Overview

overview

8

Static

static

6

6bf4d60a9c...18.apk

android-9-x86

8

6bf4d60a9c...18.apk

android-10-x64

8

6bf4d60a9c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    179s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    23-05-2024 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bf4d60a9c78231a46742dae5143d9bd_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    6bf4d60a9c78231a46742dae5143d9bd

  • SHA1

    ab51b03a9fd2b1b577a7b733a67d072cccfd0d21

  • SHA256

    8b91611ce589eb6b2943320d656a916aef2320ad0540afd351c5961fedf7c1da

  • SHA512

    04961a1bbae83e4877e2e53a90d4be71168ab60acacb7f595bf353140124a0a5dd37bc4944bade83c531c0abe83f8327bddaf916f13da91c2712ee0912400d1d

  • SSDEEP

    24576:xIcEoL0otaYtXMTSprkM4FqD5Bl0ZHqU+sjvo+9gjZsLq/13tdHbZKm51Ob83h:xDQ7YtdrkruBl0ZH5jTWjZsLq/1XHNKw

Score
8/10
bankercollectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.mwln.plqe.buqo
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4595
  • com.mwln.plqe.buqo:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4661

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.mwln.plqe.buqo/app_mjf/ddz.jar
    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/app_mjf/dz.jar
    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/app_mjf/tdz.jar
    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd
    Filesize

    28KB

    MD5

    fdb8a92e5060ce104e8f0faca55a47ce

    SHA1

    270d7ca30673e18cec1d2b9add71cba96dc426fe

    SHA256

    194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

    SHA512

    ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    7edd44679afa979611d33e7a9ce9fd16

    SHA1

    a15939c71f617a2c2a936320baa04fea25762791

    SHA256

    970ec190f835f63408f0df1ab7eba161b959f7a35220f224ae56ed20bccb5c7f

    SHA512

    fbfe54bad158da27787197963ceeac3e550364eee5d33e2351aa3ce7f3688dc6766566271e0edd70288b3c6bf1e4abce924d73def783b7e8b5e144649c7fb4d3

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    512B

    MD5

    1cc73ec82f0f36cfc2db463caf5b4bf1

    SHA1

    f288671509b687724211b3f93757ac4c625b8f11

    SHA256

    b8ee8c23df1745acca514c49bb6a7be1ad6708b3ab0e280dae8cf278180e35a7

    SHA512

    9152a842a7fd8fd1901b936d1b67840ab43308453540c2d1fdc903b6c8160b7b6eaa61370b58b04b6db938bc61c3273a31bfce3ae16cfdd44c2db394dd0a5962

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    8bd1cc52b3d30fa8841d2d74b89ee19e

    SHA1

    504902a2e2265e0130dff83ad12beddbcf78a314

    SHA256

    ad36333c051d3fb90fdc9b847827629e8d2dfc74aa9c6bb979b02c9f561350d8

    SHA512

    2dd06ab137e567ca5888648d5e9a5841237741d480bdae339ad3bfd69d304bc1f8d4749cd89b0626ef3fd28fadecee02cab904c97179d107ec20b575b62665f6

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    4KB

    MD5

    ac15b2db802882c7baab975859634e80

    SHA1

    70b55910959f25a20fcf39947cbac54aa023881f

    SHA256

    7c10b58f60e5ecac8132cb334b6bb254529074e81c12896ca4c86ba0d7edfa2f

    SHA512

    4f21397da74756067655d3672e29556c5bf549df9d056e0f5d1d91248ef6f5bddbb9571388e7f11f6bc086f513084d84ab2641047de858814849c0ca17b872d6

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    7632e19d5069f8596465f003b013a4da

    SHA1

    f248debadab4f5c6095a64a6b20cd9c622834fa7

    SHA256

    2b2738a3ea8232db55db19b1a795999a92beba9c579a1fa353a1fb46cb486158

    SHA512

    9f3f9946286aec213f938889f849da50f95121c6af0fb27f4032ffed254c765532f2c7f46078a2c26d60fb702a006a6b7345eee92a7fd917e256d6041e9e9bc0

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/databases/lezzd-journal
    Filesize

    8KB

    MD5

    0d9296a048b542142fddbe5b8e1a88f1

    SHA1

    11d2d039f8ff95978dce0c8f19db42808aa11e5b

    SHA256

    49027f8ac74f22c68aa13d4008ca44d6d1e15587fdd344bb8d715a64bf6fbf81

    SHA512

    934d8a94ffbd7e5aa73dd1b62b100fbcb01ec5f1316ba830a7546e3b44bc2bf48ac2b3086de5fe02818a33096a4c13a8f9185cd5c355f0639ca353f08a926900

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/files/.um/um_cache_1716491002238.env
    Filesize

    652B

    MD5

    c9ee06b81c3f6f8e0e3c944e55962a6b

    SHA1

    9a13abad5ee27e4e8b98ea78a3f201841f9e5a6a

    SHA256

    35bf6ec69384071e1586d92df8e8c7c96a34ef9f02a0829c5454314f5e010740

    SHA512

    d754553abc9247de872b95792315cd002a240484dda3999662d048249e5de1dab414a60e94fcc45b0470ac416ddd4cbc7ccccfaa8795169ea0d5633ff7f4bd4a

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    7ec7bc7355f6a907f27397545229c0d1

    SHA1

    3e8a499633112ace78ba878eefbab3a92b6ce9ef

    SHA256

    914447587f682d72e5b7c45bc58e7ecb527fa41b66d467cc0bffdfdc25287997

    SHA512

    ff7382db8a41a63d258fc3d5f613c16b6462e839c8ec147d40ba0760b56ae75a4b71cfe987d73424b36aeeca5be4de0cf86fac51689cd70c3bf754d863a3f136

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/files/mobclick_agent_cached_com.mwln.plqe.buqo1
    Filesize

    788B

    MD5

    ac28929257f290cbfdf2c4006f8a5a2d

    SHA1

    df45ba0c62de10cfb1f766d30b442dd55a553333

    SHA256

    7994109f9948c16674f04e04b9f5f633b174391893972d2cc4b314bdce2a26f7

    SHA512

    847453315bc4e5ef5ed8e6bddd660c5e30ae62ec5c591bcecdf424392123a8629d16bf2ca0fb14fe64732050d54e82874f0b305503efbfe02bd8698523f8ff92

    Download Submit

  • /data/user/0/com.mwln.plqe.buqo/files/umeng_it.cache
    Filesize

    346B

    MD5

    c5a4bc7bdd5e87aa2ef60995a312fb69

    SHA1

    b0519f068645bb5749478323b6e21e062c0d9969

    SHA256

    ba58e5ff765468ae5e7fa0aea3978cc9ebdcf054f43fd9a78a6977b700ad3d58

    SHA512

    3c55a8d6c1b8762b71a7e67e0b66e1f0b0e51e7e4a20d386aa51f2b57cb93063f9495f1ec6d9445127ecc6108678c27baca67c3b2af812ed322526f86c81a9e4

    Download Submit