Analysis

  • max time kernel
    63s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    04-06-2024 01:58

General

  • Target

    93577b03dbb1214799afde46e44658f4_JaffaCakes118.apk

  • Size

    5.4MB

  • MD5

    93577b03dbb1214799afde46e44658f4

  • SHA1

    2c3cd7411a649d0a63fcf31a948d8068e8e70427

  • SHA256

    d2fde978c2a430642d7a6a1b5f752b34595080dc21ae6f863379faa5f2b712c1

  • SHA512

    1d3bb4e6da7995e08f05f45f7955f4c3227f3d27d5eeea84b09298a56db08cc25887c3d3eff28f073eb35419f72eabadf3466826f898243b9758c42b29535e60

  • SSDEEP

    98304:lcmNYhFN8dvUgEpb8M0BF1hba9gLw4C1foG3iUTcguZYVpX5afdhqZ:KVkvLEpbuBFXaIwt1fZluDHqZ

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.bjfxtx.zsdp.superdist
    1⤵
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4278

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bjfxtx.zsdp.superdist/files/.um/um_cache_1717466413807.env

    Filesize

    627B

    MD5

    ab0bb6281e88be4451132ea48d3b74fa

    SHA1

    dcb1d15d7e910dcf4a6128a9e41baf42ecbdd3e1

    SHA256

    44881ed00038116048e093b76d0c0193bcb36dbca93d261bb501140bf5ba76dc

    SHA512

    948209bc6ad7ab20bbf033b40fc4fcc4d622cf0b66bc4d2d8ad0ccc47c40cddabe4da4e7755bba5bea125ac3987c7063ef15c5b5f378d4c759c4427e496c4ba4

  • /data/data/com.bjfxtx.zsdp.superdist/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    5f61ba80d61549e83ae28076090ff6ba

    SHA1

    a52b4c752501d543da8b90a7f11c87447df08a66

    SHA256

    ce3b684afc1d8a7a354b3506848458240655e41cef6f2526e94e31cb731ea591

    SHA512

    fb9d27fff5fed3c644bb6d1967f635e8c0eb966b0b788f68f00d6c5739dd1a6a7d971f3cce60b6924d667203b5af6773b8f9cfd5733da138dca357ee0d3456bb

  • /data/data/com.bjfxtx.zsdp.superdist/files/jpush_stat_cache.json

    Filesize

    159B

    MD5

    7d7eb6a69c15a11159be110c1638e274

    SHA1

    731e051f2de932488df9d8160724ddc3e664b3bb

    SHA256

    fac9dddca06c66ac533f1268cab4059f5f865e585e338fb365dbfb06398ac1cf

    SHA512

    fe4cd9fb1a1b419f213702a041d814c366ab2238703ffa56d5bfd0d0ddac2267cb5a8186267f33c3191386508cf86608bd95bc2f47ad8197d2600fd8bdace70a

  • /data/data/com.bjfxtx.zsdp.superdist/files/umeng_it.cache

    Filesize

    310B

    MD5

    1189437c77d0106c0723d8cc666f5b4e

    SHA1

    20865838460a5b7a8e7a6c3499b49a01207aca68

    SHA256

    a1d9c0392faf1f211a7d83e21866f3730b78f9650cf1020345765e5c32156f42

    SHA512

    9a066158cbdaf3e7c36136c652f0f7c8040ff19105dc9c57c6bb20713444b8cdeb8c0c8f916f5a986a3224d5b50008eb00fc9174c8520a8920a04588f79eb200