aa036050d87a15c0f8f26ad006e4bccd5a12c26ac982498290777b5ba4a5e6ef

Analysis

max time kernel
177s
max time network
181s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15-06-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b02433d25ac373707f77171e7f015c78_JaffaCakes118.apk
Size

1.3MB
MD5

b02433d25ac373707f77171e7f015c78
SHA1

02a7b4e4383973548a40aaac13db3f4dd7857293
SHA256

aa036050d87a15c0f8f26ad006e4bccd5a12c26ac982498290777b5ba4a5e6ef
SHA512

108e489e3c10f6728bd864679793129a8f225aabd8ef09b17c9cc430641577a23f26900a49716c41c1d408a552d05157228ca3532de63807afc9ab8096c35899
SSDEEP

24576:LPoL0otaYtXMLeu2sepAvb6vsm0ZGpUvb1jDo+3cj/y5q/13tdHbZKm51Ob83a:cQ7YtGFeGv0sKUvb1jPsj/y5q/1XHNKz

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.uykh.cmfy.orwq

pid process

4432 com.uykh.cmfy.orwq

pid	process
4432	com.uykh.cmfy.orwq

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.uykh.cmfy.orwqcom.uykh.cmfy.orwq:daemon

ioc	pid	process
/data/user/0/com.uykh.cmfy.orwq/app_mjf/dz.jar	4432	com.uykh.cmfy.orwq
/data/user/0/com.uykh.cmfy.orwq/app_mjf/dz.jar	4490	com.uykh.cmfy.orwq:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.uykh.cmfy.orwq

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.uykh.cmfy.orwq
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.uykh.cmfy.orwq

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.uykh.cmfy.orwq
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

40 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.uykh.cmfy.orwq

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.uykh.cmfy.orwq
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.uykh.cmfy.orwq

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.uykh.cmfy.orwq
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.uykh.cmfy.orwq

description ioc process

File opened for read /proc/cpuinfo com.uykh.cmfy.orwq

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.uykh.cmfy.orwq

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.uykh.cmfy.orwq

flow	ioc
40	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.uykh.cmfy.orwq

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.uykh.cmfy.orwq

description	ioc	process
File opened for read	/proc/cpuinfo	com.uykh.cmfy.orwq

com.uykh.cmfy.orwq
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4432

com.uykh.cmfy.orwq:daemon
1⤵
- Loads dropped Dex/Jar
PID:4490

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.uykh.cmfy.orwq/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.uykh.cmfy.orwq/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.uykh.cmfy.orwq/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd-journal
Filesize
8KB

MD5
0eb3a462e49f0c70f251c2d1904181ba

SHA1
ef8d5faadd549ed3066637edc5e83d373d48674a

SHA256
42371f113a1376de6cf2768cf097c41ded27215c29737dc05bc867c8e4a24d55

SHA512
8ebf6ed7428e48b19ee0f15088c9ce16a00014cc9a399879e0cf548a2e0dba12dc3797b2281acaf1baa201583d8d41ea7714ff2c92e87dd347d4f468f37a824c

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd-journal
Filesize
512B

MD5
eda0f277da6740d0b9b13534dcea07ae

SHA1
7e4146f0180b6c20e9b984b175852645b3bc8ad6

SHA256
5ce528cb03be2b5d512cacc60a545622a526dd8ba9a3827cc27236697b6da43d

SHA512
11d8d3dfb85485fd1ea77f6b92b2bc3df9948a59883105384a6304e59849f968b05374e0eb92dc3f548584eced1c8a430e941b5bf0eda24b07ef2c8bd873533e

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd-journal
Filesize
8KB

MD5
4bdd56744b24f5204bab2f05bd76dfec

SHA1
41b24e89e172d3a916c8d3706ec273eae580e30c

SHA256
c14928a7ea26a64ffa6f0d542c36f2ab3c0138f039fd6143ddf3e8f91c5be452

SHA512
46e74d15330fbf6eb441d258fcc36858b9bfde176793a67bb5d4a40be78f4a254c939c8e8235ffd66f1b3405d8ba7fd9b4c27ad1f28ff5bad8c517789d0749a1

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd-journal
Filesize
4KB

MD5
15bb7156bdb8e8b7eec5930d7cc415e5

SHA1
012460276c8b3a64c72adfdee64c3cfb80556976

SHA256
7606ab96a1c6739981facc88fe93b2011e05a8003c10c99ca9b5502f2237aef8

SHA512
7b65481c24a98287351a0932987d1f5bfcb91fdfc6611aebec49079a37826a0397a7a22e912fb7e2d4baa79e9e7fe2694f4f106fe13adbaa742c3974f7043426

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd-journal
Filesize
8KB

MD5
e3e21b22e93d1c241a2504309bb8b028

SHA1
c4c2d91818fd1d5cf4f16e7345ca583bb9052b58

SHA256
8f85db7a7fb30da9338e847a6c3e878a8234af7cf62cb538fbff099c735fdeec

SHA512
28643be48e32bbec526539dad1d99d4e9c949687b8ac3b542de35935a31bb5c98606328bd1f7acb73261c40616e52170ec7fea45fa60def89c17507fa5278685

Download Submit
/data/user/0/com.uykh.cmfy.orwq/databases/lezzd-journal
Filesize
8KB

MD5
cbe1865d810626c8150ee2da47d7cdd7

SHA1
fcc6926ac86cc77e0887dab9b96bb8f26a740159

SHA256
bb5193190e49e5452263702a01d18d8b59c0c7c8a4246a4f53c34058a9dfbf50

SHA512
27b594fadcbe4552b34812c3e318f8fd2eecaf5f166bbe143de4c013369b5e45a8708fa374674f4e4ee7311c8c79919f5f27b382a8c4c78c5750c0234b2039b2

Download Submit
/data/user/0/com.uykh.cmfy.orwq/files/.um/um_cache_1718486562853.env
Filesize
650B

MD5
d600b0944d2d8657572f5559d181bdaf

SHA1
58540634957bba82df022557a581cfd3599d30ee

SHA256
9c88c96d1ca547189510f0d0ee9f27c68f2f8c7c14161e0a7f6169fc092a1fe5

SHA512
ca551aaf02b3e02d3a84b1ccbcd57493d8327a5c2b17c9ef871696a6549162d172a9af7e9ccd0b9ed4941a65a489fb4a6664517138cf35c546933fa73ffc4a10

Download Submit
/data/user/0/com.uykh.cmfy.orwq/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
4f75266be78f8c25ce1aa30a3e0b9d38

SHA1
1fc66abda6e9e0b6fc28437271829af0df0a59bf

SHA256
d94432f0bf97abf907538ef3de7f04d13746b7f78f3a38257d1cec74544045f1

SHA512
d1358978fa5383d52aaeb71eff7a177c07164c32434a19f67f9f7d3d550efb669601517b3cf167696c26e878aafbfbf65c1ede8640f0c0bfe9e751a5234b5f8e

Download Submit
/data/user/0/com.uykh.cmfy.orwq/files/mobclick_agent_cached_com.uykh.cmfy.orwq1
Filesize
794B

MD5
9a8ab2b5f94fe630bba2544e07045c41

SHA1
0f4f72da15df481d7f9cd5b8bc2e51ef60a19693

SHA256
a752628571607577035fddac4f8355cf1f3cddb97e2ac8351bc64bf80ca0a430

SHA512
06173e5ce0144d6388f9e29162b1d9fd0a3849b2ff107a26300315ec734b22574c8b031a326f45c79ea7057520ddbfbffd9efe9d0b0bd9eb9b2032f9d0d138a2

Download Submit
/data/user/0/com.uykh.cmfy.orwq/files/umeng_it.cache
Filesize
350B

MD5
4cd574ecf76c6b1c0cb2b00a5c36f752

SHA1
4028cfb084372fc47e76f989f835d6d1a79ece42

SHA256
47da21a0135251987a8ebf4fd7132cf5f134f996658d5fd92f4172808bb18617

SHA512
81678870e77c4132050b4c7ab00eb7553ea1351c401195a581a100c8cc16af090cac7d553ef29cc857d746f9ca960d58b8a9b67f0149275fa4c123959cbab9f0

Download Submit