Analysis
-
max time kernel
70s -
max time network
94s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
16-12-2024 06:29
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/xbin/su com.andmon /system/app/Superuser.apk com.andmon -
pid Process 4517 com.andmon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 24 prog-money.com 27 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.andmon -
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.andmon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.andmon -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
-
com.andmon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Checks memory information
PID:4517
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5d89b97c875ff081652b3b9428f001eaa
SHA14ebf43d141d6b4438a022498b926a5988598fcc2
SHA256c53b2f113103ed317647eebcf65a5e921d5537f66c9f42b48790eeb804c06447
SHA5124e9b232878cb8b27f89f4f11cb8aeff3d87f9875bc9bc05d3658d1105705a5ce512471240df91327eb64f10c96da1e9f23579fcc5b81b7bbe5e9e54a5ca5f385
-
Filesize
20KB
MD5dad5d1eb3fa8ffb777a3d862a67a1a52
SHA10d1fbf27ede5166c7b3fbc63d12f3f390ecbc800
SHA25607f241f53ad04379da93e2d95ad4bb8f99d220ff6c7e24f99de35ab86258b3c6
SHA512acde845157bbfb7ee649ba1a4d3ac688cd2a96dc1951a21dcbe6a484cf6fa319f345f611bf74f00be1ecfd49d0baef4dc12b294e6967943ff98912ad4045eb47
-
Filesize
132KB
MD5f142d2fd3c6d3be74f31fa5c6a505a02
SHA11705ad537c160fa984d5ea538e7b1b264c1e90b7
SHA2564a9bedb5180cdc201968a8dc3cdd0b32de8fa0c30cebf4dc5e55f8146290a56e
SHA51235c0edea4855626553e7de6469c77765f0d213454d0418b2703ad92ca52589421c1201d0cabfd530712915ae70183d01cfb66b5e1455c2c9cafdc176c53c26c5
-
Filesize
512B
MD5578a5f8ca35d1c8ec4e88d22129d5c63
SHA16d8d02596cff568dc4d64c0d94221afa7d07e013
SHA2564e95dcd02f04b3c7c38c63a38c204c3a7f8f94976a690afb5c6b7dd12bf07e18
SHA512ba89f8ddae4ba468990adfc1d08c2932cda96c14af8de1f01b9a6e3c56e0d1d5d9aa0fcdec1cbfaeff61e8bec2325e43506f64ec03147b0861c242417d50ba0e
-
Filesize
8KB
MD54bd1dd78ce0f722b5fbf643392454f76
SHA1b2612d4221f9bac70cf14b10132b76d9917722a9
SHA2566c207a509191d3e148ab44cf0427b23948577a008239fc32228d751ae9b6d08a
SHA512125dc612977d949d9e27287c95b305e831892c7d04d3fe46581a418ea342d3cb1d84a5f8951de047dd6eb98b242f1183545d33c4dc1693233f6cafc7b54b6328
-
Filesize
4KB
MD54cb177e9faf8802aab0860331326bec9
SHA1f5322995bd5208f0a8a1e7bd8d3acffa5dd60aec
SHA256f992a64e2c27be7fe7f1f438c235d0e3a1039da59a512ce55a069f84acdf1417
SHA51232b4d0f37795bcb1c8adfd7b48492ee0808eba34097bd348360ac4b7b4b53dc9f080c598423316aab3834cd1cdc14bd6fe36294bb9166a73a2ee2004b0f1c759
-
Filesize
8KB
MD516d3d35034ff203087eaa0846d8bc45a
SHA1c64c733fda6ac0fab3d9684bbd8046f452e81595
SHA256da26fccd9f5dec70b5e958aca951196177d8afea43b6d07a93b8c96a6be9cb08
SHA512362a107fa719e0e3c41e474d5384829e72455ac17b7557115b4873e3277fb508c8ecdbe21772759d4497f537b18b52fb8a2c32bbd9b6e46b7ce4d6c9bb3a216c
-
Filesize
8KB
MD5e02ece4ba3b5e328ba07635da0de9006
SHA1611e2265a43b59992b36361e290a8f3558ae67c2
SHA2568b121b5863d17636532c90b22479e59939485d257fc16b0d37d68a83b827d39e
SHA512825640405492f9abc179b9cd4ccf9f3696b0081926324b784277e98b14a0205de7bb07a1ea1650e67bb3d5141a3fbd2e6576d7b21ea3b1d8e951a6eaed9709fd
-
Filesize
24KB
MD540e8838264242d5e77afb2fc368a9fd1
SHA10d20d5e1a4ec5c24d7aee1bb16649a24ce319421
SHA256ef40270ebf128db72b273b48535734ef2d5389029f9cd2282d6788348bce0efd
SHA51281891d305604a8b91a76ca8920459ec94185ac0c11fdca8a404feef9b40b1e35b981b1ec865180136c33badb3e23db1bb1ed3c5e7d376f10c38a4596559863fd
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E60204-0001-11A5-82514F0D77CFBeginSession.cls_temp
Filesize78B
MD5f6233f640249d52b8c7be199286dfec4
SHA109144b4a6acf216324419817b8e525ff4e19ed7f
SHA256ac89a2966c8ba15ff38a7a54bf766391efbd8d19ed2dd6e193d01afe62badedd
SHA51212fdda04e30382b0fe6812eab2c1f858b178eaf9799cf01ac375293f4cd724d21d53563375eee9d353ef7ecbf40dcd7a32487474ea55e01ab30e93ce48b4f68c
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E60204-0001-11A5-82514F0D77CFSessionApp.cls_temp
Filesize103B
MD55c4c2da74d507a53c50d97c745906b16
SHA1ae3fb16f5b12ae86e839e44c211c21e65134bf08
SHA256981b44aca775d91c25b2d8bf87f260e55bd923680b21cf4b824c33bb75561ca3
SHA51220156dda79ca28e4181180b36092d3fa8989b450b5551e477936a71ac6f2af89c04e62f3824eeb7ed37e92e6134e331becc3be1566140c809fd247c19d20b753
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E60204-0001-11A5-82514F0D77CFSessionDevice.cls_temp
Filesize88B
MD52824869e2b48847ee06aa112458a4c18
SHA162ac324365ca456ba4e5308a446b3a95a30d2aa6
SHA2561e6829928e284cc18fd68989ae7a5a2a67970dc2c79cbb94e49263dbbc5621be
SHA5127028d0b43fb51081ac279a3846ae5a589d97657e403dacb0514ecf08dcd2b38c573c50b6b845fa67fdef7027bda6445011f0c6c7d3de8a8005ff7becff5c74aa
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E60204-0001-11A5-82514F0D77CFSessionOS.cls_temp
Filesize15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E60204-0001-11A5-82514F0D77CFuser.meta
Filesize29B
MD5f5454a0160dd1c70ae6ca4b5eca84966
SHA14649dc7548bf4e3b473edb8faf645bd7fd1d12fa
SHA2564ab1a2641b9a60d3b60308e63592b192a71be9d10ad793158ec43131a7c7ee40
SHA512de8e9c47fb0c4d2e913bdf719bcefcebeff26aca3e79da3dc2acdf73a00c85c130487f2ef181605562ba6cf69d88206c9c0f592bb4ccfd695262c01239b664f3
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E60204-0001-11A5-82514F0D77CFuser.meta
Filesize47B
MD571f360ddb4cfd7eefc8d66ad9ab29dc3
SHA12b476760bed51444e0182807942e6c0b516d8e4d
SHA2565eb4961a3f79e653013019b4c2f61a65ae930c33f51733f127b7355a51a13e35
SHA512e8b8f692c1fe6a6cd3d6c268bbed983733fbbb822771e2f6b5cb915f26d82a583759905bc30470a6eec71828f7d49b60406a5d5d323556191195cfff48bc5514
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC8E60204-0001-11A5-82514F0D77CF.temp
Filesize88B
MD5c3300c1929dd4cfa5c017c2838aab58d
SHA1b80414611efa84f5ec1c3dc692cc8248ca0ae6f0
SHA256ef3d461378e6eb9873a9c7c91632c9d7f78626dc8e03acdcf237818009a1b9b9
SHA5122bbdb27223cf94cd0099b9fb4efc0ff8f0ab87ad5981889de50e47827b2f62447b5f43b0d461e26726b8e5863cffc91ca4125d359ba1cc5eb781cb4ff53548f1
-
Filesize
410B
MD524d09cbd064ecc1b6cd7588c86e103e8
SHA1b922ef4e305034508f75cbb2e47b4d2f58190908
SHA2569dcf40ebb483f079793449266c0f632d3b5933b26fa1d06c00c547c4f09afbbd
SHA512cbdcd09eb6df6f45ac3aecb76e9047c07a7d347038b4cd7060c0af542ff65e856cc28031c0f3ce99220a5232d237a0bbd56f8935b4c22ac3627232570c4ae484
-
Filesize
1KB
MD560d9c0223550f0795ab3351c8a8c331f
SHA1ad57e1cda8e57a4534e11ea4de890abe7d83f15d
SHA256e43ec58a54e3f0598647ed465ab0b74f4322da79e70846b53466e2f5b97f7fc4
SHA5127d9d67c9f98c61175f85a9b7169ad038c5821a6c2fe74cd04e6598439eb71bd213f64d0f8b6d1ecd6b29ded7a67cb52432ea122a026fcd3c01b795f89bdf5d26
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_4831adec-507e-4846-9b2a-3676098a6b69_1734330599342.tap
Filesize335B
MD5d305e937de58925344ee4d3cea86a3c7
SHA13c1b6f417490b6e2ad9b97c3642db88b28044741
SHA25644e84d39f6d18edf182665220020a96c8f33d975386d28c1d56b1fa356fa8bff
SHA512a4b50c5343e1f09d1d91686cbe2e6698803cc7388cd7b174baed6c0976dc2ffae152193b0d82cb1d86a4d4dde6535bec14c3b24136b3d1b1210502a43715091e
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_919f99dd-97b8-459f-858d-7ca184df536a_1734330610620.tap
Filesize415B
MD568693ad1fcac304e82c2957a7835b979
SHA1fcdc0860dff598259bbb18124712ee62d473ba99
SHA2565b1e787a0afe91bd11f7e0cba9d723eef225d519623be53be0f0d808e96e4501
SHA5122956abc30d78dd67715e202c74f7e2ce1126721ad7c0529a44ceed347df2dbae0453d63d6555b5c23126b50858b7065888d46cfe8f59e884efc7245dd0188841
-
Filesize
46B
MD53c6f641e8032ea3ccb6e47f3f60f879b
SHA1accae170691eb10cbafbc3eaa1a1f493f18147ca
SHA256c5915d7327feebd5639318a6115e960fdc7ff4f0f76cfa5f5499bf7c96c1c933
SHA5127a39bc20360c71f3ee806b03a5d52c545e1f0ad282fbeeafe4322df746dd2f34a0454436001cece8497a7ee60642ba93e7e24a8ab7fc0c5a5f7e0cf5268964f2
-
Filesize
59B
MD57482e32494d62f9e1657205931623181
SHA15afa319427004cd8dc35b49fcbcbff2cc7141bca
SHA256c66ca35024ee545681244f87d0f8931d53831ff85be0dd8c35b5189e82706f29
SHA512545ce024e5550dd8ed8deff5475248aefd493ec25dbe938498211f34059a44550dee7d1516437f7810c1311291936787e1da7bcac34883e7e68cd1efa52a701e
-
Filesize
74B
MD554c6e9e3babcdf3edf6e96a89f48dda0
SHA11094df2765aa401d18981c68632e84b9f7572d6b
SHA256ff84ea46be23cc79b709d645a509777ef8765f70d1a9d7f43a6a4eb4f82375ef
SHA512bb054569e166ba331a3d672d9fe54ede0980943f901a25cf91571715d2b289692fd198c78c278dcdf9366626547b742ed570fad65570d6e8ba7a2c883976d7d8
-
Filesize
55B
MD5823cd98a816e673b058592deba7af655
SHA1f330198fb6fd081491860edc2c19c49a185cd28e
SHA25604b8a421b2b1acb15b7bc308e7456a32b82f9961230ea01f5af6cc460d9e5ea4
SHA5121f17b0c4b528d977421bd22e0c5bb7f246800211d8fcc0d974c5c104e224bf4c56fb33957ce7c8deb66459b4f72b0a7525585eca65ad975d8ae1ce98efaf18a5
-
Filesize
48B
MD5136ae8ca916e40e8710000d0b90e33f3
SHA1e421cbd758ebe4f2e298c5aff294f33b4c169115
SHA256ba9817b5caa785367ea227033e5070ade4bff294f5c347f201fd56666d0b4b7a
SHA512a28211c8ca182baa7dcbb82d9e8f9f53316385a1a8d7003e5c6e41fb89e7bfd78d07a75ce7d2366b55548bf9ad898a6d7ceb6e7a28e23928752a35c3aae392d4
-
Filesize
51B
MD5b983834ef8766b352531ad52123861a2
SHA1d6104531b88c1b362a08e5198759e10af178ebbc
SHA256f73587d33ae6cdb943c1fa65e29c2d22572e53c940ccd20870776e66468e0cc1
SHA5126b0488ed5d285284556eef4173c9677de29d6b69a2896f540b7f1849307fae1b70f15b3356e7ddd05387874360922c58c6c31c111917e808ec2bf82ce01921d2
-
Filesize
622B
MD57d9b53a161afe07a0ef34022ca6bb25d
SHA17bb2ce6501072c5ea2cae4e089f63d3fd1d2199d
SHA2563c789193bb802fcc21c22f5c8af27d3c9355c848801892957ea094631df37a63
SHA512eec24f8b7b1aff2b0bb970f42838c3ad9da06bc026bf56649d84b5d7a6d7ba6ced8772591b922f61a150a86e285dc9b0fb5741c5f18d519944e92acd66afb706
-
Filesize
3KB
MD59a684806239d7cca6ff41045131036a5
SHA1fa0813f52aa8a26bc076af3d984d11036e87d288
SHA2563a82d32309d3ae8e377f5c0687e7af9d88c946b61103b651883197adbc9471dd
SHA5126ce7dc8a7ca6fa25ac67e26a957772761a178cbd03c1c38e18af5e1010fd8d797a58fa620758822a488bc483cf6d1800686613b02402f9e82ac3dd6086b39a14