Analysis
-
max time kernel
73s -
max time network
86s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16-12-2024 06:29
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.andmon /system/xbin/su com.andmon -
pid Process 4247 com.andmon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 6 prog-money.com 8 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.andmon -
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.andmon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.andmon -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.andmon -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
-
com.andmon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4247 -
su2⤵PID:4356
-
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5079700dd24e42c6c986319268907fad4
SHA11e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA2568c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836
-
Filesize
20KB
MD54e0b9a0dc7245d33336e781747c5c808
SHA11ce9e0ec9fc8acdfdbca282ff9ea2b792ca0f254
SHA256104de7f907389c6e86aa4ae8c9366acc8b4fd01bb4994d58a826b7690f562d6c
SHA512dd4891258c98c9966f5ba176ea060097e71ae35157522a08681b952f1f99517d4a6231eaaf64ff7dc404370b1080b34716d7023d33d03efc121b9bafdb1cc280
-
Filesize
104KB
MD5f83a81e498151008282e1e3f4ecb0f23
SHA16afad09cdf0e0f2c954a14ba0d34a634eb9c1f83
SHA25606001ca21055efbd522790a028e4fbb5249901c24a452e25d1c70b6c566d5686
SHA512e1afea4267ffba49539c4a2adae16b5baf85cf0844481ca36c8fd582456bb968ce318218e488cd1f38cedad0230fceab308594af98195aea78adb86049b79eeb
-
Filesize
84KB
MD59a1705f1f84f97bc19044a9bf9ef2949
SHA1db883500cfcef8b692ec4192f4cb55c00bd8d8f3
SHA256cdbba48a7b88d3eb944631d7caa5fff47f79210e207a26607c7ee332e087d1b1
SHA5126b2e7f463027c92d12b2fc2a75ba4c10ff549cb30efc62168d7b1b9dad11dd9c5138fc975b230d3985a7979d5e989fd35fc753a78825f18dd9ca5855b36a21f3
-
Filesize
512B
MD5ece890c170d5c573ae26b9a8542e9485
SHA1d6052fda2f1527bb30c65a82070d01bbc903a5b5
SHA256ecdcf049d6b564d5a637ffef24fb6710f1e0cfda0d05fd40c80bc2dab56b0bb3
SHA512fdde9c3df88f3b03b080740950514302b6cd6ccc96b9554cce0ee9b06ee1bb6620b6bec0534df5e4d04d66c3f059574a9845cbd41cff9738b1f26c20df3fe0c0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
221KB
MD59dc63fe29bf21d41df29e68a036257fc
SHA1df9bfad71e1f576a80c7e8f01a9bf4f71e223eab
SHA2566adf0462eb724839e6627a0b1916ec10c85559bf0e11193ca6bb1b4477cb7170
SHA512689242b214bd791a67142982bea84e5d0332f2b4fb2e4427545ad329ade99b5010171cd03b5a7a4c3cd6284635e082099b51e44e149f773580ce68296e834fee
-
Filesize
4KB
MD546112d3f8007af4d3ec290a5cf5e1367
SHA1123929208d9bdc80bcda7ab9c7a4bb9ec69438f5
SHA2565786f8e8d0d920d8c4e1c38c803922e83e214339bab985c6335501bc9ec42061
SHA512fd4cfe926b6bdbaa04141295e4dff8d7f5cc9692f72fabc100c8ae269caac7327769f5b8ce3cdbace6270f6a4e7c35dd27759cc3618f5b0227ebe19ceb5ae9b4
-
Filesize
8KB
MD5f436a78556712cd8e83dda9086fb091c
SHA1aa3aafd8f565a81b66bebd87c9351ef89b69b0a5
SHA2569f3d7cbac8d50eff9351de44be057bd2464baad6c1799afaa3f9702877de91f1
SHA512f62a8edfade63d8d5eccd8240b76001889ad529a7a4eb25c158537effb1e48bd82deb1091f1c7ea6f051a4c6c7217ea21f62d0be7822221f17727663f9ce6673
-
Filesize
402KB
MD53bec81cb10f113ea8718e769ccdeafd1
SHA1cfd0c7189950bf865e1ae4a094cea94e87c774e1
SHA256df413900facaf066ee48467e1ddc5f73a917eaa9a45dd7f5311e73c0c717d1e9
SHA51221f5644ce9f839473aa64a5eb009472d0be23c581f53aed823d0c684c20e973bc0aad528f275c364d9b8214860b14377a22892c6baa9aefdb6414fe8fa1f2c0f
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E700F7-0001-1097-91A197FEA6A7BeginSession.cls_temp
Filesize78B
MD5655cb30dcac1168af7b791be4604f93a
SHA18c7cf324dafe538c503b87887697842b69e28da5
SHA256c6ac488c62b9b6d0c98c346ad1799d3c8b9870e67fea576de766e0b57ba14fa4
SHA512c2b5c09c025b9e2d3d2f96dee1b593398c25b834727ec1b883c407825b38060173e1747976fc5e0ce540b12c32fafecc92eae0c99a1d854faff9dbaeb0170be0
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E700F7-0001-1097-91A197FEA6A7SessionApp.cls_temp
Filesize103B
MD5066ee47d1be5fbf5bb4f7874be5fbce6
SHA1633330e298990b0e024697b07744125ac38ccbea
SHA256794b9e87015dfbb0ad830df0b94a754b423f4b62363bd42916edd86a090f2378
SHA512f9f449b90b3f6cb542991958acba3b6b29dae30ec7b3edd1f2da70df823f9628c5625deee876930faef70fb0c2e33d324a9e92ef2fca9b49a005bfafc59494e3
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E700F7-0001-1097-91A197FEA6A7SessionDevice.cls_temp
Filesize88B
MD5109c0893179e4534e4a15c802896b991
SHA17928002b83d3b0c2599fa59ba964940fad78d0ba
SHA256474426810d5d5d6b36629582d784d7875f4235eeff21d3c461a26ebf0a12f364
SHA512bea4eaa6a055a6cfd76081bffc404c2ba7c1fa565fa49dd4e60e2a59dfe7ad3f5224caaa6c2df214ea36f153c7150120ef26dfb77084d50791450dffb2929b6e
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E700F7-0001-1097-91A197FEA6A7SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E700F7-0001-1097-91A197FEA6A7user.meta
Filesize28B
MD52e24f7e64aa1ff176b3d0bbf66b47972
SHA1d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA2562eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC8E700F7-0001-1097-91A197FEA6A7user.meta
Filesize46B
MD569de0fbc5ecc151462b35f5c0795f4a7
SHA1871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA2569c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC8E700F7-0001-1097-91A197FEA6A7.temp
Filesize87B
MD51a40caae4b135959146de3bb08149304
SHA116ffdef54b96ef4fd341ddff50d44d55b049b311
SHA256f6239d84b89394ea7bad1d30d2451292add09e05122e7c1223da04c195771032
SHA512a0be36f8d04a5d2131c12cca2968af5bfba1d17526ccdb7cd1dd9fe816a7dbd468a3ca8e9a490491d56cc7994d6022740fa8686bd25a3f83d98bbb3bb13bd138
-
Filesize
409B
MD5e352aaa9b9d4f3f3a7026bd3e817f1d8
SHA1a91ea4a3e7c26f5f124448fdf64a84565083d5f7
SHA256b492ce3a81c154770959c45dd8b89f6f7ed7c20baa477bd32727481abebe2d8f
SHA512720872e44baaedb752f08b1d4741ad4982d855b0ffa794e6f248100b1fa02d16c58c83b18b53e4e692a8fddf8f707a3fbad14ae04c7e27c08eed532764221424
-
Filesize
1KB
MD5f5f9917f29960f2161c13ebc207ec68b
SHA113deb0ced9f0985f1aa0c6b420c33c1fe70b2c55
SHA256e56106745b35407550ecdebbad954616ca44cabb3ed87ea3bba1b007966772a9
SHA5126a4ea76ff8c62bcf08ed8aaee63db59d798883c123059be4d566275b1637cffb20ded154a247095a262f9fa1113eab3b46219e12c9ecad982047fd68bea820e7
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_0f919eec-e580-475d-a3a7-9c1cbe31fd3b_1734330600359.tap
Filesize334B
MD573c3a49d2eb15e4ee3a20831a503eb55
SHA19a78053afd592507306680cf94661367095e1a5a
SHA2564b9723f562bbed7f740a593a1cef99c199327174db433e04ad65f2dab2fbd7d3
SHA5125418fb902eb66f261232dfa4f9a28f89d50004e39954a7b2db5a30ef5fa1242938b37414f5ad438e13a82ee5d14eab353d9e7545c5b730e6567ad79597609cb8
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_4eeb623a-634f-4bb7-a291-eaa0ecae757d_1734330611589.tap
Filesize416B
MD5013151aa722eec0ee41fb3e39e6941b0
SHA11b2db3fd4a401847661a40607fd7693befdc234b
SHA256120cf564ae5f3130f315a7291e2890e0d9e5de942534b08e84ad76bbacc8d1bb
SHA512ba06a6a3c1b23662d5ad2f45f91719bd1d561de355c46a54d1d1f70255a8510616ad17db8e8b0e57788d69109af37aa25d1a3d52352252da79723b53ad0b4d62
-
Filesize
46B
MD592db638a6db0682a2e3fe1abc0e85ed4
SHA1d2507a1964d3d9888d0dd934103138f05029367c
SHA256479bb6fcdffada97fe75d6dde922a502807666b733cb29daa8e5e4af63c58ed1
SHA5122807142e970f6afab4ab4c2ed116ef0ee027edb892557d38fd585353529ed1aae077f98ab8d85be5dcb7b531f079a5de03b4197584ab5ce9426bf351720a443c
-
Filesize
59B
MD5304b5e6a3ec56b94fe7234d18e5f4b90
SHA1170a9864e903ad796d27468e7d1c341444379ebe
SHA2561dc7fae1047f38dfa86b293a996679ef98705e3e3a03eae01a97f2446f17dd7e
SHA5127984d83ee562adc045727d2c0c4a1724003e79d9e6314b3b5b6b2ca4aae039d9d488bf8f7190e9eafe87f397c3d389f0a7b10517cdd2e8bfbef21d5b50ad4838
-
Filesize
74B
MD50631a249318f70c5b15e8abb2691ebe4
SHA1bd837632b0860b2045c29b7f069e1b627d0ccdd5
SHA25637b81eb25c54d2df69fc1494977309e7b151e525db07f8d9b1227d68fcaab10d
SHA5122c44df45a8f2d84650b2cca4e9e23eb0a634175032f2cc3668022bee352f602407a1269552954406b47e4c3073b98b3c5bdbca1f4d965a335d8325a5a95c04f4
-
Filesize
55B
MD5c671d776c2d41c539b851417cce327cc
SHA1d00d0b29bcf261907ff2ad427bd11202c602738a
SHA2568c093024578fd94045d41a226d220647c97a816a9f6480b9265bd78cb1dec6c2
SHA5129b043061a63de6c3b73983ead3ae62cd7a33a56f605d9909dc9a8133ecd4428c40a17b1006e6efdc4896bea31cf1949148a81b349bb5f323a260b8a08fe7779e
-
Filesize
48B
MD5ebfa7fe68df932d84626932752b9c4dc
SHA133b7a7f31d207c23f9286a7a0a8c80cb9b8d8724
SHA2562ce53a4ff2ca55e4e45066bbc3d53bbed502c02a5b953c1fc1ad3fbf5ec2f0c7
SHA512be762beb8e4bd713fa74f5c84c5a30836534f271ad832b4d2ba6da309ed94674c7d0d9b6c90a1abcdcead3453f654529003f726ccd57168f7018b1c922192782
-
Filesize
51B
MD5a23524578ca9fdaf2600a18edf48e87c
SHA15840c000f6b2871b0cb9e4fed36e9a01fc67caa6
SHA2562d15ef7681f165002447b0ebead1e752490b916b6e3fec3f88a2e87d2ca9db5a
SHA5121d15398ce9509d5dd984440fb7e943a8baaa5e987fb797c07ecd8d5a38a7bf8411e9e1501e0abca8e912f05b615bec46b25548176544353d35c3cbea1ac3fd17
-
Filesize
622B
MD5261c2e0c6f49b3e8f568f666ef88df44
SHA150dd532137658c71f99c974d078428fe8c5cf836
SHA25698146df1d1e1076110440a7bb47386d60776089e97c6c0df184e8c3017808612
SHA5128da4e3e4b765ed5cecef2da083cee638feed8a9c8ce58191571c242cfa2c544bbb05810ed8cd18125c78fc8ffff12afdacc77b7a77b299521282b0dab43e9627
-
Filesize
3KB
MD5c8f47f0db43bb730f5ca17340ba80ef9
SHA16d294d12291676e4a9c142b240dfaa44ab745a12
SHA2568163c98d4b0641b5fa6e69d819e6bdf435def01ed9405312004b926e8e3c8a0c
SHA5126a5c682a4877c8258e6e89abd00892bafdde8f6934ca0c9e9cb55ea63dcf05c6e2990c909fb7011cef9511b4164c9c442e072e296adea12e6e64dbd889f1602c