Analysis
-
max time kernel
178s -
max time network
182s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
06-06-2024 01:33
Static task
static1
Behavioral task
behavioral1
Sample
99b7db88471aaf69942819f40f9a4f38_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
99b7db88471aaf69942819f40f9a4f38_JaffaCakes118.apk
Resource
android-x64-20240603-en
General
-
Target
99b7db88471aaf69942819f40f9a4f38_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
99b7db88471aaf69942819f40f9a4f38
-
SHA1
6dd2ade3896b0ce715efcb0348de03398a0a3b81
-
SHA256
a65ce10c3d8db06c2e451c837766ed2c8e517e4b953e940aca5c2e6d1d3faf88
-
SHA512
b84304a072ac842c32064277c63a2dee8250ac0340fd50f0d0860e36e6ebe01242f67aec21cb54dfd0413c838191677a09abe7458ca71b073c10885879f90cee
-
SSDEEP
24576:oncEoL0otaYtXMfSprkM4FqD5Bl0ZHqU+IjXo+B4jtgnq/13tdHbZKm51Ob838:jQ7YthrkruBl0ZHtjrCjtgnq/1XHNKmU
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.dwob.qwlv.wigmcom.dwob.qwlv.wigm:daemonioc pid process /data/user/0/com.dwob.qwlv.wigm/app_mjf/dz.jar 4972 com.dwob.qwlv.wigm /data/user/0/com.dwob.qwlv.wigm/app_mjf/dz.jar 5042 com.dwob.qwlv.wigm:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.dwob.qwlv.wigmdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.dwob.qwlv.wigm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.dwob.qwlv.wigmdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dwob.qwlv.wigm -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 41 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.dwob.qwlv.wigmdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dwob.qwlv.wigm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.dwob.qwlv.wigmdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dwob.qwlv.wigm -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.dwob.qwlv.wigmdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.dwob.qwlv.wigm -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.dwob.qwlv.wigm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.dwob.qwlv.wigm:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.dwob.qwlv.wigm/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/data/com.dwob.qwlv.wigm/app_mjf/oat/dz.jar.cur.profFilesize
728B
MD5a87dc1222e6546c25bd22b812f178fe6
SHA1a7ff038b70956810393286e7548b0520db8b0fec
SHA2566c57fb585b9619a0b77b41356f48ffe452d24bc8824eb273facb7952e208997f
SHA5124fd4fc5fb5cad953ac9e1240526c3ad3f864d197b08bf98713b70992ba1d5def64aa3d104786fd16828cb5e064cd931893c11189b4f8d82bc701d01a62bb4d1d
-
/data/data/com.dwob.qwlv.wigm/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/data/com.dwob.qwlv.wigm/databases/lezzdFilesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
/data/data/com.dwob.qwlv.wigm/databases/lezzd-journalFilesize
8KB
MD56c4e9273d6ea46726066d4e1076f9c17
SHA16753b722b4f0cdf45201b4a5d32b41641c00391f
SHA256b924f6a57e437f1d5e2c1f8ea77d408caff697b3a7a6f31a3a387b824b41d5dd
SHA51269bd1d61c0f54de2b7fcfa16c2cd8995bc022df4e2ff80d92a9bc9f6869e65edf6f8ec0b0ccae61c89a2a7f368c5543402264052ddb5fac1587ebeffcbc94510
-
/data/data/com.dwob.qwlv.wigm/databases/lezzd-journalFilesize
512B
MD5fbb9848e0f701366af35a2b19e527eb5
SHA1a54e0f31932432f77db542261c61804e48e5811f
SHA2561c181bd7a73e56fac387a60050fc433dd41e5a44e840c622df3c27e4732b171f
SHA51281e505bf0f806c564a96f444e949197f2a865d22f3566cd74825469c812cab66a46daeee1aa7fcc03343e957914d091cba38bea48778b5bf3e7648ed54719df0
-
/data/data/com.dwob.qwlv.wigm/databases/lezzd-journalFilesize
8KB
MD5be1ba59983bd9d919765a8385fb75ee5
SHA12e8ced0174b526fb7820e206c8973f1a38f3fe67
SHA2569af9772e28f026a1f0f8e8916cda232c5663052e00544f2957fe78013b650c57
SHA512732bf88a22c1384f3eac55096b83cd70d590dbd0b9d8127869e97ea4a7c59e0822187d67dd4a9497cb5bb9200e821e31289bf9cded95d1fc5a44a4e24a674559
-
/data/data/com.dwob.qwlv.wigm/databases/lezzd-journalFilesize
4KB
MD5bf90759baef450eb2da94e21c02a0af5
SHA1a8744d9ce623c1a3c97dcc199f9475e3fdf8078d
SHA256a8b6100c1048dfc018946eb1957dacb3095d3ae51a353589f7fa8c4bb698ff6a
SHA5128cc6bcf96fa0e1aea635d41852e5e63295077ed3020919eddd6e798734d2bc855ce7482db6ca31f53c8dd8c1c80e2c1e2a55b4c656c7dc42e06960d58cf9621e
-
/data/data/com.dwob.qwlv.wigm/databases/lezzd-journalFilesize
8KB
MD53541c059326f067e773f0fe070d7e9a4
SHA1c4c0603749e0cc91e7a1434a8bdc13b7650f2814
SHA256ccd948104a6e8547ba7df06265329870d5b1183e1e691de9ed639fcfe74f485d
SHA5121bb730e7cc03287d16d31cb6b95ede05c926782869a62322b83fd7eb6a8e4de1ed0089eb90bf063c86586f761af11674a398db6da11aa61ec2efaf1291faa002
-
/data/data/com.dwob.qwlv.wigm/databases/lezzd-journalFilesize
8KB
MD5f1b9edb01d635d7102585d7f90affa26
SHA11f8be84e1e5efac8c0eeb5b168a0925c46cc4a2b
SHA256dd3bce054a0a00c1007970540ca36de607a400368e5962df0a5348c031d7a798
SHA512e36d9147c051d83c12d1fdec213e9c02b21c8ec49a805fc57a9ac9fd8fac82510a94aa0a63dc2894cd5e0c70a0cf5b4a10f4f0b260dc65d8ad7ccf693670706c
-
/data/data/com.dwob.qwlv.wigm/files/.imprintFilesize
945B
MD5110db57693fc688a6853ae1c0d743d8f
SHA1b57f77c43e069303343770089d060ff6090391d1
SHA2569d81fece09d532a5180cac2b67bbcebcfbdbb50a2d61fc37a5845bdc6eca831b
SHA5127aed59ebba0c965794e927f1194aac5e40cee9d28913234db5ea77551c828160d97cfb4f56e151aaa0b642a0f154a2baa582a7111d428d25dc12960ff97436e4
-
/data/data/com.dwob.qwlv.wigm/files/.um/um_cache_1717637768467.envFilesize
1KB
MD5629d37ec51e101b6b4e232c2fa87ce6b
SHA1249bef2540414392bb886b8ef9a42364d256cc45
SHA2566d8b2745a762b6f5d244342fded42db93e33ae1f7ae25c4e84e9ff4e496862b4
SHA5128387b1cd85b1b88cf19c0f625e95d9d8cde4c8bf0a9d4f92b6e8e960c2900b45b659d1a49e14f0a78964a19301934f957c7f4f5d1f4a39162529b2ee77fec867
-
/data/data/com.dwob.qwlv.wigm/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD55f64feeebc851c83668283f8232329bd
SHA1777f53452f7e976ff060c418a63d49c158e9cc88
SHA25614f2245c43109b034e47cc584a98ce9a05ee8b17edde8947bf6fe79a894dc288
SHA512c36d443663b70d9e5e891f29bfb76651d092e486f5a882f8e48a8dd377effedea07c86745c7ebdf222c55c19a3c6322f598f2124500a76ee62ab14e2ad02e372
-
/data/data/com.dwob.qwlv.wigm/files/.umeng/exchangeIdentity.jsonFilesize
204B
MD511714c60af36f3c6b5e1e2d2df387ace
SHA13eedef4496c1cc3e130f9f7358e444f7141e3b22
SHA25682e16be2b80eea68dad37b89834e278c9285e7d010df699ad694b2c29ae9ba2b
SHA512191471f53e41d676f6fc4454c82f3b4ac96b18a2536455e76a61a6ca3b137aa888ad8b6d3e62cf1ac9abf8ff68cc69814bb813d45295a2b45c9a3fbb5af09034
-
/data/data/com.dwob.qwlv.wigm/files/umeng_it.cacheFilesize
352B
MD54e3a801aaedaadb1f46e3dd358f5cf2e
SHA169f9c0918f1fb54e2a8c08a0583451bbe74b5fff
SHA256906498ba4a292399dc6a58d721b18eabceb9975dbf842cbfeb71d576d9fc11b9
SHA512e107ab48f5a41e19383cf5c2f6117e5bd587521cc6803f31fe54ca627f78a818b6c671e8bf91befbd885f7c00009d27872316e61a41cfa2a982a42625f70a3ae
-
/data/data/com.dwob.qwlv.wigm/files/umeng_it.cacheFilesize
179B
MD5ae91f7517960c1302c8dee3b6b669095
SHA12918eee284fd8781b74465ecefc2001b997d673d
SHA256550f8928bc1dd3e190c5fd2bb7157142886175e935e4a44e25d65d7d768e9868
SHA512bcdfb36c10ec3596dffed552eaa2c8abd19073f3cc04de740ebbd5584fbe1607b9ec5353b1f9bc733851129f77072cc4f07781ccb5bfe24f4e3593dd5c374bd3
-
/data/user/0/com.dwob.qwlv.wigm/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc