Overview

overview

8

Static

static

6

ad6690376c...18.apk

android-9-x86

8

ad6690376c...18.apk

android-10-x64

8

ad6690376c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    180s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    15-06-2024 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad6690376c647d1f00778276b8367398_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    ad6690376c647d1f00778276b8367398

  • SHA1

    0f9dfcb20180dcc3e49abdcec180538a3a4e6b53

  • SHA256

    e714e8adda00db5053bd11f6fc33792137e05fdc851fd3401dc90a957e9a13a9

  • SHA512

    441723eeda8b1ece903c40f73c201d92d7f56a1dcbc04d3b3026405a9b1063995f86ec28623c469cd0f977308e3f8a78de5be90f1c4161a00dd060b1685c0fc7

  • SSDEEP

    24576:NchoL0otaYtXMheU8X3lUKfcfIkuovSp0cjTo+rEjDe9q/13tdHbZKm51Ob83r:NcaQ7YttX1wvTvSpfj/gjDe9q/1XHNKU

Score
8/10
bankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.rffa.ymba.clil
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:5020
  • com.rffa.ymba.clil:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:5095

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.rffa.ymba.clil/app_mjf/ddz.jar
    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

    Download Submit
  • /data/data/com.rffa.ymba.clil/app_mjf/tdz.jar
    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd
    Filesize

    28KB

    MD5

    dae68dcffc3d522a79f98ebbc3b6d457

    SHA1

    6df5dce9a50f12044a2d20b8d1742ae47b82ee03

    SHA256

    56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

    SHA512

    23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    8KB

    MD5

    bfa25fd5951628a8375a5bb303c7b988

    SHA1

    e183ebe70fdd0ac2da3b1fb94814c633fda1f273

    SHA256

    788ec6822d7136e1895d582bc86126dc61ff910d679fd884db299e59460a6160

    SHA512

    aba3f008c0ceb1c893958b804f4ae286f9677a784d5cfca91c5106a1ea1cd71ae2bdf17490a1d39189d3c396f1ebf93a6f2a7c3f5a438f1be6403866bccef4a7

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    512B

    MD5

    317c13773aad4855a0c86a4ca0d4796e

    SHA1

    7a019434adc7d7488bf6616ded969fdc6b33b80b

    SHA256

    592c31fbcb9b3df437ecbf282b715edbb45fc72aabaa9a72b2d3fa5285e71c61

    SHA512

    d9a15192695cb6a6c45c8327abcb4d218251a799264e9502ccd6f7a1cec72957a70175772447c9e7a6b3ec3e0a615ca24831bb60abb628fe9d134057438c5da4

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    8KB

    MD5

    25fb494a65b98b62da1107ff22043974

    SHA1

    669009b1217b4e0cf5ee189fd61c5d37ef2eb77d

    SHA256

    81fc1b85c557ebf2cf113839c102506ad474b7196d37ecc3fa2f628694dd73b2

    SHA512

    0123d239efcdf4fb31b1501c557bb612d76c05cd53dffd953bcf97f68e20e564c47b088ab25ddde37d396711410a0b1be2db79a3c1b218b4e9f27874b1fe9daa

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    4KB

    MD5

    2e0fcdcd47c2dda79384c3efd9170694

    SHA1

    b737fb0b228838134af3ebd6dcca151ede63a27b

    SHA256

    8b85d051e6cb9133956ab66f96ad2b4020b29bd9129e6bc65c4d4faa02ac1e31

    SHA512

    fb93dab4f44e1719cfe327f1752075118d85fe2dbd38c02ec6b8f627ea1c55812349e9ab6cfb1aafb83e0b0c68bb97bbd95aa8ec425dba8a6851307a6c17a823

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    8KB

    MD5

    33076fbaf82fa041f24733e06bfed7c0

    SHA1

    a67bc0ac46778a282414b1d9bab91548f936b958

    SHA256

    3f159dffb83be3289047e50f546c1118c15cc1186ec24d07e5027cc68a8309ca

    SHA512

    ef92b6ba28f5679292dfd6cbfb9925e1381243994255ac65237b5d32dc444e2882122d812e1bbac20f4040d98918816d9429f12a9649223829ad0d9fa8d1dd75

    Download Submit
  • /data/data/com.rffa.ymba.clil/databases/lezzd-journal
    Filesize

    8KB

    MD5

    fcbc0db8746547111c1be396bf8dc472

    SHA1

    1f00f47ecef014c116e6d2dcbb7d2bb5357c22f1

    SHA256

    25fd10bf8fee967f374f489e2a784f33e8c73fd452ea69d66b959bda191f8e8d

    SHA512

    70f1bc667fdb5fbaa5ce6c6da9654ce7a093bea2f4c669ba9a8c047ef772ef47ea67f2c4774ad3e0a21172a879f03b414705eddf5c908c8a67107a3f82378d2c

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/.um/um_cache_1718437869904.env
    Filesize

    649B

    MD5

    6420a3cf0a40e3f935155e17e70f017c

    SHA1

    fc89b82b6af5f852c23225efb6f22455c8944002

    SHA256

    dda4d83fb79c0219a4c8fea6d5a46a640de9b87d9980c4f9169332296bfc7011

    SHA512

    b52eda6431abf1347ce363c7ca83ff9a32a9f0b289437e36b99d278c0b732071db18ed1de908587aa3979e7fd260f2efd7c032a4cfa0868bcae49a26836d7f99

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    fdcd8e2ddbf998b63a2149227499f24f

    SHA1

    b18991fb2de97418361230fb50c6802d06873435

    SHA256

    37f906dbe7529ed1255c021bb3a8d77cf11f6610b9695dd6f60ed6467a2050b2

    SHA512

    2204eb8fd3464f1e2d206cae3300c1b6f4e5202c8682fe30f5971033083a6d17f9927ec93f8864ebec6568d81efbc1c49345007852518508b588fed902888bdc

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/mobclick_agent_cached_com.rffa.ymba.clil1
    Filesize

    797B

    MD5

    845263f72997884b1156b63ce4239f5d

    SHA1

    81220eb11d0d0968bddac07ef9c0b9637d3d8010

    SHA256

    13103414afa4b5a57973929be7dd75eb024d36a2bc2a5c5b99644bb7d309bace

    SHA512

    abe874fc56b84dd7c41fe894a59907115f0f4d99268ebbf103662275b313d18ae5b0cfc598296145755a7ac7a2b9bafad841200a0c64cfb906ca335e56d2cbaa

    Download Submit
  • /data/data/com.rffa.ymba.clil/files/umeng_it.cache
    Filesize

    352B

    MD5

    8b50dd3d287dd5df56593be412de02a3

    SHA1

    122c9b319fa2f37f178e738d907acfe47a27ae8b

    SHA256

    2813bf9e0bd5830ec017fc557ae48f4c09928e782305d3b6704c72e029a480ff

    SHA512

    083c19b274fda6a401d50b964d2132349dc515938ebe7f1f6570856be098ac69ff32bf012eb64ce8c39461ce4153c06947af4d0172d81e2981149b9792565a23

    Download Submit
  • /data/user/0/com.rffa.ymba.clil/app_mjf/dz.jar
    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

    Download Submit