Analysis
-
max time kernel
179s -
max time network
177s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
24-08-2024 21:25
Static task
static1
Behavioral task
behavioral1
Sample
bf71bee5557b56179ae9db87e315e80a_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
bf71bee5557b56179ae9db87e315e80a_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
bf71bee5557b56179ae9db87e315e80a_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
bf71bee5557b56179ae9db87e315e80a
-
SHA1
9c94814377a96799b86c5dfd0b3798d272b1e853
-
SHA256
6fbec5ca3918efb5d00eec529920e2390152d562c3cbd902dd7c8df4e1769d1e
-
SHA512
06b46c10a1cfcd98439c4b2303871e5aa8e755c6054ddcd5b2f2d824de06bb2cdeb58337e8f90073f2ab601fce666b40ef245d1f05616d9aded84e3e85ed11dc
-
SSDEEP
24576:LyoL0otaYtXMhek8X3lUKfcfIkuovSp04jro+rkjv6tq/13tdHbZKm51Ob83I:FQ7YthX1wvTvSpHjnwjv6tq/1XHNKmj0
Malware Config
Signatures
-
pid Process 5048 com.xamd.lrjy.xtzz -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.xamd.lrjy.xtzz/app_mjf/dz.jar 5048 com.xamd.lrjy.xtzz /data/user/0/com.xamd.lrjy.xtzz/app_mjf/dz.jar 5103 com.xamd.lrjy.xtzz:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.xamd.lrjy.xtzz -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xamd.lrjy.xtzz -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 33 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xamd.lrjy.xtzz -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xamd.lrjy.xtzz -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.xamd.lrjy.xtzz -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.xamd.lrjy.xtzz
Processes
-
com.xamd.lrjy.xtzz1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5048
-
com.xamd.lrjy.xtzz:daemon1⤵
- Loads dropped Dex/Jar
PID:5103
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5f4b440a3d801adeb22dac3f140fbb1fe
SHA19056ebeca8bba6debf656d616f02070cdbf53a19
SHA25681fcbef1cc0bbf7f02a11eb875db468037224b088af5021569fa920191ffb155
SHA512f2391c20b09de7bf62bb544a8683ba19d672e2cdc9c9dd041f4f722054bfe4a83d8da762fcce874bc179919b9c53cc3530650bff29f36c304f3711e37585d2c5
-
Filesize
512B
MD5458d868ec888a647b89128400c5a1d9b
SHA1fdfce876373d1d49b15aa01a6ba0d1e868beee71
SHA256e7818b5e7392d8a5fcef983f4de5885ab3b9d511fae2a94088958657e7c0e509
SHA512075537352fb9b0d4cff44082ff09e236972860dcba505bdfacfce1829972844626a55d7df64e19d9ca27f801b4f0d5b2b2054eba93a55a876904fe9378deb78c
-
Filesize
8KB
MD5d7a597becd998b31296e789bc6cb715a
SHA1cb4d3e63d8889b17ab145d5ee67621859eecd293
SHA256c58c6e931a4577b721d1a56d24600f68eab5a7a8ee7d56ee6084aa4ef1bfcb2a
SHA512e0b2362c2582df0f7040f98c53b6c5f55f6471083d610b03e6358ac1c6343a1378256528678959ba7a82c76dc873061f278034749b23d52598df9d3df05ad7d7
-
Filesize
4KB
MD559306f9633abb7d5be873f3905218f2b
SHA125e20a3107d18f8bca688d561866e71d7fb487b6
SHA25607d49bb7cfa60a94ae8e928a474c8b1101e80ccc12c6c5ead0ad863d76bf5a63
SHA51270a4b5e0cea345fe9fb0b87f97e06cba89ee1e96f69b995f9d2439fa294aa2d34d7f0a42a5b460766f758637e01e8a17cc301c6b98c086804147a47cf67873d9
-
Filesize
8KB
MD5659b944482d727e7902c58efee6369e0
SHA138078ee70996526fc669f0ce56d6f478665703da
SHA256b09e899d77146f1da79b4cf083e961a8d2945de197fa8699bdb1c974d4c91283
SHA512508618a53418b9fa43d5f4d34efd3661fec193ade371ee8d545119c1d30aea64bf17b8d760a89cd67cdbd1b0edbf153eb1c0e7dcef12ec176aed83b1a7fd943d
-
Filesize
8KB
MD51baa4dbb0966d5c72239c57b7914d53b
SHA19243cfe0924ddc0b74ba2d86b2da3e5194760064
SHA2561ae48e0379ec8612b100cec5e9151a7b7085c8d5cb6a596fe15410fa893fe401
SHA512e7d4fe73c8285fced4bdfecfdf4a5639a406e3fa14b1a7cd90529f593314774034fdc73ae9826da456cf26ec140465b5a1f8f8bac27b942410b5a0a933dc4479
-
Filesize
651B
MD5cc3f812e071162de19e2745a1f212a74
SHA125e3118274f4623ba9a8d56abbd57c771570d3b3
SHA2569b6c719c93313b0e4d09ff5a97b34104597cdb7f73df504e72dee1bea0f3da1f
SHA51224cbfd06a38a0b8ed7b8cbf211d3c932a06444efa1436e00fe4f60cd049b48f010741757e9682d01cffbd1decb702e873b8d99d1de53eb18042c5f98d1230e7e
-
Filesize
162B
MD5eb80aa1908036eca7cf408b14b446b0a
SHA19b6450c0ceeb3436b448afb7c1c1ebc975f8ac00
SHA256edeaeb5309b90add39d73f35e06c80be1729b03a7c7de6cc34dff5a8e6d7fe10
SHA512193d789b6e39fe8191d76b723eb852aee5426a465ef07190ccfbef39a748a3b7d9ab07bb2d1a9cba69889037512d0a49228c2d13ee773f816b5e2e50948ab660
-
Filesize
791B
MD55916f087777a4e4db5f9be0166c966f7
SHA1b04719365bf5d3e7352d4dc3aece5347399512cb
SHA25696ddb1306fd227f9e28b6cf9ba64f7152d384255368b5314abf8adb59846c90e
SHA512afa151694f2976c1797624981d06640ef46e6c696119f22a9f075e08d14a4193f286de67a4632703e5d25a94ee63446e3e20959c630468c7eb7bcc3b3c784162
-
Filesize
348B
MD51781674fdbec04f194c1bb5d55db78b4
SHA1c285028f5303b7e5242cc8ae42b11101f6a813d4
SHA256549cbbcbd25ad0b52c821bdc188bbe9a0177965e0dd6414702b2eafea00fdab1
SHA51269b96cb5b0b8829401a4a0192f3760cd6c824b2710815b6357937d6bf3b6d51292214377454f2b509e62b3a3065303baf29cffbfa35c33dae3824442378d5b6c
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc