
-
Filesize
8KB
MD5771b268460bec2fd1bc2ba4a73a21be0
SHA1a4b02a6041129232a2892147b36793a3d1235cee
SHA25607cc25cb0253428fe59db417cd345346fdf36a7590ecf996dfd9f4423b3be327
SHA512cc642693bb2c291482ea36fac3eae46407db575bf39d9b5040c68066dc85f4f13c850a88d91fb27da4d922c02fe7668502a39228b25207afaf570dab57fb9ed0
-
Filesize
8KB
MD51fa7ec21d475fcfeaf6470b7109c732c
SHA184fa4377546b2196bc73117d323ee31172cb99bd
SHA256dcd1380d7dbd480a9814f9622a785139dabace0c77583272431c3c2d71a625ef
SHA512c04c8d8227ce336943add2c970995cebee6c9ac5ac8ecd2c6ba69ef1e68d2a3082fe9f4ecfb6ce1a93755f83d37246fa0429bccb9170b95284f4c2b03e4ec4a8
-
Filesize
16KB
MD52ac921311d1d6d6527a91ba552c4bfd9
SHA18f71467abeb01bfda661f36117216ffa400be8a7
SHA25625c1cad7a6679b29cf0b30983ac1316f0bee36e309190ca6a47794e614545f56
SHA512c9949c85b56ea2e205f45986ba538ce3f9438befbb03c20c05c6c3c2bad462a9a4719d82d9a0cd4cb2b777b99fd845a0c43a248663611ab7dd3e7c7f39fa91c2
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E502AE-0001-1383-79A9A4832815BeginSession.cls_temp
Filesize78B
MD558b74d22c31e80a62d1d44f2a070e4cd
SHA19d4db3f710755f2fab486cb7a55a1431e93acfca
SHA25665c0cde1b6fca45e6f88e27b3dd301e46b755004689f11a73eb5676956bed40f
SHA51252b77b5802ad071d29822e6ac5a6e76e93ae413d326e03fda7f73822ced817cf21d4d7cdb57900f6d5eccf30cb977a96ccbd89a7dc5b6d2867a7a82f18382a89
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E502AE-0001-1383-79A9A4832815SessionApp.cls_temp
Filesize103B
MD56e1f3bea41b5b2b5c1b562eceec611c7
SHA1bb72e51620f90947bab049beb36e9bf5e0e6cb95
SHA256e7014b455d860e827679e01afd48e2c852483ece5323fa7135e8d13367145731
SHA51278305a0a2f2169af7cd4b6658ead0c4edb999ec185a0386054de4c438971f4225b6bb7c52da91d84615335c0e7c8b5cb9666335efe29c087c8af8748af1a64f7
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E502AE-0001-1383-79A9A4832815SessionDevice.cls_temp
Filesize88B
MD5d747ae4bb811123d59bff0ad5d2d41b9
SHA15aedb7ae9735a23de466b88699909722702e26a0
SHA2560918ae55143e86e705406ab2380d9074e47087847a83c174d2abc4f865af1a98
SHA512b3068d0402d9a2086d5d38bb2751496d9da38d6b709846f83727bc80caef2b3cf52ff684d983af4d2ae54d70e079e0d454d61a5aac2158c99188b788c6d17432
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E502AE-0001-1383-79A9A4832815SessionOS.cls_temp
Filesize15B
MD52566d27ce8c28d8961f082c375d7535e
SHA192fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA2565acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA5121c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E502AE-0001-1383-79A9A4832815user.meta
Filesize29B
MD50894dac0db7f46d422b59c6f510e4782
SHA1911b2635c867e50aae25b122432a7aabb1bd82ee
SHA256ca6be64d52985609511c2d1bfce73c70dfc67ea2a759b96518ddf0f8c279ef1f
SHA51267fb14dd767a7d743753670c9fe1e5e619a78daa3ac02e885aa0df3399b50ef6a0a686899787bf3f97f5d683551e418f90d93a79febe7bf3c8cb241356f53f00
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E502AE-0001-1383-79A9A4832815user.meta
Filesize47B
MD5dc06e3d3735c9358d7de44a778195a85
SHA1eb894316c826d6ce2fdc6c6ca374cc4165a068ec
SHA256420322d5e17a1a355dd30dec5e5f64bf144924c39841b257cb0b34be1fc54323
SHA51241c6375c367390ae147ebdc4c4784019d279da05af123a1c13cf6d330ef905332bd65a0a034869a006076901493c9c2cb5d95f6444716e4531689359e278251f
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC8E502AE-0001-1383-79A9A4832815.temp
Filesize88B
MD5a2202092adc59519fea9ab3fa733b2ac
SHA1c9aa84f0453fd3aafca899936005815416e6bad1
SHA256db632799fe9e0736f9b09f147282ea4607a1e1834b9ada8bc52c54b5c1df0e44
SHA51271e3fc7f70f87e5bbbbe115b85ee02f86faa969a0fa56e9df0a4a946c46570529ce542593aa5a152c3e3972aa693898dcbc57b5a06143f2512bf86a92df47d5f
-
Filesize
410B
MD5467fd090e35e6bc2147eec490e6a0e0c
SHA120f0447ad594ca3d433453285e36904d6d5b4c23
SHA2569f4fcff30b53697f15b1b4d726d4c5be32a0fb2bd9ab726100feb775c8be876f
SHA512b0b6a0e9f05e3e9e2202b07ccb5b8770ec0e5533dd2a28be97b8fa7ca0bc8af24b78b03529e19ee77baad40ee2bf983ad9fb405ab59077a509054288589270af
-
Filesize
1KB
MD50e2bf40acddeced37b331217668a966a
SHA1bbe7602a686df44345a391f32afc532f881cc327
SHA256dc743ee6dff7847c2d174ef6de839e3f73a46e7d5ad0a9b6fb8bf9f592d5bb7a
SHA51246e0872fef26d16769f5db13e13a1fadde195cb8c56ad77ac52241c66d1b4905d782bdf2ab8180733f40d557c8335d75942d79d80be428c06ed291b0b658b9a4
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_4e70ac93-01c8-48a0-8210-e8c4542a6a87_1734330598345.tap
Filesize335B
MD5423c37812bfa2698ad7cd4f754ed2e2e
SHA1a2cd7889ecfcbca2746cc71f6a9b23b3f1d6016d
SHA2563be943094e6762cb7c01418f2cc1ad9a94ffb1c14204308c3c632737f80016c5
SHA5126d446082ebd1a3ff6573de5b9239068ae54eec2f5e3d2877ffe98d7287da8040603f0196f54d2fc72c75c5c2bf2710f7ff2229c45cc157615a927ab08e8dc5da
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_9a79f6fe-f256-4f28-9b09-6b62dd322b91_1734330610110.tap
Filesize417B
MD5f45b10a2d53bdf065cd589e3ac66fa10
SHA1fb2c84caea409d875396449b2b77e4bfc35eadf7
SHA2564fd623a1ece70017ca10c9eddcf9c872fe9634c15c22fd1305f3834ebd5c23aa
SHA512e379b14659e654c507d9cfa9d0f238de6bdc1ae13c1f74ec092f3114a5aab19370be33a930d71f62339bdaa5f987e1541456ad55584b4ae28f7596e41bf5ba65
-
Filesize
46B
MD554039e58d631c2b7a050b2e58245d789
SHA1176494e35422372483d962e476ac8f312089f2f8
SHA256bc6bc8ec4f1fe29f45f5743a04976edef047324321d2b97ab8df5d67d3a7227f
SHA512d552d571f6534c7870779bf4bc3c7b2c04c79bcd191bb1f595b6fe14767b6ae7460cb2afe344b3d7d7c48389253981cdef61de9af5a569dd6e5340661b16d0f2
-
Filesize
59B
MD54b44e6613adb6c502bebf6a60b5578a0
SHA1ca501ceb8ba5dfc4f9a42d03322ad32706506260
SHA256e6beed6ec944faebc6b69cfe53f3b01cdeb78d76773eb8966c02979fc57e5171
SHA512420a707acd7d2361cc6006af13a44a5665af545119ee945835f6c0063c42a2d9c2860d2fd47ae7f82984805eff741cc1140d77d7539a42dd1285b1bd9b5cd854
-
Filesize
74B
MD5f69f56b5b20c499dad0beeba3cdeb1f4
SHA16136261a91e3cdb4228fc574add489932577969d
SHA256d3892b1f9a02bfaf8e5a55faa83f0a93c3b34156641ea5c4cd40490de0f5c322
SHA512207596664b41a43b06728ef1de71dba9f4c2d5e7d2207b5f057483ab7e563146191beabff2e0daa57794d9c990c391bd4ed9d616d16a2f8954c6faa565ad591e
-
Filesize
55B
MD56d16f29309094892d3fbc49856972640
SHA12af59a2961128deda947dd757eeba9a55838cb40
SHA25672e8f05a242de9ae7b8c5e341da760c05711ce497ad80955d235b7df88d33f15
SHA512a301b6030639a8a688010b0e13a827d862c8223a139b287e048cdc6054cb34e17e9a8017ef99bd1379622779c7dee715f938d65b43ea2524c156ea9dcd48388c
-
Filesize
48B
MD546ad8b961a56783d3449a345240a12e1
SHA16ff39aaeb4b8d3055f46c3ea21b7771dfaa38e0f
SHA2564a6efc1e94bb02f32c77cb68f01f7a0cb6b5c5534488e011f9a69374a701e46e
SHA5127b30cd5ab861c793368ed9f12f1bc081692474f3279a2866b4a55da3ed75593f1c9e6f07798967966d4bb24c9bf95cd4d57c0a9be809eda2809918a7b811ccae
-
Filesize
51B
MD57ce70c28408f228f911d4740c03bfc27
SHA18d7af3f24fd70dc318c9eaa259ec17c4f16b2371
SHA256322dabf42343baa9f7ec9d6f2751b94f6f2089076ecfecccab1b791d9c95f294
SHA512c9272b0e6b751e706dcfd026cf0708a16e8c92ac35a7b36c2c46d59148aa5f2e63ffa6ee2222da312c0dc88e1316b3230f324e7e9f432a79565154e722b81c26
-
Filesize
622B
MD5f3663a86f8576e016c40270a7c4664f7
SHA14e6719d0eeb5c5383441401fcf706c637cb3c481
SHA2561caee394476108f69d432df56bd018ef33e7ad686f4f8220883f967b7ddc2e7a
SHA51266c78cfcf51184159903d7ac7e4eee19213fdd89e3b955882de28dbb4e13920f3327ab6c5698c2b1a830f9ca218644556aa5ab32da06b1c49c83fe8ec452e925
-
Filesize
3KB
MD5e8b053d616b588f8c06981f59ff90471
SHA11ddf4ac8c95e84a86bb3edad353c0d44556f0189
SHA2562c4247a6e47a0f460815efdb3df9f6baaaf38160283ccbbf739010d57a73d679
SHA512b9d1acfffb5bffa4a6edf5bb5b1cd9e26e0ea0ea2206917bbc357fcfa498300bb695c28712813289f160d7d2fb8ccba51687bcb224223625fa34dd366b0ded6c