7f9662785c10c4d97f0c67c8f7361cb0b8d61865c40837b6abe6d447e352d10a

Analysis

max time kernel
178s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15-06-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afcaa344d9409237786f2fc800b09733_JaffaCakes118.apk
Size

1.3MB
MD5

afcaa344d9409237786f2fc800b09733
SHA1

d9b7dc002e8abf30b014adce00cb95ce20a5595e
SHA256

7f9662785c10c4d97f0c67c8f7361cb0b8d61865c40837b6abe6d447e352d10a
SHA512

3c7bae662969c3e1918737cb72bca90eedc445d001ff1d86fe476fb89cd2ea733f97c793b425272222d9722bf7e1e3f4715599033f4f4a2df25e1ef0cbfbe776
SSDEEP

24576:soL0otaYtXMLep2sepAvb6vsm0ZGpUvb2jno+Ocjql+q/13tdHbZKm51Ob83d:TQ7YthFeGv0sKUvb2jbXjql+q/1XHNKs

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.eexs.tnzw.vjcd

pid process

4479 com.eexs.tnzw.vjcd

pid	process
4479	com.eexs.tnzw.vjcd

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.eexs.tnzw.vjcdcom.eexs.tnzw.vjcd:daemon

ioc	pid	process
/data/user/0/com.eexs.tnzw.vjcd/app_mjf/dz.jar	4479	com.eexs.tnzw.vjcd
/data/user/0/com.eexs.tnzw.vjcd/app_mjf/dz.jar	4543	com.eexs.tnzw.vjcd:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.eexs.tnzw.vjcd

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.eexs.tnzw.vjcd
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.eexs.tnzw.vjcd

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.eexs.tnzw.vjcd
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

45 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.eexs.tnzw.vjcd

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.eexs.tnzw.vjcd
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.eexs.tnzw.vjcd

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.eexs.tnzw.vjcd
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.eexs.tnzw.vjcd

description ioc process

File opened for read /proc/cpuinfo com.eexs.tnzw.vjcd

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.eexs.tnzw.vjcd

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.eexs.tnzw.vjcd

flow	ioc
45	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.eexs.tnzw.vjcd

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.eexs.tnzw.vjcd

description	ioc	process
File opened for read	/proc/cpuinfo	com.eexs.tnzw.vjcd

com.eexs.tnzw.vjcd
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4479

com.eexs.tnzw.vjcd:daemon
1⤵
- Loads dropped Dex/Jar
PID:4543

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.eexs.tnzw.vjcd/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd-journal
Filesize
8KB

MD5
9f38c2eb0843df8443400b318c2dfcdb

SHA1
b5034a3036bb99f0ad9a7d3e90b01a7da153625d

SHA256
7df44d559d57969784680a90d3f8640cb9f5786a0cc373b1277c38b1c8311e6f

SHA512
e2248dee33ff8acd83d3cd15180a97574265a5e74b94baadb241f3cc9592532cb5e24887fbff7cc8cf7bc092ebacff8129bbe322095dfaf61e05a23fed077568

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd-journal
Filesize
512B

MD5
83e5eac884916101cc464af6502954cb

SHA1
42e0d11276f2e639471d90b8ecddb8ebd95619dc

SHA256
90c65d45fbe28e1cb9cbc658eb38ae15715defcebcb562a09196d913353657b0

SHA512
941b5a02ed0004d7b5fd82822f415d181afd2cf05cbe87b7bfefb4e0b1f1adad6dbbbf1f3f742a0ed961417eb3f7451b8ded8dc29e3ab4962f6f2155727bf187

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd-journal
Filesize
8KB

MD5
8920a49945367f9b3ae3493eb2dc1bb7

SHA1
c985ea76ba8f8d3b356938dd217f1605c2a76110

SHA256
71da9eb2616c02f88aae704c4f8e6039db7329179dfd37b45327b3b31b186bcb

SHA512
9799439c402f5d146680f52a1f160b250a6b5dd9aed511464613021a7f92eda49a5e205af97c30940fc8d4b5d9bad17f3d45cec7c4f15a2319b232919d630614

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd-journal
Filesize
4KB

MD5
5ca17d575e4911325aba3750e213c979

SHA1
3d5273c7e388512fe7b93db3f7504c599219218f

SHA256
51a5ae67bd65071f63e9c257075dba06339e7ba45c4220b747384dca3f93bfaf

SHA512
647fa202fd60bc4e9139c38e478134432ec8e0cb7ebda29364635a274db8cb4675a304932da4c658bc3db52b87917b8d7941cfc4b535456582c55d0321ce9c1a

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd-journal
Filesize
8KB

MD5
f0dfb04b4f46c3126f1122014191dc64

SHA1
a352f5f53a9ca3a78c1218cadc7d651ec34d70f1

SHA256
ee7913743347ac8f0b53bcb1d63d02f6080fef6203fda5f01449ccad49bad4bc

SHA512
1039b39cda55f9b42408f1e5ed0c72ad7fa8f6bd16b4b9471e7c9982b2ad6b669b72905600395cf48e47d1104c9374f73682a5209c25f3285f76697cf7c5ce6e

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/databases/lezzd-journal
Filesize
8KB

MD5
9f484f760d4743059699d730223720ae

SHA1
b957e1f910199e21b74efb17a64474d4baf99f66

SHA256
90236d54a862b1b550863cae021ef97e4338a343a85277c6071356c59b9886fa

SHA512
88d43f5b4819d4f1370a306bb88b265e32dd1b4275b983b269483cb00e5eac4d95ef7e64a27619b9f6701b099e2015089b3505f38a80c9d5f4c06480e6308de6

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/files/.um/um_cache_1718476731880.env
Filesize
653B

MD5
e3aab3f777e78f7d4a61129a5a7a21af

SHA1
ce4e991b85838dabbe5f9e572bbb1166678c4f15

SHA256
94dd879229644fe943085f5dc18f3fddf6661f5b2f57465b37c05de16bb070d9

SHA512
82a9510f7734bfe8f8f5544d6c4f8ff44ce496932a98592bd87f4bd10d6f81990e422eb7d58b0da12c4629df87f5c2ab0e6876ad4474552f963f63454e7102b6

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
9b50aefc94a41981dd7771e499b9a753

SHA1
467d7facc2a8f84b5ef97804793567f4388c6d03

SHA256
6e29cdc81cedb630ec9ae24aa4c9f3bdb9dd80f0790444860d50c4d0e78f9fe2

SHA512
04ef0ce90f640b112ec259d0fa907d9272fe1bc550392b1bc1215034cc4f66e0bea075fe58a57040349bfb7ccaba007eb0f246eb87abb59cf3c2fee9d1e37da6

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/files/mobclick_agent_cached_com.eexs.tnzw.vjcd1
Filesize
797B

MD5
1b61cdf8ea6935c8e598b0d7f0a93954

SHA1
b0e12f0b2c8b8c908e1d969724d99a89bf5d8399

SHA256
cc1d6ab847d4ea28353830e5b3c4638aeea4474a5f989f90c354e26de4b5692e

SHA512
739022dae81621c2ed54a16a7c7176cbb91f945173b544589f956c4785feb53a4e9f40cbe38d58532ca745eefdef96729675a5191aaf85070dad7b7fa7b57e4d

Download Submit
/data/user/0/com.eexs.tnzw.vjcd/files/umeng_it.cache
Filesize
352B

MD5
dca53be30bbb10cc8f549f46a2f45e15

SHA1
bc8238519e523bd147407f5c2cae05901493325d

SHA256
e0d2f450a1293a4db9e10831a2508c2d1142c17bef873cdf693679d72eec3022

SHA512
b7901c8e35eedab841dd30f448c42a3743d6309c3d611c08100fe3c09ddc825bb82cc85bbf7f175a187fc692a1a9520aabc47cc85f2d05f8ce187e919a602196

Download Submit