Analysis

  • max time kernel
    179s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    02-06-2024 23:15

General

  • Target

    8fc642358c5aeb7ec649b35d938d847d_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    8fc642358c5aeb7ec649b35d938d847d

  • SHA1

    b89275e530a5e630b24902013e13ae3447b8493c

  • SHA256

    aefa3f59d16797388f909c9e278f8d36d33f5363f978fe2eff640a22797726b7

  • SHA512

    0fca0dad44fd656dc0e0c2f9791d78f52801f87f06ec8548397099a5d074179b1a089752fd816ff2113bbe7316c80cbe30c1e105f444ac9ed763ca8de6c2d0ca

  • SSDEEP

    24576:d4AhVXSHyjVhugAB2GMQAv3Q95o+vsjXiJq/13tdHbZKm51Ob83+s:XhvfDujiQ9pEjXiJq/1XHNKmjbOs

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.mckt.dtlp.iexh
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5147
  • com.mckt.dtlp.iexh:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:5226

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mckt.dtlp.iexh/app_mjf/ddz.jar
    Filesize

    104KB

    MD5

    74516f682123a65190e15ca51fea94e2

    SHA1

    4625bc1052913470b74a0d2eedcb5d1b597cfcab

    SHA256

    9b0a7ac6b3eae5984f76f9096d2037d7228008c77d63e85f4a0fcc6ad766874d

    SHA512

    9a9045e8a3ecfeb50632b4f205ccecb3b9104da04d110623b59b73d62d5da2e345f3259ba706ffdc341cec2f16a734b3dfd856a20333b3434dec0ea577ddaaae

  • /data/data/com.mckt.dtlp.iexh/app_mjf/oat/dz.jar.cur.prof
    Filesize

    719B

    MD5

    a55650ae5b45bb06caad27de420a303c

    SHA1

    7e1243c169ea8aba65c5239e5754bdf6bc5da380

    SHA256

    aa81f0804d4dfa14366b7de2c9d8e5195e8f1943ccaaf935edea1e413748fd99

    SHA512

    5cd4fc5931d5225d7e49b0416132d66a32b52fabd4a3d8504566a263e55e30a16719294870ff3887807b1ebc02f67038d9f644e9ab032ce8715fa0f8a5f49a11

  • /data/data/com.mckt.dtlp.iexh/app_mjf/tdz.jar
    Filesize

    104KB

    MD5

    c34a960ee8657fb632c516c1616ca810

    SHA1

    9aa3a6cf76f595769a52b40a4189c5371a84674c

    SHA256

    2bb381984f485a4803c2ed4c80ebf1ab3f327fc918ce36ddd67326a249ba77c6

    SHA512

    2bfeb1a74504f9c5c978e19041a3c6ccbab2eb77f7fd35c38e45207d2d50af0fe3ae28aaa7373cb4eb69b8f3d9c118d0813c2d7336f2f3f26e8c6a8e34e3504a

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd
    Filesize

    28KB

    MD5

    dae68dcffc3d522a79f98ebbc3b6d457

    SHA1

    6df5dce9a50f12044a2d20b8d1742ae47b82ee03

    SHA256

    56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

    SHA512

    23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd-journal
    Filesize

    8KB

    MD5

    a0e7b1473623a5e01cb9ef432269c3be

    SHA1

    19cb14d9757bd92a790dd052458dea314588b5b1

    SHA256

    d769c50fbff171160bf1f1a58d20d8a3456ce002ff36d90e71611664aa2b6d5e

    SHA512

    3e0c14919414ddc24a5396f437243c1af776eafaf63f9b7eaa14b3fbd12d88a89566779d84d1cff69c37fa7a6191b206b02929960aac99a9b37a95d8231fdfb8

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd-journal
    Filesize

    512B

    MD5

    633dfea7e3a13de66fbda0d8532c45f5

    SHA1

    856a9d28c9b4eefa70ab1ecdf2639fa4104f6d31

    SHA256

    d737a7404fe23c8dff9ee25d5c7371a0d8ad7837a10c8eaae10ac9585d556235

    SHA512

    129183ae7ed3af0009ac60ab7592db4cad37584f3dceb032fac3da254410022c6715c6d674c9eda86bf4ebee5aabf3c31cbe9bf9a00f38525c99774d2a6ab0c1

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd-journal
    Filesize

    8KB

    MD5

    e7bb1026234b376039e4c6a066ac3f28

    SHA1

    a14243e6bebb65145518db73b030dcb18c02512d

    SHA256

    4129b5bc08ef4b860d0cddda4d811ded773dbde0f309528a7d57066143164fb8

    SHA512

    8a273d5e1b515c882334ae4906920bd65db15c4d7f2ea472e966365d3586a569a0fa45fae6efd43bc9ddd439bb420cf64cea00f0ca63339ff63436c094dcb81f

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd-journal
    Filesize

    4KB

    MD5

    a9a6c37e58d1b31b55f4de0806685f12

    SHA1

    2e6f125f0675a65db49130c2f9968fb867532d3f

    SHA256

    d959e98751478ef037071602d48b0d1d14e5b12b972c28363811f5bdb0daee49

    SHA512

    4a490c04f4fb451e633797f0451891598c8f5cd9343bd8418b1cf7faa5308b808d4f81966ded740fbd0ccceb491b3e4b5c6a55cc28c977033777d9b40a2c94f9

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd-journal
    Filesize

    8KB

    MD5

    fb99ca8a09462f2f58767296a793f81d

    SHA1

    5dc02ad587ec90812d1f465fc5564a34a4a21f08

    SHA256

    b293df59e47699a4e5664cbaa8c2dc3b93929511c24c9dd898ac394d242d09be

    SHA512

    1676356b641100cbcea1650537571b532156fd87df66e159ace18d46ce9d68c85403735f993b63f7350eff8e01932a3220e0e5fcff2d290d210719c4a41b08f8

  • /data/data/com.mckt.dtlp.iexh/databases/lezzd-journal
    Filesize

    8KB

    MD5

    e26d5a834d0e30872b6c258056132b03

    SHA1

    5903184d0893187671f2d65375fa24642b698694

    SHA256

    de038c2decfd555ddc9eed4805a6e59dcab5aa1832981e6b3ff69b13585c9dba

    SHA512

    3969c7ea9e4cf8c60321c1f954b32621ad5636278daffd28350a788bab645bbb8b6ef9e46bad37e6a2bb5f54e0d7f0b94799f8e57019f9c92d0d8f13d34dd1f1

  • /data/data/com.mckt.dtlp.iexh/files/.um/um_cache_1717370263040.env
    Filesize

    655B

    MD5

    38e1896559e18047491a1c26aaca0fb5

    SHA1

    c657944c1a60bfc609f44a66389099aec7a0bf48

    SHA256

    d393d2d38a20bd501022e004735913f8e1ee26a9bd450eac54b2e8703086594f

    SHA512

    53e5f438cfa95e80d6ee6efbce49f413f4fba04b1f0ab7778dac446fab5ad04c6581171ead78abdc3dcacbf50576e7f841e59f4d8ff49c501672d0ac2c3d3797

  • /data/data/com.mckt.dtlp.iexh/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    cf74a68e7dfdc6929b3ef4a8e01add48

    SHA1

    a1d60e8bb307695fd5b37330c8db8675abbeb3f7

    SHA256

    8f2d349bf0a1383ae1cb29ba2e9a15516672443d6110bd11d47dbbb820d2c91e

    SHA512

    cd81fda8648154e248f959645f001022ce32c30d7a676a2c48f286a4f5c74bedfe9251302d3e36bff861c754474d694b3cf20248ed87cec8ab1fdaf905edf9cf

  • /data/data/com.mckt.dtlp.iexh/files/mobclick_agent_cached_com.mckt.dtlp.iexh1
    Filesize

    795B

    MD5

    c390429ff4c53e8ad8662babab496dab

    SHA1

    6a9285554a20880974fc27ead74bdc1876239437

    SHA256

    b7588cc80f5955925cbbfc92d883121afbe8ab43f29595f828734be8f41a4a98

    SHA512

    c1cde7cc13917957dda227ca454489a02f77dc0a501041e5968d5c849d5ba202a5d4fb38e897e8cd39f283ea052bd372123e3ae4c2fdd65a5a73c8a9dc15dce2

  • /data/data/com.mckt.dtlp.iexh/files/umeng_it.cache
    Filesize

    348B

    MD5

    7ee7df1e80e2cd28dc2ca0060495a1ed

    SHA1

    75b3b25a5c670fefcbec5fdd3b7032f7b78fa652

    SHA256

    2f31bfdcd9c2ec291e9ba803f4a750d62e709e4787e2a4552c6333afb4044432

    SHA512

    971682a6754887de868a0ff5905e8cbd4d9cb41eac7acef275b78b3c57fd129639a003c875b67c370b548ab02ac4c509e44f4f7c562aac8747df3644328737c0

  • /data/user/0/com.mckt.dtlp.iexh/app_mjf/dz.jar
    Filesize

    247KB

    MD5

    f94e137d7aa3ec510782c58f1089ef39

    SHA1

    f1b5f4b422d4fb5071e41a3fe9b7cf99ec13c217

    SHA256

    89c661a75becb3a99788c1deecf430f54c045e044f30c5fa7dd7f11e93e2a5cc

    SHA512

    743beef1e59c24cb6662c19dab6e6629a30d6bf6e2e014f2f68258a58acacb868f6a7a2a527123170f92b03ba517d8b48cb2a290a963d2b86130444820b0be6a