Analysis
-
max time kernel
179s -
max time network
181s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
02-06-2024 23:15
Static task
static1
Behavioral task
behavioral1
Sample
8fc642358c5aeb7ec649b35d938d847d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8fc642358c5aeb7ec649b35d938d847d_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8fc642358c5aeb7ec649b35d938d847d_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
8fc642358c5aeb7ec649b35d938d847d
-
SHA1
b89275e530a5e630b24902013e13ae3447b8493c
-
SHA256
aefa3f59d16797388f909c9e278f8d36d33f5363f978fe2eff640a22797726b7
-
SHA512
0fca0dad44fd656dc0e0c2f9791d78f52801f87f06ec8548397099a5d074179b1a089752fd816ff2113bbe7316c80cbe30c1e105f444ac9ed763ca8de6c2d0ca
-
SSDEEP
24576:d4AhVXSHyjVhugAB2GMQAv3Q95o+vsjXiJq/13tdHbZKm51Ob83+s:XhvfDujiQ9pEjXiJq/1XHNKmjbOs
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.mckt.dtlp.iexhcom.mckt.dtlp.iexh:daemonioc pid process /data/user/0/com.mckt.dtlp.iexh/app_mjf/dz.jar 4690 com.mckt.dtlp.iexh /data/user/0/com.mckt.dtlp.iexh/app_mjf/dz.jar 4752 com.mckt.dtlp.iexh:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.mckt.dtlp.iexhdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.mckt.dtlp.iexh -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.mckt.dtlp.iexhdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mckt.dtlp.iexh -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.mckt.dtlp.iexhdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mckt.dtlp.iexh -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.mckt.dtlp.iexhdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mckt.dtlp.iexh -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
Processes:
flow ioc 44 alog.umeng.com 53 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
Processes
-
com.mckt.dtlp.iexh1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.mckt.dtlp.iexh:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.mckt.dtlp.iexh/app_mjf/ddz.jarFilesize
104KB
MD574516f682123a65190e15ca51fea94e2
SHA14625bc1052913470b74a0d2eedcb5d1b597cfcab
SHA2569b0a7ac6b3eae5984f76f9096d2037d7228008c77d63e85f4a0fcc6ad766874d
SHA5129a9045e8a3ecfeb50632b4f205ccecb3b9104da04d110623b59b73d62d5da2e345f3259ba706ffdc341cec2f16a734b3dfd856a20333b3434dec0ea577ddaaae
-
/data/user/0/com.mckt.dtlp.iexh/app_mjf/dz.jarFilesize
247KB
MD5f94e137d7aa3ec510782c58f1089ef39
SHA1f1b5f4b422d4fb5071e41a3fe9b7cf99ec13c217
SHA25689c661a75becb3a99788c1deecf430f54c045e044f30c5fa7dd7f11e93e2a5cc
SHA512743beef1e59c24cb6662c19dab6e6629a30d6bf6e2e014f2f68258a58acacb868f6a7a2a527123170f92b03ba517d8b48cb2a290a963d2b86130444820b0be6a
-
/data/user/0/com.mckt.dtlp.iexh/app_mjf/tdz.jarFilesize
104KB
MD5c34a960ee8657fb632c516c1616ca810
SHA19aa3a6cf76f595769a52b40a4189c5371a84674c
SHA2562bb381984f485a4803c2ed4c80ebf1ab3f327fc918ce36ddd67326a249ba77c6
SHA5122bfeb1a74504f9c5c978e19041a3c6ccbab2eb77f7fd35c38e45207d2d50af0fe3ae28aaa7373cb4eb69b8f3d9c118d0813c2d7336f2f3f26e8c6a8e34e3504a
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzd-journalFilesize
8KB
MD5a1cb7f76cdfc110cf165b87b50a6075f
SHA131d8c3880e0b3ccb1ffe1aa03aeb2c7d34028ebb
SHA256df37f0a961b536a1c57e2eae8f04fc10f1f5fb9f8ca68f76dfb3c84a2e95224d
SHA512225796f11a14423618133202060132d764442f5e41e3cc444fc5cc37ef1845876bc756d3af02d663c316656bc5cc6287ec4294f80441841e751d3855bb0f9f55
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzd-journalFilesize
512B
MD519b86833f5abeaebd820763301e81419
SHA109ba28181da5ef164df48464f5c675228e17f49c
SHA2564593321310b5e7f3f64d2b2b94ec91c613e849a62e56ae52202d889ba5bd9c2f
SHA512249d931d27404013d4a18b9f7e37bd8d2587897e668f822d762b0fc5d6240f4c3dcb7b162f06a79a598519de5de19db798cc56e3fc7a358d7d9d0bee53e87edb
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzd-journalFilesize
8KB
MD5ead32a366dac75078042a032e9f960ab
SHA12ac7b5c45800e51d555081980e506ab93108d03e
SHA25659e9f93939d6c915dec92170859455f42b9c80d2362d70b6304db726b70e356c
SHA512b967d2c9c6e12d31f292fe4989a423d70004ae9e6c9fd2d2071336ffd320e141eaf30534807ba0c954155a3a1978e649d832587b268211ec5fe0766bc491c4fb
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzd-journalFilesize
4KB
MD5360a6267d211b96f32aeef87bdb9c1f0
SHA1def15b55f8a25f2bf1171ded345f13f48fcc8149
SHA256aa34f858284b7c9d11c00c06d024b128fe5f892f6ec6646e7b0df7e52aadd65d
SHA512b7a7a2b7c3d793f72afe98273294ff57467c4e69e509223ad37675dbc3d3aff361c54e3d12299dd51f7f788edb323ac3b1c4b69a21528f3a72659c2f232da99a
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzd-journalFilesize
8KB
MD5b74e00cb6cfc1194a65ad08bc321edeb
SHA1c5eb498b485d41214ac62ca00c66603e5732f9e3
SHA2561eb8a850798c45fdad18c5957c419c6eef582a21114eb2b8bf8f268bac92254a
SHA512d58c2dd6c2e3f4b397be2af169d922e405723857ec20b01f1624427b0f83aea6ad91d2060396f006e202c31a51bf73b74587745c9e153c93762cb3a45de5a906
-
/data/user/0/com.mckt.dtlp.iexh/databases/lezzd-journalFilesize
8KB
MD53002417f260946f985bb76da4d3483ef
SHA1db7a69d4269082fe65b02036281407cf5b349676
SHA2560bcbafeb036f55b8cbd259dc0a323dbc3c0298f83da604365cdc279afa021098
SHA5127d0ec7f0f1166d6fde42e0e2c107ee714238c49ede063f09dcfaf58a5017169249a6f4fd32a114e0f02f5f532423281f26c026514759936d67762815fc9ef185
-
/data/user/0/com.mckt.dtlp.iexh/files/.imprintFilesize
959B
MD518dac39a1c28f38f7a36c7cdac7b40cf
SHA1f5743b87273d528ad03758933ae4de6e92a71877
SHA25698d7bbc0b589303c0996ae94927b52c8a473971123f065e93e88b64831ef7d07
SHA5127af4c41c7ddc0ba8211b85b255b7c5985955eaa119497e1c68a6bf8fded5b15b96d5e11691523cd219b8fdb59e732ee641205cb059d6aa14b4a10149663f99b6
-
/data/user/0/com.mckt.dtlp.iexh/files/.um/um_cache_1717370322287.envFilesize
1KB
MD521af6604561688ebd71b61cc0fa650be
SHA130e7332e7727fd11099eaff47ccc50e7d0c8b069
SHA256225c821e0059974a9c9d1a6a6d82fe384d92e7e5509a07d800b1e2ba14083422
SHA512c8d5989a3d07b7e32b7709c258ea1ed982ef2ca686cfce72dd7292a42c55b4f00fbfeec045cb88020858396cf8601be5a7f7dcdbc43f5f193307b62c0b97ea10
-
/data/user/0/com.mckt.dtlp.iexh/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5c5ff4a900a83d0d88d1343aacf659af9
SHA1455f50b09d79cf56dd7945aa9de23d5ce3124c7f
SHA256e369da64ab6ebad23df63b0db5219d53cfb7dea491d3ff4effe35e4b63b8dfd5
SHA512929b1fda6f9c5882af96d1d54ab8ecc586a8507bc164786c36fb096ec2d86daf5bc6c6637e59186eb955dca50df11d996ad28e529fd9530364e9a0ec37a36a8b
-
/data/user/0/com.mckt.dtlp.iexh/files/.umeng/exchangeIdentity.jsonFilesize
204B
MD58535cfe0419cd6e6e5f2691f9401d0e5
SHA1edf64491aa70df270696941e70d441108496e88b
SHA256c720b94f96723852ec9a9ae521b060422cf916132857ce9369b9ce34df09bedc
SHA512b06a45040aa60c56db968bdc6244f6df7f247a420afbdd36d1566a43c84f7ac63ce0a53bfeb9521815d7177bdc7a0daee9246b37404005e6ec516b55e8360da0
-
/data/user/0/com.mckt.dtlp.iexh/files/umeng_it.cacheFilesize
352B
MD55b8636b5b3d2b496d6a4bfb13872da61
SHA12a297fe87b0e91ff5d57dfeaf6f6f1e7e45a2b67
SHA256739b4cbaf71c777499613a0932cea134cf37c78bd599618da7faac27b95412dd
SHA5126254888e4b7c7c303eac959ad894231cfcdf88b70e0a07718381567ff1610d3274ffdfbb199925ad8dc720d1619b6db12cfeda8a98f3fd22426d7622d04a91c2
-
/data/user/0/com.mckt.dtlp.iexh/files/umeng_it.cacheFilesize
179B
MD5e76f74ebacbb3f13b18be46c2cbe00b3
SHA13652726c6627f5736906acb06e4d4b85cfd763ad
SHA256166d00f72566e31f9386bf04e735b4c7540be4c4c17d138b46fdc70ac10ba003
SHA5127080d276ed0f7bdbfdda2778e56a95e145dcd79f8fc83a8893a25bdcb4ce399bb32f7c76ce5d673c37028f0b60d0e07ccdee1cd9ce28b0551c90b1f9dfe77121