Analysis
-
max time kernel
179s -
max time network
164s -
platform
android_x64 -
resource
android-x64-arm64-20240603-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system -
submitted
04-06-2024 03:23
Static task
static1
Behavioral task
behavioral1
Sample
937d686eca77928a3b8ea974e2b3dd76_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
937d686eca77928a3b8ea974e2b3dd76_JaffaCakes118.apk
Resource
android-x64-20240603-en
General
-
Target
937d686eca77928a3b8ea974e2b3dd76_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
937d686eca77928a3b8ea974e2b3dd76
-
SHA1
91464678205a52f02050106bcee52079a78dfc1f
-
SHA256
485959428ca353d404fdf264486ae95d0b48f92ff2a5870ec004103d332fbcc5
-
SHA512
e4204366748898067d2f80d5d0310a78d7686e7704733de44e9c3ae0a09f0b222352580e4658b3362094dea564aa1dcacf617253fcb590f969d0783b18f234e1
-
SSDEEP
24576:PucEoL0otaYtXM3SprkM4FqD5Bl0ZHqU+1j/o+m0jKt2q/13tdHbZKm51Ob83W:PNQ7YtprkruBl0ZHojDnjKt2q/1XHNK7
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.rojg.hanu.gsnxcom.rojg.hanu.gsnx:daemonioc pid process /data/user/0/com.rojg.hanu.gsnx/app_mjf/dz.jar 4464 com.rojg.hanu.gsnx /data/user/0/com.rojg.hanu.gsnx/app_mjf/dz.jar 4527 com.rojg.hanu.gsnx:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.rojg.hanu.gsnxdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.rojg.hanu.gsnx -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.rojg.hanu.gsnxdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.rojg.hanu.gsnx -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.rojg.hanu.gsnxdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rojg.hanu.gsnx -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.rojg.hanu.gsnxdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rojg.hanu.gsnx -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 35 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
Processes
-
com.rojg.hanu.gsnx1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.rojg.hanu.gsnx:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.rojg.hanu.gsnx/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.rojg.hanu.gsnx/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.rojg.hanu.gsnx/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzd-journalFilesize
8KB
MD54b02a38013990c66b7a79243132c7ed9
SHA12f4c3bd29036ddf64467a11a345917f2ed3b71c7
SHA2562bab6f3fc29b66deda75dd2612f0411f936c07510e3d7f530db3ae477c2e11d1
SHA5125c859613ca76eac19483e58840341dfba418017a354e0088824f240a66efb93686ef85f39b43a71347e2bc74db2fa28e48b4daebbd7ca55ffe2f8080eacd486e
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzd-journalFilesize
512B
MD554eccf3de08410de80efc3825906e6ee
SHA10dd452b0b9268a147f28c5235471c7480e4af317
SHA25637b119c45febabbe8232617ba17addea91b876064bebc2cb083fe50c944148d3
SHA512b0d332a25f34c2089a3d2c6fed357faa731cee8caa667c754e1d7341e7ffe91eb40eab9e2556ac4ca229d66ac70f97ec5898b11b833ee4031d2e09eddfd76452
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzd-journalFilesize
8KB
MD518a781f4698801cd3b35ac57314ce438
SHA16a98c3be63508c1d2362b0560eb55ea640350027
SHA25657508fea9daa3782fd4ed406f228dc5e27cbeec174f93537a6d1e43f19dea26d
SHA51291a83553f2384d6e59f4100df8f3476b40f06c3b21020e49bc79f83969c3ac1c6a631b7e8ee01cb8a90bbe368ffc43a8644b0fdec2325860bf6d1526bda3a2cc
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzd-journalFilesize
4KB
MD52d3550908705101ae30dfd5680625438
SHA155f0919b496e05ef46bd5e838e19048f00c751b1
SHA25650b94ff25a4329625df150df67719ca71ac390bc5daa3c07fb010a18e07e39e0
SHA512ec03ceab28903ba0741a2e20fd7c4bf9ec5e4fd73659ce425217cf83daf5edefcee33b38bb4193eb43225a3ae404fb868c4f187ec952efc9bef07f478109dd34
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzd-journalFilesize
8KB
MD5b176f4ecb16236a293688f23615ac406
SHA10e701343358e4f5e0ab44f2d6ee99ce691f94a43
SHA256a5cd10cd5bf430d503cc1c8f4cf15deef300103ef9d94eec64cab7f3d95f80d6
SHA512c244f5fce1a3c3e411def360c267b572e928c8e7193c1f3668f798e1bebd67a6bfe3a563323f33950bc6e1d6e95c2e8381674aef82794b5d821335e637b4d14b
-
/data/user/0/com.rojg.hanu.gsnx/databases/lezzd-journalFilesize
8KB
MD50cfc2a6aa0a9b405cea8c1186594c7b1
SHA12fb25e4aec2a7f5c77849cecc5612fa4635dd2f7
SHA25605d2620b4deb6c2a827f8a27be44c8866c8056204f9fbea6614e198b52c7df7f
SHA512e926075077979cb66871df0021e1df9b66ff3775a40530a7d0f0ab3c00a181bcd92890d9177c1bf97e08bcd98c12f7e1eeb2854e354d8bc5029a9a30c83976e5
-
/data/user/0/com.rojg.hanu.gsnx/files/.imprintFilesize
943B
MD5d511dec34b2fda97ac347ba181b01359
SHA17fd0a91953fa4d7a21ba860baf42874a4406b706
SHA2563713b01f76dbc9f2af99c40ff28e23589c3c4ab8d68013c178263c917fca97fb
SHA512238b63ce77c74fcf36414f495053d20a1f78dc4b48b4c97663a8363dbea9862c1804b65f18d0740c33472ce88dd8c7dd219ed6855a3e769680c0f207fa049e41
-
/data/user/0/com.rojg.hanu.gsnx/files/.um/um_cache_1717471525426.envFilesize
654B
MD5cca00ccea67ad16c75f6cf3764999809
SHA104a31ffb6da5580ee11fd180b0e01f166ecf0c70
SHA256398ae274b7dc21e0a42addea491ca0a756f71cc183ffc22c1508d3b5538c213d
SHA512a72edb71ce15d3a963976cfcaa3a4d683294b67d617679bf6663ec073658985f611174276d8a5e765d09a8f8613812071a79e0f3d72efffd18682e4e55d39809
-
/data/user/0/com.rojg.hanu.gsnx/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5de38fa43bf82bfeaf26bd2a18359af4d
SHA1da92dc9bd24c319cf45d305b5acdf6269f2b1baf
SHA2564351553d47264e75f9dd78df1ff795e5c8e47cfaf707987a504c3d2170de504a
SHA5122db902b91824d68502cf6786cb87a86c434b7ff776cd63f36f944d8498c07ae842cd625b3a410836ae4cb43d9cfeea66cb503f5705af30795312c6133724b712
-
/data/user/0/com.rojg.hanu.gsnx/files/mobclick_agent_cached_com.rojg.hanu.gsnx1Filesize
1KB
MD591f85f396a90ef834991a3b9988c11a6
SHA1de1c1c34e5ebf9e08c19a08564cb2c7dfa3bf857
SHA256723a0e3fc21275f99fa76ffd7756bca5845cc0d627d78aae24ac2bea69dc1816
SHA5121c0cfe65f28f4730ce811c8f5563047a91ccf76bb05ea00a5407520ce24ae4bde6ce9ade1505e7f7ef55582bba23d08b727479b89751d956c5df9bb8a955cb92
-
/data/user/0/com.rojg.hanu.gsnx/files/umeng_it.cacheFilesize
348B
MD52faec314368e780d50ec8406fc4518d4
SHA1afc75ea8520f680d73c03278b2c758890c636e6f
SHA256dacad87442228b8a3a1ba95998022918abbbcf75d4b6949c2856ea309e6c763f
SHA51247c4a9ac7d171401765bb3bf99b07f8a8750eb7508b92c3a615f767e3aece702a7b3dcb1705035ba13706b6d48e0b7f960c6b32f2a4d9bf42b47384a7b163930