Analysis
-
max time kernel
179s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 14:38
Static task
static1
Behavioral task
behavioral1
Sample
6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
pujia_c.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
pujia_c.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
pujia_c.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
-
Size
31.8MB
-
MD5
6edbaad67fb55f4dee35205776e7c4c6
-
SHA1
2ed0ea18f844997f725da4c076b70ad59b57a313
-
SHA256
a63fd16f656f9b0e7a11ecb7fcf8af91313bf1b9711066f8eb6f46c5f2e25eac
-
SHA512
42aa80b8ff10514ec823b002c7f8140ca8e6a2f9e7b0bb3450003234f783dc0f94b8507c74cee57ae063262239cab74521372cf9afe4b5b2d657ee5b451e82b9
-
SSDEEP
786432:jVDCJe0Y0PrpYgAoZzGCZKGV8mTLjpklKgLvObv9bn:5uJex01YghZRZKGV8mPjMPLCv9D
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip --output-vdex-fd=60 --oat-fd=63 --oat-location=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&jp.co.mozukuapp.penguin.pjioc pid process /data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip 4428 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip --output-vdex-fd=60 --oat-fd=63 --oat-location=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip 4302 jp.co.mozukuapp.penguin.pj -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo jp.co.mozukuapp.penguin.pj -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone jp.co.mozukuapp.penguin.pj -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework service call android.app.IActivityManager.registerReceiver jp.co.mozukuapp.penguin.pj -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo jp.co.mozukuapp.penguin.pj -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 22 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework API call javax.crypto.Cipher.doFinal jp.co.mozukuapp.penguin.pj
Processes
-
jp.co.mozukuapp.penguin.pj1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip --output-vdex-fd=60 --oat-fd=63 --oat-location=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zipFilesize
255KB
MD511307be22eda7459ecc3f37e519df627
SHA1cdaa06f28e228eef7f9495e17528a4f0b5f8f081
SHA256c7a7aa7af0bbaec66c906f829818e7d84703820bc88b6c7e9951926886a325ff
SHA5128215b0b5ea93205b6f41ef22bfd28a8593d60e3b645f347963ff8d3aee5412f4bb9ece4ac0b295395c8e3d8d9129366739e0a06c781b4696b6520a7afbe820c1
-
/data/data/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/classes.zip.cur.profFilesize
595B
MD59573de61be0e2e48267538abcae86c19
SHA18b81d540d360787c2da400ec5b43274e9c14cf1a
SHA2563272e4a5bad76af3e3b107adf9c27b664867bac8ba194008180be0063692f712
SHA5123dea36c8908fdf04f3261b129d74fcf788add9e71a67068f04173b2a6c815ae48c6eff8775d85e2d4b9f449b8c21c7c2c33bb2e203e5502fc8fa3f02db374696
-
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journalFilesize
512B
MD50d8f471b9ec5812c4df205435260c88b
SHA1e09cf51d048e018b87d31e5300997396671291d4
SHA256768b3fec8df83455c6202d0ccb87867eba40085957ec9f2de817dc8696b7379b
SHA5123ef374b06e10d4911c127dbbcae7e4eec9f4b104fe3d30f6015d830a3f05644acdfd264ec3cb74bbd2877e21d858eeea722b444a8d06b54e77df674244467003
-
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-walFilesize
209KB
MD56a75dbcafd9b0809a237c2d065e25cb0
SHA107975b33804abd0fbe90bb55fe1e122873d3aaef
SHA256204b8e5cbb68315a4efe9295b72b9f1adde541576539d633b2fc703152d6df55
SHA512239cea02f15cac111829857575f1579601c9341a9da13cd7925fc489f62e0bd4f16a50bfc65058319aa2b5196ef2d09f5ebd21cc81b78b4170335c3d0e7771f4
-
/data/data/jp.co.mozukuapp.penguin.pj/files/.um/um_cache_1716561588024.envFilesize
614B
MD573fb00d01e19fa20a6c934662899c255
SHA1a4374ad0642f4f8066598123cb56da90fd2b8e75
SHA256684c99302b968ef6f728cf54ff6eaf0e838f19c49ddc46fa4fe860ccda2e81a0
SHA512ea79fb06fe5ca6778bffb8460b98e5845f0cdd798e4e12390f260fa0aa232063f89e5d82ab03bbb01884d89beeb92a5b06cf756af016ef436296c4839295afb2
-
/data/data/jp.co.mozukuapp.penguin.pj/files/umeng_it.cacheFilesize
310B
MD5faba0457b1a645d099482d4ccff768f5
SHA1e834c6e260a880a30c5a88013c1be8414cad8113
SHA2569926186ea73ca8b0d9f48c4e24ab5505090d9d2ac2d1eb6d7111be8b5f4513bd
SHA512e685616b7720b69512a20b8d45df816172919847bd114f91a9fa89d3346e1f43d33f6bbbf9254eb6b6d73b6df87430a8874625ac350c2e3ec1f8a179e2594f64
-
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zipFilesize
686KB
MD5e79d34c5ff3135f8cd44ccfb34080b05
SHA18816504c24655d70cd4d8d9b392144f9ce7d6814
SHA256044c5866ab5fca8e6f868274b201abfc0fc7dd24dad57729302e3b389efe1096
SHA51213f66c039f256d435ee157858f3b226f95b5ca3e946c8250cf848e1fab62a7de1ef1662183503f08e1af9fa1e22f8a2ec8e85b094ae3a18ba8d5256eb3a31128
-
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zipFilesize
686KB
MD5032fcd4c7d5c02f9d2c5c6e651c266bb
SHA1502736d7352fa98036294c16554ca5280a21638f
SHA25653ab47c839e234f00c542e7a05e3302868558fcd9b06bf702041c5057fa2873d
SHA512de2714bcac1fd75fc125d0120bd3b54ba8f8a4881972a9389d196e469625727b765fe4fdbbf29155b81667ab0a03d927e16dbe3b45ddec05c729e04c0f6527bb