Overview

overview

8

Static

static

6

6bf4d60a9c...18.apk

android-9-x86

8

6bf4d60a9c...18.apk

android-10-x64

8

6bf4d60a9c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    180s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    23-05-2024 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bf4d60a9c78231a46742dae5143d9bd_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    6bf4d60a9c78231a46742dae5143d9bd

  • SHA1

    ab51b03a9fd2b1b577a7b733a67d072cccfd0d21

  • SHA256

    8b91611ce589eb6b2943320d656a916aef2320ad0540afd351c5961fedf7c1da

  • SHA512

    04961a1bbae83e4877e2e53a90d4be71168ab60acacb7f595bf353140124a0a5dd37bc4944bade83c531c0abe83f8327bddaf916f13da91c2712ee0912400d1d

  • SSDEEP

    24576:xIcEoL0otaYtXMTSprkM4FqD5Bl0ZHqU+sjvo+9gjZsLq/13tdHbZKm51Ob83h:xDQ7YtdrkruBl0ZH5jTWjZsLq/1XHNKw

Score
8/10
bankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.mwln.plqe.buqo
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5121
  • com.mwln.plqe.buqo:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:5242

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mwln.plqe.buqo/app_mjf/ddz.jar
    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

    Download Submit
  • /data/data/com.mwln.plqe.buqo/app_mjf/tdz.jar
    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd
    Filesize

    28KB

    MD5

    dae68dcffc3d522a79f98ebbc3b6d457

    SHA1

    6df5dce9a50f12044a2d20b8d1742ae47b82ee03

    SHA256

    56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

    SHA512

    23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    130b1dd2d2ebc1e0661993bb860fc3d9

    SHA1

    60d7c8ba3dd441aead5cb596d71f16beba4c53f4

    SHA256

    f67a4d1c268245c45ba260d5c102839512e8cccf182a41bcca47090e37ded0f8

    SHA512

    b1b5ffb0e4aad6bbaa11a10182364aa329fb1e39a0d8c32fcd5efa56e560da7368eb64e197bda3467a8745032719dce81eccef2bbb04777184d739db39f4c1cb

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    512B

    MD5

    1f7486b5a27c7bce4a97577c6386e2a2

    SHA1

    1143769921844e3856587515e5abf78f79b08b51

    SHA256

    0792c99e94ebbda2cc151803abde89fa81f2bc633fbfe85673981a76fe4c3cfb

    SHA512

    8a2b67f289eec96b427e5522a776cd17faa1a2e81bd9ec0007a02d644e8a10788be5286b82a0011fe58db54ee490db0b9cf6c56452dd364acf6ea756e5f45d1f

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    74487fbee1c2130f89f1efb6df05bd58

    SHA1

    35f59b66b308678f70d06ff5faef64e1188ca67a

    SHA256

    0aca49de8b1e41dfc226227558f2c8381db40eb82686fb88e2293290bc8d9299

    SHA512

    461b895878c8f10933840ceb83a9b7e9e58572f327d67a637e54bbcf5d2e1fa8b19827a58a61f712e5af17418d464f0e4e2c2e34d13058ff4152897048f72c1b

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    4KB

    MD5

    c9459e56aa3772e1dd2b0a76ca84cdd8

    SHA1

    225129dbc536e51b1a85efa27770c6c1dc6ec5a9

    SHA256

    e5a473d19b5230da3d703d6f65d4784fc6965a61013d3e58698123d7346fec93

    SHA512

    141d81c4e11698f52036a24eb92a88851da3f832bbc7c13211600d71305c5abf64e318de1f332ff2defdb6a4f921ea2cc074570b6b4aeb41618d9144e51fcc64

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    f8b6dde8b8e3b71205a65ec38404e03b

    SHA1

    05d38c75ad544b95676ed32555f056e18ba48027

    SHA256

    b60707ae89345cfc24d872e6db180455083ad90e565e54b666008614724ef51a

    SHA512

    baf75f7244f5cbe323afbe890d3b962085e9ef5d937271c4b2a7d832968d37cc7bd260a85afb4494ba1bdea19f7e28adbba261cb15149b59d03018ff502701b6

    Download Submit
  • /data/data/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    97197b342531585bf4fe19d36dd59a13

    SHA1

    84cc97e5d3984639dbacca81bc471a1a524b2702

    SHA256

    9a737f50fcf1ef2f6f5ce1ad594e9b15f2841476e985a3b4391fe388d38ef9fe

    SHA512

    d0b974e62e6f9df8ea3e3498910f9b907ae79ae411c87c718134196642c350817dcdcedb61f50f1bfe9af0f0237fac9884106d197ece4146cafe2954becedd82

    Download Submit
  • /data/data/com.mwln.plqe.buqo/files/.um/um_cache_1716491002875.env
    Filesize

    651B

    MD5

    273b0eb1e4cb1d4ed58601d4aa5416cc

    SHA1

    21f74ec3feafa78f9257ca555460112a7dbf6d26

    SHA256

    502da4e4dd2e2a6cf64f0838d4e6175ff0be223b122a47265a8b9e62edd6b4f6

    SHA512

    4a50d5c0c5bf495623f27d5677d99bfa4c05764684276f812875ec99b0162d1643957a9660f11c503bed6f2a2cbdc06a7ca7b4ae4ff71d69cfe7e641edd74dea

    Download Submit
  • /data/data/com.mwln.plqe.buqo/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    3f01899ab1a66f8c2c2a9031468d0019

    SHA1

    9d49961984550fdb93dde49b8092510d7dd233b0

    SHA256

    2cba93a69f7da5a26c6bd29c5b4901065fa85c86a07131c4e56f51f1b8872b27

    SHA512

    296b014ee905f90a1c7f31b9969def4808ac2df92eece426f74a0eab38ad49d0d33eca845a6db809fbd7e708da5e98aaeaf754d0ddeaa2a03edf2a7d3ca41639

    Download Submit
  • /data/data/com.mwln.plqe.buqo/files/mobclick_agent_cached_com.mwln.plqe.buqo1
    Filesize

    791B

    MD5

    2d8184ec882c85428c910c3b202813af

    SHA1

    23afc98ac7537a0c383e4e973eb2551cfb22c67c

    SHA256

    1b83399b1c2b7f8f854c637368a928905bd5b2d0e358b9db3ef1044e0721e372

    SHA512

    8794351e81f9efb3675eb9c54e395b2d6a92ceeb96599560c1e15fe8538447afed13dd2a5fc24cf7c8cdf1c6607daa0196da66dac5e1d5e957666d1b4254562d

    Download Submit
  • /data/data/com.mwln.plqe.buqo/files/umeng_it.cache
    Filesize

    348B

    MD5

    a8d10f70d127c5396c2b46cc1bf2cebf

    SHA1

    53cae0b874bc64b509b0ef3ec398db790795fc41

    SHA256

    38dd9521f2988db36c5999154777dd4c523649a094b9fdaa799da01d2f86230a

    SHA512

    498c79bf25a394468516f8ef200d1ed5de6d82615e047210325e90696eed4f47282ff2fbabf4009b023de99b3fadace50dc3852fa820c7972c29de9416c21691

    Download Submit
  • /data/user/0/com.mwln.plqe.buqo/app_mjf/dz.jar
    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

    Download Submit