Analysis
-
max time kernel
179s -
max time network
178s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
-
submitted
16-06-2024 07:02
General
-
Target
b242dacd925c411494a4fca767074937_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
b242dacd925c411494a4fca767074937
-
SHA1
706661da33b94806a3ab8b045a520f55ebbaf721
-
SHA256
ae39258fabc1d1c9fecbf14f3fa89a3bc05a594232fa5834387c5da8dbde7ad0
-
SHA512
618a19fd21461f9771ebe7ae97132d6a35329b626a82cff49495fd750e88211c78492845ed634007b9adca3556946ef51de6d6df13c8c51e1623bc3a6276b887
-
SSDEEP
24576:L6cEoL0otaYtXMdSprkM4FqD5Bl0ZHqU+ojfo+x4jFwXq/13tdHbZKm51Ob83e:LhQ7YtTrkruBl0ZHtjjCjFwXq/1XHNKX
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.kczq.yicq.anbe1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kczq.yicq.anbe/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.kczq.yicq.anbe/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
com.kczq.yicq.anbe:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kczq.yicq.anbe/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/data/com.kczq.yicq.anbe/app_mjf/oat/dz.jar.cur.profFilesize
553B
MD57e48a317411db9b34239c6106ff01ef1
SHA13c775ed7755f7493c0b4eaf27787fad978578fda
SHA2567543320b42bfdad898cf99cfcda827bffc11aa5d88f9ee89171cd5ff67cd560d
SHA512355d7c64d3ddb7f8d1974ea0a98d0aaee8db5657a11341f1ea750315a085d6bebc8db929b22802848f7241d17b5883925bbead9d1bc0235e93271eae7e359311
-
/data/data/com.kczq.yicq.anbe/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/data/com.kczq.yicq.anbe/databases/lezzdFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
512B
MD5988a28cf865fdacceab3606836c632c4
SHA1d7a95d750c7c270506ecb4cdac7c552a81768ce1
SHA256c95b8318fec5f59fe6577dea17f9b89a34e3b1180f2717742f470042a83fae9b
SHA51208ec61678c5ad2a57066f2a515f043de1dd776f5b0d3559f904029abfbe0007ab581cfd5e17c62734ccd11dd9de9a4011dd4b42a535f13db4ebda679746b7249
-
/data/data/com.kczq.yicq.anbe/databases/lezzd-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.kczq.yicq.anbe/databases/lezzd-walFilesize
60KB
MD5f3d1004247f484052b87198202fea3cf
SHA14cf1fd081b28fefe7529d0f6973f5a99239dfed0
SHA256da8b957a131696b1d6949bd41a76d3e0ad99f00a60d2f62b1816351371e3396a
SHA512dbb8202f1b9af922efd1f0ad35cb978c725fd52efa1d9b21648c85c4f2c4f6a83ba8e886f58bb17254a58d80d3f0c5ec7e499a4c4b28b6f8e9ae0e955b5f901f
-
/data/data/com.kczq.yicq.anbe/files/.um/um_cache_1718521489145.envFilesize
680B
MD5ce031c5912278c3d7ec1b7895669b845
SHA1c804db23591e024d116f35e0f077405b83416a44
SHA25653c3b225eb85850fb15f08b28a9db9c519f32dc3a5b23ce3c666de53f84f0ace
SHA5127b8e7fed0db9fc39845b0f6d0b96bd6fe20c09469b548c0cd40935f868f89f4cbb9d28162aac382a3585167ac5d106be9bb3d49707722015216afe8b21d3b22d
-
/data/data/com.kczq.yicq.anbe/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD59d6466890b93e95e30018c59498b1a2c
SHA1a791efd35d47c73f8a429ff6e13396670687c857
SHA256f1849b5026629b1669a5225be515906194b74bf910b57e5cabf8e327e4902be3
SHA5129c2059d8cbd41cab39de13402a017aab411113d9ed0f4bb18b6d29f9dea0fd57b5596ad109c61c00037a55c9f7bca36c2130248530305dedeadde11731ffad4d
-
/data/data/com.kczq.yicq.anbe/files/mobclick_agent_cached_com.kczq.yicq.anbe1Filesize
858B
MD568fa2c8afcb40ba2f62b2917df046522
SHA1cfc5fb8bd588f0fb6df5ac62f85f296a411197cb
SHA25638a5dc8b530a777d23e3f5ad0d3db201db03a4cd0eaff740c90f26f0c7e7c7e1
SHA512345f5025843029dc4b913c55afbaccec130bfef5540b949cc49f031030775e78972f51b83e0badb18ebc3e28d824508ee76d5ee9280855aec37d08959f307fad
-
/data/data/com.kczq.yicq.anbe/files/umeng_it.cacheFilesize
415B
MD5b6d2e5762179a2d34ac3ba2977247fa0
SHA15fd9d98200e155a677e5a7fcfe25ef3c6e45a1ff
SHA256243653cccd751d9fe05795840cf1362e6d5b1c41e7595263921efee09828ab45
SHA512e4edb005522b8e2b2ee1bb2f90466faac40aafe07350000c9c3b7f88acaa2985f324ae444586407ae2ea7d25c73ed28172a8c9711d7f0ed91187760d13b43550
-
/data/user/0/com.kczq.yicq.anbe/app_mjf/dz.jarFilesize
248KB
MD59b47e78a6ff90cce5755ce4742047627
SHA1831b24aa9e116eb8d7065efd430088d419dfd6c7
SHA25630d7699b73fd7f276945415c405c12bff69c5958d12f56265a768443f6fd8cae
SHA5124587a5b26f13cbd0524eade71ed29203fc55029fe150fce850016aa7d9c578623cdc4b6a551bed3dec9e31a39563f8927cfcc9d21e2d83c2c781808b958446fc
-
/data/user/0/com.kczq.yicq.anbe/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc