Analysis
-
max time kernel
179s -
max time network
182s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
20-05-2024 17:36
Static task
static1
Behavioral task
behavioral1
Sample
6057c23c1a28a8e0111bc472b542b042_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6057c23c1a28a8e0111bc472b542b042_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6057c23c1a28a8e0111bc472b542b042_JaffaCakes118.apk
-
Size
637KB
-
MD5
6057c23c1a28a8e0111bc472b542b042
-
SHA1
a79b3d0ad77085cb45dd7684e820daa614acf9c0
-
SHA256
14e4e6112ade7224ac5fcf612a536601db5b24ea87c97a753175c44e9b8e9560
-
SHA512
158f4e6b93487ee1fc6612f97d77758974d3f7bd73746c9728af6c25a40220677dbcfeef8413c5dcdb168ee69d2afd5aba7a65f87be621855d675c399c598940
-
SSDEEP
12288:TI4L4oQI8Y0FotaKIUtrbMDp3zE1aaTJE5+/u9cejETeFxNM2f94vvQe6ERylT4O:+oL0otaYtXMDp3o1aKJY+/ufEWrMwiyh
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.zpba.malp.slgacom.zpba.malp.slga:daemonioc pid process /data/user/0/com.zpba.malp.slga/app_mjf/dz.jar 4612 com.zpba.malp.slga /data/user/0/com.zpba.malp.slga/app_mjf/dz.jar 4688 com.zpba.malp.slga:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.zpba.malp.slgadescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.zpba.malp.slga -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.zpba.malp.slgadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.zpba.malp.slga -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.zpba.malp.slgadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zpba.malp.slga -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.zpba.malp.slgadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zpba.malp.slga -
Reads information about phone network operator. 1 TTPs
Processes
-
com.zpba.malp.slga1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.zpba.malp.slga:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.zpba.malp.slga/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.zpba.malp.slga/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.zpba.malp.slga/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.zpba.malp.slga/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.zpba.malp.slga/databases/lezzd-journalFilesize
8KB
MD59fc7422382d60305ec892c94216795ed
SHA1ed8bf538e470f1b799be1f40ec92057c7d857a13
SHA2565ffb9fccf1a1c6b8f094a3180700150a9830305118a348187620ad8de7fdf098
SHA5125205fb9426f6aa14e76a5f08fb9ce8cf259a9f11eb97803c4eb8e4da99543e9b4154db865c25078e4cab1ff2294215d196ba0dd46eb687d87f9ddd06865e23b5
-
/data/user/0/com.zpba.malp.slga/databases/lezzd-journalFilesize
8KB
MD5d9281a8638843e11d357bd7fa26f5b8a
SHA139af69952fcb2f0c7cece431973c48a27ead1d98
SHA256b9a515601e9cdcb53d3376394de51513d5ced04a0b42a4f52ad45880bda875f0
SHA5124a4cd89e04b0b0f7ec3e077ce9fe879ff2780b939ed8641a9091b79ae7926bf5be8ad10bd4afb76352174890567c7117ff3af2b11f9ead05181b02818030b511
-
/data/user/0/com.zpba.malp.slga/databases/lezzd-journalFilesize
8KB
MD5b82eb690376535fa4cbc285ad73d665d
SHA140dee1fa47ea4a585fa52c4b4d1d299d0961fd46
SHA2560cf27ca88b0abe8c489a8641b25403fcb0151d61bf1555b3a0c97e54ca705a49
SHA512d6fedde2f40635b927e37e7298c47c38e40b58a2135b16ddde7a1c3c908064bd880116308ab98493a5863f56652bdf1e7e62bcbe3f749c04a050b6f1f6d44491
-
/data/user/0/com.zpba.malp.slga/databases/lezzd-journalFilesize
512B
MD53c490f70d16613d78cf00c861f9131e9
SHA132140690cd2d069aed274e640b8b79865fd6e542
SHA256f9360037d8d8fbdcf734d798c58ea35afce7483d2b2282a1eea27b3bb6148511
SHA512362adbe1606f487db40fbfdf88ec4f6caa3be9ed17c17e8ef6e170a73e1d05df0a2718856420e8d59bb5d2544a6d449218b8dc36fc26dd1927c497888a3263c6
-
/data/user/0/com.zpba.malp.slga/databases/lezzd-journalFilesize
8KB
MD5b56dd98e8f086e6ea601aace071befac
SHA15b33c2aef5c2abfd1b82e7bd9ec4ce48b410f7da
SHA256cfaa25bcc0e713cef7daa37a4ffd7b8450ea1eb18be4eb6f489604ec5749b7a2
SHA512c501f502408886ee127b88a4c38d9c6bb0e7be4ebc045e23f6fbb0bc6826388bdd242ce69e9e47c4e7feb173f5e9facc72bf83e34a20de40436c283811eaa2b2
-
/data/user/0/com.zpba.malp.slga/databases/lezzd-journalFilesize
4KB
MD56e1aefd1a038d11ac9dee5a674577b7a
SHA1bf7e6d0e2300a402a2486b23b2f430bfdbea5a9e
SHA256fe944ba0e50267940b5b568be4df1bc730340b1c1b693fb2510dbf836682ddb0
SHA51258dc32a689057820957ae29af99a89377e899f9e0d5377b5b6b0edd94c68a293141a98a8daee9186d6f08163e56c472723c872921d5582735f3a55fbe47e383c
-
/data/user/0/com.zpba.malp.slga/files/.imprintFilesize
951B
MD521f09b24c249f4b3981c35735277d54f
SHA198da49cd3387184e589bd79d71f3bc50b63f9373
SHA25649d6d7b06a6de25f0abc59f171ba14e6738c1102b94c08827575a12ed2681c6d
SHA51291263ca51b0caec6823c340cab814a6dc5badf14a2b894d1b93c8847069f1d759bd4bc3c6aec57e3ad258df73c4e1444af0e02b24f277115d488b764f997ce8b
-
/data/user/0/com.zpba.malp.slga/files/.um/um_cache_1716226653172.envFilesize
652B
MD55ee5e9cb38de5d8569b961aa99ebd462
SHA1952fe51b576d37e5fbd9e0f5e91d933796b76be4
SHA256912f84f2276fdb05efa5a4b9d804413bd47f464bbdfd586025f01af18faeb4fb
SHA5129f05968b12a575130e1fc2fcf730b0511b2be7484cbfbf62e265bed9be6e407499bc601228092ce9a41a9ec9a06a46e6b93171ebf208ebfb29588dffda7d0ccf
-
/data/user/0/com.zpba.malp.slga/files/.um/um_cache_1716226764778.envFilesize
1KB
MD5cfb9c81c47299fa594e0744d31737a37
SHA1814ce470ccf9c8489f47ca741febb6672c923f7a
SHA256e9c220df7c71d5d9f84758c6ad36edae49be17955723d4febc2dc22f79064999
SHA512c3ec5fee418ba9ded1f24db2d9221dea0feda05d447689925c3f40ead37970ec35d2ecb54884161ad1a1e9899f248a0570928fb174aed62da03b0514b569d7f6
-
/data/user/0/com.zpba.malp.slga/files/.umeng/exchangeIdentity.jsonFilesize
204B
MD550f85aa2a86fc1f6a73cb8bc118ae67f
SHA1abac889d44abab4d5164bb3a2873af904b76e7a5
SHA256d057410065d25573805c853e4388b9e5f48f3c7140c5ca495773435c0b4a8a68
SHA5129fde45a777301e148b45357ce6a7ddf57a495ccda3acb35e45c3a09686fbf07b8a0847ba36a42c426aa62498ed519e2d95abea44d5d11bc51844dbdc15b2733c
-
/data/user/0/com.zpba.malp.slga/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5034e5caffd7e954293c0ae07d9160c84
SHA149cff7d20c0bba04328e841d636210e0da1ebb3b
SHA256346f842991b4ca987f75ef25f3f25837cb8f8ed2a99cdcc9bea4cc6772cfbed1
SHA512657d6c33a3c2e8325cbdf51566f647b596b74979844217842b6beae3c7dbd38b2db779b39ad0397a6e9b17af0f1355c8f978877ef434571503c55cf7e6ad986b
-
/data/user/0/com.zpba.malp.slga/files/mobclick_agent_cached_com.zpba.malp.slga1Filesize
1KB
MD5491ec3a5648cc7afbcd07f8840e8b26f
SHA1997e9965508c2a4fff4225c59b49226da0bab020
SHA25676be5405f80a7831c634250f73fc474a13fa0eb2054d94e9838e2f38ffe39f9b
SHA512abe9c61ac0b520f0099712eca4d708ae2702ecbba7f0276f617c6f4390f401bcaaf20550908ad6eee4f55c77e3ea0ef93f9935755d869522598621f9bdefb62c
-
/data/user/0/com.zpba.malp.slga/files/umeng_it.cacheFilesize
352B
MD5bf762d06af882950782af228a26a6492
SHA110ffd9e3d7140c78c033546c164c22770f3ec350
SHA256fc02a884bf4cd534b83f8b24894a43775fdbc45e39b4bde19cfe0b77ae63cd17
SHA5120d012466e979cd20e8a5d3bfb90edd5c35f5a7745a8be4ee861431b4e23fab8dfcedee171c306f61e61037f55f748cee1cefa43d7be2f387be87db001a3c5598