9fb9892ce36cdb74bacbed245a29771e3195894e37672f21176435ca001e4e97

Analysis

max time kernel
179s
max time network
179s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
20-05-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

611cce73a21b3ef5079548fc40be1179_JaffaCakes118.apk
Size

1.3MB
MD5

611cce73a21b3ef5079548fc40be1179
SHA1

c5d97482ae73f4154309760b7a0eb8966823ee72
SHA256

9fb9892ce36cdb74bacbed245a29771e3195894e37672f21176435ca001e4e97
SHA512

9ae08fcf8ce396f4137c261462477b33b29dee0d14d95ea7d7f97b6e1c7d6da7fbe0901212e6326b541dad59803f6e4902eadcc98edf2f34c5687812a64d9e7a
SSDEEP

24576:CQXoL0otaYtXMwCnEOn8wB7PvQ6jDo+5kjx43q/13tdHbZKm51Ob83K:eQ7YtfCnEQfB7PvQ6jP2jx43q/1XHNKR

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.jkop.cmdn.fqgz

pid process

4617 com.jkop.cmdn.fqgz
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.jkop.cmdn.fqgz

description ioc process

File opened for read /proc/cpuinfo com.jkop.cmdn.fqgz

pid	process
4617	com.jkop.cmdn.fqgz

description	ioc	process
File opened for read	/proc/cpuinfo	com.jkop.cmdn.fqgz

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.jkop.cmdn.fqgzcom.jkop.cmdn.fqgz:daemon

ioc	pid	process
/data/user/0/com.jkop.cmdn.fqgz/app_mjf/dz.jar	4617	com.jkop.cmdn.fqgz
/data/user/0/com.jkop.cmdn.fqgz/app_mjf/dz.jar	4682	com.jkop.cmdn.fqgz:daemon

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.jkop.cmdn.fqgz

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.jkop.cmdn.fqgz
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.jkop.cmdn.fqgz

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.jkop.cmdn.fqgz
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.jkop.cmdn.fqgz

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jkop.cmdn.fqgz
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.jkop.cmdn.fqgz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jkop.cmdn.fqgz
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.jkop.cmdn.fqgz

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jkop.cmdn.fqgz

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jkop.cmdn.fqgz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jkop.cmdn.fqgz

com.jkop.cmdn.fqgz
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4617

com.jkop.cmdn.fqgz:daemon
1⤵
- Loads dropped Dex/Jar
PID:4682

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jkop.cmdn.fqgz/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd-journal
Filesize
8KB

MD5
1480e60f2c702b160cb8fb87af9df9ea

SHA1
49dc42c97fe81c6c27ac9e5a59457fb0a632e5c8

SHA256
031f0b0d7042a2de03c607eedbc5669f29d4879d70079daa81dc44940402732b

SHA512
9be3d7e1d5f57562b87f950a46267c3bff4ff03cae21de0bb116a4ca5ad817efa3f6613ec4614fad0915a376bd535b01bc33fd18a9a0f03cc3b245cf508e6db1

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd-journal
Filesize
512B

MD5
1d4b8bd8ed35986940e0c07ff39b2f3b

SHA1
aaafeee5989bfb3b5ac5cc5cc757889746b9e513

SHA256
80e2395e88e0ffd0b8482f659de5955bc74605cd20f97ea242e04cbaa96fa6e0

SHA512
d84c92bc4b2d338c72e76a5ae2520cc7b8aa18e86bb79d6dcc7f8174acf37695f61ad68e7ab28a29211cf03d28522a21601e5f992400378c4844c78d5fa114d1

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd-journal
Filesize
8KB

MD5
d283d4ec81cabe2d356ef8aa79ed8b0c

SHA1
0cbe872d9ae5fba14d538368cd3b88e01fb12bf5

SHA256
241dd4a0c1c45df41c06df46835f7872a4a7131c5c33d2e7aee58f6914a4e82c

SHA512
435a36dd9cbe8735ea19e15bf188983bf4db6716d2b40f1e785360bc56cd34ebacc2ed70c06b9eb3925c3e443eef79ca3ab9f715fc87a08db9b457ef95649e7c

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd-journal
Filesize
4KB

MD5
32140630146c413aa6f71589cb051ee8

SHA1
2748fb960c66e8b9bae4913ead54b4ffa67060b2

SHA256
5eecb815eed4fcb67091b7553c285482f7a8f313ea62a1ccc5ea5a584d65d11c

SHA512
7e130a8d91d93ad469f923c0da4589042ab82a11b6fd564cea317e59e1c721e800129cd6538813d2fc8a28a7c1cddba56a3fdd11b2cbd08931fa85f06867ddf8

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd-journal
Filesize
8KB

MD5
101e8e9474dc17fa65c72b835ced85bd

SHA1
b453c3d5e24b38c1cdf483add05c5930d84b9588

SHA256
ea2d345c708d2776fa1ac3139e2a58af99fd848643ea5c84a9ff527601580ab0

SHA512
d94d6af864cd49f7b89212cde270984c6c0a03aa8fd4dfbd284130ec0dc836bb2e2a50b8ef4fdc7cc74e68e9c651b6d0cc33baab14c22db74c54f12a6eb6b465

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/databases/lezzd-journal
Filesize
8KB

MD5
096dca31abf9067ffac3c5d2b664da81

SHA1
4f625240117d677388d47526d01934b59ae5b794

SHA256
bd2b7e6c77da5a9e90712d92f287453460bde845e13c3a3b78e47ba390fd9c16

SHA512
240287713c2531560ee87df9cd4d082113195ee6514bb1b6560537c7140e2d2f9fc31a38e44a47bb6b68589bbaa33ec576589a068b40486fc269518c8b9e733b

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/files/.um/um_cache_1716243993902.env
Filesize
655B

MD5
e797d481cdad30acfb8bcf8d55370ee1

SHA1
688bc2022bf8db5c377625f0067a2a665bb13017

SHA256
fc1ea86aaddfb1f13b0bfbd8072246c68ed8afece660e01f7dea17c3088c3c82

SHA512
395e34083f62fd0620f19924bdd873a082c7a2093f72e337f255b5f74696cf53251464f22653ddef9ca08b4771758c062886100eeff0d788dd40e3607e648814

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
7cc6d479cfc89f384bc00f1d809b8378

SHA1
baee6f8eba95619026710a75132170b09d3839ef

SHA256
b243f5aa4d47ffb3450b66befa155d9acd9327f51e4d8b41e49973b367deeb5d

SHA512
8b1cab2c2d2a66c87d298e9930e87d2da065b257061021c477e738b98818a3724ad9aaeaccae391cec244047e129cf32d78c234513bc799f4af0d45b86663522

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/files/mobclick_agent_cached_com.jkop.cmdn.fqgz1
Filesize
794B

MD5
7733ab5b2750a4fe6932efcfdaf49819

SHA1
931f785766e6815daee662fc1baea2f3be95d3ec

SHA256
f420ae695c5e0355aefce4d8ddb1f86212f7700bc6a03841165607f5cdd2dd79

SHA512
baed9eea5dff57bdcc6a1b10a4646e0a2e0e92a77ad4668af5cc7e7c0960e0fc75edcd1dc5ea6f3ade694c19bdf485fdb3b874504fe222a473aef7904e5511c8

Download Submit
/data/user/0/com.jkop.cmdn.fqgz/files/umeng_it.cache
Filesize
350B

MD5
67f393ec338d6ef181ea1c32507ee35e

SHA1
84c65ea1b404f144e461092226c9037af6cd52ea

SHA256
28ffb2589e54ef60273b48e09ab4f35c8fd134b9f160332f5dc0547a2b69446a

SHA512
4e8190d967749ceee979951cd612e3bb074b511a4e6f8b98ff676262caf78f76b2abd67dbda91e401253fc60f8b7ef9f6b613071e010fc23d681c9dcdecc00e9

Download Submit