Overview

overview

8

Static

static

6

ad6690376c...18.apk

android-9-x86

8

ad6690376c...18.apk

android-10-x64

8

ad6690376c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15-06-2024 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad6690376c647d1f00778276b8367398_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    ad6690376c647d1f00778276b8367398

  • SHA1

    0f9dfcb20180dcc3e49abdcec180538a3a4e6b53

  • SHA256

    e714e8adda00db5053bd11f6fc33792137e05fdc851fd3401dc90a957e9a13a9

  • SHA512

    441723eeda8b1ece903c40f73c201d92d7f56a1dcbc04d3b3026405a9b1063995f86ec28623c469cd0f977308e3f8a78de5be90f1c4161a00dd060b1685c0fc7

  • SSDEEP

    24576:NchoL0otaYtXMheU8X3lUKfcfIkuovSp0cjTo+rEjDe9q/13tdHbZKm51Ob83r:NcaQ7YttX1wvTvSpfj/gjDe9q/1XHNKU

Score
8/10
bankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.rffa.ymba.clil
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4170
  • com.rffa.ymba.clil:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4218

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.rffa.ymba.clil/app_mjf/ddz.jar
    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

    Download Submit
  • /data/data/com.rffa.ymba.clil/app_mjf/oat/dz.jar.cur.prof
    Filesize

    687B

    MD5

    5e93ed868d629325cec45c2e3a9852ac

    SHA1

    1d996829dbef107daed2018a49d5c1f0ebef6b77

    SHA256

    3570f268f6b19eab88e7ca72096c4c628dfad6f2cbf414b2728ce5f9bf61dfc7

    SHA512

    70736033b5d0c5129ce8a0810abb307103f4859db510d21318f70c3d66bb41838a501a3f29bf3b121f9c0ce7edd5aeafc776970ddfe06e262d652f06922b825e

    Download Submit
  • /data/data/com.rffa.ymba.clil/app_mjf/tdz.jar
    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    512B

    MD5

    4f2aa6c08abf3126b92fa981ca9371b2

    SHA1

    7d8ebcb41c657bf89f714755d0dfcb25ab7c4d9d

    SHA256

    0fe3bb012c36fdf1af9a3acac33ee7e2ca81b1ef6f29ad16f93a2fd812bb37d3

    SHA512

    d2a921820159ec333b7fd28efc441238915db3f85a09137a81340f94f44382cc828aa4d6cc5de372b1043f5df276684d80ecafb28315293d169e6d75323ea591

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-wal
    Filesize

    60KB

    MD5

    87a3d4c51302798ea6f737c05581840f

    SHA1

    9391ac24d5b9aa0e52ae3289a9768171d5f9c60a

    SHA256

    b4fac65d16203336aaac9b398510e042ed81af0f98d28e393bc5ac9ad758485b

    SHA512

    0aa4140a785e3c826f0dcaefe3a0bccaa9ccc2cc7ca2f2fb66c237a22f0cda88cee888d8dbe4725935d6b689bf2d57a7c83f52fbf545c5e93804f59328ee9ff2

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/.imprint
    Filesize

    1016B

    MD5

    7f8cef2b46738772599635dab779c1ad

    SHA1

    cb719832b080732029a5e91d0eb0b540d0848dfd

    SHA256

    0016f0b78fb80ae28cd5a7e41c6eb681dd34bc60bfc9ddc0089eb3dfd4839ac2

    SHA512

    fad97ba13ebe767a7a1e8efa3ee2fccf5d117c0b94f4343e7c43f41a30276d8b8e68eaf7165ac91fe36c10f2b575203b4477f739d115058a45d017df42a13eda

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/.imprint
    Filesize

    1015B

    MD5

    17029180b30fad24054d8ac6cf141378

    SHA1

    0b0cb9e559d3e5506c9bc69c0cc7aa8fa5a2b1f4

    SHA256

    8b5429a7507da6dac1018da31c69264a55142eade004ffdb6d556c95ed245ccb

    SHA512

    ee2d6f352fff6416e14f68298d021eaf871734736a8d5381f8a8cd0cf39a2583fdfa26db6d75628c0b1933cf76d06f27118cc9c8d38e5789be8111b39e3eb903

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    ef962b2420dbcb7749a8a150f6451999

    SHA1

    c5c3511c07d04b7e5144f4950ad4de81b828aafe

    SHA256

    055ce3ce02e6864ef0ae35302003c39e0b7c7783e294ccdc6b0c875737371c81

    SHA512

    77467e65893832d5d70007c44cdf8462810be2e86a7d3d478ba2c10824a5b8451eba7f0f57cf026207e16454dc71c1189b0b591aef0aac949512de61c0f608dd

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/.umeng/exchangeIdentity.json
    Filesize

    204B

    MD5

    e9143e1d825295aec39e527684c26cfa

    SHA1

    1472819f241015b99c1abf88bb12b2e8707be019

    SHA256

    87cc5c11b069ae0b7efd713897888e90a18323f67616c8bbeaf2305b5ad0c526

    SHA512

    1a586f48a4a73c13f8ac838ace216515b1b4a5a533b540f21f1327b50caa7205d62f7c8f075716ddb7c1c4b794ce0e6e8afa48bb35d120be760e00ade0572947

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/umeng_it.cache
    Filesize

    415B

    MD5

    72f2a2533f5447ab72576405018e8d3d

    SHA1

    f98dd48e4271611f85a30f9e6e22289371129297

    SHA256

    a7751222a6743aac8ead5a18aff5e1afec5c8b753e190a2320f36806ae885598

    SHA512

    95b377bd43c0061f55aab346835cb2a9a8a3baef489882dfffda5f3dc6478047105b0d13a582f791e0e834e085c0c16146ec656ffcf80c76079ed8582c4cc2f6

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/umeng_it.cache
    Filesize

    211B

    MD5

    bbd41f29ee9d7bda7f14440e29e0b6c2

    SHA1

    f20abd9fc701c9eee872ac571c25c57078bb50eb

    SHA256

    4ede2f0defb931c2cdb4d79cd86a9ca1d983d8ec25486e7292ecc8732d39c870

    SHA512

    165aac57d1dcfd256e4e6b674713a684b8c3627a17b3dfa37bb553aec6997baf59e93741dc15447e2a821cab544fdec55dead795d331c4957b95c0cc045a2c18

    Download Submit
  • /data/user/0/com.rffa.ymba.clil/app_mjf/dz.jar
    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

    Download Submit