7f3c4934206ad4d3ce678f4ed807b79495a26a9eef3126775b892740bf8de631

Analysis

max time kernel
177s
max time network
179s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16-06-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b565efd2a014fc5d3feec2c8476fafec_JaffaCakes118.apk
Size

1.3MB
MD5

b565efd2a014fc5d3feec2c8476fafec
SHA1

dad797321821ad769bcea69e24365a8c7e42390d
SHA256

7f3c4934206ad4d3ce678f4ed807b79495a26a9eef3126775b892740bf8de631
SHA512

514e67f0d463db2670922fd77e029e98092897f3da9df8695f20975938187cd6f01ba0b3f1632344a38cd4516e36ee092c754adca002c39a0775360a3d34f8f8
SSDEEP

24576:R+oL0otaYtXMjG3dJZXs+bS8oaPnDAUCxFMOjDo+rsjLuFq/13tdHbZKm51Ob83f:DQ7YtPdJZJboaPDAUcFZjPojLuFq/1XT

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.zzxg.embg.venw

pid process

4564 com.zzxg.embg.venw

pid	process
4564	com.zzxg.embg.venw

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.zzxg.embg.venwcom.zzxg.embg.venw:daemon

ioc	pid	process
/data/user/0/com.zzxg.embg.venw/app_mjf/dz.jar	4564	com.zzxg.embg.venw
/data/user/0/com.zzxg.embg.venw/app_mjf/dz.jar	4626	com.zzxg.embg.venw:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.zzxg.embg.venw

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.zzxg.embg.venw
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.zzxg.embg.venw

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.zzxg.embg.venw
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

42 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.zzxg.embg.venw

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zzxg.embg.venw
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.zzxg.embg.venw

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zzxg.embg.venw
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zzxg.embg.venw

description ioc process

File opened for read /proc/cpuinfo com.zzxg.embg.venw

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.zzxg.embg.venw

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zzxg.embg.venw

flow	ioc
42	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zzxg.embg.venw

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zzxg.embg.venw

description	ioc	process
File opened for read	/proc/cpuinfo	com.zzxg.embg.venw

com.zzxg.embg.venw
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4564

com.zzxg.embg.venw:daemon
1⤵
- Loads dropped Dex/Jar
PID:4626

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zzxg.embg.venw/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.zzxg.embg.venw/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.zzxg.embg.venw/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd-journal
Filesize
8KB

MD5
56fae5f31eacc826e7b5ab48324ccee7

SHA1
5f440730f4e4d26cf65b21d4a6468ecff0d7c318

SHA256
39d8cff66dbbfbb59f89485ed3d3ff2c48c41b4c86ecd43313967765e72d1ade

SHA512
e773bd030539afeb4f984dbf1167371e56a6575056ab9b5cf226fc59c1ee30d5cee8bc055a04ee31a397b664550a72cb74f21342393c01f9584917d11a0054d5

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd-journal
Filesize
512B

MD5
22452278cfaff6a07e622e7b253c93c0

SHA1
49a7764b7b1c882216cf0b190a3d208928265e90

SHA256
e15663c174becebd7183938251b91aa7b05b9c9a6b0afd980b61e1ab502bed01

SHA512
4b61f6d69f351ca85957c078347e345dac43f51266c08333c6c529345136493389574b864f608b5af28b64652f8048c65b64a443fca932611aed8eb00a833226

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd-journal
Filesize
8KB

MD5
dcb9a15b6ce628f3d4e3865c56e45ec5

SHA1
6cb7c34d908a32f3a7f20bc3772ee33eae50f89b

SHA256
d166183bdaf49ab49a5e84af7ed4e9dedd1d0d604b6185a45448859b632d8880

SHA512
eb67a548cc476ac8d180e395333108d9619def37680dbba07d854bd916f4857a1bbb77a29ef2f865c40df26f31d1c525c186d87b26887bcc56fcaee2b5617dfc

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd-journal
Filesize
4KB

MD5
4a192cbb408f798862a0b46c80d1a2d7

SHA1
41623aba5ab0beb5c7b8d87cfbdf76059e502ef5

SHA256
51615271c4fd47b855ecf663a40cf9d8b8a429ba8cfbe21e611b4b5158fce15e

SHA512
9afa8374300cad6c605bbb904f5a6c2d91be11afc0048fb7c62357087a6969d08d64a331ee0dc3377502e42c77f91703b2dbb91a96e37ab52c89053e8f39811f

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd-journal
Filesize
8KB

MD5
5c2de3429fd2e64ce18b5cd5d069f5ad

SHA1
50c080455c9dfeb7efd0340897ce8eea7324ff9e

SHA256
b85c42613b55f6276fe74c2eff5f285e04312566bff74059a3253c7abe3de736

SHA512
aa7ba7ecc82d5f8ffb8b5596a157fed774412822c21e16fa42e6268f8fb961e004ded1a17789de5586c6d2aee68963090031bfe4f04760ed34333a78cd936909

Download Submit
/data/user/0/com.zzxg.embg.venw/databases/lezzd-journal
Filesize
8KB

MD5
15992fda25c96b8a86e0b740890fc78a

SHA1
0596bb47b421b638f7eefa596b9bf7e7e3f68fa6

SHA256
502ba159b996706b1833846650d9e9d29254c2fb1c0d6c0e8c17245c059b67c4

SHA512
87b5b613e795a7f93f1f2b96c6f2119742f8471463daf5129e38973fe429f82419cd550d08d6a4338055bbb783ed3d9270fbc01d76457bad5b8dcedbecf5a430

Download Submit
/data/user/0/com.zzxg.embg.venw/files/.um/um_cache_1718575424130.env
Filesize
656B

MD5
0df654845d8a8ae2bad9e887aa656ca2

SHA1
16f24067c62e3ac5a78aeb7b558225d435dbc864

SHA256
3da8f96749acbcf9bcbce53f68a854a4a1ec42158547a301e26e353236d2001d

SHA512
8c54b6d5035f639d61c3747118e38bb69427b4f350f63cd444037b0bdab610bec4c4d85756385f5f5cbfb1a8176d3f2ddc0fd92644fa6d912ebf84b6fb0f18ad

Download Submit
/data/user/0/com.zzxg.embg.venw/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
2636a99e02c9c9035a10e7e5ce6d5db0

SHA1
6d2392be36ffb3ed094175480102b94ef0ed3519

SHA256
9c854b59048e01de881692e9e6626106f1bc699415803dc51f8a8fd5fbe445b3

SHA512
7b2d295de1640866e5359c7fcaf12930a9dc97c51d95bf93af0de6c9018f0cd3dba63c48e25ceb49de19486be082c840eb3112968a6742b2c81d0839e5ee2f1c

Download Submit
/data/user/0/com.zzxg.embg.venw/files/mobclick_agent_cached_com.zzxg.embg.venw1
Filesize
788B

MD5
173cade7d0ecd95fd3db2e7a1dfdad35

SHA1
842f7c9a1d3047c2edc2edb07333702fd84c19c8

SHA256
97122f69bf739373f0097dcfecf64623956cefd9174e90dccd3f165aef7bd7b1

SHA512
87f99d2e41f8832348494d7009b06a899b68d8e1fb455eb10b2834429dfe765b3e006a2c218c3378afe2c4511954015823d4eb09b34a699b9a2c58419f42d4a3

Download Submit
/data/user/0/com.zzxg.embg.venw/files/umeng_it.cache
Filesize
346B

MD5
8fd639047c56efc2730b5231835416b8

SHA1
681032d23971ec532d1e9d4885625422900af350

SHA256
ce49dbd90cac975b5ac0fd64e8c5eb5578f4d6ff5e7b2585dbe539b8237651f0

SHA512
5c13fae2b5ba18a94b7b97e073ccc663d16890ba07ba62fe15ec0e733c0892ec341e4b97881dbff19e0d74d23707a00bc3c3f0d5e1cd8ce16fcd07032adb79dc

Download Submit