14e4e6112ade7224ac5fcf612a536601db5b24ea87c97a753175c44e9b8e9560

Analysis

max time kernel
179s
max time network
182s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
20-05-2024 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6057c23c1a28a8e0111bc472b542b042_JaffaCakes118.apk
Size

637KB
MD5

6057c23c1a28a8e0111bc472b542b042
SHA1

a79b3d0ad77085cb45dd7684e820daa614acf9c0
SHA256

14e4e6112ade7224ac5fcf612a536601db5b24ea87c97a753175c44e9b8e9560
SHA512

158f4e6b93487ee1fc6612f97d77758974d3f7bd73746c9728af6c25a40220677dbcfeef8413c5dcdb168ee69d2afd5aba7a65f87be621855d675c399c598940
SSDEEP

12288:TI4L4oQI8Y0FotaKIUtrbMDp3zE1aaTJE5+/u9cejETeFxNM2f94vvQe6ERylT4O:+oL0otaYtXMDp3o1aKJY+/ufEWrMwiyh

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.zpba.malp.slga

pid process

4612 com.zpba.malp.slga
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zpba.malp.slga

description ioc process

File opened for read /proc/cpuinfo com.zpba.malp.slga

pid	process
4612	com.zpba.malp.slga

description	ioc	process
File opened for read	/proc/cpuinfo	com.zpba.malp.slga

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.zpba.malp.slgacom.zpba.malp.slga:daemon

ioc	pid	process
/data/user/0/com.zpba.malp.slga/app_mjf/dz.jar	4612	com.zpba.malp.slga
/data/user/0/com.zpba.malp.slga/app_mjf/dz.jar	4688	com.zpba.malp.slga:daemon

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.zpba.malp.slga

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.zpba.malp.slga
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.zpba.malp.slga

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.zpba.malp.slga
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.zpba.malp.slga

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zpba.malp.slga
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.zpba.malp.slga

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zpba.malp.slga
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.zpba.malp.slga

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zpba.malp.slga

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zpba.malp.slga

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zpba.malp.slga

com.zpba.malp.slga
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4612

com.zpba.malp.slga:daemon
1⤵
- Loads dropped Dex/Jar
PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zpba.malp.slga/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.zpba.malp.slga/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.zpba.malp.slga/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd-journal
Filesize
8KB

MD5
9fc7422382d60305ec892c94216795ed

SHA1
ed8bf538e470f1b799be1f40ec92057c7d857a13

SHA256
5ffb9fccf1a1c6b8f094a3180700150a9830305118a348187620ad8de7fdf098

SHA512
5205fb9426f6aa14e76a5f08fb9ce8cf259a9f11eb97803c4eb8e4da99543e9b4154db865c25078e4cab1ff2294215d196ba0dd46eb687d87f9ddd06865e23b5

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd-journal
Filesize
8KB

MD5
d9281a8638843e11d357bd7fa26f5b8a

SHA1
39af69952fcb2f0c7cece431973c48a27ead1d98

SHA256
b9a515601e9cdcb53d3376394de51513d5ced04a0b42a4f52ad45880bda875f0

SHA512
4a4cd89e04b0b0f7ec3e077ce9fe879ff2780b939ed8641a9091b79ae7926bf5be8ad10bd4afb76352174890567c7117ff3af2b11f9ead05181b02818030b511

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd-journal
Filesize
8KB

MD5
b82eb690376535fa4cbc285ad73d665d

SHA1
40dee1fa47ea4a585fa52c4b4d1d299d0961fd46

SHA256
0cf27ca88b0abe8c489a8641b25403fcb0151d61bf1555b3a0c97e54ca705a49

SHA512
d6fedde2f40635b927e37e7298c47c38e40b58a2135b16ddde7a1c3c908064bd880116308ab98493a5863f56652bdf1e7e62bcbe3f749c04a050b6f1f6d44491

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd-journal
Filesize
512B

MD5
3c490f70d16613d78cf00c861f9131e9

SHA1
32140690cd2d069aed274e640b8b79865fd6e542

SHA256
f9360037d8d8fbdcf734d798c58ea35afce7483d2b2282a1eea27b3bb6148511

SHA512
362adbe1606f487db40fbfdf88ec4f6caa3be9ed17c17e8ef6e170a73e1d05df0a2718856420e8d59bb5d2544a6d449218b8dc36fc26dd1927c497888a3263c6

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd-journal
Filesize
8KB

MD5
b56dd98e8f086e6ea601aace071befac

SHA1
5b33c2aef5c2abfd1b82e7bd9ec4ce48b410f7da

SHA256
cfaa25bcc0e713cef7daa37a4ffd7b8450ea1eb18be4eb6f489604ec5749b7a2

SHA512
c501f502408886ee127b88a4c38d9c6bb0e7be4ebc045e23f6fbb0bc6826388bdd242ce69e9e47c4e7feb173f5e9facc72bf83e34a20de40436c283811eaa2b2

Download Submit
/data/user/0/com.zpba.malp.slga/databases/lezzd-journal
Filesize
4KB

MD5
6e1aefd1a038d11ac9dee5a674577b7a

SHA1
bf7e6d0e2300a402a2486b23b2f430bfdbea5a9e

SHA256
fe944ba0e50267940b5b568be4df1bc730340b1c1b693fb2510dbf836682ddb0

SHA512
58dc32a689057820957ae29af99a89377e899f9e0d5377b5b6b0edd94c68a293141a98a8daee9186d6f08163e56c472723c872921d5582735f3a55fbe47e383c

Download Submit
/data/user/0/com.zpba.malp.slga/files/.imprint
Filesize
951B

MD5
21f09b24c249f4b3981c35735277d54f

SHA1
98da49cd3387184e589bd79d71f3bc50b63f9373

SHA256
49d6d7b06a6de25f0abc59f171ba14e6738c1102b94c08827575a12ed2681c6d

SHA512
91263ca51b0caec6823c340cab814a6dc5badf14a2b894d1b93c8847069f1d759bd4bc3c6aec57e3ad258df73c4e1444af0e02b24f277115d488b764f997ce8b

Download Submit
/data/user/0/com.zpba.malp.slga/files/.um/um_cache_1716226653172.env
Filesize
652B

MD5
5ee5e9cb38de5d8569b961aa99ebd462

SHA1
952fe51b576d37e5fbd9e0f5e91d933796b76be4

SHA256
912f84f2276fdb05efa5a4b9d804413bd47f464bbdfd586025f01af18faeb4fb

SHA512
9f05968b12a575130e1fc2fcf730b0511b2be7484cbfbf62e265bed9be6e407499bc601228092ce9a41a9ec9a06a46e6b93171ebf208ebfb29588dffda7d0ccf

Download Submit
/data/user/0/com.zpba.malp.slga/files/.um/um_cache_1716226764778.env
Filesize
1KB

MD5
cfb9c81c47299fa594e0744d31737a37

SHA1
814ce470ccf9c8489f47ca741febb6672c923f7a

SHA256
e9c220df7c71d5d9f84758c6ad36edae49be17955723d4febc2dc22f79064999

SHA512
c3ec5fee418ba9ded1f24db2d9221dea0feda05d447689925c3f40ead37970ec35d2ecb54884161ad1a1e9899f248a0570928fb174aed62da03b0514b569d7f6

Download Submit
/data/user/0/com.zpba.malp.slga/files/.umeng/exchangeIdentity.json
Filesize
204B

MD5
50f85aa2a86fc1f6a73cb8bc118ae67f

SHA1
abac889d44abab4d5164bb3a2873af904b76e7a5

SHA256
d057410065d25573805c853e4388b9e5f48f3c7140c5ca495773435c0b4a8a68

SHA512
9fde45a777301e148b45357ce6a7ddf57a495ccda3acb35e45c3a09686fbf07b8a0847ba36a42c426aa62498ed519e2d95abea44d5d11bc51844dbdc15b2733c

Download Submit
/data/user/0/com.zpba.malp.slga/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
034e5caffd7e954293c0ae07d9160c84

SHA1
49cff7d20c0bba04328e841d636210e0da1ebb3b

SHA256
346f842991b4ca987f75ef25f3f25837cb8f8ed2a99cdcc9bea4cc6772cfbed1

SHA512
657d6c33a3c2e8325cbdf51566f647b596b74979844217842b6beae3c7dbd38b2db779b39ad0397a6e9b17af0f1355c8f978877ef434571503c55cf7e6ad986b

Download Submit
/data/user/0/com.zpba.malp.slga/files/mobclick_agent_cached_com.zpba.malp.slga1
Filesize
1KB

MD5
491ec3a5648cc7afbcd07f8840e8b26f

SHA1
997e9965508c2a4fff4225c59b49226da0bab020

SHA256
76be5405f80a7831c634250f73fc474a13fa0eb2054d94e9838e2f38ffe39f9b

SHA512
abe9c61ac0b520f0099712eca4d708ae2702ecbba7f0276f617c6f4390f401bcaaf20550908ad6eee4f55c77e3ea0ef93f9935755d869522598621f9bdefb62c

Download Submit
/data/user/0/com.zpba.malp.slga/files/umeng_it.cache
Filesize
352B

MD5
bf762d06af882950782af228a26a6492

SHA1
10ffd9e3d7140c78c033546c164c22770f3ec350

SHA256
fc02a884bf4cd534b83f8b24894a43775fdbc45e39b4bde19cfe0b77ae63cd17

SHA512
0d012466e979cd20e8a5d3bfb90edd5c35f5a7745a8be4ee861431b4e23fab8dfcedee171c306f61e61037f55f748cee1cefa43d7be2f387be87db001a3c5598

Download Submit