Analysis
-
max time kernel
131s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16-12-2024 05:57
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/xbin/su com.andmon /system/app/Superuser.apk com.andmon -
pid Process 4251 com.andmon -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 10 prog-money.com 13 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.andmon -
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.andmon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.andmon -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.andmon -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
-
com.andmon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4251
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD59a1705f1f84f97bc19044a9bf9ef2949
SHA1db883500cfcef8b692ec4192f4cb55c00bd8d8f3
SHA256cdbba48a7b88d3eb944631d7caa5fff47f79210e207a26607c7ee332e087d1b1
SHA5126b2e7f463027c92d12b2fc2a75ba4c10ff549cb30efc62168d7b1b9dad11dd9c5138fc975b230d3985a7979d5e989fd35fc753a78825f18dd9ca5855b36a21f3
-
Filesize
28KB
MD5079700dd24e42c6c986319268907fad4
SHA11e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA2568c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836
-
Filesize
20KB
MD54e0b9a0dc7245d33336e781747c5c808
SHA11ce9e0ec9fc8acdfdbca282ff9ea2b792ca0f254
SHA256104de7f907389c6e86aa4ae8c9366acc8b4fd01bb4994d58a826b7690f562d6c
SHA512dd4891258c98c9966f5ba176ea060097e71ae35157522a08681b952f1f99517d4a6231eaaf64ff7dc404370b1080b34716d7023d33d03efc121b9bafdb1cc280
-
Filesize
512B
MD53688092c32ba968c2ab462ba71ffc537
SHA1fd974236459053bcddaf7a6e62aca853ec0e301e
SHA256b03a0d7498397bc80c2748b6a79379b9d3522e38e84e84a94b9ec147170ccede
SHA51217b60abf6d858c37207c6cf80f9151efd1814cac05254f0ec0e7d5762ccbf1a7d373955d1db2bd4ed582c774be7d6bae9cedd70270e73ce8d3d5370ca4fdd043
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
221KB
MD5e432f9405928440cdbcc3a4923da7f18
SHA1288a2f8ac17a905010544ac981f590550d85a117
SHA256de0e5f97232b239804003b1ba5d092260eec415d4fd846cc388a6d76fa6e0582
SHA512313f15e19d6255cf437b8258edc43efdd3524af0aebf5ed86d41b47451a406cbd3dc86da373b7b4019c152779301ebb4a36a5005c0313f1fed7f6eb82c06a5d8
-
Filesize
4KB
MD5929ea3d7700ba5b158515f5a6a5799a1
SHA13e3a0012d07ae2c8752678248db543c4044c3a4d
SHA25672143820913ef13f408f8b5e2bf110d9853160e3b5378520692a7bcfff4a0aaf
SHA5127bf98ff00556f5c56d6d3525463069292480dc86229f8b1448d65af8431d9a75b440bef2c589aa519c0c73cbee63b8c1db6c884019484846d0f8a901b3149a80
-
Filesize
8KB
MD520314c456680cf91a9a46b75bb4489b1
SHA107836bdb1fa9691d649df2191be681ee6b633e22
SHA2563c1d4338c96bb617f301230361812fa9126f84412e01c2fd30615c61102992d9
SHA512f4b05ede622037fb58a9a25664609a38b93b57773941785d92d78c03ce9b25ce14be3ae251cd54a54bc0afb287ad2dba78e4ec4db1a4df22e35785f9b6e97758
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331BeginSession.cls_temp
Filesize78B
MD5d523eb8fcda229642ca3f576e2562a2d
SHA1e52e7d22f7a95618eee68ed230a83cf81a66bf18
SHA256cfb8acfe8a1addf7740efe6541bd08b73afbce03ede4e29b93f75bc0cada2437
SHA5125c9142bdcad425db8ea9d786385a634296c45021eda025ac32ace4a5e2955474ecb788c719e2d89f3182855f28872a7c39d1464a3d9d71e82b59238dab3002cd
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionApp.cls_temp
Filesize103B
MD5309f046ffd61f8362b69a4e1e786039d
SHA19716566eac350d6104ef0c7b8bbefb9e366981cc
SHA25665e3e71b679c7cf0249bf5d13f4d8ff0b3142a414faa1b99b800bc4f7cdff6c4
SHA51221cbfe9d650b21dd0538cfe818f7162e286389ad907e73ceccbf5f7c4a55cdba8b4cba81730929b45e02fd638a936a01719581a9fcd0ac246a02ab2dc817760d
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionDevice.cls_temp
Filesize88B
MD5109c0893179e4534e4a15c802896b991
SHA17928002b83d3b0c2599fa59ba964940fad78d0ba
SHA256474426810d5d5d6b36629582d784d7875f4235eeff21d3c461a26ebf0a12f364
SHA512bea4eaa6a055a6cfd76081bffc404c2ba7c1fa565fa49dd4e60e2a59dfe7ad3f5224caaa6c2df214ea36f153c7150120ef26dfb77084d50791450dffb2929b6e
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331user.meta
Filesize28B
MD52e24f7e64aa1ff176b3d0bbf66b47972
SHA1d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA2562eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC1680233-0001-109B-4F4ECB695331user.meta
Filesize46B
MD569de0fbc5ecc151462b35f5c0795f4a7
SHA1871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA2569c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC1680233-0001-109B-4F4ECB695331.temp
Filesize87B
MD594dbd2b8735af74cd18126ae8fa5a56d
SHA1ec647e516239a79666eae1e6757a3a3a7b41d379
SHA2561de61a15bb1c3ab5beee1f000e8f2c1502ef0d064e8019c187fbce0e098b2479
SHA512b0709f96391f8a569f9f383db918b7dda9be121714c8cbcab0e916be04c8cfd0aae5a63cff38b7e73ae903ca07a8fa9c84ea29959f15dfe894fc5cb8e07d4323
-
Filesize
409B
MD514e72c18b20f6bd94b494eeb929b9098
SHA1d91161a21953623f1dfca01e58e0332bc5a67cca
SHA256f4e3e730d9df337308603a25815d41728c1a91330f5524b391499d21195e4fa2
SHA5120c4ca6bc9807d409bb19d03d5e9cbddb7ce6fa157b0c31dacf0b52c643bbd87859a7e5bb41a2ebf81b6e28e43fc8dee9bb29042d017816ad0fe8ee0dc4686229
-
Filesize
1KB
MD583833197638eb634e4f02bb5cf721187
SHA1cd662fac2d34853fb661b5d1c3980b710c6d3b85
SHA256406140bed03c75372b53b4da33af16cbdad28e669d8f1efa3f7a81d0fc30f65f
SHA5128f654165db90e5c88bb3f27b5d2a35e39f6570118297b80082714b7f56912a96d01c3726e31ef7de014600ad5e2837c4f645fee4311d522bf908c7d2e8cf3f9b
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_3a43271c-7acb-4a6c-893f-eccf69fdc7ed_1734328692742.tap
Filesize415B
MD5692cd7d03d0795185fd882d9c568f408
SHA12b16d77a08a20d9307688be2908c8f218202238d
SHA256fb438a6505a57625a12c1614ec92078b2153a18048f0a53316c915db2c0ac9e2
SHA5129171225b39fd2addafaa10e8f5c26ebabbbaca6245e93a940345465d4dd7a375f57f520144ad4d63bc875b57d98cdf96ddc401abe4beb92820f65c81680b5a42
-
/data/data/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6a403f87-bfea-4f4e-892c-beca2a74b178_1734328681192.tap
Filesize334B
MD5b7e366798f05643e873177abd1d8baeb
SHA1f2464c0f839a24f1f08afcb9a3896c49d1df9414
SHA2568431cdecbcb9bef757a1a9c9b8c66a34d98e069903ecd2aeac454c93e8118699
SHA5128247311a4e2f4cbd1be5f7a8b5ebf9e0162495bc1c7b960632e6d916a876a65f68e8c75e1eb656f4ecbbe44f46ec3b7bbc5b7bb0c4ee602d0fd4f75178824817
-
Filesize
46B
MD53edcb1ff1701d413bf9cdefc93050c40
SHA1726db74232be916db6b835fc797b85a4aba73156
SHA256fbda8f4e86ceeaa3efc0bb865406c360dae3047234846dc92c8658b05c1c38c9
SHA5122503958822437158d08bfce6ac46a4bc2c088a49891bca2dab1426192a7af481d8f6cad2a7f10180a90b580e661db8f742c107271e6d36415af0689cf70fea44
-
Filesize
59B
MD5de9614b03a837fe41c10bbb8db77e6c8
SHA1f671ffa397eab6d97e0495f2a2956bf140d71201
SHA25664ca8cb870b20de3e26ff7e0ecbcf618832c341250ab7af2c39bf0fa9b2a8dbb
SHA51255386f7d6e7201cd6602132bb6062c4661b00d2d5f5de7180726c0d34dc65bd0f23d6835a8955db3ac0332f0b9a0bd6909acca37ed800ad8723bb17e622a303a
-
Filesize
74B
MD5e464a6791eb2232bd71f5df5fab89732
SHA1f43b37c401c7e17dfa05085ae2fca90de633cfa0
SHA25670124c63960bfce2b7ec2df489cf4b3bf456f6daa752f7ae1a72bd9e9d4abcb1
SHA512c42ac2e5824e474bb0089e62fa756a86e038004e22f9ea747c52640a931d42578620401e84e1cef45a4d0f451fc42077e996eff27590f014d32cc777f65c9dde
-
Filesize
55B
MD5f3875ae4022386fae3e5a9ac25b89b96
SHA135bc70682e1f7afa70c168943dc0133ca26ad1a7
SHA2560704ea23802f7d207d24b6f39deb6401eb201a6bf32408ca048fa2f9142ac55b
SHA5121a5a773551dd841dbb86fddd68be5c472a7f0d20f172ce059eba7298c73caed8ce6a8e7855a843ec8a8c08efba4025cd0e91380ada8fc805fe827d9503cdbff3
-
Filesize
48B
MD5238615ceb670f9558b1dbe354843a7cd
SHA1120bc529ef50e98a6b5ba62e21c8aad57ab48772
SHA256622d43a1ffa37fe9b1d57fa4f47a0f850e856258969325fe79218062d291a1ca
SHA512f2b60df0fc32b243d26a7d27d6dd7e8171a13419d9ad9dc9d139c7095c301b7922dba86246b52c95ce06cf4f2a61ca23ec5f710161e9589655e7fda6d142f970
-
Filesize
51B
MD5ef04559fdda3f8d27aa715aba790ed3b
SHA145486adf938aa5f22dfd31e6d6f98b7f1dbc5448
SHA256900db01a3b1b4cf74103a589a567671df1cef3740e2b7f22301fe2e956bc7f27
SHA5128f6d31b0a38976c581cedb6dfcd93a4a527a3539764e91fff153e78642e927d3c118ff399bd70b19ed695034db0c82735cb4ee4e5c6d9425a3acf2806c0e71a9
-
Filesize
622B
MD50f275ce88074e5e1821802741007e33a
SHA139f0df6b68cce7a974aa0a83951a4b732cf6d8d7
SHA2561c2597a39c6343ae7585fd4466bc6efa03820e2941cdf826207e1584dc60fc49
SHA51237a4f428c704f1c39978a7c2fb60fea764a33df802feea69242f708277ce232b77809c1c7d9a987889bad291e4a4e23aa29a2d2fb0b6e8bf35b4c77f2cf3e1cc
-
Filesize
3KB
MD5e59e078f4edb500e9805ec0a8575bf12
SHA1c6b39ce01a59176a3fc4423ae0a4112b297df9fe
SHA25615b3cddcddad74dd5e28527594d36c2900a67e9c91e9dc3a0682edf1dbfa0791
SHA5127054c4ea8b96823da1ab408ff0c19f4ec43d3e51cac457c7f7a4f1852f3f9d4ee460016c08661ad1695264c17d2961c7159f94638e5a51d49b2312b0ac139d03