9cc6b5f14b4532c202b285716de4e7695e4dce425eca5097506e7219a32b0d60

Analysis

max time kernel
178s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16-06-2024 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b56dc1280d0b1e17cea95f74fc79b9bb_JaffaCakes118.apk
Size

637KB
MD5

b56dc1280d0b1e17cea95f74fc79b9bb
SHA1

ddd0627c1f973b1b25e2fa1aea47277d142a7f52
SHA256

9cc6b5f14b4532c202b285716de4e7695e4dce425eca5097506e7219a32b0d60
SHA512

8a746020597e8c60d48fe4b649da94c87de6696dcf614f5ea43528454742a700c4338bd78dc68d593515c51501d596a9a84b75f49e89f4cbb6953610b49ace0b
SSDEEP

12288:y4L4oQI8Y0FotaKIUtrbMH1y/gfOdFskKkEeFxHMQF94vvQe6ERylTY0:IoL0otaYtXMV5OgktRMMiydN

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.fmfd.gqbb.kvld

pid process

4461 com.fmfd.gqbb.kvld

pid	process
4461	com.fmfd.gqbb.kvld

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.fmfd.gqbb.kvldcom.fmfd.gqbb.kvld:daemon

ioc	pid	process
/data/user/0/com.fmfd.gqbb.kvld/app_mjf/dz.jar	4461	com.fmfd.gqbb.kvld
/data/user/0/com.fmfd.gqbb.kvld/app_mjf/dz.jar	4534	com.fmfd.gqbb.kvld:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.fmfd.gqbb.kvld

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.fmfd.gqbb.kvld
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.fmfd.gqbb.kvld

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.fmfd.gqbb.kvld
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

Processes:

flow ioc

22 alog.umeng.com
61 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.fmfd.gqbb.kvld

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fmfd.gqbb.kvld
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.fmfd.gqbb.kvld

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fmfd.gqbb.kvld
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.fmfd.gqbb.kvld

description ioc process

File opened for read /proc/cpuinfo com.fmfd.gqbb.kvld

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.fmfd.gqbb.kvld

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.fmfd.gqbb.kvld

flow	ioc
22	alog.umeng.com
61	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fmfd.gqbb.kvld

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fmfd.gqbb.kvld

description	ioc	process
File opened for read	/proc/cpuinfo	com.fmfd.gqbb.kvld

com.fmfd.gqbb.kvld
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4461

com.fmfd.gqbb.kvld:daemon
1⤵
- Loads dropped Dex/Jar
PID:4534

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.fmfd.gqbb.kvld/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd-journal
Filesize
8KB

MD5
82cc554fda497d4bdfbdf546b69f693a

SHA1
be8705790ad8ffe263b27bb6e5de23bcb67ae003

SHA256
3c5cb014d8a755e6576ddcffd296a7867dd12108761c5099f13151d5ef6dc175

SHA512
6933ba901ba60fba1684a2520782dc3f86dd4da631c53ed034e34382a1ec3d6130eb71ece0a623770168351a19bd87b244cf4076463f131d72465816df0de055

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd-journal
Filesize
8KB

MD5
ea7ff6754c7872e43e256f274ce23188

SHA1
0b1da6b5507bb4d4570c4221a94d2d9b778395e9

SHA256
b6845ed127433d79c48a64301f779fca042f94b68f37cf4fa57b1985f51d2094

SHA512
29acc8dc9607f4be39f155a875d3a4d2704d4ac87077f70879182f966238113783b8a47f0c947de880c18ace5e1032fb70b1797153f2d36d111276b4e45ca693

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd-journal
Filesize
8KB

MD5
e7bf12794d6266b58b91b97561e703e9

SHA1
fecf8885b4104e5b4128ec1cd1dfa6f195a0573b

SHA256
a515cf61cb2fc64e9e3b51551a84f9966213d02a20bc1afa296eb7b86941975f

SHA512
5a44fab11908caa831e1f29e4f50cd06f7ba0663e26bedf77bb93d11edb789f38113ad7ea0134acae3b2e37ee2299dc8720fbd4a4968e3b670f3e571f2ed4956

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd-journal
Filesize
512B

MD5
387c23cade20704f53e4cce1627fcae1

SHA1
495b855da53ff79ebf1c9d6eb2ca003f1c024073

SHA256
3f1d492b80d2ea04378afe562f0590e7bf118b6f854ac26940a1a1230194fbf9

SHA512
92c83d893124684b0fc0433ea8d6a054d614669812ad65d9337ddc163966d74d3018bb3d5b424912b7b87b4e865e258af12cf78be6f497638639b76f1568ccd6

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd-journal
Filesize
8KB

MD5
82684efa4d4ba0bbcca837e1964f807d

SHA1
8068e2121a2dcec87c9a4190441ed32212e38163

SHA256
46941fae46e6fe0b109e6f79f4a2065771d6b6fe137cc32551ab556d566516ff

SHA512
64d39f528be19398107714fcd203a5355a556475da0a90fc17c8d3c7c1ce5878276aab32a8c66f62b5b416f90ec64bc7bfa6e52041049eb1887498937eb2c5c0

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/databases/lezzd-journal
Filesize
4KB

MD5
231a80084195cc455202a7a40cda677a

SHA1
6575644d1a3044417e288dbb54bcc4d4fd8fc464

SHA256
d926c18414a116f611ef86189ae822139ec3aa197c8c49b64a71558ede48e85e

SHA512
937d6bad788447bd4400984829980ef5d4b9f42369fa272308904e9d395ec1a7c8745918595f5d25de3f21f1e22c555dccec5a31553311e03be2f79c39fc9bdc

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/.imprint
Filesize
951B

MD5
488030a7eac44ad2e100a04d6bb9d2b2

SHA1
4f049a895bdf90623b6c077636a63bbf65f0ea29

SHA256
9aaef8c19a9fb2e99f0c4e3dfad6f03f646719e4d96c72f40e3cc6ca19e73bf5

SHA512
fe409ebc23c51fbdb2998aa1233111b1770cd4677feef4bb92cdb02cc5de07c180470b80396dcab1f925b324b47adac35d35b018f6a8a26895bffed2a01e4d02

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/.um/um_cache_1718575887188.env
Filesize
653B

MD5
a1bb5da3bcad30a6ccf24b289e717aef

SHA1
1902ca112b38196f7eb46f65f6a52ffaeecf569a

SHA256
52fa56fa6c68504bc9fd485726f00aff4586de3b60dbc65147bbd5c3890e5a47

SHA512
45a80a834c615ea25ac9037bb42f87c4a8e2cf16c16d8a3bc406fccd81915228ed3a5a40f5de5fa0908076797040d26cff4dd1b07afee329321070ad339eaba3

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/.um/um_cache_1718575998527.env
Filesize
1KB

MD5
3a3bf99919cc8e1079f905383ab88364

SHA1
5f72ad8e6db0b959fb045e0faea62fdcdf090abb

SHA256
a4909a931f954fe1d80417bf907d5254e05166733d53d85b53ad4e04f8e2613b

SHA512
92f3f4a8d6bfa410d4bfe3966fee9da4415323f46bc3819906a1a48a8fc62360eaee551e3824e7db877d38bc9af8c03ac6764d12205080dec82d8dcfb08a5d1f

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/.umeng/exchangeIdentity.json
Filesize
204B

MD5
5c73aec1a76e4edad2bb57f4c328f453

SHA1
9487e3af8b22effabf29fb7b0366e3f9dc773257

SHA256
f589b888c91f0db6249bca6e15c5f06b188de3ece5cd35815d88490e656c7a27

SHA512
192d97644e31daed14782b926e3e603d4c6a0ae1c44b2644c4d070ec0ec10f17bbb5b1830c3224317f96e0753ea1140bd5a66ec46c86bdcf4afe4d29704b63ad

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
3ee59033bf1a000b651f7c0d1db7a413

SHA1
ee2727fbdfca8f077133094866eed261b160c35f

SHA256
8f7fdd9a271e1d73df829a24a21623627e17e37d0dc9094a5b3088875cfdea48

SHA512
74fe698b53991f5a7df666eb06933b512454d7b889f37dd6aab09e7a770b261215afb6a8e256792b095c56dfcc8095a0668f1c5cd8d5ade9b9e1f73d7133307d

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/mobclick_agent_cached_com.fmfd.gqbb.kvld1
Filesize
1KB

MD5
197e76671b172fb39faddcc3c93d31bc

SHA1
8f856e5b414043891cde6d0e1601a66f85c57f82

SHA256
b249ebeaa783bbb3e0efbcbe7589ed08e7db6096aaf8165fcbfa7239cd925ba5

SHA512
871e13ebccfc98683bbc09952e8a6c0450304e02b8d8349528f941f151ea7587d0d6774f32eb32bc0e63c6019445041d510e310326211cd368496739cef11d5e

Download Submit
/data/user/0/com.fmfd.gqbb.kvld/files/umeng_it.cache
Filesize
352B

MD5
e1c8734e5bb9850cbf3a3ce20880a471

SHA1
3fab401d5d68c62475834e78efb5fb8e922ded69

SHA256
9ff38e8a9cf5f0f988b9ff558b79afe23ed2f56eb3a43248d7e7c1f50506b7bd

SHA512
b33827c47ef330bed3aa34d02b67bbd9e69eb35a96dbcbbf53d07b3e8d30186b20131d619f84d181c2bfc486ee4786f3da3278eb34497eaadcb571fbbfec2d1d

Download Submit