Analysis
-
max time kernel
178s -
max time network
182s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
-
submitted
16-06-2024 07:02
General
-
Target
b242dacd925c411494a4fca767074937_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
b242dacd925c411494a4fca767074937
-
SHA1
706661da33b94806a3ab8b045a520f55ebbaf721
-
SHA256
ae39258fabc1d1c9fecbf14f3fa89a3bc05a594232fa5834387c5da8dbde7ad0
-
SHA512
618a19fd21461f9771ebe7ae97132d6a35329b626a82cff49495fd750e88211c78492845ed634007b9adca3556946ef51de6d6df13c8c51e1623bc3a6276b887
-
SSDEEP
24576:L6cEoL0otaYtXMdSprkM4FqD5Bl0ZHqU+ojfo+x4jFwXq/13tdHbZKm51Ob83e:LhQ7YtTrkruBl0ZHtjjCjFwXq/1XHNKX
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.kczq.yicq.anbe1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
-
com.kczq.yicq.anbe:daemon1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.kczq.yicq.anbe/app_mjf/ddz.jarFilesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
/data/user/0/com.kczq.yicq.anbe/app_mjf/dz.jarFilesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
/data/user/0/com.kczq.yicq.anbe/app_mjf/tdz.jarFilesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzdFilesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
8KB
MD56f2766cbacf34c6fbc23cdb66aff3f0a
SHA11fc67919f5e978c4876dba27727172d1ea325256
SHA256aff4805e108ebc9500b2cb482c5bab351630218d9611b6430d27622edf54fe4e
SHA512575333e8aea122ff79174b87b080b25569480cd2c2b6f7d3f2adc8146cc49c3d201b5a4dcd720a076343121653a80f71e5f99f3ef2a5fc536253c45d798f9a6c
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
512B
MD5b21d76142041db57536369aa048e3b17
SHA164ec68c70e71a1a38257a831eb68c5c6ce75d283
SHA256b9670a0cdf0ec8d7b948bda61be21b13b93bf9edb906455eeacb5d3a3b0067b2
SHA512e73111441c920b8adee11a7035c0224d1674e390675206b736c80fbafda15e149022177ed187bc7f058b0bfd27b8c1459bfdbd695303c4e5bd30c6fd5d992776
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
8KB
MD5c9d414d1601072c98125e679a1550c8e
SHA1fb139c27658a7467794e2ab6d03c79e17b9b2b63
SHA2563e824c029d4178f03041930dc51b8f26792bb80365c04dc00771245d25adb47d
SHA512f770da9586ac5b7d853b9c25611f01518b4d60617155dc999c7157f3be2b32c0d38408e83d27cba71738c7e89d4c58f164d02de734d8175cb113711330d66f0e
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
4KB
MD5ccecc97927888af9f30eda65c7543304
SHA1cf6ca9d2ba6511691fb5ed9db74dfbb0931ec96b
SHA25680d661de33259c4597d84a3b62cfcb4b2eb4a85b1fdcc0a5b3a70229af137017
SHA512483680bbe28e9bfe79b6a67a747cea30b977d9084bb03dbc261188029c55f471c7fd3e2dd478a2491a23db6853ac1008827fa7619b80addec8c1ececbda30bf6
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
8KB
MD5ea724c077a1438eee19d5eafb1311630
SHA1628dcf1aeae3426806ee2691c6e8c008b197477f
SHA25668d91ddc403f5fbf06ebd904c6b37fe8342bf1333c41c503d0f8ab21d4fa81f3
SHA5128a3b416b38948a981ca5c3d59f3307fe71c679acb50548311db756d17d4baea4c0b730761054ffe05cfdd3119bd41522fff707f120ad8a48c401a97df8c2c0a5
-
/data/user/0/com.kczq.yicq.anbe/databases/lezzd-journalFilesize
8KB
MD5b66362ee7cee9fcad56bafa583514b82
SHA136b76090974de4cc2f6f1b63f60fc2e86766f0cd
SHA256bfea42454a14535df3a48419c5833f621df0a9b674399605570e9cc6d1381353
SHA5128af06c5934e31969095e865b037be0905fd69f95ded0c5b96ddb579c23916b7d5761367211bb9409c937a87784a2c93d5a4391094485d223efece5cc064fe895
-
/data/user/0/com.kczq.yicq.anbe/files/.imprintFilesize
944B
MD5f7966d733b296f789206d7b3436fb0b0
SHA17aee5a00ddd469d29026a301186b9a30cd0333c3
SHA25642e2f9868de1a1f64c7b315eb5da0a610ebb1f873cf936ff14db11a793801a4e
SHA5129876fa0f8fd843b34b259c09d1f09a3a2d8ffed5824e9e2a919e81321378cb7b1bc988ded773794041c8509c6afa5bd067ebdae22690b981f53cd99a30740d13
-
/data/user/0/com.kczq.yicq.anbe/files/.um/um_cache_1718521549203.envFilesize
1KB
MD527e3bc9ba29af37ca4d9f5edd235329c
SHA18807ffd18769175a2a2ac4adfec77558752411a4
SHA2566921333c9a93a6a0db0e994a7780ea8708e0f8f6ac7c8586d7b27871739c46a6
SHA512d692e55fd44b354f5fe9fea35bc00db602ce4312c3204efc7bec28cd71c53a3c8a3e18c22d14fa4942514d4338b675ea2b4037ddca80083bcb10c8ec9dd44696
-
/data/user/0/com.kczq.yicq.anbe/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5767bf86fcde3047804b47b0639662fc1
SHA1aa49a1c372133e3f1199926ae6f16694c6479b81
SHA256a12acfcf9ddabc09d94cc794609abdbf7202b482482b1c5d2abe906ec6e48906
SHA512041c3175431cb9a693e43441e44d48af55387ff747dbc063678e1da3adb5255bbb442b84c215d1d745dc634d25363cf357c53f924852f39dac2cdd8d7a23b018
-
/data/user/0/com.kczq.yicq.anbe/files/.umeng/exchangeIdentity.jsonFilesize
203B
MD501dcd71bc2da488a31dc9a46c106a3e0
SHA107940011cfa75b7c126b5177d93d18fd71de2775
SHA2564cf14e9ac2f3396805b15e4d18cd13d3e01a0826e92ea920649cbac260d99c29
SHA512abb4e39ced241b23681983203bfe380e93d19e36e209c3bc42ed7e5bf0f1cae4d152ef8916256dd4156c6649c6b7cf84d46628345617324c800061ae02a65bb6
-
/data/user/0/com.kczq.yicq.anbe/files/umeng_it.cacheFilesize
350B
MD5f16921b7e5209ba87d3f1ba15802076d
SHA146dc7ebaf1101312ef4111852af1838c9e452085
SHA2569c0830279edc4f8ac1527b55495985ee004607cba7f96bd33a0b9e262ad48aa8
SHA512cd39f56d2cd3ebe8076da30ddfe3897f0eccdf7d04ba5d764e5431c3dac38c68052d533cb2acafcc72821255d6f8d22afbd5171e8d3759ecd7ccdcf672e51b7b
-
/data/user/0/com.kczq.yicq.anbe/files/umeng_it.cacheFilesize
178B
MD546bc3ae5b4d3286e54aa67d661a9ea62
SHA146d249c0addf03f5efef03d3994ec92a2140ce53
SHA2562bc25142802b148c046f1119fad0afd6abfa52d840a24783ec7717fe73028524
SHA5127cc25fc05666fe90e31b81e88f59ef1d82617e55643291c43deee9d823dc1efa0708d1e4b23335ff9006b529f58bfdb7a32a130f3bc87a52727ec982a5a87b90