Analysis

  • max time kernel
    178s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    25-08-2024 11:27

General

  • Target

    c0a52b8d9918b63e45d879bd94485643_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    c0a52b8d9918b63e45d879bd94485643

  • SHA1

    b02f87963bf76695ee0fec182e750c8ddc4678f3

  • SHA256

    ed9b8486ef7139900343757cc864efa787c64e54704af8e3e2836366c3d69e6e

  • SHA512

    6ecff85cdead1e003b19e721f8b93f3309d15265ec33ef83160b580761a539230c050945834d3b6894cc176b8a8cd1a96d3bbd16f8a690556fa5e0eb59afb78a

  • SSDEEP

    24576:6cEoL0otaYtXMuSprkM4FqD5Bl0ZHqU+3jTo+U4j8vgq/13tdHbZKm51Ob83P:hQ7YtmrkruBl0ZHqj/Bj8vgq/1XHNKm3

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.equq.ylbf.dnxd
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4654
  • com.equq.ylbf.dnxd:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4716

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.equq.ylbf.dnxd/app_mjf/ddz.jar

    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

  • /data/user/0/com.equq.ylbf.dnxd/app_mjf/dz.jar

    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

  • /data/user/0/com.equq.ylbf.dnxd/app_mjf/tdz.jar

    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd

    Filesize

    28KB

    MD5

    fdb8a92e5060ce104e8f0faca55a47ce

    SHA1

    270d7ca30673e18cec1d2b9add71cba96dc426fe

    SHA256

    194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

    SHA512

    ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd-journal

    Filesize

    8KB

    MD5

    3f44b4c3b4c2a85dc24947f5c43986d7

    SHA1

    7636be97cf61987333f5ddfda9cfd64eac363169

    SHA256

    7385cb8e6a976bd1327e9b1b302c4d86498cbdd247423b80e13128fcbc1289a8

    SHA512

    30e044a216dc6aee582909b4d159231b056c76498b797f05b9cb878b989f54ba67fc8e14ce343160e7bbf70fdda7a1d91cb80fd15b24e3cd09a4de9febb92660

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd-journal

    Filesize

    512B

    MD5

    d3ae0c1225566ef4aef354ac9ca06d22

    SHA1

    834622157b952ba0d61387c028df0f69789c6e3e

    SHA256

    b53e2e6c88939fdc25b1f98b517fcd3606b2dc1e816d57dc674b9fe9710ea03f

    SHA512

    15c419c83640743beb3d1f349113822f2c9d875bdc0a1f8c5b2e2e35ceca70ef198e51acc34c277526b5c7fabdcab85b857fe2506c58656e67897313fd8e497a

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd-journal

    Filesize

    8KB

    MD5

    7686810645c4021405e1f89b0f20f1a3

    SHA1

    e6174f36f698370d25007de254ad3efa4118e1e1

    SHA256

    4ff830a47ec048922692f02f16aa0e84d9437042418024766d29f11698e1a209

    SHA512

    2c6cb17963b1cea10a2e8f15d1dbcc29f29aa4d6a5b54398aba21a8d5102cbd4bae526ecfcec13108b01190e0d8b7b420e95478236086b56fbd904a276dc60a3

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd-journal

    Filesize

    4KB

    MD5

    08b6fe6758f255cf447ec79bf5a7ea64

    SHA1

    9890d050075b2b413a0822af2c886d594232a1c7

    SHA256

    d325fcef2564c62563954c5ce647feeeeca0db020d081007176a380585205abb

    SHA512

    cad514c557a1628c0e303cd69c1f5764f6f8419d91bef152a531a6e05cf93817d5dcb52274e7ef8d197b60680cbd5b7c943e7d32efbb7ba56a362f38e8d8b923

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd-journal

    Filesize

    8KB

    MD5

    557364b3216f90aaec7178b1fd06019b

    SHA1

    80a6ca0f92cc8dee2084babc76dedcb02a7a994b

    SHA256

    ed603d22d74fe6bfcfcd2211f2fbe78ca7bee009d309198fc3686ff18e47a4c9

    SHA512

    b8bd412635e4a7257576c600056a6a41a087f46fcd4d121fedaf6f0e1824bf5fbe68f33c17f20c8f80f4d895a050ef9df845c95215db701445ca8145dba0ba20

  • /data/user/0/com.equq.ylbf.dnxd/databases/lezzd-journal

    Filesize

    8KB

    MD5

    bdda744fb1fe634559a13056eb6c76b3

    SHA1

    c789ab25f61833e911fad1d00780be1aec616c61

    SHA256

    7afbe488efa312ab270c1a6f900a80d2c1b27cb7699c836d1f27d90046069664

    SHA512

    b3c0b90b5dc5db823119e197db3aa61a00376f3f44aba511579089a02c723c47a7803fe6304993ad3361b289dcad673e4244d192e5ded11b58ab159749e4c71c

  • /data/user/0/com.equq.ylbf.dnxd/files/.imprint

    Filesize

    944B

    MD5

    e95d0a09a5575cf6bb541c26c7143c35

    SHA1

    60d406a85815ab2acc1b47a8d25d6417bd644e9e

    SHA256

    159943802cc77cec05c00cc314f66fc79186c950231dc72bb9185b409266f45c

    SHA512

    870bbdc4413290eb4d4de8aba3249320175177f529ec5d159cc8c604f0d9ed7306b68a6042988367c3d902bc45f967a77214d80c6dd3054f175fd68a74d920c0

  • /data/user/0/com.equq.ylbf.dnxd/files/.imprint

    Filesize

    944B

    MD5

    29252ee85c0e289f3159d6dabc638cc8

    SHA1

    39866006dc8639d8cc1d2eebc8341a217d742500

    SHA256

    fc956a42579c574b25b7a1041d3e7fbca59b4c5bebe4ae311f17b5b63a76cbeb

    SHA512

    39223c01c8c0268974a31c03720a8bd726a6257377ae80364223b10371fa5fb7eae9e329d610f1a2a406a784fe99f5127a2c6ab5d151aea77bbb5681c8075bb9

  • /data/user/0/com.equq.ylbf.dnxd/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    fcb26291eccdd3bcec5b87848bbcf74a

    SHA1

    0ca2bf9d3005b9c31344e164caf3ec81ad0ea7ac

    SHA256

    5c1d7e606ffc0589cdbff173a4ef2052612944846421c5193b183f65e8db113c

    SHA512

    fb95571c5b49261265aa4c62c8a6f683be07eea562ec0ce9fd36b8a510b28d8140cec76a8f2a724c389a471278b4e7d4e6980ca8a8bfa8737782a302ded7846c

  • /data/user/0/com.equq.ylbf.dnxd/files/.umeng/exchangeIdentity.json

    Filesize

    204B

    MD5

    18822c9b12b9ec6baa6717df5d41621a

    SHA1

    a063d4ddac14031f8714766b7021aa532dcdc75c

    SHA256

    4e7285c485a395607a8a44ae54b1c4d3423e1ca5dc0970ac271268be33ae3957

    SHA512

    a72c3d8a25c32ac3000d0980e819c2e503d429d5c3acb9b5ecc0fcfbfea74b3d66c4cfd1703a6fec32c7993348dd5266785d98f743e19b5913b9690bbdaffe1f

  • /data/user/0/com.equq.ylbf.dnxd/files/umeng_it.cache

    Filesize

    352B

    MD5

    eb0424631db5d9128b54b21efd1ad046

    SHA1

    9f3f3976d2aba2cde1a3b0ce2e145de308e5eed0

    SHA256

    86106e2ec3aa5328b7fd15ba184ec6eb41e7c723ec8b8a2adcc902dd95b7d81f

    SHA512

    f67b5cbe4dc987ac341268392edf18bc5605c6595572cfc0c1fa4fa28653314737a3c959d941c244ae68cdb311d812b2b1a48d88b9f280016240cdc8ae944b76

  • /data/user/0/com.equq.ylbf.dnxd/files/umeng_it.cache

    Filesize

    179B

    MD5

    820ef0cb92ddd4d050e8635f96829e93

    SHA1

    d2d49d15e2439025afe193e2ae524d05c31f5732

    SHA256

    7045e0811f3ad176708f0f2aefd2199e5400c22e011cbc9f978fbae674827a83

    SHA512

    7fd9d7c335a8e802663c700a76fdc4c377ca15adb3bdf0829a94d483496d30c4190743111fad82cc1181e40024a0c374a83776c83589c90040010ab946103788