Resubmissions

16-12-2024 06:29

241216-g87f1aykez 10

16-12-2024 05:57

241216-gnzwesxkhw 10

Analysis

  • max time kernel
    35s
  • max time network
    77s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    16-12-2024 06:29

General

  • Target

    f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk

  • Size

    13.6MB

  • MD5

    f7a01a72056b791898c75c6de13a15c6

  • SHA1

    9d901ec639f2a83899e3b1f60acd149ccba02387

  • SHA256

    93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359

  • SHA512

    03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9

  • SSDEEP

    393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22

Malware Config

Signatures

Processes

  • com.andmon
    1⤵
    • Checks if the Android device is rooted.
    • Acquires the wake lock
    • Queries information about active data network
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Tries to add a device administrator.
    • Checks memory information
    PID:4323

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.andmon/databases/SettingsDB

    Filesize

    84KB

    MD5

    b5a13b9851c2ee146ad864abdf70d8f2

    SHA1

    3891a7f5ad66b5332800005a0ca0d71076c17b15

    SHA256

    bf50e70044867c15cba55b2cdfab8511396234e762df28f08aeba6eaf0c99345

    SHA512

    255f410f312615bb57178be166b8ca0414cf6dbbadd54d51e554ba15a1c59fb66dbf7a355caeca146bf0731811db15f41b84253250149c85e416fe4aa7428012

  • /data/user/0/com.andmon/databases/SettingsDB

    Filesize

    20KB

    MD5

    ac15d309782852c2f78b47fd7525f337

    SHA1

    7972a33f85abcbc6299af386bd89ebbe7055fe54

    SHA256

    a58e31d4acc5bc9ada8365ea569ec0d513eeb9e886ea636dc43a503245e8775f

    SHA512

    48a0b6a92ddaca84099be9e42896d1a7a9332f3c717bba28f32b418215f1cfbc4d2ed3512bfdb2942cbb73a9febc00cc40c597ce79e424dc747f4f056fc3d6a1

  • /data/user/0/com.andmon/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    6ebe4b6fae11a2257f02170b98fd6716

    SHA1

    168b6700cd31feefde13240d53be793400257d8a

    SHA256

    c7cd31170ff205632e3effb86751ce7789085c58f5131c61546ca496c7955d2e

    SHA512

    fc09c4a0040e4bdfc2f78d740746147f966a8b61558bbed248b052efbee6d8a143b387a9f83544446ebc18025ba40ffc3d4f83227ad42c4121782b55f9846a98

  • /data/user/0/com.andmon/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    adddff0a72892d3960c2ed9730a572cd

    SHA1

    5bb699652128329d939ef00cc5635406ed32eaf7

    SHA256

    58c1f8ff352ee0de15d80824a7e3ee14a2f6bd762f7e897f8993ec9c4c8739ab

    SHA512

    5ae8faff9327d822fb92e92b4b2de516e8431c8d7f37a36dafe2ed3455c986613bfee531706736e492df37cb5fb1e4a2b68eca58ddaf5b91835866e2e591cedc

  • /data/user/0/com.andmon/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    6bea9b25984efc6cded3b894e21bc950

    SHA1

    4cfd4d5d4880349f3a2f515c299cb967faa0ffb9

    SHA256

    162931b3ab788dae1b17fb3ee77219fdb4d91e78246c8d9c17a475b5ca66d038

    SHA512

    0729e97c3ce28709f32826619e94d96e3ef9cf50522d1058379a5c06c4cf11b4d2fa13d3ee2fbfc31dee56a4adcc899a6e082e7941d4f9557c13167d741c0065

  • /data/user/0/com.andmon/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    57a299ed60517691e86e60cda94d9429

    SHA1

    6a19cff78e13098f04144667cdce79be1481652d

    SHA256

    c9129a844e05c1121b199afa53b1205438a1f9c7b6ae1df4c2e090d8c5f8c1e1

    SHA512

    4129d607f4575eda4c01202ce56a9ec5290932f663c7a207030367c9e4f08c466741068d838ea5fd892a87c0278d7dc0d75ce3471f9716813c69f232106c6bed

  • /data/user/0/com.andmon/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    01315265a61f92372a6d3d45762cdba9

    SHA1

    7bfe9000fe2d5a17d3a10825de1bce16500db594

    SHA256

    4f8df40faecbac0e91acd2c660e6cde4c216914467ece1cbb5f0b4c69118e8c7

    SHA512

    c21db3ed1d33fa85543ec97c63711c61669f2abfeaa6cdb5bd6803d1d7a224ab422126dd752734015657205761e5390271d5ec5f13d6a453acec07434f674929

  • /data/user/0/com.andmon/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    c72fbc3bbb3be768e6f9a683b086b92d

    SHA1

    a7f5c8113f91d0a7b14cff641344af474b0e435a

    SHA256

    8861d8698dcd04f7b33714e1f5c4c22a5c4ef93be9c7b894cd90d6deb0ed464f

    SHA512

    f353047c978d30654f64beb872bc1bdb02e46332f7cc74b3753c12d8a8acbf9eb6a185bfaaa47a5bd48055b7e058f7463ebd9ef6c6b42546d99acf2b6ea116d5

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883BeginSession.cls_temp

    Filesize

    78B

    MD5

    f4228455895342c2c7b49265cdb6f882

    SHA1

    c0986f0f9b3a41fb0a1913b2dd908169b81f57f1

    SHA256

    cd7944e31cc747c950d1e154e197739c1c9a1a0283a9b000bbcdad323c49c595

    SHA512

    de2d61519f31b38bd99cf153e55f5775dae8e31ae4d6be69309c755724c8e2f40364e4da03a14b5088627d95f885cd2742b25abec21be2509593acf11c8778f7

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883SessionApp.cls_temp

    Filesize

    103B

    MD5

    25cc1a657b56c984b269dc7b3e15f3e8

    SHA1

    7c82a76397e4c822c61082471e4a92f106140001

    SHA256

    87529c0445753d4140fddd0aa5fb841e76c6b14506696022dd2e449e96e32b83

    SHA512

    d883bb2a2224c02e80090781e66fe2019746cbada935f00528a835bac171094c1cee50d4bcf93e7efb4ff09f9d1d67ffbdcaabdcc712aad7e12860ebe8d67f14

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883SessionDevice.cls_temp

    Filesize

    88B

    MD5

    5fee9c379a13cc2b9beb99f24fbf86c5

    SHA1

    ec28c3b0ee5c50caf722b85978131c88579f872a

    SHA256

    afcb34234ca38b20217613102a63b241367853889911bcb3327a04b66947fa7f

    SHA512

    65e6239efada615afec003431ccfce1e04442ffcf9012dddfa1fdb7e2e2abfb0fccf94e34b62760a6538de19dc38c8e3ef3f38e728024f3933a181a00a232a2d

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883SessionOS.cls_temp

    Filesize

    15B

    MD5

    f8b3ebea29c91d82f009e5a9c6d11060

    SHA1

    99d88c4b39d9143084e777b93d9692a59a3d087d

    SHA256

    b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe

    SHA512

    6f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883user.meta

    Filesize

    29B

    MD5

    2ab8462142d0789da5afaed9c145213f

    SHA1

    4896fef0bbe31d39af8a22475afc88c1d5d7c0e2

    SHA256

    a54926ad8d23802a5e64b6bb87a6d3fbebb3633f3caaa891fd15b711629571b5

    SHA512

    0b184c789e565265e6cc9a81d3eb02651d2870440bf7a16ad69681ca13dad2f749a03feecd524c923e0ede9d96316e0b17bb5b418c0e33edaa88cd1aa1acd53a

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8EB0385-0001-10E3-0BC6F47B9883user.meta

    Filesize

    47B

    MD5

    e7766640f19e7b84075b9d3dfa00448c

    SHA1

    a04e2256e9c5b3a180fa116ebf977af5f3f65480

    SHA256

    58133cfd97a23770f8b705405586e6db315296bcc83151d94f8a9794990f0199

    SHA512

    677ef4d6498c0477c551bdaed82667bb35c06555081646621f280a9f60e3cc82efe4841508f58953652bd69050116aa9338e00d7e2a2bdbb4bf19bd0d1c5903d

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC8EB0385-0001-10E3-0BC6F47B9883.temp

    Filesize

    88B

    MD5

    82742e4b6327c9112d297a48da953113

    SHA1

    ba0ec6f49bae59cf45823152f9b70fb745d7f08f

    SHA256

    108deab6701d091ea04e56eadd2400597dafda64d8530dc2c5d5763b351f52e8

    SHA512

    a4ee728cb46edf2f0a923c00523d199ab9f97e85688111c7705cec7845b2100a5bfc0cce2288ad0af4bb5e441545cc43e5de76a88a0678ff0d2d489b6074b45e

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    411B

    MD5

    65b68a273119de10ae81ad7c493ec132

    SHA1

    c379fd1d9bb4f42acfa2795eab15c85cab185e79

    SHA256

    8e555f1320d05bb1aa056d85cccbb29058d0eca2d8fb1b907988604c80ce316c

    SHA512

    2b1c00312a786c48e339bae4561b5153c42c6316658689861022cb96938de46e3ee5518d6e791a03073a844d4055ef17414d1817663c7901065dd43a6b8159d4

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    1KB

    MD5

    7b5bb286a48a0c6c2cd348bda62d8266

    SHA1

    317a2c04ba39e27a762e6ac15f1296eadc371504

    SHA256

    25f450d354bf57b87ea02c4900c5b7172a48974aea58c20e81475e0b231c973c

    SHA512

    b3464b3b562b384e89d6a9b46b55ce453b989cbd9171411046b6ef417c5ef626cd9406a256f6a88d0d246b5015826d94d9524c5f8fdb45eeaa8e8a998944bc4c

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_06b26302-37ff-4225-92cf-be1176f75e50_1734330617266.tap

    Filesize

    416B

    MD5

    4e77e34c16fc44e1cad37e45ab20ad3e

    SHA1

    4f1921ee126fc6c6651b8e445fffb6e90a737dee

    SHA256

    6d5f1e2d656a8ac2aa21d6d1d8d32099725017a3ea47bb92eeda3621804ee650

    SHA512

    42706bf050737c4dce6a71e44e86a4c5028b9a9785f6cc29ef80c7e424ed2c509e405b61ca6771c06430390e9889736bec838596da9e3f6fd39a2ea7f7d1c055

  • /data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1ae81c46-7d75-4992-9bd3-59eaefe956c0_1734330604569.tap

    Filesize

    337B

    MD5

    3c1d8bc38b1240cbe233c7319ec8f145

    SHA1

    bb3a4307d41c49ecff6c1c249ae0de0e5b1253aa

    SHA256

    7a0f4750235fbba9e759335181c2f93d355f60613743f6982352700f704f64af

    SHA512

    625127accfc88a0640e53a3e7ed1da83c51a31b248bf2660c5badd101b8a6de0a599795f4d6b327643047a155864cf0d175c49e9f207a6ff5205b171a429104b

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    46B

    MD5

    b1de8164aa6fd1d093f3c154400d2883

    SHA1

    3286f1a5abc7b317a37b6d1ae0368a8cafef0c8a

    SHA256

    52d4988ee616a328c1daf5f6790b6e0bfd8369cd8d1b501026470db6bdcbb4a0

    SHA512

    e705a544115a9c2c721a69f40322da2ccca48f2ef02f2ccefee5228f573ed3902141421d50e4ad4a6bf4b4faa91707a3697cecdd009468785dbb2b48b83a26fe

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    59B

    MD5

    1246c533ae5a649087d313d752884384

    SHA1

    49d2e0dc0a9e07a2239b0392815bb7662724b5b9

    SHA256

    310c70b4663f0efadee276345f238e668495e5341c33906f755c1b0db6a97a5d

    SHA512

    3459da68b3bebb85deb4ddd4dab1689fae64e70410f1107b138fab38014aced26529186e3e6f82413a193f4d0db98af8215a678875d8583221ae188b52b7421c

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    74B

    MD5

    49559c0c1b8fdfc7af9a87427d3cce1b

    SHA1

    eb3a357c6b6b39e208db45c25839a782c8ee414d

    SHA256

    beb2b1f44e9c19134afbf5694ca206cf84e3bb24d6ae1325a8bde76615f30d71

    SHA512

    52bd1d51042fda10823660053256595316a99ad2ff1842a7e258b103f3cfedc5f20b2864255d099982dd1b59835935e207640fceded4b5ecad4900d613f38a32

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    55B

    MD5

    23746cda29e4219b9d3c3ca1034fcf44

    SHA1

    0ebc7df9354619dce95b26c853c08161b77b1a43

    SHA256

    2468deb03384af4cd4de76f861cada963549cce1fca4438dc4b6f95006fa1257

    SHA512

    2576b4038a0c90c3c8a0a5e9452b4b1fbae2dabb04c1612cb74a028184928a12cbbf1f2c36b000e448ffb3703edbd732f55c02b5d08a5c9491369bafffea7f9a

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    48B

    MD5

    c8c7a86b525ef5d7fdae583caec8fe3a

    SHA1

    45e8788888b9804b9d394b4f97002cfbc304d3bc

    SHA256

    9227282315d5026b9550e83c080360f074be38097401a101f65ae5b7a142f052

    SHA512

    f19b57003f1e8d36ffa7c529d7feb67cb34f6a3da0597215900f1c844ba7624df622f3318bd3fa7e56cbc267b03a3c5152a77d3c5a3aff38bc67aa49f352c732

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    51B

    MD5

    1deac9d1dc302a8ec8426c330e5517aa

    SHA1

    3def5c63e81bb765dffa0d34e23c83b2a6243f63

    SHA256

    29e35179228083df69f22e64c0ac9c19519b229fbcce17d1b3772d94bb19cd42

    SHA512

    c8b9a60a158da11be1e57ab30315fb57ae3bdf63eaf8e1a3c2e7c117105d0438a5ed7c2a27f5031afbbe68dcbe96018af34564d94f458682ff33f17c27c1f23f

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    622B

    MD5

    067daffb917e2d152f81333e86f22f7e

    SHA1

    9692014da923b1dfd3aa928a40ce4521c26ea0a3

    SHA256

    718af48a6d0217c8fbcde5407e0f85a060d852528e57b5ba218690dc1c05a0fd

    SHA512

    73e946fc117d90f5e2c62e354f3ad1bb4562b07b21f57b8587285b763c31cd44916eb8487c0ab96306bbba69a79c78aa66740e8403982415b70c40ab4648d948