Analysis
-
max time kernel
135s -
max time network
144s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
16-12-2024 05:57
Behavioral task
behavioral1
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
f7a01a72056b791898c75c6de13a15c6_JaffaCakes118.apk
-
Size
13.6MB
-
MD5
f7a01a72056b791898c75c6de13a15c6
-
SHA1
9d901ec639f2a83899e3b1f60acd149ccba02387
-
SHA256
93ca4d53d68b38627ce7c629f189d500ebe5f43240ae9a4cd1b1c02c68990359
-
SHA512
03074bc31e599b7220577036f099908ed31642bf3bd9497e7b72934499279f394dc57ef9b68d62b053d84d4a833812bf061812c29739692760cc4cee16a491b9
-
SSDEEP
393216:OM/M1aZ85fVGEAA9SVSEArrHnexhdPWACDIurRo951bw:RMnhA0SZ0i1C8c22
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.andmon /system/xbin/su com.andmon -
pid Process 4441 com.andmon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.andmon -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 26 prog-money.com 29 anmon.name -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.andmon -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.andmon -
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.andmon -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.andmon -
Checks the presence of a debugger
-
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.andmon
Processes
-
com.andmon1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Tries to add a device administrator.
- Checks memory information
PID:4441
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5d89b97c875ff081652b3b9428f001eaa
SHA14ebf43d141d6b4438a022498b926a5988598fcc2
SHA256c53b2f113103ed317647eebcf65a5e921d5537f66c9f42b48790eeb804c06447
SHA5124e9b232878cb8b27f89f4f11cb8aeff3d87f9875bc9bc05d3658d1105705a5ce512471240df91327eb64f10c96da1e9f23579fcc5b81b7bbe5e9e54a5ca5f385
-
Filesize
20KB
MD5dad5d1eb3fa8ffb777a3d862a67a1a52
SHA10d1fbf27ede5166c7b3fbc63d12f3f390ecbc800
SHA25607f241f53ad04379da93e2d95ad4bb8f99d220ff6c7e24f99de35ab86258b3c6
SHA512acde845157bbfb7ee649ba1a4d3ac688cd2a96dc1951a21dcbe6a484cf6fa319f345f611bf74f00be1ecfd49d0baef4dc12b294e6967943ff98912ad4045eb47
-
Filesize
132KB
MD579e890ec06309e1e66b79189789651e9
SHA125fe4e4576d5579398957152930cdc4cb12b6d07
SHA256f043b5e84b8077e369b7b6c49cf9b899c1f2d30533d700a31a42694a42910790
SHA5129d2d55b4c4e7a0c940a3fc7cd2c6f99a86da40ea8bb8d5cbbed813c806533b5e279e727d65b7b03973374f22ba1e7c75b78344df50283338e6ada60f51ef3393
-
Filesize
512B
MD52eb6658d0f8cbe101a0fbf05165bf8f4
SHA148c9c1a840f71014e56d473c05b7ae63d308d476
SHA256eb201d607d52d372b72ac90e71463f59772228a5db3672d9c45b87e6c9e000f3
SHA512be5b676d29397db606a33a9f93c89ee2c539e70581aa69746ca4898a9f70dce9660fccbb4c2ce0b439a907f5832b63b3081fa2f938cca6fabb6f4ce36dbfda5c
-
Filesize
8KB
MD5cb2276501645da5bb2492b55a428da3d
SHA1d7261a3d925a1676f6427322942c95652c7bf540
SHA256c80b2f01fd9ce6bc95a7a637bf39d2b3e5abde9231c9e3de03899003b9c3d755
SHA512aa8ebb7cc8d687fe65339ce012c01293beafc25c653391af9f75fa07cc8e643963815527ce677e7d82b486752f8dae9c5b78a61716795202987b9b07149c7b0e
-
Filesize
4KB
MD57cd436ca3c20d8c455540174894447bc
SHA10d381024b99f21fecc119834f6bdd427022f2db5
SHA2567015536a7cd26a86657e927fb7dabdf05d3b149f984f1b1011cee2fd976c5277
SHA512a1ab1f1c70463a4b562fd0321ef83c322644ab4ca058f54f57283fe1eee3937f2c5a0dc99be33f7401382c27b666ab65d36c47fad0a669790adda255a46d4de7
-
Filesize
8KB
MD59887bd61c5e283b5e1c11d4a748cda13
SHA12305346869afd757cbb2b4fdb943b5d17b04d8d8
SHA256a7faf17622a51fceb631788fbb37b0ac646788641f42c0eafad138a2920ee6e0
SHA512e659ccd31269ce99262a9ed4df7051b5b3845000de55deb48e4f9d30da441fc52d11d8c82d2cd0b7a115a81acc7df2a6bab780733026905408a720512d49e7f5
-
Filesize
8KB
MD539059059297019ec7b519e0ed414e96c
SHA1037a3595adf60829b0c844b536e2d2db44ac6551
SHA256ea0a5583b3964dd28224e9166d6d9a93fe7612535aa27d61106de0bebdd106a7
SHA512e618431abe3cae39753fd0512e4c2d62b69c0a5807effe1372f7d893650edfa0feb8bdd3256cd1963edcdeedb8d196328e1bf51a9160f57252c4821b2fd9d5e1
-
Filesize
24KB
MD506223cc01434ac468acceed1e2955085
SHA1a49fdd47c2f3e7db17204cc7380df7a0c70840a6
SHA256034bdfb5b4cb9ddf466f2c46cfffc5c0b769516f65eb2b278e35ac3e3c3d5198
SHA512a1f9f76bc67bda1b4f1ffd9656469490cea22cafed5ea6811e26821fedf47c5da8ceda70da1149b90c614511ea42711b7f26c62e2d48ad129a8fcdf5422a688a
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4BeginSession.cls_temp
Filesize78B
MD599e0188b08cc99af5add193f7409f599
SHA1b363819fe5d1e6de8861576722ff2f19c51ffaaa
SHA256be0da73e5fd423458fdd6cccf7b0d451802a71f234f327b1c6fddccb8957a4ef
SHA5125e118dfd035b9ea2c5d03c4c3c654da352159f0a3696bd7342b674c3eeed41823a36d523dab220e0248de8c0da7674077b39c587f5be7b0877ace1596fd24310
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4SessionApp.cls_temp
Filesize103B
MD5e8ddc3ff39f7c3caf704b1767d7bbdee
SHA16c1208ee75571f6e5463161fcb8a8c68a2c008d6
SHA2568cc6a8655b5994039c00a11c7a54c31fc17dc2f42684e4f5ed988b9ece9be05c
SHA5128a07823eb28534871840115486dc903d3ff13ee684d1fb64e861414c808b203306667528ba15d1b48aa7498617b64f1b9f56b4481291021a0450b4d6c8e8df3b
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4SessionDevice.cls_temp
Filesize88B
MD52824869e2b48847ee06aa112458a4c18
SHA162ac324365ca456ba4e5308a446b3a95a30d2aa6
SHA2561e6829928e284cc18fd68989ae7a5a2a67970dc2c79cbb94e49263dbbc5621be
SHA5127028d0b43fb51081ac279a3846ae5a589d97657e403dacb0514ecf08dcd2b38c573c50b6b845fa67fdef7027bda6445011f0c6c7d3de8a8005ff7becff5c74aa
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4SessionOS.cls_temp
Filesize15B
MD5b3d9541cc92a9153d14e5160f8d8c008
SHA12e1ac80eb381dd82a03795b682f92020348c0113
SHA2561ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA51278074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4user.meta
Filesize29B
MD5f5454a0160dd1c70ae6ca4b5eca84966
SHA14649dc7548bf4e3b473edb8faf645bd7fd1d12fa
SHA2564ab1a2641b9a60d3b60308e63592b192a71be9d10ad793158ec43131a7c7ee40
SHA512de8e9c47fb0c4d2e913bdf719bcefcebeff26aca3e79da3dc2acdf73a00c85c130487f2ef181605562ba6cf69d88206c9c0f592bb4ccfd695262c01239b664f3
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/675FC16A0326-0001-1159-53C3D46B5BB4user.meta
Filesize47B
MD571f360ddb4cfd7eefc8d66ad9ab29dc3
SHA12b476760bed51444e0182807942e6c0b516d8e4d
SHA2565eb4961a3f79e653013019b4c2f61a65ae930c33f51733f127b7355a51a13e35
SHA512e8b8f692c1fe6a6cd3d6c268bbed983733fbbb822771e2f6b5cb915f26d82a583759905bc30470a6eec71828f7d49b60406a5d5d323556191195cfff48bc5514
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-675FC16A0326-0001-1159-53C3D46B5BB4.temp
Filesize88B
MD594a8fd543847b2a420f59f8b5d2ebd6b
SHA1ef2ca637b4da8354b80baad8031d7e8fa8683666
SHA256d4883d52d151d64b50510b59d6c8ef6f0387554ef03b80c27b56522ba35d150b
SHA51291206201cf0b1f6f2eb314774e7831717351ef4856adb51c66e6150b5af4739a708a61d88d5b71232449d6cbea2489fa4eb401f9a891ccf16ec7a4185756a3d2
-
Filesize
410B
MD52973bf8b96cfe798a27fbc069841bcae
SHA1310cdf5cc1af684adeda3136fb4348da50c75360
SHA2568ed3483b33decfe1d410d6b72fd21b60f1bf03adc2b770c7389b2fcb506e8c3c
SHA51285276686e8b73d1ad8e4ef81c4dc38173fd4ce83c03557d7462bcf8b18350631c09b84e2db940a68c5d2e4a2e6829a51947bb24aac6652c15b962b7dcf05df3e
-
Filesize
1KB
MD547e165a09286769149229bedae898029
SHA1edc649a51cf58af4809a7c63eae567be58ec73fc
SHA256a716a596cdaca1d8aa7294eb1cc4ad6ef91712ffac16fb3dcf2b307d2b66fa5a
SHA512976e0798f736ef5e7f2c5db0b698c5ff83d61f480334fd72f09332fc1462d3cad2e525362895b7780b9c3282eaa32e2f3b5437e415167b4516f18b77800627cd
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_a69ecaac-cede-414c-8dfb-66d1c1b26cd6_1734328694643.tap
Filesize416B
MD5a24a02cd338abb6f0765f5a01d13c68b
SHA14df1050238ca56253ecb6bb0507e37a1cd74be86
SHA25664564a110bfa73c11316ac57ead377746dd1a9c21c3076b000f7f4d7b3834480
SHA512fdf35c9aea423777607de50b6206c4198aa41929ae64b9d987c405f5af0c7e606c975f058d16d163a328d562114e66b9e0f787e1d60a4e70d3fea723f2aa376a
-
/data/user/0/com.andmon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c9df9bc0-45b6-4bee-a84f-9390d93b777e_1734328683355.tap
Filesize334B
MD5fded08a606cd53ffe3308311932766cc
SHA196b8fc6790aaa04a2a94f7b8dad38b00d0e55afe
SHA25632572f5d16cab36f3fc2a60c9145a9faa0855922f7c505838d0a6332db4ed3e4
SHA51223c650e411eb540946384af46ab228842bf9cfb9d1c94aeba6d005c4a9ea110c46766ddffc4a010e99014bd6eeb3785967e214bba309c48da53d31f367a244c4
-
Filesize
46B
MD53d1715a31944cfa9ed4514ef6fc6811f
SHA18c91e97a55d7bd4e04e3a6263cee6f7eb61dcfbc
SHA256bf84e9477b907ddded90ce923c95b4645c93c18974a6f79b0255a42ffc708d18
SHA5129cffde9e66495cb93e968bf059bcca5faef90762d450bb34f74cb582ffc3ee742ab48e44abd7758e7511098dea8f0ef4bf9ceb09208185ff1eb627c4c34ba377
-
Filesize
59B
MD5e3bf390a60d97e4625090c45a56e4352
SHA12f95980788dce8635361358ed9fea92a27f81ff3
SHA25631abc2cca596ebcffd20f168ad55bab43a6de4303f697480c2ea793900871ee4
SHA5128c0607f7eade69d3c031eef9261476585f8c46aebf896a4be9b269f5dcb39f3ec7347b5b345e96eaa91133c9a4f451a1e21eac104782ea4c6ee4ff0877d7eec0
-
Filesize
74B
MD524c8387f52203ad9feb05880a05f00a7
SHA1d6fae80938de0f51f996ced23edaf6af136952ed
SHA2566d5e54d1e5353c712ccda4c8596f523ccce5e63593096d312af2ad1c492ee209
SHA512b7f28673e8a3c6b6a60b2e004fcc08c882de818343a52cd24b5512bf62bad17df56b7474b96dbd7a9f9a817f62354d351922a541cf3e4c7a3dd0cc4546858ed7
-
Filesize
55B
MD53413e1f113aa6d63356c1023f62a838f
SHA1606701b2c24341d603f961192fa5e79825effab5
SHA256923b26363ccc51943416e2a84ec56798819aa10cec3e930761c3abf2002ad30e
SHA5125b3bf928536a9a92c927dd41af700a53ee1f5c2bb919fc694edd57ca86482fcb801f7f69e6f1a42ccb7920977a87f7e8444f9aa911f12cf4f94dcb3fc1cc9cd6
-
Filesize
48B
MD55934325d84114f064a87ea6012af4af0
SHA157349f2e35d1dd40e727ecc464ce985d969f00bb
SHA256ca2142332a533f1969fce44143bffbe4b386bd33b577da0d6d8fdd087fc409fa
SHA512f215072228a4af2138ad60be0dbc885695fd9eab84dbf35bb24d108941f5c8aa55323f971ce489c5c92eb5720044016d559d6379d4586be5c77069c72cfa70d5
-
Filesize
51B
MD55993890ca691f59f550cadad78f99649
SHA195d174c0dd7416b17f73000e9f409bb4f2ff86dc
SHA2568d14ca00ef80414e8c4f60798d801e8273b36ec37ddc8fafbb53533a200950ce
SHA512843d5fe2d0b79d3f1b84b336f227133f58e4798d477445f258f10984a9c7be7adaea4ac4b319eecfe706987cb0fee639f1815cfea27e1b36ecc6c7bfc6251983
-
Filesize
622B
MD5ce7d9ff79fc1664184ad36965f202977
SHA19672a3ea3931fc48d232d64c64c9606c0d2c9ade
SHA2560e37b7bc135b2ad29c09722b45dc8fa4f252538ea316de4140a93c55e410e7d2
SHA51207cb2e67c4fc5be769ea60547a36e0241d28cb3847e71e8e59c6b2ad43edc54001a92446bb4ad4a0dda0ead6e6a5e12e5761d88486fc619202eccd0bbbca0db8
-
Filesize
3KB
MD531d19668567265277d4c0a0a21176d72
SHA1e3278294496631bacff73bfc1b2245379f4e042f
SHA256833865e57a09dbbd18292dae37fe0db016d5df3e580956a27379f313b9403f65
SHA51258d3bac9d350dcfec876ee74f78cf413a1406d52044d09933d01666e77a60d32fe33cbe96223ca97f090a5e34fcfb5e61b751efc04576cf11adaa0c87169bf09