Analysis
-
max time kernel
35s -
max time network
77s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
16-12-2024 06:29
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.andmon /system/xbin/su com.andmon -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 40 prog-money.com 42 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.andmon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.andmon -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5b5a13b9851c2ee146ad864abdf70d8f2
SHA13891a7f5ad66b5332800005a0ca0d71076c17b15
SHA256bf50e70044867c15cba55b2cdfab8511396234e762df28f08aeba6eaf0c99345
SHA512255f410f312615bb57178be166b8ca0414cf6dbbadd54d51e554ba15a1c59fb66dbf7a355caeca146bf0731811db15f41b84253250149c85e416fe4aa7428012
-
Filesize
20KB
MD5ac15d309782852c2f78b47fd7525f337
SHA17972a33f85abcbc6299af386bd89ebbe7055fe54
SHA256a58e31d4acc5bc9ada8365ea569ec0d513eeb9e886ea636dc43a503245e8775f
SHA51248a0b6a92ddaca84099be9e42896d1a7a9332f3c717bba28f32b418215f1cfbc4d2ed3512bfdb2942cbb73a9febc00cc40c597ce79e424dc747f4f056fc3d6a1
-
Filesize
512B
MD56ebe4b6fae11a2257f02170b98fd6716
SHA1168b6700cd31feefde13240d53be793400257d8a
SHA256c7cd31170ff205632e3effb86751ce7789085c58f5131c61546ca496c7955d2e
SHA512fc09c4a0040e4bdfc2f78d740746147f966a8b61558bbed248b052efbee6d8a143b387a9f83544446ebc18025ba40ffc3d4f83227ad42c4121782b55f9846a98
-
Filesize
8KB
MD5adddff0a72892d3960c2ed9730a572cd
SHA15bb699652128329d939ef00cc5635406ed32eaf7
SHA25658c1f8ff352ee0de15d80824a7e3ee14a2f6bd762f7e897f8993ec9c4c8739ab
SHA5125ae8faff9327d822fb92e92b4b2de516e8431c8d7f37a36dafe2ed3455c986613bfee531706736e492df37cb5fb1e4a2b68eca58ddaf5b91835866e2e591cedc
-
Filesize
4KB
MD56bea9b25984efc6cded3b894e21bc950
SHA14cfd4d5d4880349f3a2f515c299cb967faa0ffb9
SHA256162931b3ab788dae1b17fb3ee77219fdb4d91e78246c8d9c17a475b5ca66d038
SHA5120729e97c3ce28709f32826619e94d96e3ef9cf50522d1058379a5c06c4cf11b4d2fa13d3ee2fbfc31dee56a4adcc899a6e082e7941d4f9557c13167d741c0065
-
Filesize
8KB
MD557a299ed60517691e86e60cda94d9429
SHA16a19cff78e13098f04144667cdce79be1481652d
SHA256c9129a844e05c1121b199afa53b1205438a1f9c7b6ae1df4c2e090d8c5f8c1e1
SHA5124129d607f4575eda4c01202ce56a9ec5290932f663c7a207030367c9e4f08c466741068d838ea5fd892a87c0278d7dc0d75ce3471f9716813c69f232106c6bed
-
Filesize
8KB
MD501315265a61f92372a6d3d45762cdba9
SHA17bfe9000fe2d5a17d3a10825de1bce16500db594
SHA2564f8df40faecbac0e91acd2c660e6cde4c216914467ece1cbb5f0b4c69118e8c7
SHA512c21db3ed1d33fa85543ec97c63711c61669f2abfeaa6cdb5bd6803d1d7a224ab422126dd752734015657205761e5390271d5ec5f13d6a453acec07434f674929
-
Filesize
12KB
MD5c72fbc3bbb3be768e6f9a683b086b92d
SHA1a7f5c8113f91d0a7b14cff641344af474b0e435a
SHA2568861d8698dcd04f7b33714e1f5c4c22a5c4ef93be9c7b894cd90d6deb0ed464f
SHA512f353047c978d30654f64beb872bc1bdb02e46332f7cc74b3753c12d8a8acbf9eb6a185bfaaa47a5bd48055b7e058f7463ebd9ef6c6b42546d99acf2b6ea116d5
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883BeginSession.cls_temp
Filesize78B
MD5f4228455895342c2c7b49265cdb6f882
SHA1c0986f0f9b3a41fb0a1913b2dd908169b81f57f1
SHA256cd7944e31cc747c950d1e154e197739c1c9a1a0283a9b000bbcdad323c49c595
SHA512de2d61519f31b38bd99cf153e55f5775dae8e31ae4d6be69309c755724c8e2f40364e4da03a14b5088627d95f885cd2742b25abec21be2509593acf11c8778f7
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883SessionApp.cls_temp
Filesize103B
MD525cc1a657b56c984b269dc7b3e15f3e8
SHA17c82a76397e4c822c61082471e4a92f106140001
SHA25687529c0445753d4140fddd0aa5fb841e76c6b14506696022dd2e449e96e32b83
SHA512d883bb2a2224c02e80090781e66fe2019746cbada935f00528a835bac171094c1cee50d4bcf93e7efb4ff09f9d1d67ffbdcaabdcc712aad7e12860ebe8d67f14
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883SessionDevice.cls_temp
Filesize88B
MD55fee9c379a13cc2b9beb99f24fbf86c5
SHA1ec28c3b0ee5c50caf722b85978131c88579f872a
SHA256afcb34234ca38b20217613102a63b241367853889911bcb3327a04b66947fa7f
SHA51265e6239efada615afec003431ccfce1e04442ffcf9012dddfa1fdb7e2e2abfb0fccf94e34b62760a6538de19dc38c8e3ef3f38e728024f3933a181a00a232a2d
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883SessionOS.cls_temp
Filesize15B
MD5f8b3ebea29c91d82f009e5a9c6d11060
SHA199d88c4b39d9143084e777b93d9692a59a3d087d
SHA256b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe
SHA5126f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883user.meta
Filesize29B
MD52ab8462142d0789da5afaed9c145213f
SHA14896fef0bbe31d39af8a22475afc88c1d5d7c0e2
SHA256a54926ad8d23802a5e64b6bb87a6d3fbebb3633f3caaa891fd15b711629571b5
SHA5120b184c789e565265e6cc9a81d3eb02651d2870440bf7a16ad69681ca13dad2f749a03feecd524c923e0ede9d96316e0b17bb5b418c0e33edaa88cd1aa1acd53a
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883user.meta
Filesize47B
MD5e7766640f19e7b84075b9d3dfa00448c
SHA1a04e2256e9c5b3a180fa116ebf977af5f3f65480
SHA25658133cfd97a23770f8b705405586e6db315296bcc83151d94f8a9794990f0199
SHA512677ef4d6498c0477c551bdaed82667bb35c06555081646621f280a9f60e3cc82efe4841508f58953652bd69050116aa9338e00d7e2a2bdbb4bf19bd0d1c5903d
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC8EB0385-0001-10E3-0BC6F47B9883.temp
Filesize88B
MD582742e4b6327c9112d297a48da953113
SHA1ba0ec6f49bae59cf45823152f9b70fb745d7f08f
SHA256108deab6701d091ea04e56eadd2400597dafda64d8530dc2c5d5763b351f52e8
SHA512a4ee728cb46edf2f0a923c00523d199ab9f97e85688111c7705cec7845b2100a5bfc0cce2288ad0af4bb5e441545cc43e5de76a88a0678ff0d2d489b6074b45e
-
Filesize
411B
MD565b68a273119de10ae81ad7c493ec132
SHA1c379fd1d9bb4f42acfa2795eab15c85cab185e79
SHA2568e555f1320d05bb1aa056d85cccbb29058d0eca2d8fb1b907988604c80ce316c
SHA5122b1c00312a786c48e339bae4561b5153c42c6316658689861022cb96938de46e3ee5518d6e791a03073a844d4055ef17414d1817663c7901065dd43a6b8159d4
-
Filesize
1KB
MD57b5bb286a48a0c6c2cd348bda62d8266
SHA1317a2c04ba39e27a762e6ac15f1296eadc371504
SHA25625f450d354bf57b87ea02c4900c5b7172a48974aea58c20e81475e0b231c973c
SHA512b3464b3b562b384e89d6a9b46b55ce453b989cbd9171411046b6ef417c5ef626cd9406a256f6a88d0d246b5015826d94d9524c5f8fdb45eeaa8e8a998944bc4c
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_06b26302-37ff-4225-92cf-be1176f75e50_1734330617266.tap
Filesize416B
MD54e77e34c16fc44e1cad37e45ab20ad3e
SHA14f1921ee126fc6c6651b8e445fffb6e90a737dee
SHA2566d5f1e2d656a8ac2aa21d6d1d8d32099725017a3ea47bb92eeda3621804ee650
SHA51242706bf050737c4dce6a71e44e86a4c5028b9a9785f6cc29ef80c7e424ed2c509e405b61ca6771c06430390e9889736bec838596da9e3f6fd39a2ea7f7d1c055
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1ae81c46-7d75-4992-9bd3-59eaefe956c0_1734330604569.tap
Filesize337B
MD53c1d8bc38b1240cbe233c7319ec8f145
SHA1bb3a4307d41c49ecff6c1c249ae0de0e5b1253aa
SHA2567a0f4750235fbba9e759335181c2f93d355f60613743f6982352700f704f64af
SHA512625127accfc88a0640e53a3e7ed1da83c51a31b248bf2660c5badd101b8a6de0a599795f4d6b327643047a155864cf0d175c49e9f207a6ff5205b171a429104b
-
Filesize
46B
MD5b1de8164aa6fd1d093f3c154400d2883
SHA13286f1a5abc7b317a37b6d1ae0368a8cafef0c8a
SHA25652d4988ee616a328c1daf5f6790b6e0bfd8369cd8d1b501026470db6bdcbb4a0
SHA512e705a544115a9c2c721a69f40322da2ccca48f2ef02f2ccefee5228f573ed3902141421d50e4ad4a6bf4b4faa91707a3697cecdd009468785dbb2b48b83a26fe
-
Filesize
59B
MD51246c533ae5a649087d313d752884384
SHA149d2e0dc0a9e07a2239b0392815bb7662724b5b9
SHA256310c70b4663f0efadee276345f238e668495e5341c33906f755c1b0db6a97a5d
SHA5123459da68b3bebb85deb4ddd4dab1689fae64e70410f1107b138fab38014aced26529186e3e6f82413a193f4d0db98af8215a678875d8583221ae188b52b7421c
-
Filesize
74B
MD549559c0c1b8fdfc7af9a87427d3cce1b
SHA1eb3a357c6b6b39e208db45c25839a782c8ee414d
SHA256beb2b1f44e9c19134afbf5694ca206cf84e3bb24d6ae1325a8bde76615f30d71
SHA51252bd1d51042fda10823660053256595316a99ad2ff1842a7e258b103f3cfedc5f20b2864255d099982dd1b59835935e207640fceded4b5ecad4900d613f38a32
-
Filesize
55B
MD523746cda29e4219b9d3c3ca1034fcf44
SHA10ebc7df9354619dce95b26c853c08161b77b1a43
SHA2562468deb03384af4cd4de76f861cada963549cce1fca4438dc4b6f95006fa1257
SHA5122576b4038a0c90c3c8a0a5e9452b4b1fbae2dabb04c1612cb74a028184928a12cbbf1f2c36b000e448ffb3703edbd732f55c02b5d08a5c9491369bafffea7f9a
-
Filesize
48B
MD5c8c7a86b525ef5d7fdae583caec8fe3a
SHA145e8788888b9804b9d394b4f97002cfbc304d3bc
SHA2569227282315d5026b9550e83c080360f074be38097401a101f65ae5b7a142f052
SHA512f19b57003f1e8d36ffa7c529d7feb67cb34f6a3da0597215900f1c844ba7624df622f3318bd3fa7e56cbc267b03a3c5152a77d3c5a3aff38bc67aa49f352c732
-
Filesize
51B
MD51deac9d1dc302a8ec8426c330e5517aa
SHA13def5c63e81bb765dffa0d34e23c83b2a6243f63
SHA25629e35179228083df69f22e64c0ac9c19519b229fbcce17d1b3772d94bb19cd42
SHA512c8b9a60a158da11be1e57ab30315fb57ae3bdf63eaf8e1a3c2e7c117105d0438a5ed7c2a27f5031afbbe68dcbe96018af34564d94f458682ff33f17c27c1f23f
-
Filesize
622B
MD5067daffb917e2d152f81333e86f22f7e
SHA19692014da923b1dfd3aa928a40ce4521c26ea0a3
SHA256718af48a6d0217c8fbcde5407e0f85a060d852528e57b5ba218690dc1c05a0fd
SHA51273e946fc117d90f5e2c62e354f3ad1bb4562b07b21f57b8587285b763c31cd44916eb8487c0ab96306bbba69a79c78aa66740e8403982415b70c40ab4648d948