68203feb3411dccd4b1bb6afd3ec1f72589737b6324d82fbd9df0d14df66cc28

Analysis

max time kernel
179s
max time network
178s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abbfc842d462adb69849061e91d5a790_JaffaCakes118.apk
Size

1.3MB
MD5

abbfc842d462adb69849061e91d5a790
SHA1

a025d0b7ce728d74ce26546c5a1962c5d81cbfef
SHA256

68203feb3411dccd4b1bb6afd3ec1f72589737b6324d82fbd9df0d14df66cc28
SHA512

099c4d2588a25ee0cdf65f7226c8205b6188a544c90d11dc8962184a079de8033d2d6ba696c468e68d7e06913aedf0c2574d99e05f9a3fa8919e85ec74a8a5dc
SSDEEP

24576:CgcEoL0otaYtXM1SprkM4FqD5Bl0ZHqU+XjTo+EYjM/Aq/13tdHbZKm51Ob83O:C7Q7YtbrkruBl0ZHKj/BjM/Aq/1XHNKH

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.xhkk.lssp.foyj

pid process

4484 com.xhkk.lssp.foyj

pid	process
4484	com.xhkk.lssp.foyj

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.xhkk.lssp.foyjcom.xhkk.lssp.foyj:daemon

ioc	pid	process
/data/user/0/com.xhkk.lssp.foyj/app_mjf/dz.jar	4484	com.xhkk.lssp.foyj
/data/user/0/com.xhkk.lssp.foyj/app_mjf/dz.jar	4541	com.xhkk.lssp.foyj:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.xhkk.lssp.foyj

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.xhkk.lssp.foyj
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.xhkk.lssp.foyj

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.xhkk.lssp.foyj
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

44 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.xhkk.lssp.foyj

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xhkk.lssp.foyj
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xhkk.lssp.foyj

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xhkk.lssp.foyj
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.xhkk.lssp.foyj

description ioc process

File opened for read /proc/cpuinfo com.xhkk.lssp.foyj

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.xhkk.lssp.foyj

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xhkk.lssp.foyj

flow	ioc
44	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xhkk.lssp.foyj

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xhkk.lssp.foyj

description	ioc	process
File opened for read	/proc/cpuinfo	com.xhkk.lssp.foyj

com.xhkk.lssp.foyj
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4484

com.xhkk.lssp.foyj:daemon
1⤵
- Loads dropped Dex/Jar
PID:4541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xhkk.lssp.foyj/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.xhkk.lssp.foyj/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.xhkk.lssp.foyj/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd-journal
Filesize
8KB

MD5
0f18dc5c3c8e98c677d0945276d358fc

SHA1
b4daaaab87e22d6443a1f44f1bc80b56849241c3

SHA256
9b11fceee0c9f7661d18e2e68fd6075932774195635b20fca699e12ea32f408b

SHA512
71d9cdfd3ccd4f5bd4ba8a4cb7a01ec20e1ee6616c9dcafd6edc5b4ff9dc94b29c9b350ea9e9017194c70588eec5e287be25f6c5a53f0cb586991f36b6dfebd8

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd-journal
Filesize
512B

MD5
c73b3b25b62ced2accd74aaa6003c963

SHA1
1922aef60fb7941b38857bcff5eb954a0bea73c2

SHA256
95a58f5106fdb1f9bff8bbf5996ca7064abd1ab3ab66c1dd0390bd6d28e938d5

SHA512
8deae11e3fa84f8acbf3979c07b21605737f949c6959ca19369b356ae5d5ad1f9961b42de49a90692563da844bf33388f1f9e95c5705d420314a638c4f45c180

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd-journal
Filesize
8KB

MD5
cf8ed1e181a6f59f82210188ef6c777f

SHA1
3be1f363843ba92b16ba9aa91691459761ae0835

SHA256
868542a2fe7a75095a5db28efcaa5071d784d4431b707b4be59b82c0d29d19f7

SHA512
115dcad19bf70147cebc76ddc5415e7cd15829b62fae4acf0a464b7fbe51326c5c220865392fd481278bac5e05928b7b5dfcf81185fd7694df045d3b2ad09050

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd-journal
Filesize
4KB

MD5
fe8160e70ecfad49ccc7022a149aabb8

SHA1
c1edd7ed6e8302dd4e9c2b709d1dcf9d07a4004e

SHA256
510d57f470fd39bfa4310abd7a517e8ade8409f81f13ae953b3bbd90098d947d

SHA512
a23d096b91826b6cf1ea6bb8237ca8d1e3a5525fd8c92cad1ded40c6659f15779a0482fc28f5ee89cef4692604dde71b2d855e13f5493d31712ee02f31e509f4

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd-journal
Filesize
8KB

MD5
d10b7008c652b4ca1754f8ac6b1207ec

SHA1
7fdb57f0d85bea57ced59012785d1e09efb041b3

SHA256
bd67cce7c75cebb8ed202a1c45b6941966006d58c8e2a686840f0c9197120535

SHA512
af5b2dd4582d1266346fe8a4effe73bd144d3964163bb0ab4538f68e5eb12d4de5737da92128aab18586808ee11f1e110515a187c596fb8fd438eeecd5df247d

Download Submit
/data/user/0/com.xhkk.lssp.foyj/databases/lezzd-journal
Filesize
8KB

MD5
9b34fe45607bedb8aa76b2c1c7fb40d8

SHA1
1739c0f75616c0b3bc64c98f021428f66699f8bc

SHA256
78ce5101b33c07399cb1587071bf24ae13768ecdbcdd01aedc6a0b177a1459ef

SHA512
5290664a64948f0025434109e6c6f0330e1aa9048d14472acbe90d2816db9646babc145a6c21e18f3bcaf00e86d8aecbdfc90e2cc592bc69f64fb8981953d0e7

Download Submit
/data/user/0/com.xhkk.lssp.foyj/files/.um/um_cache_1718404021552.env
Filesize
655B

MD5
013d8e3878484fb44c57e17c8431c9a9

SHA1
5b0c33dd27a69ff942d186d2df7b4fc2efb4b624

SHA256
4f3bd73638c2dee7551600bcd68cc06e2f862b7f16d3ba0c39c93c2353b79478

SHA512
4d5e7d83d6718c0bf0d90a0434a25b89b3354838c64f54503487d0604d689cfa2a9b2f3ce079b0f60b6f6d2cbf045e2b6cb51f0d386acc0874632d033ae75e74

Download Submit
/data/user/0/com.xhkk.lssp.foyj/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
adc9fe43eafbaefff6cad3154a32a25e

SHA1
f6aca78d26f7c9cba743eded833571ab9e87553c

SHA256
a9b95bc66232da1ef834560b7652d6a08046123ed92c489f56555a0c46136802

SHA512
5b9546a740e0768933c48cddcd69d5767db4524251f7dfa3e76072745fbd7fa9b5b783c15126f396a52680016cb814b04f5315e14f880305a36d638eb221d69c

Download Submit
/data/user/0/com.xhkk.lssp.foyj/files/mobclick_agent_cached_com.xhkk.lssp.foyj1
Filesize
797B

MD5
fda9740c7c65c6b17b6c3e305e5738ca

SHA1
eee59e9feab3e8d02e6195b3b817d3643e14b45a

SHA256
c1a85a8082fbfeea188b27342833daa13af42773b882589c39d360b9c5a34f07

SHA512
5e315745060a536ab089a5ddb7bc98ee9f0fcee347a3e919dd5de0c42aac0184bdbbb28d10e087275231a0dfe71ecc63fccd88f696ad7195b0b3f4e3b6d93dea

Download Submit
/data/user/0/com.xhkk.lssp.foyj/files/umeng_it.cache
Filesize
352B

MD5
6f0042372006b82982bcbe6ec93508e7

SHA1
60a81d1f98b448514a80a77f47504b30c56ca7fb

SHA256
9ca12c2a19094a13eff0bb081d71f3b96b31093605228fd7f60e0ce7270d16de

SHA512
4efafa9002cbc25827726db0f843204e387ecdebe339c8b0b2122c489b1f47b01e739bc21495000d8f45b219da9d2af58d66f342e1dc671996081f69a9b05cdf

Download Submit