Overview

overview

7

Static

static

6

a6ef5b2364...18.apk

android-9-x86

7

a6ef5b2364...18.apk

android-13-x64

Analysis

  • max time kernel
    126s
  • max time network
    170s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6ef5b23648fc136362c30e8de6e16b2_JaffaCakes118.apk

  • Size

    11.1MB

  • MD5

    a6ef5b23648fc136362c30e8de6e16b2

  • SHA1

    ad3d394c25913044233d564c68ebcf2a16fd086d

  • SHA256

    c41c9fe6ba89ab3f4197d0b64ba16b8c48df6f156717aac8117d2efcab8bbc5f

  • SHA512

    a1de3180a2a418b2b4c9803098e76e807ddaad9bd00c026f57fa683fa3e7f9acfa2f961b3a15c00ad18aa304471500df8d5bf4b43ea80b7bbe1e920db8b42aa5

  • SSDEEP

    196608:gbhEuVPUUUnYyOaF2poTpb88bT6lEg/GWbasRGKFxEk5/GWbasdX7xLS+i+iW8Pj:geePzbyP2qpbbHjSG8aIGKrEgG8ayXdO

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 21 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 2 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 21 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 19 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.zhengzai.zhengzaitv
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4192
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4223
  • io.rong.push
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    PID:4245
  • com.zhengzai.zhengzaitv:cde
    1⤵
    • Queries information about running processes on the device
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    PID:4274
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4427
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4493
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4580
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4653
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4737
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4828
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4896
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4970
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5043
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5114
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5184
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5257
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5327
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5393
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5465
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5536
  • com.zhengzai.zhengzaitv:ipc
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5611

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.zhengzai.zhengzaitv/databases/ark_offline_db.db
    Filesize

    32KB

    MD5

    b69d4c577dc8d3e78d45366ccc023e8f

    SHA1

    240c5d214e62fb97d1ce86f262758223388658d2

    SHA256

    b4bdb4789c3fc3c71ad8847ec5a153074ef4942325cf93b20058566af88d01cb

    SHA512

    c5b1ca7dbb4c9459749ee705bb61bc6f5d3bd94e281c03dc592c7c1add4af4be535902c3563ace8977b3172d99310bba2d3cd5a53624ac260c416ae127fa4c25

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/ark_offline_db.db-journal
    Filesize

    512B

    MD5

    cbb7dcfa47065a39d502ef0c700d7761

    SHA1

    8cb4527f642466beff8acf77f808d7afbdd1ea80

    SHA256

    69e91befafae3beea5544213774b037ec3543fe759e7e3e582a148f2386674be

    SHA512

    ff3c281014c19de2e1f8aedf5fbb9a1349580c200ab3c4476b6b8dd70d909df8af6455b28a61de0943af494908227a14eeed1fad86e89a3e24bfaf97c428b4db

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/ark_offline_db.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/ark_offline_db.db-wal
    Filesize

    36KB

    MD5

    b21a46e57fddec293bec153879ec0f4a

    SHA1

    40e75fd79bca361fcf086551772fe5070460a762

    SHA256

    fdefd12fed315a3a8676e90f73d323d534e3ba6597d2c02b77edffba636ff950

    SHA512

    382ea054f18eb34f670041f56aa75f4207e5185cfc48b594e6aaa95212cd6d7a0d0b4b52bda6a4026f8a7c10e10d0cd7e8bc60c686d60c5a41f0789e725e7189

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/rong_version.db-journal
    Filesize

    512B

    MD5

    cb1545f18040b81c41573b24988692d9

    SHA1

    cc13b3beaec10bd91bdd9a7c19e4f2ad740e677f

    SHA256

    94cec15e38da2281b7d9b4d616ab3a7d544e0a631d0e5d1de912e86484605f18

    SHA512

    55b6accda7f56731903f566982ff5884074453ba24e1c0af259cd89d1c5c30e6852c6def767d4dab1c7cb297b4b1822dbdc4597bd58c72e327559809b63e6aef

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/rong_version.db-wal
    Filesize

    56KB

    MD5

    44f7c7212da32cea8cfd43d813dc41c1

    SHA1

    635a5a618979719abf1762af72772354a50ce7b6

    SHA256

    b920aaf76e519b130adae1fa4cdcd21053acf44368205bda5f9ff947439a76f3

    SHA512

    5320541d673797c3f6b7e54b7c274861f856efc4d2c7a51e8c5c553ef5ef06ea489f7269279d7fc23c1432953bd0a7a3e089310d63d4825e437d8d2a22a00883

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/vvtracker.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/vvtracker.db-journal
    Filesize

    512B

    MD5

    432ccf354c646ea8ee7134e9f8bc4c40

    SHA1

    132d0a37527d16f7a1276684531c77e33a54a29f

    SHA256

    1c3ddfd76aa3440c25fbe7d8031ca8325efa021f799b836ad53cd8969f12647b

    SHA512

    92b5dd746534d7618220f97fed8b80d6c8d95d2cbf4c312158c9c06abecfb563b95c866bce0a4da19cadca139f20db526539e5ad3af060c74c79b9e89645d67c

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/databases/vvtracker.db-wal
    Filesize

    20KB

    MD5

    2046f31f295d2827e12344935c5b4967

    SHA1

    b6eace75ba937d06e6c7333304b8e0539e233ef0

    SHA256

    46827ffa43e9e9ee0862d99c13a4125b72cffb8411ec23e404c109bf90fcabc9

    SHA512

    36fb292a10f23c88e9b040151ed67c1dfcfc21c5d9be02154baebfbb4d98e7b4ed0219f5097a06596f7158cb914676708558a4ebfb26ec152d418c10e7f8f013

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    6068074297cdaae168ad43df6800ea56

    SHA1

    49facae79b1b06107b96fda01c779529aa65ef67

    SHA256

    866afaa4a626fb25f143de6b1a082bb76552995035161c367cbc59b1e134d6a7

    SHA512

    62f078cab1bb414939cdc354c372aaaab5ff9cf501469b71a37aa2c676124ae476c20e590143ac2684d01c1155a1b23d6a1af3bb267e4141b61dd170823aa291

    Download Submit
  • /data/data/com.zhengzai.zhengzaitv/files/umeng_it.cache
    Filesize

    310B

    MD5

    2667ec53076791f7198dd5c0f645bd9c

    SHA1

    e4401b8f82a6a83ce3abc697d64d8c06af16ff4d

    SHA256

    6daa5eb25f02bb903845bfdf46453ac299166fb8799b2a3ee868a42c76cd3870

    SHA512

    7b79b2aaee3df2cb14eb6a909e2908bfd3140c466e473d6702b87d42a17ca2d030414f81c02945f4e3f7c41c65819c7bab370c8249bcd34a69085e7180cf25f8

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/files/log/logs.txt
    Filesize

    289B

    MD5

    6611afdfa583f40f1d9bef4b5a919385

    SHA1

    dea4f58b4681c45a781205dd54db93bcbd027f32

    SHA256

    c6f1de01044b071e756b63d4b1c5873089c3a3c01c035021d183b09d870486c4

    SHA512

    b07556faf3371b2736880535fbb1c53ec58d3a57693f88e8dc8412d5473a7332e87324e7b1da632da77f5df331b7bf9ec05f4681ad0435f61e9bb896fd743a90

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/files/log/logs.txt
    Filesize

    326B

    MD5

    844b3d2fb5426c779613505323f8d57f

    SHA1

    c3242459d16b33bccf08815b533317d822d3f996

    SHA256

    6469f82deb42231be4a0a4e722488f374db6ddfc413e395b23deeca8c9fce98f

    SHA512

    8e79e9753bd640bca2566cdc83b3a03144b244339a9e973f530ab6a4bfb625ae20f3396d2fb9a01ab4ab1991eb683e60aa39933f38fe65f0580897b21a3ca8d0

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/files/log/logs.txt
    Filesize

    361B

    MD5

    3ddab065ae5b76100002270c23081ab0

    SHA1

    add56037accb7c4493cb870ccbc394a6189f3b59

    SHA256

    a3340a7e340e39fc9df6152c53b7b6d57b6d7854034405fa8b92c9f27d035922

    SHA512

    e4c42c6eb9ac33ef7defb553322dbc4f38f803d418bbe1fee98f3844735c92b8c50ae6d2a25964c5dac22ff826272870110b3c7f9085f29a6c162346b2475bef

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/files/log/logs.txt
    Filesize

    396B

    MD5

    00f59c69c36a3f760dc31bbb8e17d31b

    SHA1

    ed15e961cc75378046e2e2042176393c652b3b02

    SHA256

    4b329b3e376c777c383aaee81a71244dfc8fa191f5f8b05facb204d3c6d0e2ef

    SHA512

    edb39ca07796b4fdbdc73bba78dcaa655a5843958cfd07fb0750e933c8cb1c90bcbe37b2ec96bb2615c9417d3ef6778a84b36febfd6bf728254a6ca00ef92469

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/files/log/logs.txt
    Filesize

    447B

    MD5

    28a451e51c48a4ca08cde506219252a0

    SHA1

    b44a5e020d7605ee647172d2e071cde2da1ff801

    SHA256

    431060dbbe344a6ddeb04ff00eb67a8d6518d72ea821c32ce427720f9b04e80b

    SHA512

    9ff086dd38218480288441c58199121c50812b8c93e4de41008a5514949b43f1814874471e2d20d80c3e1f73548834dc3338ecc3cd67b7e48a04a3e757dca94d

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/leLog/20240613/000.html
    Filesize

    211B

    MD5

    bc4b723f22a2cd1f2bf57d5937baa264

    SHA1

    5b00a7bb912e16c5cd08e31a6610bf68c8bfdf36

    SHA256

    4d20ee148861fdd9e1f75e0efb242731eab42c8b9c831bf0d5d05d7c282c60db

    SHA512

    05c31598603131f5c1a3fe3b73e9cbc26d3a866aaaee025cf77c3932bb2a4c343bca6526ef81c4233ff935eb1a8eda4ac976b532b676c9330247a008e5824045

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/leLog/20240613/000.html
    Filesize

    190B

    MD5

    1fd6d86c301b5a22a518d68fbf1b332a

    SHA1

    f0bf3c9333fc8bd9f17ff7be4f5713bdc667643e

    SHA256

    40c56b95c1e6c064761c31671fb83aafa635c42e8e30de5bcf37865d3a2b4be5

    SHA512

    774081678835622ec7bc3c7ae315612798fa1b7c1559b2a690197a46ed2967c3199d065948955f03689ca284bb0f3f938f1505c35395a400a6e46461a04ba1f5

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/leLog/20240613/000.html
    Filesize

    451B

    MD5

    f77790fcea77b270805d35f9f807558f

    SHA1

    b6e118c08cc290db212b509156b3e52bf5379cf5

    SHA256

    4cde2cb2e44f15d9a34f2ef9f85990a90caf5a928ed9ccc710d90fb5ef0e3722

    SHA512

    442ad0348204a1cf1b8658a4d1783b896a985bf362345931b43e90dfee7e9aa688e6634f81ee1ae780e1ff2f93acbf27da5522ce311516b2e819d3bf29592a90

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/leLog/20240613/000.html
    Filesize

    451B

    MD5

    dcafe8d82f307657549a84532782be11

    SHA1

    b8f45214280e43ebacc6e9a5c80bad0b799aefca

    SHA256

    5d1c52598219c2c0a0ef3aba993dd7512f4af234f134aca7a892617a9b88a600

    SHA512

    6d3774a424ce2895c82b72f18560a321a9f4fd5e5c414b42bc831f2dd6c3a100edb952f85665f22ac7a3e12b0456ce13fd71833da4dae4a77f8af2b71a522241

    Download Submit
  • /storage/emulated/0/Android/data/com.zhengzai.zhengzaitv/leLog/20240613/000.html
    Filesize

    451B

    MD5

    707a8b4be4816083f260e0af2d076ae7

    SHA1

    21e974e19d6db2fe69b8536a5b7e5921d291d54d

    SHA256

    37493f11656905afc6eb4a767c0c015138c1744dc074de1b9fff58fd76089f26

    SHA512

    07b80550e3ca57018be477ba6beff3108678652530c12c96b1b276203d8abc41dfe471dd02f34f0b2a0da0f1d250f85dddf86af58418d3b825fda85e67f62584

    Download Submit
  • /storage/emulated/0/ZhengZai/Crash_log.txt
    Filesize

    8KB

    MD5

    13a1074315f61fc4baf1aa80d0d3c8cb

    SHA1

    a2e8955eee6809bc612049528e5687e6d6315dca

    SHA256

    2115ec4428a175f937b7b7bbdc9bfb0bd21dbb288262e1b4f69f2cf740c8f224

    SHA512

    2162b4570e65aa2f4e3edeb782f0af0b15a9ec92356a6eb2fadafb9a01e05a855c67726c78b3937aeaa5aac678bb4cc59fc8ac79b28666886286a6ec89f888be

    Download Submit
  • /storage/emulated/0/ZhengZai/picture/journal.tmp
    Filesize

    28KB

    MD5

    103a15f0f4a86f7e60a00c09b5fe454d

    SHA1

    a86fae96f59d9ca411cc4e27b855914809ce3cf8

    SHA256

    4ed48f312a9ddab2eed434be143887dea5513bd940bb896d44e1c9a1258dfdc0

    SHA512

    4bb1018bfc2d87346ad8c68adc7f80a1d7ec7dc977d9d681a984c172c7f066e41f060b025966cbf6537d745b566d4a9274d4521753bd2f90d72d4a7c4df4327b

    Download Submit