Analysis

  • max time kernel
    179s
  • max time network
    180s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    24-08-2024 21:25

General

  • Target

    bf71bee5557b56179ae9db87e315e80a_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    bf71bee5557b56179ae9db87e315e80a

  • SHA1

    9c94814377a96799b86c5dfd0b3798d272b1e853

  • SHA256

    6fbec5ca3918efb5d00eec529920e2390152d562c3cbd902dd7c8df4e1769d1e

  • SHA512

    06b46c10a1cfcd98439c4b2303871e5aa8e755c6054ddcd5b2f2d824de06bb2cdeb58337e8f90073f2ab601fce666b40ef245d1f05616d9aded84e3e85ed11dc

  • SSDEEP

    24576:LyoL0otaYtXMhek8X3lUKfcfIkuovSp04jro+rkjv6tq/13tdHbZKm51Ob83I:FQ7YthX1wvTvSpHjnwjv6tq/1XHNKmj0

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.xamd.lrjy.xtzz
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4634
  • com.xamd.lrjy.xtzz:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4696

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.xamd.lrjy.xtzz/app_mjf/ddz.jar

    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

  • /data/user/0/com.xamd.lrjy.xtzz/app_mjf/dz.jar

    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

  • /data/user/0/com.xamd.lrjy.xtzz/app_mjf/tdz.jar

    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd

    Filesize

    28KB

    MD5

    fdb8a92e5060ce104e8f0faca55a47ce

    SHA1

    270d7ca30673e18cec1d2b9add71cba96dc426fe

    SHA256

    194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

    SHA512

    ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd-journal

    Filesize

    8KB

    MD5

    4f1e574c03be306ab2baba5a5f7a4f70

    SHA1

    3d3bd965f6928bae6802318ec73644d7ae8856e8

    SHA256

    2dd6ecb4d95f427f6e643e46ff1eac39d0075f8ea414f26c09120a010178953d

    SHA512

    c169d37250cdf372be673fa423a2e7c60f7db9ed83f631b3f7bea279aad851facee0243ce6107951a6d6bf2a19c0a8c98ce18b6fba54083bee2e7fa321ced702

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd-journal

    Filesize

    512B

    MD5

    1a0a5270afddd1eb92238ff83efae8a4

    SHA1

    aa80edf2afd672aad0c81b5e863228929325f439

    SHA256

    a5226dd92a7694253ac1abd8be37bf05440216905fe4a540c010d18a539e4810

    SHA512

    1be38cf9ecd2fb17717557d584b4512ebd405dcaffa13057e13da9aee6a28a96a63f52ee08da76ed406d20d125d2c13f68e3b5ce10805ff7d5d0fffd4e20b0c7

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd-journal

    Filesize

    8KB

    MD5

    503dccc8a6f514b268d8d99c37a506d7

    SHA1

    d96a2ba81ecc14447d76d856e501a6a7da43db08

    SHA256

    5f5802f03ed30e21ab39e3bb5edccd1c71544d2957ab668800d049020b1f7842

    SHA512

    5b7c370aec7572ffac0ed78613246153aef0a5acda7f178b6e811837ab412a12b4e23f296da9e2278a840f089f06c79f59533497be3d64c3ec9d31611bb3642e

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd-journal

    Filesize

    4KB

    MD5

    dadec633de17339765d2ed665db67a3c

    SHA1

    b54502f42e02db9a4d6492443cfa1e876ff36c1e

    SHA256

    4f1ee775ff3702ded904dae49cf373163426a6b0414ece11bbcdff6ca9b95d77

    SHA512

    6706fc5aea4ced0f30423da3f3f5b05140c82970c97d80e7031c6d9c3ed3a6c86fbe70320e4d0be599720545599657d4e5bec9c91303972563ad53885b15c8c0

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd-journal

    Filesize

    8KB

    MD5

    91da14035dce38db4b9784868358b039

    SHA1

    770558ea075230665bdaba2e9413f5596be2d73b

    SHA256

    f5286d14cde7325e6528f21becc4b26e4a2155c7fa2997b8f8deda6a55688f7c

    SHA512

    6e41f232035943dc2e4b697ac53a0b4abde4de91d5301858e2afed46280a9160f64572aa48500286d052633aed96601519c09894cb5b3ed744c61c88bd8a5acb

  • /data/user/0/com.xamd.lrjy.xtzz/databases/lezzd-journal

    Filesize

    8KB

    MD5

    2d75f5712585fb966efea860270a4042

    SHA1

    a8188d8bf0d17870d4d86298ace2a8f81a0ab434

    SHA256

    e4480e9fad77a3d161895056cc3d5bd486165fde01b2869a289da0b4664a659a

    SHA512

    bf055fe93c998f4b3ca061e21deabd57b49bf49e61a0003439ed5567aa6ed780df5496d758092109b117cd4cb65f4669b02d7e9dda782bf616385556e6e59f0c

  • /data/user/0/com.xamd.lrjy.xtzz/files/.imprint

    Filesize

    944B

    MD5

    9f89c2ffd0fdb220fbce6b6823a51573

    SHA1

    199b1a08723b0e517bcbae1ab3b17c13f72cfb01

    SHA256

    8786baff86a04ddff8485b95a85fb66a8c110942a70da999d9f22fa68e042955

    SHA512

    e03b95f5dac86172a7aef447544ce578cb488ae56ba0780defced2a7f5d4993661d2adba4a6b6fa1faf232b1d16341f889cbd149d0639f13ef8f5bb962782421

  • /data/user/0/com.xamd.lrjy.xtzz/files/.um/um_cache_1724534892859.env

    Filesize

    1KB

    MD5

    3613bc96e713b9a29d5ea49a414c560d

    SHA1

    1eba3f5375dbb0fd114ab434bc27eaf71677bb89

    SHA256

    826c7b7231b725f9f0b622128c1438e1c61544aa6e1cb224f8be046160f0978d

    SHA512

    37013dd07cdc65dec5f7c8c062250e547a66484c3081274b4c2acb28e344f8ffefaaf841a2ee038b61cf8fb1db66fa4dae07c02502aab89ba358bd0017c2228e

  • /data/user/0/com.xamd.lrjy.xtzz/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    e27f6631370810e0af4bdf513fe1af2e

    SHA1

    761551f93b2a9efa014ef39ba27a11f042b6c7e9

    SHA256

    c7ae7c72ffd1f828279aa12495e238d03f86c04750233c17a925cbcd2e3ef28a

    SHA512

    6fa459f52f62f7aeb337aac9dbc05b0a2cdb72e48f0a0853de8220620014968a9825627a15bccb12b117c91b9bf5dffba726dc6db1dd7c38b0b90f64acca9668

  • /data/user/0/com.xamd.lrjy.xtzz/files/.umeng/exchangeIdentity.json

    Filesize

    203B

    MD5

    ff4be2f17f5721644863981606ff3c33

    SHA1

    d66e7e28923936e03b4b5354917b695fbf2c0347

    SHA256

    91f24d8b08f05ef28340f02760a757e83fca504484b24e44d521135520cb969d

    SHA512

    473139f2427fdad49db566212036d2aa380b2bec8834dbf16a96be7a2fb353918de614164e49c1702bf2742800472242fdcfea959a98ece6c591d7e3fbc557c3

  • /data/user/0/com.xamd.lrjy.xtzz/files/umeng_it.cache

    Filesize

    350B

    MD5

    617dee57476dbbdac224dfbfae6d4b3e

    SHA1

    a67f2e91e4646ce28c0d663d71dea8e19cdd8b06

    SHA256

    09e8c7b632edf269826a0fbfcaf1f3805760e0134352c94e06c36364664f24d7

    SHA512

    5b65c58a4b9442029f8d468726e79e683d61693b24617b2b3685878c911fad282e605546304262f02bb6894808f2020f0ebfc7c152c9328d381b9bd955cb328a

  • /data/user/0/com.xamd.lrjy.xtzz/files/umeng_it.cache

    Filesize

    178B

    MD5

    3814c1996dddc2b109c032510279a0a2

    SHA1

    ae330ead73820333c81f798d38d7dbf5ed1abb86

    SHA256

    e1dd759c3fef92b467e594d162733824eeb9618c7ea33bf5bbbfc8298f7614eb

    SHA512

    03efba7301cd952d1f5cdbe6c0e493ef75fb6ed87d377ba2a97073c89dc1adf8cebbd4eb2ab6f832a3eed381dcef010840380dc068e48856fcc204a2ad46d0e2