Resubmissions

16-12-2024 06:29

241216-g87f1aykez 10

16-12-2024 05:57

241216-gnzwesxkhw 10

Analysis

  • max time kernel
    131s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    16-12-2024 05:57

General

  • Target

    f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk

  • Size

    13.6MB

  • MD5

    f7a01a72056b791898c75c6de13a15c6

  • SHA1

    9d901ec639f2a83899e3b1f60acd149ccba02387

  • SHA256

    93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359

  • SHA512

    03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9

  • SSDEEP

    393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22

Malware Config

Signatures

Processes

  • com.andmon
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Tries to add a device administrator.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4251

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.andmon/databases/SettingsDB

    Filesize

    84KB

    MD5

    9a1705f1f84f97bc19044a9bf9ef2949

    SHA1

    db883500cfcef8b692ec4192f4cb55c00bd8d8f3

    SHA256

    cdbba48a7b88d3eb944631d7caa5fff47f79210e207a26607c7ee332e087d1b1

    SHA512

    6b2e7f463027c92d12b2fc2a75ba4c10ff549cb30efc62168d7b1b9dad11dd9c5138fc975b230d3985a7979d5e989fd35fc753a78825f18dd9ca5855b36a21f3

  • /data/data/com.andmon/databases/SettingsDB

    Filesize

    28KB

    MD5

    079700dd24e42c6c986319268907fad4

    SHA1

    1e11b0dc3e3c283f05aa38219a5b5417b73ec1be

    SHA256

    8c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8

    SHA512

    f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836

  • /data/data/com.andmon/databases/SettingsDB

    Filesize

    20KB

    MD5

    4e0b9a0dc7245d33336e781747c5c808

    SHA1

    1ce9e0ec9fc8acdfdbca282ff9ea2b792ca0f254

    SHA256

    104de7f907389c6e86aa4ae8c9366acc8b4fd01bb4994d58a826b7690f562d6c

    SHA512

    dd4891258c98c9966f5ba176ea060097e71ae35157522a08681b952f1f99517d4a6231eaaf64ff7dc404370b1080b34716d7023d33d03efc121b9bafdb1cc280

  • /data/data/com.andmon/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    3688092c32ba968c2ab462ba71ffc537

    SHA1

    fd974236459053bcddaf7a6e62aca853ec0e301e

    SHA256

    b03a0d7498397bc80c2748b6a79379b9d3522e38e84e84a94b9ec147170ccede

    SHA512

    17b60abf6d858c37207c6cf80f9151efd1814cac05254f0ec0e7d5762ccbf1a7d373955d1db2bd4ed582c774be7d6bae9cedd70270e73ce8d3d5370ca4fdd043

  • /data/data/com.andmon/databases/SettingsDB-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.andmon/databases/SettingsDB-wal

    Filesize

    221KB

    MD5

    e432f9405928440cdbcc3a4923da7f18

    SHA1

    288a2f8ac17a905010544ac981f590550d85a117

    SHA256

    de0e5f97232b239804003b1ba5d092260eec415d4fd846cc388a6d76fa6e0582

    SHA512

    313f15e19d6255cf437b8258edc43efdd3524af0aebf5ed86d41b47451a406cbd3dc86da373b7b4019c152779301ebb4a36a5005c0313f1fed7f6eb82c06a5d8

  • /data/data/com.andmon/databases/SettingsDB-wal

    Filesize

    4KB

    MD5

    929ea3d7700ba5b158515f5a6a5799a1

    SHA1

    3e3a0012d07ae2c8752678248db543c4044c3a4d

    SHA256

    72143820913ef13f408f8b5e2bf110d9853160e3b5378520692a7bcfff4a0aaf

    SHA512

    7bf98ff00556f5c56d6d3525463069292480dc86229f8b1448d65af8431d9a75b440bef2c589aa519c0c73cbee63b8c1db6c884019484846d0f8a901b3149a80

  • /data/data/com.andmon/databases/SettingsDB-wal

    Filesize

    8KB

    MD5

    20314c456680cf91a9a46b75bb4489b1

    SHA1

    07836bdb1fa9691d649df2191be681ee6b633e22

    SHA256

    3c1d4338c96bb617f301230361812fa9126f84412e01c2fd30615c61102992d9

    SHA512

    f4b05ede622037fb58a9a25664609a38b93b57773941785d92d78c03ce9b25ce14be3ae251cd54a54bc0afb287ad2dba78e4ec4db1a4df22e35785f9b6e97758

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331BeginSession.cls_temp

    Filesize

    78B

    MD5

    d523eb8fcda229642ca3f576e2562a2d

    SHA1

    e52e7d22f7a95618eee68ed230a83cf81a66bf18

    SHA256

    cfb8acfe8a1addf7740efe6541bd08b73afbce03ede4e29b93f75bc0cada2437

    SHA512

    5c9142bdcad425db8ea9d786385a634296c45021eda025ac32ace4a5e2955474ecb788c719e2d89f3182855f28872a7c39d1464a3d9d71e82b59238dab3002cd

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionApp.cls_temp

    Filesize

    103B

    MD5

    309f046ffd61f8362b69a4e1e786039d

    SHA1

    9716566eac350d6104ef0c7b8bbefb9e366981cc

    SHA256

    65e3e71b679c7cf0249bf5d13f4d8ff0b3142a414faa1b99b800bc4f7cdff6c4

    SHA512

    21cbfe9d650b21dd0538cfe818f7162e286389ad907e73ceccbf5f7c4a55cdba8b4cba81730929b45e02fd638a936a01719581a9fcd0ac246a02ab2dc817760d

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionDevice.cls_temp

    Filesize

    88B

    MD5

    109c0893179e4534e4a15c802896b991

    SHA1

    7928002b83d3b0c2599fa59ba964940fad78d0ba

    SHA256

    474426810d5d5d6b36629582d784d7875f4235eeff21d3c461a26ebf0a12f364

    SHA512

    bea4eaa6a055a6cfd76081bffc404c2ba7c1fa565fa49dd4e60e2a59dfe7ad3f5224caaa6c2df214ea36f153c7150120ef26dfb77084d50791450dffb2929b6e

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionOS.cls_temp

    Filesize

    14B

    MD5

    9b3d4522944ce6396563812bfdb92fa9

    SHA1

    6d2a6133c8f01938a48ccc77ef86ad8ca335c020

    SHA256

    d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

    SHA512

    091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331user.meta

    Filesize

    28B

    MD5

    2e24f7e64aa1ff176b3d0bbf66b47972

    SHA1

    d70934a5531757da24fb6b2e4f1ec6c0e16f32cc

    SHA256

    2eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289

    SHA512

    a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331user.meta

    Filesize

    46B

    MD5

    69de0fbc5ecc151462b35f5c0795f4a7

    SHA1

    871ff44a8c5a2c682c0943c0ad522ca1dac22044

    SHA256

    9c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7

    SHA512

    e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC1680233-0001-109B-4F4ECB695331.temp

    Filesize

    87B

    MD5

    94dbd2b8735af74cd18126ae8fa5a56d

    SHA1

    ec647e516239a79666eae1e6757a3a3a7b41d379

    SHA256

    1de61a15bb1c3ab5beee1f000e8f2c1502ef0d064e8019c187fbce0e098b2479

    SHA512

    b0709f96391f8a569f9f383db918b7dda9be121714c8cbcab0e916be04c8cfd0aae5a63cff38b7e73ae903ca07a8fa9c84ea29959f15dfe894fc5cb8e07d4323

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    409B

    MD5

    14e72c18b20f6bd94b494eeb929b9098

    SHA1

    d91161a21953623f1dfca01e58e0332bc5a67cca

    SHA256

    f4e3e730d9df337308603a25815d41728c1a91330f5524b391499d21195e4fa2

    SHA512

    0c4ca6bc9807d409bb19d03d5e9cbddb7ce6fa157b0c31dacf0b52c643bbd87859a7e5bb41a2ebf81b6e28e43fc8dee9bb29042d017816ad0fe8ee0dc4686229

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    1KB

    MD5

    83833197638eb634e4f02bb5cf721187

    SHA1

    cd662fac2d34853fb661b5d1c3980b710c6d3b85

    SHA256

    406140bed03c75372b53b4da33af16cbdad28e669d8f1efa3f7a81d0fc30f65f

    SHA512

    8f654165db90e5c88bb3f27b5d2a35e39f6570118297b80082714b7f56912a96d01c3726e31ef7de014600ad5e2837c4f645fee4311d522bf908c7d2e8cf3f9b

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_3a43271c-7acb-4a6c-893f-eccf69fdc7ed_1734328692742.tap

    Filesize

    415B

    MD5

    692cd7d03d0795185fd882d9c568f408

    SHA1

    2b16d77a08a20d9307688be2908c8f218202238d

    SHA256

    fb438a6505a57625a12c1614ec92078b2153a18048f0a53316c915db2c0ac9e2

    SHA512

    9171225b39fd2addafaa10e8f5c26ebabbbaca6245e93a940345465d4dd7a375f57f520144ad4d63bc875b57d98cdf96ddc401abe4beb92820f65c81680b5a42

  • /data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6a403f87-bfea-4f4e-892c-beca2a74b178_1734328681192.tap

    Filesize

    334B

    MD5

    b7e366798f05643e873177abd1d8baeb

    SHA1

    f2464c0f839a24f1f08afcb9a3896c49d1df9414

    SHA256

    8431cdecbcb9bef757a1a9c9b8c66a34d98e069903ecd2aeac454c93e8118699

    SHA512

    8247311a4e2f4cbd1be5f7a8b5ebf9e0162495bc1c7b960632e6d916a876a65f68e8c75e1eb656f4ecbbe44f46ec3b7bbc5b7bb0c4ee602d0fd4f75178824817

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    46B

    MD5

    3edcb1ff1701d413bf9cdefc93050c40

    SHA1

    726db74232be916db6b835fc797b85a4aba73156

    SHA256

    fbda8f4e86ceeaa3efc0bb865406c360dae3047234846dc92c8658b05c1c38c9

    SHA512

    2503958822437158d08bfce6ac46a4bc2c088a49891bca2dab1426192a7af481d8f6cad2a7f10180a90b580e661db8f742c107271e6d36415af0689cf70fea44

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    59B

    MD5

    de9614b03a837fe41c10bbb8db77e6c8

    SHA1

    f671ffa397eab6d97e0495f2a2956bf140d71201

    SHA256

    64ca8cb870b20de3e26ff7e0ecbcf618832c341250ab7af2c39bf0fa9b2a8dbb

    SHA512

    55386f7d6e7201cd6602132bb6062c4661b00d2d5f5de7180726c0d34dc65bd0f23d6835a8955db3ac0332f0b9a0bd6909acca37ed800ad8723bb17e622a303a

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    74B

    MD5

    e464a6791eb2232bd71f5df5fab89732

    SHA1

    f43b37c401c7e17dfa05085ae2fca90de633cfa0

    SHA256

    70124c63960bfce2b7ec2df489cf4b3bf456f6daa752f7ae1a72bd9e9d4abcb1

    SHA512

    c42ac2e5824e474bb0089e62fa756a86e038004e22f9ea747c52640a931d42578620401e84e1cef45a4d0f451fc42077e996eff27590f014d32cc777f65c9dde

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    55B

    MD5

    f3875ae4022386fae3e5a9ac25b89b96

    SHA1

    35bc70682e1f7afa70c168943dc0133ca26ad1a7

    SHA256

    0704ea23802f7d207d24b6f39deb6401eb201a6bf32408ca048fa2f9142ac55b

    SHA512

    1a5a773551dd841dbb86fddd68be5c472a7f0d20f172ce059eba7298c73caed8ce6a8e7855a843ec8a8c08efba4025cd0e91380ada8fc805fe827d9503cdbff3

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    48B

    MD5

    238615ceb670f9558b1dbe354843a7cd

    SHA1

    120bc529ef50e98a6b5ba62e21c8aad57ab48772

    SHA256

    622d43a1ffa37fe9b1d57fa4f47a0f850e856258969325fe79218062d291a1ca

    SHA512

    f2b60df0fc32b243d26a7d27d6dd7e8171a13419d9ad9dc9d139c7095c301b7922dba86246b52c95ce06cf4f2a61ca23ec5f710161e9589655e7fda6d142f970

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    51B

    MD5

    ef04559fdda3f8d27aa715aba790ed3b

    SHA1

    45486adf938aa5f22dfd31e6d6f98b7f1dbc5448

    SHA256

    900db01a3b1b4cf74103a589a567671df1cef3740e2b7f22301fe2e956bc7f27

    SHA512

    8f6d31b0a38976c581cedb6dfcd93a4a527a3539764e91fff153e78642e927d3c118ff399bd70b19ed695034db0c82735cb4ee4e5c6d9425a3acf2806c0e71a9

  • /storage/emulated/0/.androidmonitor/log.txt

    Filesize

    622B

    MD5

    0f275ce88074e5e1821802741007e33a

    SHA1

    39f0df6b68cce7a974aa0a83951a4b732cf6d8d7

    SHA256

    1c2597a39c6343ae7585fd4466bc6efa03820e2941cdf826207e1584dc60fc49

    SHA512

    37a4f428c704f1c39978a7c2fb60fea764a33df802feea69242f708277ce232b77809c1c7d9a987889bad291e4a4e23aa29a2d2fb0b6e8bf35b4c77f2cf3e1cc

  • /storage/emulated/0/.androidmonitor/log_.txt

    Filesize

    3KB

    MD5

    e59e078f4edb500e9805ec0a8575bf12

    SHA1

    c6b39ce01a59176a3fc4423ae0a4112b297df9fe

    SHA256

    15b3cddcddad74dd5e28527594d36c2900a67e9c91e9dc3a0682edf1dbfa0791

    SHA512

    7054c4ea8b96823da1ab408ff0c19f4ec43d3e51cac457c7f7a4f1852f3f9d4ee460016c08661ad1695264c17d2961c7159f94638e5a51d49b2312b0ac139d03