Analysis
-
max time kernel
178s -
max time network
177s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
05-06-2024 00:17
Static task
static1
Behavioral task
behavioral1
Sample
96bc915d76ea99ec620669e6110d69c4_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
96bc915d76ea99ec620669e6110d69c4_JaffaCakes118.apk
Resource
android-x64-20240603-en
General
-
Target
96bc915d76ea99ec620669e6110d69c4_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
96bc915d76ea99ec620669e6110d69c4
-
SHA1
955591102ba2c78af6d485eb4d0c07a259c1e032
-
SHA256
88a7e7a00810df1b5364458c66ccaf38cda9c6bc7494dbe0354c6fd25b7412b9
-
SHA512
3d78469556775b36718b89e94acbe0ec59ab4ac9bd0dd1e24836c107a8a4dccedb959e5d1e2178e585e303b9bf884f23c6029601967e313acdee1156ff1ea48f
-
SSDEEP
24576:VoL0otaYtXMhen8X3lUKfcfIkuovSp04jDo+f8jf6Zq/13tdHbZKm51Ob83G:mQ7YtyX1wvTvSpbjPkjf6Zq/1XHNKmji
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.lwqv.qkqh.epdecom.lwqv.qkqh.epde:daemonioc pid process /data/user/0/com.lwqv.qkqh.epde/app_mjf/dz.jar 4994 com.lwqv.qkqh.epde /data/user/0/com.lwqv.qkqh.epde/app_mjf/dz.jar 5086 com.lwqv.qkqh.epde:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.lwqv.qkqh.epdedescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.lwqv.qkqh.epde -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.lwqv.qkqh.epdedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lwqv.qkqh.epde -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 34 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.lwqv.qkqh.epdedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lwqv.qkqh.epde -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.lwqv.qkqh.epdedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lwqv.qkqh.epde -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.lwqv.qkqh.epdedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.lwqv.qkqh.epde -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.lwqv.qkqh.epde1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.lwqv.qkqh.epde:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.lwqv.qkqh.epde/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/data/com.lwqv.qkqh.epde/app_mjf/oat/dz.jar.cur.profFilesize
724B
MD5df1ff980a354417d0c471130c49de84a
SHA1ec6f5a0c8501b74abb9b35ee5e72cc245be59a6f
SHA2568628b7439382f5cf1d2ffc743a19cfb34ab6444186c21755c919b23586967cad
SHA5124b1761a91eb352dcafad7e33405e9416028ad859e975a16d8a72cda68e9f6a10ba09de0e77e9a6d7518dc747d33546d31f9aa63803b319676bf0fa092e19e889
-
/data/data/com.lwqv.qkqh.epde/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/data/com.lwqv.qkqh.epde/databases/lezzdFilesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
/data/data/com.lwqv.qkqh.epde/databases/lezzd-journalFilesize
8KB
MD51a208a5d8a841f9eaa5165bd4739252d
SHA125bb4c99f34aeab9b2b5d598a6987caa72434f09
SHA256bd3813a55a88d1f58b452be3ed3fba065ecd732cfb3af60c040c970aecc6fa27
SHA512459c094eaa1588f65359f72120327a752beb67ded7279e7cbb203fac45b188bc45f547b094c594e3b276a0e2956695f8303451d0bb295aeeab6d27ccba192cc3
-
/data/data/com.lwqv.qkqh.epde/databases/lezzd-journalFilesize
512B
MD518fa2a8d748156f9de28c1fa573d0a0a
SHA1b2291a640320cbbd0c2d77aaa27d6884f0476144
SHA2562662e6fcec33039e0d541697df6bbcdeaf517a479fe388c57ee453d9c277c84a
SHA512180f7e39b3d007cdd58d285e099e72b569a3bca835c8513158067ef112a0656d087e1b2d273c98086425d45efe4b61b3600b05a49d2269e3903bde9a7e801f11
-
/data/data/com.lwqv.qkqh.epde/databases/lezzd-journalFilesize
8KB
MD54159d37766a36a70aa2531f0812dd32e
SHA18f4d86f7fdd0255014eb1914c11f7ebff152ecf3
SHA256272a8957977c5856da8956e6a0bb6392d2cf16152ff485e7c4e4790a82e5d530
SHA5127e0f89c2aab202d1020e30151a8567b92876db5e2f9dfc047de4406fadca3faa6e56788f202e0ca50c20ee96547bdd7834242fe85429073e5ef2102297439912
-
/data/data/com.lwqv.qkqh.epde/databases/lezzd-journalFilesize
4KB
MD5edd0afab28c35615c66595f695ec4c6b
SHA1f77edb1be04f45c84b909afb82fc68fb068e55e0
SHA256ae2eab4cfae5d295771e5d6515b0932245d5580ccd7e32f629fa56a928ae5733
SHA5121f46bc9f7653ad1ddc86c3ab336c04acec017e413968aa2ec9e6bc0260e1bbe9f2b55bb5aad7eed0c1ef768508bec8866f79f1791fabe645168db3aa8c9d1c4f
-
/data/data/com.lwqv.qkqh.epde/databases/lezzd-journalFilesize
8KB
MD5f8a671c2eca5a2df81e7ebcd35122a1d
SHA16628f5a0351b5f8bfe3aea3f584c9d4642ccd6f2
SHA256a14ce65640e512b1cdeb4d1494a1abf2db9319ee828a7f07d950a626cbab65ac
SHA512f9351b7d9da8547ecb7bed6b3f6d4719c7d5914fbbdfb8dc22ee65a0f12ec8f2c9ddac25c77b0f070dbdc2e9ec194d43f894ef501f3a5618c3336f23bae2ebac
-
/data/data/com.lwqv.qkqh.epde/databases/lezzd-journalFilesize
8KB
MD54f15519e973103423831c8b5d682150f
SHA16b252bdcc0cbaee19cc586292112f1618338a2a1
SHA25692e5e3a17326812bebb9315bff27f017c96aae10dc9d95cafb19853263304a83
SHA5123ee33c2b8cc7ed7a5601a03359317221e25a24a563e04ba4e3ff9c6c324b652348ac81512d8e654010cb385e73301f630a0cb1d1874e5ff8715052d2cc828898
-
/data/data/com.lwqv.qkqh.epde/files/.imprintFilesize
941B
MD56619d7311147c70c517aa9277694800a
SHA19bc006868ac22430e80acf82c64574cda1a17f28
SHA256ae9a5eaa0b59ffd429ea6619853e09622c2a8f0ad0c9b2eb61d7722fbe65b9f2
SHA512fa52968d5004f0bd5fffacc948e5cb23a97f2161091df6a2934e9c1be1bbe7198deed1a77582ea770a133fbcdbf552f706bced6ad377d6921abb770dfdde5ea2
-
/data/data/com.lwqv.qkqh.epde/files/.um/um_cache_1717546802684.envFilesize
652B
MD517cb096a252274df9f2dcfe2f0ebe25b
SHA143970098b238269aa359e3c17b01d810b56c749f
SHA256b17ef272c97070c6ab15eceb80aaf01a2e47df96988e555e60bb507df664108c
SHA512fdd334ec482281f2a22f9a3dbcb92094e6514ca528dc76711a367074656c627b6aec237e42747e025d0f36faddc2d3e3e8925ba6262c88a1c9b40a746228f5cc
-
/data/data/com.lwqv.qkqh.epde/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD56fa8a7cae195c3749a565c313db32069
SHA1cfe2d6361815e0128a574906a56514008e1fb35d
SHA2568fc07963101a31912e1eba4e72c90465e4fb75013d3d1032680c3a5cc0d7c433
SHA5120adaf3e3075eda8dd7aea9d9d3a2bdbfd004401e208696d4c826b11e2730614ed1525f5cbcf12982e075778d4fe31f2cf8ec374883fe539b4366ef36e533a7db
-
/data/data/com.lwqv.qkqh.epde/files/mobclick_agent_cached_com.lwqv.qkqh.epde1Filesize
1KB
MD569240a3b2040d3a95f39dd179d51e1bd
SHA17659221ec8776d7717eed63501d6983f801b278b
SHA2560813e663bd016da20efd4f4ace00b27cf4740c7e5dd1a46c4837d3ea934d304c
SHA512935d5f293332b422cf2390c08a19dff460b82f2250d6681674eca6ea18fcdb6d242e69ee6e346f1e1f0c9ef94ccce56c467a557c93cb0f4f1a70e92f31416289
-
/data/data/com.lwqv.qkqh.epde/files/umeng_it.cacheFilesize
344B
MD57cd4cf095f0949971d9d612b6fd92206
SHA10d53c217ae6d622df8bfb8fa136e9e1545e18768
SHA256af790667700dbcd53d735a6a0c10bef91d32642d0c3ae98064bf6818a034fdcf
SHA51219677499b55924755e1753c08a61ba5cfb03e7fd63e1c0e58fb680ba9cc6826fc7124a81539a3fd9d750b8ee5e5bae51fb0f73fc1758c393b3f6876390634761
-
/data/user/0/com.lwqv.qkqh.epde/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc