Overview

overview

8

Static

static

6

6c8c5ee755...18.apk

android-9-x86

8

monkey.apk

android-9-x86

8

monkey.apk

android-10-x64

8

monkey.apk

android-11-x64

8

gdtad.apk

android-9-x86

gdtad.apk

android-10-x64

gdtad.apk

android-11-x64

Analysis

  • max time kernel
    179s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c8c5ee755b8c13adde612c32c5483fd_JaffaCakes118.apk

  • Size

    1.8MB

  • MD5

    6c8c5ee755b8c13adde612c32c5483fd

  • SHA1

    da914950b7882c9b0503d75eec3e8fee807d7a86

  • SHA256

    ccc1f3b420bf31873185ae52a0404e8b8c0416fcf170a0bbe7531f77e8a637c0

  • SHA512

    a632eb3385f031b5b2f90aa6514d3729d5e28bd92c0aff14d7f7ee88db1a77b3fc7bb2bba1778e8e318996e879617a192e656a0e5c0d81747011403ab234f97f

  • SSDEEP

    49152:9u0Gtim4MuvOtBhrBSk+sLB0GtX0rmdgOavqGm1Q31B:90imFuvYBb+sL5krq/7E1B

Score
8/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests dangerous framework permissions 3 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • sniss.esfd.trvpd
    1⤵
    • Makes use of the framework's Accessibility service
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4259

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sniss.esfd.trvpd/app_ariqe/classes.jar
    Filesize

    70KB

    MD5

    d9c5bcd8c6a7f570faafd30c061e52e2

    SHA1

    104d861968bb4e2d4a1c6168edeb43ac83b57fde

    SHA256

    8e6ccaa25db68ccff78aa94a9dbb30693d446e8f80d2dd33f0f11a531b903713

    SHA512

    91e57402fc0cb8d8093c65356c818bf7d0dc7ec6d35fdef404b0e69844f6fe5b8280d5c388880d44cb2cf168d4708a3efcbb33e57fa6dc85eba2e411e3087014

    Download Submit
  • /data/data/sniss.esfd.trvpd/app_ariqe/oat/classes.jar.cur.prof
    Filesize

    241B

    MD5

    5deb60c646836268e0ab87d673496998

    SHA1

    9f3ff6f70555b6daf82d1bd1cbdd51527f4f5782

    SHA256

    aa8bd1d3b9c0d11c8b505e3c0c29651b66de67f19297ecd0109817b06092d599

    SHA512

    cc35b8971402c63fa81b4ac693993cc3f7b40bf5e1e9d4e483295775211f2a7eb8985652f4585e6476eabff1011f69560d82dba6913378c3da3b9fb6d1b854c2

    Download Submit
  • /data/data/sniss.esfd.trvpd/app_bin/daemon
    Filesize

    13KB

    MD5

    826396608fe8f50d57c82682dbc5699f

    SHA1

    415ab4019f3f0d5e49f15656c579f143a4f13459

    SHA256

    7a0ca85904df1f5a669bb7ac061738ff5350cd3cf472f858c942e53d74c337a7

    SHA512

    59f1c75a99daa7986c42bec130b66cd7be8a41749a58dce1aa911b7ca9376902cbf63c3b4c3b1ee67e1792b42e3f82a5949a8fd05204acdc8dec42f69529709c

    Download Submit
  • /data/data/sniss.esfd.trvpd/databases/dblfc
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/sniss.esfd.trvpd/databases/dblfc-journal
    Filesize

    512B

    MD5

    df8da2a61cfe729aa9ece02bcda61d0b

    SHA1

    6de79915b8c234151bae968861fca06e8bbca793

    SHA256

    d2db2ff6b317f7a5a441b7d6655eca119162de6c0ac9ed352bbcbec368cf2291

    SHA512

    db5199adb14d1279f2f9d98efaee20126cbc3b16d3d899bf2f286a82f8223560b4f8b25a5161ea2f731a8b1516f4672e00894d93e78299596f99d9eddafd8786

    Download Submit
  • /data/data/sniss.esfd.trvpd/databases/dblfc-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/sniss.esfd.trvpd/databases/dblfc-wal
    Filesize

    221KB

    MD5

    afc91cba71a91401c1d4b05fa05087f6

    SHA1

    9159978b84b38444d878434855ae152e9b1d91f4

    SHA256

    c7ca61922f653271c2b66671692cbcd194b393f0e1ee457b0257e5b6de697f36

    SHA512

    3ec003e741ac24204513d8c449c07f8b1bd313501c9027158cb1500b9a8a6533dea1c8260d7306b05572c62ac4bfcd9be721ee763d15f03b133a2ea726391bce

    Download Submit
  • /data/data/sniss.esfd.trvpd/files/.um/um_cache_1716505307130.env
    Filesize

    603B

    MD5

    26995ebf28c4ce0db3c74499f2e66460

    SHA1

    6925a51be40430890210beef081b22607978b34a

    SHA256

    bb38e239d65827f1299793de12b7bee08422e3748c92451bd043423ccf8d7676

    SHA512

    49b8a980fd208f246a12f11509996225c9b3de53fff5b5daf5e548c37c7ac51b0d599d4a15b58ce653e3911e24cc1fc0affc6fba44d635479427a0e11e76c531

    Download Submit
  • /data/data/sniss.esfd.trvpd/files/umeng_it.cache
    Filesize

    310B

    MD5

    d51d876d08063f5504fd03d8a5f302e8

    SHA1

    fa9f2cb4b69d74ef1d331705cd0ca41f8540be59

    SHA256

    4dd5982cf3fe4d6927e175ca87fdf96c85651fa5fe84b54fa0f46065932b9e4d

    SHA512

    08c888c6331b7c03d2a4f48a82391c7a7fecc2106d44eb1b8ad95d28d7204a8d0f68f792a6e4e5e8bef04112c064ccdc8f5903053106c9b0f589db462a486c08

    Download Submit
  • /data/user/0/sniss.esfd.trvpd/app_ariqe/classes.jar
    Filesize

    166KB

    MD5

    4aaa8fc3aeda5693668d47ad5d083b47

    SHA1

    4edbdf41127a8912a79bc37633905c8408747981

    SHA256

    abb2b05fa723a309c0dd8cbf5d2e0b9139acd836db2257c6ab156ee331a22b1d

    SHA512

    7fd49d13bf9e48f169501155cab15bd6b3a0156b80815580dc32c3bfe46f244a22327b5dfe8a983e94c32f995afdb5524fd9e4cca3faabc4feab4dfe44c1b81a

    Download Submit
  • /storage/emulated/0/apk/ad.apk
    Filesize

    139KB

    MD5

    5f0944504b514eefc15612d33d6aef01

    SHA1

    13d3dfd0b368c7b7bdac29b30131a2ca74f1736a

    SHA256

    b5c5b1351a962a2e001ea75516734d1ed4c3a8c9c39dc8c498d4b68c9ceb55c2

    SHA512

    06b28c505bff8b431faaa411b15028e9d33e2be806e20e62071fbf78257f2a358e3010347d71a3a4a53d30d99986604f54884941bb6b3975fe57dbb763db35af

    Download Submit