b0635efa29083e1376cd5278ab616ff8925cff3b9b2aa4193c72799c55efd06c

Analysis

max time kernel
177s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
25/05/2024, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72cc3f4cbcb638d388bddcde5f534f58_JaffaCakes118.apk
Size

4.4MB
MD5

72cc3f4cbcb638d388bddcde5f534f58
SHA1

6e2267ec91992ecd2bd8e905800d83445af5c106
SHA256

b0635efa29083e1376cd5278ab616ff8925cff3b9b2aa4193c72799c55efd06c
SHA512

afadf58c7b1c45140fad28de67a7da8c4a2d1456288fe247fbf8e42bddaaadcf898ee0a56974435972bb9c8953579c1605a1dc698c9cf20b2e073f10e603faac
SSDEEP

98304:nbeouyxTeYj0TbNwJwRM3/Rui4OGnsxFSNLTXQwbF7E5uBLTN03buT8O58Y:nVeYjGSPRui47sxFSVgwbtOWPN0LuwOp

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.knightli.ebook.zyys

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.knightli.ebook.zyys

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.knightli.ebook.zyys

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.knightli.ebook.zyys

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.knightli.ebook.zyys/app_e_qq_com_plugin/gdt_plugin.jar	4620	com.knightli.ebook.zyys
/data/user/0/com.knightli.ebook.zyys/files/__pasys_remote_banner.jar	4620	com.knightli.ebook.zyys

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.knightli.ebook.zyys

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.knightli.ebook.zyys

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.knightli.ebook.zyys

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
24	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.knightli.ebook.zyys
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4620

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.knightli.ebook.zyys/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
69KB

MD5
595b2a62c7377a811a24307102751b11

SHA1
55814431108f7f847ea252bc4b21cf70a37280b6

SHA256
e53cba6378e274af8716011e0ec56a2c1209c3aecd6f2aa2384f0034348ae4a7

SHA512
31d168d07dc5b9da8a57db387e9a4a5b6bee6f26218cd80f078b8fde4cac947a7b122e78a1c43165b10afe8a0583abfc102f001bba6168691e4f7049f699eb2f

Download Submit
/data/user/0/com.knightli.ebook.zyys/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
167KB

MD5
2d7bb84ddaa446b16021ab10c3e26194

SHA1
e35c763e24ec3db2dbfb47574482005d735589d4

SHA256
5be35b8b75348b77c6e44306ec99a8569c58bed146795fbdb723130a01dc4b89

SHA512
9212e9947c604eb3e35ff9ffb14f38dd7c00be9d47b161a7ab72bebdc3ae3fc74eb358874617e6e3d57a2138de4ff0c826cd9ecd5513f613b1cfba308785eb62

Download Submit
/data/user/0/com.knightli.ebook.zyys/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
f49e56aeca222698d9a2d0614b6d41a3

SHA1
a072636ad67976a06aedd6720f3b892f03a53fb1

SHA256
45143b10d8bfd0e5293150bbe6baea5bb9aeae7e392280eace019bb137de40fd

SHA512
777dd20642764692a0230d422c76ca3fdc72bd27d7aab5c2fb542e37fd45e156dc331631cb496963dd3c9f97a744c83f0edad59e72ce40d3f3da06a0dfeba7fc

Download Submit
/data/user/0/com.knightli.ebook.zyys/cache/libzkmm40.png

Filesize
6KB

MD5
70506ae47fdef6ec7bb2baec98838b14

SHA1
6425d357e0658987f13ee4928920bf5763bbb029

SHA256
68e6afc8b71918d5d66ed059ad44aa6452dfecb4cfaa0aea18e33b974c956275

SHA512
a0dd1d0cd4a2dfdc4f339bde96ccfc7ad114466214abe64b878a3a08db10e7a82e8d2704ef8afe6d9dd3f18ac409ced5f73a440ebe92a87edf143310a30273d7

Download Submit
/data/user/0/com.knightli.ebook.zyys/files/__pasys_remote_banner.jar

Filesize
417KB

MD5
96d208e818748da0a0510994de5be961

SHA1
8f093544c3ce04ef1dc323730d2937f889c911c6

SHA256
9fab83f42fe2573d80524e4b91caffaee37f2ca37f56f6a97a2c626fb7927215

SHA512
55a2b0c3a86ed751f31f96774aadebcf9068a4c3b828f0e1f4e30f0a5acd7a66ef14df7361ad2d9cccfe8f560db8e8cb2c67d9a459a75d24fbf762528f32bbf8

Download Submit
/data/user/0/com.knightli.ebook.zyys/files/__pasys_remote_banner.tmp.jar

Filesize
295KB

MD5
289aa52188b4a1eb9a3a5904b0638ada

SHA1
3efe010f8832bc5ee7df88152e01ef1f446663c4

SHA256
947be2e29c43127ccaa6ab05b2600405cebd5aef985204a4cf2e17ecf7cfaa91

SHA512
34078ccf3fc42c63f338bb9f62eb139d953ad9e0e5fd813465d9f4d37f708fc20d7309897919cdf6be37acbda2669fd6d32ff4a233279e2cd6e2a0ba62cdc47d

Download Submit
/data/user/0/com.knightli.ebook.zyys/files/smartmad/SMRAI_Standard_Default_DOM_Android.html

Filesize
955B

MD5
fb325eb4b3d83ceec68449bfcf8f805f

SHA1
59fef4615a3d6d9aaffd139520aa08a85d7dc3a0

SHA256
145175544df77f574ab5f5cea73aaeb5f1a6b4dd28f0bb4f58a7d553553a751c

SHA512
0e68e0b1a12da2287e07e32f65688b8f11fb07ca1681446ad871ec63a02a7419c7acb959b5ca4afde07d13337f3cdf3598dbe9bd198630f4c72af658656f850f

Download Submit
/data/user/0/com.knightli.ebook.zyys/files/smartmad/mraid-close-100x100.png

Filesize
1KB

MD5
e7cf41d926a191b1f1734968da2bd913

SHA1
f9024a04126c0036e62ff378ac9916b8981a9daa

SHA256
ef2d092f77c2a9c87fb70e99895f338507e5502247b88785d8bf6b660f3bad0a

SHA512
8d493b546edacdf6a1391852bac53a04f685d0b5b20fab521deb4bb80fb14688daa02d09d39b5dc7a559ab0feed3fb864ab4b15f4594110d1d8cfae008e4347d

Download Submit
/data/user/0/com.knightli.ebook.zyys/files/smartmad/srmai.js

Filesize
15KB

MD5
8762b9f265f35145ab8c53b02ff3eec0

SHA1
f395207eb2f7ad386aea8b6c58ba069d8d54c545

SHA256
1b1d86079dca4b71fde7f235e2c2d3d7aa0f1c74e7306596b3f175d8c8efabec

SHA512
7876b856c4609ce2800e6ab1694623b34b3bdb8765d5cfee3e40e67c9684e3c040db695b49403191e37b16780a35667beef03601d36e5a25deb0d6e34dc76734

Download Submit
/data/user/0/com.knightli.ebook.zyys/files/smartmad/srmai_bridge.js

Filesize
6KB

MD5
29212bea6262285465572f5e84409395

SHA1
9604f5a98e5c127b1ca9314d1a2c7a1951ea68b0

SHA256
4f9fe41a609490e886db5a43829a6d10cee29d3dda1cda37c204a06468e95dc5

SHA512
d9bc8325dc6efeb2a711f54187de21544b6ae4f1b0cde37fbb85a2117aa0f58044a0757cdf4d2af084c8a9d533a7ec762e9888a2cb97778658418a175845be66

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads