Analysis
-
max time kernel
178s -
max time network
135s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
29-05-2024 16:03
Static task
static1
Behavioral task
behavioral1
Sample
81474d8d9493364607e1567f93cfe4a5_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
81474d8d9493364607e1567f93cfe4a5_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
81474d8d9493364607e1567f93cfe4a5_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
81474d8d9493364607e1567f93cfe4a5
-
SHA1
85c0b1f7b4123bc1bc8dc4d52a2b525a35be2a7a
-
SHA256
4907a7d2b1033346212ad92ddfd8ac4530b5e18103a0b1e0ab7a105c05340faa
-
SHA512
b9352a47bf19390cdfe849f9e1e87bc4d91cd35409da57e254e664674f757300d70182ed2badfb2d4caf357fdffd7e93c723a29bce09cdff8d8887a62f6558ed
-
SSDEEP
24576:JcEoL0otaYtXMdSprkM4FqD5Bl0ZHqU+/jjo+soj0HYq/13tdHbZKm51Ob835:AQ7YtjrkruBl0ZHijvZj0HYq/1XHNKmB
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.vxin.mbbv.ggxlcom.vxin.mbbv.ggxl:daemonioc pid process /data/user/0/com.vxin.mbbv.ggxl/app_mjf/dz.jar 4525 com.vxin.mbbv.ggxl /data/user/0/com.vxin.mbbv.ggxl/app_mjf/dz.jar 4590 com.vxin.mbbv.ggxl:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.vxin.mbbv.ggxldescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.vxin.mbbv.ggxl -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.vxin.mbbv.ggxldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vxin.mbbv.ggxl -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.vxin.mbbv.ggxldescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.vxin.mbbv.ggxl -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.vxin.mbbv.ggxldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vxin.mbbv.ggxl -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
Processes:
flow ioc 46 alog.umeng.com 60 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
Processes
-
com.vxin.mbbv.ggxl1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.vxin.mbbv.ggxl:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.vxin.mbbv.ggxl/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.vxin.mbbv.ggxl/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.vxin.mbbv.ggxl/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzd-journalFilesize
8KB
MD5cfed8c867193b16fc7b0d8d59e9a3588
SHA1045b365eec7ace8f138c1bda6159b5753810adbe
SHA256af8b9a958844b8b15f200a406132ebb2d82d15559c260e056a0ded4596fa8e86
SHA51228e68c325a2982e13306cd484fd5c425fcf44d9d4bf3d2e6fb4084d8e6b8ad1fac76debcc9be065f2ba982bf24419f6100ccb1612d1d8980f09d520a78464f30
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzd-journalFilesize
512B
MD51dafb9561f38362890240a42aa788b65
SHA1ac1ee905d664cccb55531a62230d7b2da67737a4
SHA256d64b4e39f9d30a352b5baa10b5e18b76f47f0b5653d1903c3a439f1a70a345d4
SHA512cf43a68d1c8ab45f1d02210a7593d6adb306eab0f015b7c007444b4fce81df1506982ad744280906c16e0e42c34436aca7538ca5bf9fd2d7028df118de9aee0f
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzd-journalFilesize
8KB
MD5c2ba8ac25ffdeb0be1060c948a917160
SHA1809b7dd8ee98792d484aeff0c9fed97632de1537
SHA256006c6ade637fb37f6ec7c61d654544def739492df965d78b6d8442be1e39eb85
SHA512256dbac9bc7cb1e96d7736cfa2a87f6d19c2d18deec45423e524d60929fc5517b3c1a48624143f6456b767a1bca7c2d2c8b82f85e58d4669d1a6769a4dfa2c21
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzd-journalFilesize
4KB
MD5870c9b699a805ef2b0a2893036e6d2b7
SHA10c51abad4858fdb44128aeaab4956aa89648be22
SHA256dc106e11f35b83f4bca955ccfade6019fb178cf6934bbe98c4fcd8116207b189
SHA512562bd82ae1c43a1151dd8e17c474a93393513cfd22cb17f8ba1b6263229dbebce9fe92ad299d0c717c55ef4657733a7d8e7151f8c5cdd8383b9910273bf2e6d9
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzd-journalFilesize
8KB
MD50a581be9299f3cc8cf5e5c574241c3fe
SHA17c340f54be00043eeeb980010204e08566733d7d
SHA25679235ec334eace8c725f3ea8bc918f10c0c213d61a6ac867435317aecf95883c
SHA512eb34f2f012015bc1b2cd92e1484e7a250a3da1d0deaa6d0d81fcfa7646f76a73468e7168bd6d8295993d0bf034385e3eb7fcd03d2a15a62cff19386cdde4baa9
-
/data/user/0/com.vxin.mbbv.ggxl/databases/lezzd-journalFilesize
8KB
MD5a7c4a872e69872e04f7c1a0e553ee895
SHA1e79f8f58d0ce5d4c02e1d47b89b170f7b20cd9b0
SHA25678d2ec208c5657edf11ce4694cf1a1c62a7c3b0c5a310f7bddb7b6d660a3ba22
SHA512a6cd9349e0318b01bec2da6513d5c802e5fd27d3d655995eb746d2b3b9425f5d9ed7e253b17f919bbde1156df4ad29e18b1947bdf3ef7ef10ddc63cc4a74777d
-
/data/user/0/com.vxin.mbbv.ggxl/files/.imprintFilesize
944B
MD52b395092d1edc892ff743757f91a76cb
SHA15db9e602d174b816d68396c702afb267fe3170a4
SHA25653dd38ba079b053c102d8bce37437acd3acaa8959d9efa9fd02914c6b4af6654
SHA51234eb6b59a8c844b4ab2cfc9b039561b9dd6c77d2c7e5b773e44d27edf511df47f21788e2e5ac4768eb8c2b29f5c255873885aabd62efb528a3eb830d29e29de5
-
/data/user/0/com.vxin.mbbv.ggxl/files/.um/um_cache_1716998717434.envFilesize
649B
MD53414a0ab429ca244dea461842ec23f3b
SHA1fc013bc0ed693e8957bf538fc82c3b7e984f863b
SHA256548da8f4f41cd30c8a18b11b9131a45d3ad5e92a568c530ea34a048a20b780de
SHA5124cdecad8bbc2dc88e29ed1cac0ccd2a529a40b43862497f6a92cc39f6f6cd20bdd689ff0ff929022748e5e12b4678614d82016b5fe786a375eefcb5f71628bd1
-
/data/user/0/com.vxin.mbbv.ggxl/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5c9ed9febc47645f431b86124e220701f
SHA125c0128e285b508486f1e721abcde4c57eca5a2b
SHA25679e97efad5e6e375724f9e3eef2e652564af491e4c49227cdc4a8a6e5fa423ff
SHA512afc6296e0d9c29f97abccd74b76e375eecb5d0e3c4abb8b2857515524257dbb15ce124367a736a184b584dfd8a652d34bc6df3ed8da08a2f90a403fb73528f99
-
/data/user/0/com.vxin.mbbv.ggxl/files/mobclick_agent_cached_com.vxin.mbbv.ggxl1Filesize
1KB
MD521e80f52b70ae257cd91afd5394c374c
SHA1acfe7836aacf17d6eb7d0029107f75d048af1cce
SHA256df0eb0971327d932cd318396146d23db419a240efb9816125555749f84d4fcf6
SHA512578ca34a3e77a9e3aa438e04bf4ce57349f0e758fbe2012083f8458178d95a8e84c68a1eb474a2ef2f7f1d705091ebcf8178c2f66dfb598837c567077cd7f72d
-
/data/user/0/com.vxin.mbbv.ggxl/files/umeng_it.cacheFilesize
350B
MD5efec325170a79a21e53775b0a0f8a12a
SHA1598499693dadb73a8a897120ad031aa5c8e1bdab
SHA25653f163fad10a6d414d6a7c045360e4ca6b0c7eeaf40eeaa247b8d1d97272d03e
SHA512c3b728d72e908eec13675d98c04286a8ec2c2b657bcdebfc9690ac196decd0ebef2156360b69199dd0a08d8e60ab327cd0758e27e7a5b9194325fe09c422dfe0