Analysis
-
max time kernel
178s -
max time network
150s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
-
submitted
14-06-2024 22:25
General
-
Target
abbfc842d462adb69849061e91d5a790_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
abbfc842d462adb69849061e91d5a790
-
SHA1
a025d0b7ce728d74ce26546c5a1962c5d81cbfef
-
SHA256
68203feb3411dccd4b1bb6afd3ec1f72589737b6324d82fbd9df0d14df66cc28
-
SHA512
099c4d2588a25ee0cdf65f7226c8205b6188a544c90d11dc8962184a079de8033d2d6ba696c468e68d7e06913aedf0c2574d99e05f9a3fa8919e85ec74a8a5dc
-
SSDEEP
24576:CgcEoL0otaYtXM1SprkM4FqD5Bl0ZHqU+XjTo+EYjM/Aq/13tdHbZKm51Ob83O:C7Q7YtbrkruBl0ZHKj/BjM/Aq/1XHNKH
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.xhkk.lssp.foyj1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.xhkk.lssp.foyj:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.xhkk.lssp.foyj/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/data/com.xhkk.lssp.foyj/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/data/com.xhkk.lssp.foyj/databases/lezzdFilesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
/data/data/com.xhkk.lssp.foyj/databases/lezzd-journalFilesize
8KB
MD5aaebcdbc5f22df76bb8727ffb3515300
SHA197fe903f1cdfa40dcacf7768c169d2867ce10160
SHA256570bdf8af36349cce60d924a830734dd5b800f8fa7cc1ce65d1bc08bf949c1ba
SHA5125010addfa4715aa3d18d3a7698810f583075e46f800cceb750c3c91486b434235c2124f61c9d1575dd90bbafe4485bf16dff79eed56b5a92ff29be318804dcec
-
/data/data/com.xhkk.lssp.foyj/databases/lezzd-journalFilesize
512B
MD561f4cee21280711341bc3e19968b1642
SHA1319505f6ddb239925e24749c7cd7adf062b5fd0c
SHA256a16bd2a103d00f514ca1342ebf1759748b2f0fbc89fd25e4bb5afa21409bbe73
SHA51290ddbc84631464b16c54cf87efd14c399fcd5aa9e26a558cf1fa9a0f4e9868bc4e5a60fc209693cdd0f1cc8a2ec07279dc677bdfa856b98949ef16f930f6af30
-
/data/data/com.xhkk.lssp.foyj/databases/lezzd-journalFilesize
8KB
MD5c28b20beccf909176cdf3e20c2e61c3e
SHA166c866c685b82136f16b118be55a651b7a0f9e96
SHA256ac5dbf92538a4bbcc69d81bfdc97f4b1bf8a450659852bb4b7ec3eae9095fae2
SHA5121fe6d0afffbc5abf23df625f4dc6b5220faea197709bda6758da5bb3fb174578723a90bf1d9fb3e5c4ae068d2aacaa792d4f68230379cd11d6fe13f6dd01eab1
-
/data/data/com.xhkk.lssp.foyj/databases/lezzd-journalFilesize
4KB
MD577e49cd11180afa57840acbd0ef465c2
SHA1f0b2b78c95dab7cb9bff7c215c81990b5c76c66a
SHA256b269b1456536cf910cc988fe59e728b8a5493f2d7496296c5164fda6a1b23b12
SHA51203b6b1015e0ab88c2393f5c45cd8eb18f52b620239902b042f27376ccc8022d9eaeba8413d88625d446ce8909bea047a6c8aee8d28aa28c5bfff2b0b2f98f5b0
-
/data/data/com.xhkk.lssp.foyj/databases/lezzd-journalFilesize
8KB
MD546a195096f3ce55e3ec295f346a1962f
SHA1853ac1922f64113eee761495791d28fc05132138
SHA25630c142a795aacee3bcb4415409a664366db998d6f151604d13c6005034146b11
SHA512aea5408ea8f5ceef51bc9c71e4874babd4e8ab1fe4d9900f3a4eb92073ab7f303865e64e348ca6b6dc091488de9a37cdcf1c1e528daa4d6889c95241779a4ebd
-
/data/data/com.xhkk.lssp.foyj/databases/lezzd-journalFilesize
8KB
MD5235281b6f45e8ea15ae0777f3fcadde2
SHA11b8bac61896b87880925dd96fd36bccb7b97174c
SHA25694c68d43648da90ac1fd82682aced179c23a893fa20def4f3c4c283f0ed58b20
SHA512f519fa1f4ef3fbfbe01780e7d6149fed458e510f75f291c3a841847ce06183beef0d1e65cf828519d7717e00db9660b1f6e9d2b1742ba5b7fea2e76b518c08bb
-
/data/data/com.xhkk.lssp.foyj/files/.imprintFilesize
944B
MD52e00ba06dcd863c702a47970e3a0e361
SHA1115173ebf0e09b23a134acf1eb0c1658d93a3e69
SHA25614779ae6ed2e2b23acdb066087d2f865e58a088bb98a0921cc1b68fcc6c1b68d
SHA512e7dd750daac8039410752683a7aa8e3e56ea36e1ff648e58ce05794c75044294f18c85712573f506a70770bff33bbe1d9f04a6e1e9e1883ddbe18a1b7576128c
-
/data/data/com.xhkk.lssp.foyj/files/.um/um_cache_1718404025871.envFilesize
656B
MD563690af71fbfb813e61c36f998931a7e
SHA1d704b081770b6189b837e3854aaafccc9663ca6a
SHA256857c44b5e75511549b38589e88a93f42a16e2588d3d9fc514e874b0173462eda
SHA5125a3a051b8a0155cbf2a94f832f5af0e8c13f89c62bc6a1640d88543472f7d01ff9292dbd80da9b6f3a3aaf39a055bb85d4555cdef0d3d5268bd68f8916a2de86
-
/data/data/com.xhkk.lssp.foyj/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5842a43a0cadc16a6cb496ce6daa38e3f
SHA17ab39a7fa48592bc6e972d7a012cc5771793de51
SHA2562ac1525edda072d634993273a8f64c12ec0a8fb9abe118d4f0b8d4b39fc94248
SHA512dead88f846f33dac353dbed92bafcf66ef4c0e0fc3f4402b90694ae0f7557344b3b17f944a0d4e15986ea71ef593018f5a6f74c1b4a1d2e9469722caf939adb6
-
/data/data/com.xhkk.lssp.foyj/files/mobclick_agent_cached_com.xhkk.lssp.foyj1Filesize
1KB
MD54ba51ff8533280b906afd08da6165d9b
SHA1d3fe1fb819a91715babe5c4095c86a698d1232ce
SHA256a0afc243b55ff2cd2053699cfdbc26f148470548530caac25f3af474942038f1
SHA51269fd1236fcb15d5e923fe7667bb0a6991a4a0b1712360ca728dfd62c1ed125eeee373ecf1cc960373c6a8ca3dd90e6c5b630b63bffba7d0c7def2606f1d90485
-
/data/data/com.xhkk.lssp.foyj/files/umeng_it.cacheFilesize
350B
MD5ea6d53403fd5f11c0d7c91cfb6dce946
SHA136473f04d36750de15122bfeb5c225cf1a9c6170
SHA25634835ef19ebfde287f9262ed5613d10ec3f8d4bc573f545ff5ddd0310ecf41e3
SHA5120a03a7c22bfdcf67dfc8cefb8f194b2b77accdf72e93a9254880fc784be0e1270a21c0424f5b5026c223ce423d15013cc3b726fce165626d7313e7d7163efed8
-
/data/user/0/com.xhkk.lssp.foyj/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc