Analysis
-
max time kernel
178s -
max time network
156s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
-
submitted
15-06-2024 21:47
General
-
Target
b0427b2ba17f72797853cc02fc1f8c66_JaffaCakes118.apk
-
Size
637KB
-
MD5
b0427b2ba17f72797853cc02fc1f8c66
-
SHA1
1a7ebcea3386d71c24ebfc425b10ebbca541fffe
-
SHA256
f40f8b178c14155ddb73ff4583a9b57d1f1f1b9de345329d9d902e6b35768b51
-
SHA512
22bdbaa9dfa2a4df125504ba5ae5e6b9035d041e4ac11e96a1f71a2a9e879629c0f2bb6d2ffede633f726af19a0047c3c0f31d0b54fc5a04155096dbb98c43ae
-
SSDEEP
12288:+4L4oQI8Y0FotaKIUtrbMy1y/gfOdFskKkMeFx3MAt94vvQe6ERylTAf:UoL0otaYtXMU5OgklJM8iydy
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.jppa.fugg.puiw1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
-
com.jppa.fugg.puiw:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.jppa.fugg.puiw/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.jppa.fugg.puiw/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.jppa.fugg.puiw/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzd-journalFilesize
8KB
MD502f67d1ffbac6d74b85fcaf56be95a7a
SHA1094766682e0b0749808b5b221e2af500e52fbc3c
SHA256bcdaed4d3ec1690ad82340f2d924469b77e087450cad6f5a31d0c8bcb3940f22
SHA5123d39abb4e9edb0ed7e055b9342089af565aef07e57e453bfcf56d42daacc4ef9395643f17ac5f3edd18a99e11f5a90e3d82df7c0e020d8e29cae5da236931204
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzd-journalFilesize
8KB
MD59d718aacee7ab93442d91639a6aa7db1
SHA1634f9018b8bc87b5660b1c712a027c32864b5fce
SHA2569f34d371985a4cc946398342c9f2053172e1465ae508d28b25f21bf0bbcfedfc
SHA512a41433172ac3f3a012cfa9d93a25603fcac1df14f593e70bcefac6ad77395b767f7530ac790cd4fefc0706da412161ce2ac11447b753fcbd8242c11a2a8d927a
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzd-journalFilesize
8KB
MD544655f2b26db4655638cfb30944f738b
SHA17d8453d5b3038ab53fd73fd4393f8073b0e0129d
SHA256e263eadd490e0e4224dca56dd6c784772f772453335a5ed524ecfd722e35798a
SHA5129e010fd827fe56fe74f4301b1085560bae8a734a341a0c27e94897f9a0aa213518f239c8412932c8d3bdf7615b29665b77223ecff2ba54009512d2f20c65d872
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzd-journalFilesize
512B
MD5768ff2ae4ead4796528df358d48ea1bd
SHA1ed6158025539ce162e59a79fd68dd6f58ba6ffa6
SHA256ac678fa6753c47f7f1db6038b24148c62050edb7c6e8818c6dddb1a9605d5755
SHA51291472c3c34b281b8cd6f490b74e6cbfaf9d4bbe2a217e2c9fbc047bea2ba9eb4f02f795bd9a374463de2ec7e62d74c9f8f8d6240bc4c1e5fc0e84a51ca5e37b8
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzd-journalFilesize
8KB
MD53a6bec89629be4bab6612d1f8671223d
SHA1f83a3de26461ecc855d70c10b6dccbff90e53d37
SHA256c3d3ea8b8f3182bc8797fa310f84e6ebb94586dd85e6fa46a5463153080eb64b
SHA512f2ca0dd7f7ca32e9f19a868dc5def14c4bc457b435fbf6d9af0537dc91f60e01452b6499cdf368e20bf69372a72a27285fe207ad54206b79183d6b1f09f44d20
-
/data/user/0/com.jppa.fugg.puiw/databases/lezzd-journalFilesize
4KB
MD5b7fd19e5370376e54c6a3f3a1516517a
SHA1981dff9d5fb6a22bdbbbfdd4ba7101b5a4c24d4b
SHA256e4e0d2f104e69d540fa293a2e446b0e258c9fa9fd229417bdd056b6ef7e599f3
SHA5125728f9344b04c653a9809282315b0b953128d6264f3ade8803bc75615dbcdbfc07a76e44387baaf43bb3c7f03322de441335dc40611f9d2e4bcbfa64f5696a88
-
/data/user/0/com.jppa.fugg.puiw/files/.imprintFilesize
950B
MD5a40e270c3ac5da398a1b2d9eb8be542c
SHA15e25cc4ab450bc67ff2f4b11d01ecf40fdbe6c8d
SHA25686f7bfde9b44d520b97364941b5c5679a3830cde0ea86a1cab78cc3ed8ad2996
SHA512811827b8635edff320593aa698cae868ec7082c8c9c596a0717cdd6f3f5839e49df8eb2dcc4dfd048234352fbeb3a8b895d4d4318674322c984069cea0ac741e
-
/data/user/0/com.jppa.fugg.puiw/files/.um/um_cache_1718488114375.envFilesize
657B
MD5cdb8424385e93e02103e6fbce1869f58
SHA1fd1ac2b3d1a509462113c56cf3e51686f5e5ffe2
SHA2560aeea2491a37425b778f7a54aaca003eb36b28aeaef336fe7c808d2d7923bf62
SHA5123d00057c55c43f7f5f8d1a07438b40534c9a58f838b9227678bb6ce3f656519c3cd96bc014e8d1ce722baa6bb76d9db78f549554f321ab4e70d44278b5a6ba04
-
/data/user/0/com.jppa.fugg.puiw/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5411271f08ae21d32cb3246bd81b97d09
SHA1af63f49550db5d6380898dc318efd535d3852f07
SHA256eead302547aa6cfa53ebea01dc2f5e0fa196e1d703bfc209a4a3ebcc0e3bc51a
SHA512f1f6bba3d7f47134b176b4a5a9cdb4a115ad2a3d45b439ccb50046e1163951f5d74afbd834f2b675dd16c8391fa83de40256985e6b7a0af43478eaf3f2a44573
-
/data/user/0/com.jppa.fugg.puiw/files/mobclick_agent_cached_com.jppa.fugg.puiw1Filesize
803B
MD53aad5a4d8dca498f18f441a2544035c9
SHA18bfb3698eda6c3d4062424197727d152daef8425
SHA256656c742857b1988008c596a637ceeb5e8ae484138a218ee4b542be8762b714f8
SHA5126e29d99e842ab11efcebc25c93429eaf4af4f90af1fb4d0c9493d518f348f8584adccf6fbe3c36faabd2f53df9fb06cc14562aabf7c99e1324a5c7bee7dc8008
-
/data/user/0/com.jppa.fugg.puiw/files/mobclick_agent_cached_com.jppa.fugg.puiw1Filesize
1KB
MD5ef251b99a33b8844a858517f86a62348
SHA1c34aa60965b02c5581b06ecbfda6c9f227b22014
SHA256c9c5a17fe71df1a74cf524cc40332f3b9bfe6422935ba84b03ec917f9f5bf488
SHA512a6f3f287b0e4cd867feec41b9c95d10a05519e807e5100b2965f1b7e1e2ab448011a4b55962dba223016572fb2974906aabfa1de069cf7f2b32607d24deb1910
-
/data/user/0/com.jppa.fugg.puiw/files/umeng_it.cacheFilesize
350B
MD55b2078d3ab7c16f903291fc1ec48f64b
SHA12508b72334778c2efd90125c5b7c3fc3302df5e1
SHA25697a2c06b2cbf081cb0519c0523b7380b6128e9a976879f256a9fd151a9f87c38
SHA5124da2836e55b19c7eeba523fb159337da7e7eeb0ca2bae5ca9b9ac66ab6749658325e2e826ad3af0cf6f042b7b0c5869e361e7b403f553e3521d73c63544121ba