Analysis
-
max time kernel
77s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 14:38
Static task
static1
Behavioral task
behavioral1
Sample
6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
pujia_c.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
pujia_c.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
pujia_c.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
-
Size
31.8MB
-
MD5
6edbaad67fb55f4dee35205776e7c4c6
-
SHA1
2ed0ea18f844997f725da4c076b70ad59b57a313
-
SHA256
a63fd16f656f9b0e7a11ecb7fcf8af91313bf1b9711066f8eb6f46c5f2e25eac
-
SHA512
42aa80b8ff10514ec823b002c7f8140ca8e6a2f9e7b0bb3450003234f783dc0f94b8507c74cee57ae063262239cab74521372cf9afe4b5b2d657ee5b451e82b9
-
SSDEEP
786432:jVDCJe0Y0PrpYgAoZzGCZKGV8mTLjpklKgLvObv9bn:5uJex01YghZRZKGV8mPjMPLCv9D
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
jp.co.mozukuapp.penguin.pjioc pid process /data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip 4560 jp.co.mozukuapp.penguin.pj -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo jp.co.mozukuapp.penguin.pj -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo jp.co.mozukuapp.penguin.pj -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 33 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
jp.co.mozukuapp.penguin.pjdescription ioc process Framework API call javax.crypto.Cipher.doFinal jp.co.mozukuapp.penguin.pj
Processes
-
jp.co.mozukuapp.penguin.pj1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zipFilesize
255KB
MD511307be22eda7459ecc3f37e519df627
SHA1cdaa06f28e228eef7f9495e17528a4f0b5f8f081
SHA256c7a7aa7af0bbaec66c906f829818e7d84703820bc88b6c7e9951926886a325ff
SHA5128215b0b5ea93205b6f41ef22bfd28a8593d60e3b645f347963ff8d3aee5412f4bb9ece4ac0b295395c8e3d8d9129366739e0a06c781b4696b6520a7afbe820c1
-
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zipFilesize
686KB
MD5032fcd4c7d5c02f9d2c5c6e651c266bb
SHA1502736d7352fa98036294c16554ca5280a21638f
SHA25653ab47c839e234f00c542e7a05e3302868558fcd9b06bf702041c5057fa2873d
SHA512de2714bcac1fd75fc125d0120bd3b54ba8f8a4881972a9389d196e469625727b765fe4fdbbf29155b81667ab0a03d927e16dbe3b45ddec05c729e04c0f6527bb
-
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/classes.zip.cur.profFilesize
640B
MD5c775ff13815471bb2b81f8bc0e419460
SHA1d5e3b29a5588b66354ef5efcee4c2922c0d3e32e
SHA256953510d0093c9da3702f481146e892744c210758c0469509e8ed0f0bdadc1df2
SHA5128c3c580796f7ce1af744e2979ce5a906d2bbacdeb3219683fae74f4ca1305b0b898984539e09ecaf6d3d0179af5a7d8a4b997162e8b858737b86bdf52f4af287
-
/data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-dbFilesize
180KB
MD5ce4d1ed58caed833226ad50a86d13eab
SHA1e0a65b7ddcb9df1f561811e4c0f3a90ad60834fa
SHA2562ece14469b68182f579ca3e076922f47b34a548239db8d6406a51fdce8ae4cc5
SHA5125f3dd1a8cc0544e334a2bac3971b2fe61551f4e4263faec42ddd4fa35f122c038df198ab33a3594c955c4879b7758bedc7ec9906ba34a4e29c747af52587fa0d
-
/data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journalFilesize
512B
MD57a6c6ace5469673688fff83e3d89655a
SHA1bf4fa069070c8ddbf194c117c7d8588fbcb0f524
SHA25689dd1b6cf240c0bd38eccd1d63b1a7a63bd4d68d82ebe2107ab3de4241202496
SHA512ec7d9b1a203fec20de30e1f7ffa92d7a943626708de847e2ae6d6d2bde416b6f2c326dcd4cb8d8edc82b4fe2538fab45532c2b56bf0fb73c16c8c21fa3c3e3e1
-
/data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journalFilesize
8KB
MD525cc6d1d45f6ddf91842c5b9eaa6b87d
SHA1dbbc4234fa2f7359a1c0e3311a0eecbc7551f93e
SHA25622080198bd7f61dc9e9f9e5c1a8d3da780068dcbed3699f50d08dbb7ef459557
SHA5121debe0367b07f0604d8c43594b022bc475ae7cad22277d896aac596290cc11b8620538a7acd3a42cfd46232631f85f63868b224f903e8e2c0e69896bfa1f3277
-
/data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journalFilesize
8KB
MD5bb4f3d7235a4b2e39163502399df7f2f
SHA10bd4afa9f905c1deb66eaf3216af74d48a7b3574
SHA256f9f69b9cc68810332ba412185c229884f1c32d4557afba6faa7dcbf9903a97d3
SHA51207421b1d65fc8ecd79c58e76c407391ef805d12c8e4f4380ef695053d93a59d79113258a94d649730266da9ee96fde3483dc5322657316d70ab64f29553cde64
-
/data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journalFilesize
16KB
MD58b4a9be42c98afcb9769d5f94cc23454
SHA1725e23b1090abfcdefbaa0c90629a5d4c0e88e59
SHA25682c9fa67a7aea2c25f787c887ac59031d1c13311c2f4400ae9b105310dcff9fe
SHA512f4e30bc5ac4b84b4545e7cc0afb205c3cd8d6d5790a2062dc28116156c1ae84e8a59e9d10a5ba3ae2a8a822bea1ed155f3d7e3dfa89320b658c907ee5ef0a6e9
-
/data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journalFilesize
12KB
MD5b8b111189fdc17f0bc6441958b3620ff
SHA1db6f9281fe64ec3907d02a7000491cf1884aaade
SHA256f98ff470ba86b114fa8a4bbb8d6d06c9fba72f8cc8f3a7414552ce2c49870868
SHA512ab2fd6a9b2d698911a2faaefe70513cbe168282db71c4931f5b8a88d047bd2c394ca2daeff3a49d6d63d743f0fe5763dc8c8de3edbc6fb7ca1c7f821b9ce691d
-
/data/user/0/jp.co.mozukuapp.penguin.pj/files/.um/um_cache_1716561583758.envFilesize
598B
MD5bcdd1db0707489b59b8c123dafe79893
SHA15735918af911c94f792162682d19d98707295a03
SHA25696ab91034b3355c841856218e43912f3d7fc3f05b68c9967d864da214b5eb1dd
SHA5126937cf26c89b40229b904289a3de189a84e1170967e55b73be6d11c22c819ee62fddd32442e50feefa42a70d40c782de1f334ee1cdfd11d089f61432def0faed
-
/data/user/0/jp.co.mozukuapp.penguin.pj/files/umeng_it.cacheFilesize
245B
MD5d3b1791675cfc17be5b46ecc687932ab
SHA1d1bf9772aba7df18f27045ef0c24708b9caea8f6
SHA256d98fa8d6da1b9002c136a3e29799c7aaf505a1eca879e36db294209b000bb736
SHA5126459043784613f1ad0b4985062269449d0c937428dc4414a3406040ac464e21fd060d312df7e8482351c4da120f40ca4841a11e248f1a1af921ae34aacb7c088