11c17b2763dc00b5cf89e0856bda2238d59c580d3fa45211dae32ca4b5b21b84

Analysis

max time kernel
179s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab4e9687a26fc5b0ff18ae9795e96112_JaffaCakes118.apk
Size

637KB
MD5

ab4e9687a26fc5b0ff18ae9795e96112
SHA1

0ed38947e394eb3011c55729fc572f5e49713ea5
SHA256

11c17b2763dc00b5cf89e0856bda2238d59c580d3fa45211dae32ca4b5b21b84
SHA512

2692011d13288cef42b4b73297cd0b666c2591f1df6875275cba770db1ec1592e3a8dfc126679ce0c89abcc31a32270697196461238887235ac26b0f4bbbf4fa
SSDEEP

12288:K4L4oQI8Y0FotaKIUtrbMCp3zE1aaTJE5+/u9cejEjeFxNMGP94vvQe6ERylTQor:woL0otaYtXMCp3o1aKJY+/ufEGDMYiyn

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.lebk.amso.zvrk

pid process

4411 com.lebk.amso.zvrk

pid	process
4411	com.lebk.amso.zvrk

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.lebk.amso.zvrkcom.lebk.amso.zvrk:daemon

ioc	pid	process
/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar	4411	com.lebk.amso.zvrk
/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar	4483	com.lebk.amso.zvrk:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.lebk.amso.zvrk

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.lebk.amso.zvrk
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.lebk.amso.zvrk

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.lebk.amso.zvrk
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs

Processes:

flow ioc

20 alog.umeng.com
48 alog.umeng.com
63 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.lebk.amso.zvrk

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lebk.amso.zvrk
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.lebk.amso.zvrk

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lebk.amso.zvrk
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.lebk.amso.zvrk

description ioc process

File opened for read /proc/cpuinfo com.lebk.amso.zvrk

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.lebk.amso.zvrk

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lebk.amso.zvrk

flow	ioc
20	alog.umeng.com
48	alog.umeng.com
63	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lebk.amso.zvrk

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lebk.amso.zvrk

description	ioc	process
File opened for read	/proc/cpuinfo	com.lebk.amso.zvrk

com.lebk.amso.zvrk
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4411

com.lebk.amso.zvrk:daemon
1⤵
- Loads dropped Dex/Jar
PID:4483

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lebk.amso.zvrk/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.lebk.amso.zvrk/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.lebk.amso.zvrk/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal
Filesize
8KB

MD5
cb2f257b5b14b2b1698e830cc91c86ad

SHA1
fc99e1aa0621e551b6d0227eacc42ce7fd670e5a

SHA256
85468b05fc01c8433dd26e08e2ea798a878c9460293f80e9984d409e58b9d06a

SHA512
663dff4b2fd54a44dd5b874cb6d31083be980f1bac4ac244279213eb149ddc6f2edda36ba94fcd74fbcc6394405cc4470a2d836a0464e45019b21481ed9c9f84

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal
Filesize
8KB

MD5
2c5c507241857b85fd89bcbb2cc79c40

SHA1
45699052798d90827b181780b3ba44bd6666a40e

SHA256
28617885258b0aec9ca10b8d610f0dc954f407a54064bfced3a2fd3e2bf83d05

SHA512
8c5c53f75e229f6adfdc0334da76a070faf9a0fd44638aa1ec99bbd87a84a83649011ec42cf02e7732ea0ae00e2225346bbed80576406379f4cd0c494acbe1f6

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal
Filesize
8KB

MD5
735ea92a954840dfde8f763d007c0495

SHA1
7238726d3b46a7e2dc7adfa84d9957b656357323

SHA256
77469aa582413d92270863d94a5f67827e859776fdd7b511b4755fc461fac1b1

SHA512
077b66d270c1e35b458176cff80d6885f0e235c6c3cfab31be99cf7f57174bb008d650adfd07164864180fd5aab2e201286bd7692086d854b73e4617e59b9d55

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal
Filesize
512B

MD5
a7976c897a430250bb88dcb9b8089a99

SHA1
06e80838fd0d727a45c838871a17a8762313d9af

SHA256
e52742be27e9a19c7e27f6da972a974eba4b2052a6226478ed691dd9fb6f457f

SHA512
ad419f730d64843429368c63b43050d4b2cee80f94811a3f9e99024bb099fc1472e9c914e3ce2798b8033962115ac976c38d4ac173dfe9d58eab37ea72d03c0e

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal
Filesize
8KB

MD5
c9aa26022d6ee12cf7d4f3575fd5f204

SHA1
c61a22ff8e575e23e93b25805894f1a83d84917e

SHA256
4389adc40c4936fae7b2c73b337ace8528571163af7d617bef1a214042aab99f

SHA512
66e4592af6b46ec589a8b0533de8717a9f5385341a8413dda718eafef3f2804d3e25bb5be4677af85e2884f53dc86148f6c42559998f36cc4541b00c444ce0e8

Download Submit
/data/user/0/com.lebk.amso.zvrk/databases/lezzd-journal
Filesize
4KB

MD5
9fe032f7af384bcadcc91d4f3ba7080a

SHA1
34913a21b0e9af5a3a10cd8ee46e6c0697e6116f

SHA256
8e824392698aad6dacf72d26fcb5365eb0654499dad438be10435c1441ade703

SHA512
e68e615df5f007a04a491a7e0db69f75ebd445ff3b502c7fd9f816599d59fa79ceed265993b28daa895f6c6891ef73f207630006247794e119ca0a2c73b68cce

Download Submit
/data/user/0/com.lebk.amso.zvrk/files/.um/um_cache_1718396798822.env
Filesize
658B

MD5
7813777513d80966223079cb2508de80

SHA1
7565dea94f10b1523561633fd7aafb3a5fac6315

SHA256
eaa553bd106c193317e64fb13d85aa60a7b29e278765fef93307a9df74a92f8f

SHA512
46684275bc4f0cbd4359cb39643e0408edbc805f6d7cb0ad66a0bd3adbd94b09da42b29acecd5a1521dded1256ae37603530d0bc25aab661acc9d7f7ad2519a6

Download Submit
/data/user/0/com.lebk.amso.zvrk/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
79292c007214faef7af4c89be335450b

SHA1
cd3bc6501244373069ea3099bbad2d07c7098ae9

SHA256
b9b46ab0d26ff0b467c7abc25c9ff4f8a08145f1f7601ecc8a6884906e0aa350

SHA512
9c6705a64b078c0e56cce980c23b133641fc3a917f54af7560fabf1998208ab65fa35dcf44312bbae542ad7083ea9e3713bef72553fbc7648a510ca01f42db64

Download Submit
/data/user/0/com.lebk.amso.zvrk/files/mobclick_agent_cached_com.lebk.amso.zvrk1
Filesize
806B

MD5
9258df0eab168e3d6807f27761ff7415

SHA1
3bb2e7ac0eccd2ce08a710b363f6ffdbf8ccc792

SHA256
b82aeb349ff2cd79cdb997cc7540154900fda4cdd69c1cf7b714ed58f0ff34b4

SHA512
37a7bec177c9e4e416513af93f294ad420d69c8aad7e42876bff5c73017c5b926c7fd98c6a17b99f6accb5ad383f202131ec3a47a975a2f33da7f01a0c7986e6

Download Submit
/data/user/0/com.lebk.amso.zvrk/files/umeng_it.cache
Filesize
352B

MD5
8aadffc8fdaf95f9282667d02943205e

SHA1
313a80751e8fdff076345af6c0a98334328eedd0

SHA256
6a7fd13ee8abf6e44716f2cdab870bb6f30b3da8ee7598c8640d29770ecd2f2e

SHA512
0adccc648cd8be83d62511b2c7d259f186de88ffdc7165906230116e982be0447a4920c6c9eea582f791b494e3531359424011dd6a2b09abc73a7ce502af4402

Download Submit