Analysis
-
max time kernel
178s -
max time network
151s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
25-08-2024 11:27
Static task
static1
Behavioral task
behavioral1
Sample
c0a52b8d9918b63e45d879bd94485643_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c0a52b8d9918b63e45d879bd94485643_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
c0a52b8d9918b63e45d879bd94485643_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
c0a52b8d9918b63e45d879bd94485643
-
SHA1
b02f87963bf76695ee0fec182e750c8ddc4678f3
-
SHA256
ed9b8486ef7139900343757cc864efa787c64e54704af8e3e2836366c3d69e6e
-
SHA512
6ecff85cdead1e003b19e721f8b93f3309d15265ec33ef83160b580761a539230c050945834d3b6894cc176b8a8cd1a96d3bbd16f8a690556fa5e0eb59afb78a
-
SSDEEP
24576:6cEoL0otaYtXMuSprkM4FqD5Bl0ZHqU+3jTo+U4j8vgq/13tdHbZKm51Ob83P:hQ7YtmrkruBl0ZHqj/Bj8vgq/1XHNKm3
Malware Config
Signatures
-
pid Process 4654 com.equq.ylbf.dnxd -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.equq.ylbf.dnxd/app_mjf/dz.jar 4654 com.equq.ylbf.dnxd /data/user/0/com.equq.ylbf.dnxd/app_mjf/dz.jar 4716 com.equq.ylbf.dnxd:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.equq.ylbf.dnxd -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.equq.ylbf.dnxd -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 37 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.equq.ylbf.dnxd -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.equq.ylbf.dnxd -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.equq.ylbf.dnxd
Processes
-
com.equq.ylbf.dnxd1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4654
-
com.equq.ylbf.dnxd:daemon1⤵
- Loads dropped Dex/Jar
PID:4716
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD53f44b4c3b4c2a85dc24947f5c43986d7
SHA17636be97cf61987333f5ddfda9cfd64eac363169
SHA2567385cb8e6a976bd1327e9b1b302c4d86498cbdd247423b80e13128fcbc1289a8
SHA51230e044a216dc6aee582909b4d159231b056c76498b797f05b9cb878b989f54ba67fc8e14ce343160e7bbf70fdda7a1d91cb80fd15b24e3cd09a4de9febb92660
-
Filesize
512B
MD5d3ae0c1225566ef4aef354ac9ca06d22
SHA1834622157b952ba0d61387c028df0f69789c6e3e
SHA256b53e2e6c88939fdc25b1f98b517fcd3606b2dc1e816d57dc674b9fe9710ea03f
SHA51215c419c83640743beb3d1f349113822f2c9d875bdc0a1f8c5b2e2e35ceca70ef198e51acc34c277526b5c7fabdcab85b857fe2506c58656e67897313fd8e497a
-
Filesize
8KB
MD57686810645c4021405e1f89b0f20f1a3
SHA1e6174f36f698370d25007de254ad3efa4118e1e1
SHA2564ff830a47ec048922692f02f16aa0e84d9437042418024766d29f11698e1a209
SHA5122c6cb17963b1cea10a2e8f15d1dbcc29f29aa4d6a5b54398aba21a8d5102cbd4bae526ecfcec13108b01190e0d8b7b420e95478236086b56fbd904a276dc60a3
-
Filesize
4KB
MD508b6fe6758f255cf447ec79bf5a7ea64
SHA19890d050075b2b413a0822af2c886d594232a1c7
SHA256d325fcef2564c62563954c5ce647feeeeca0db020d081007176a380585205abb
SHA512cad514c557a1628c0e303cd69c1f5764f6f8419d91bef152a531a6e05cf93817d5dcb52274e7ef8d197b60680cbd5b7c943e7d32efbb7ba56a362f38e8d8b923
-
Filesize
8KB
MD5557364b3216f90aaec7178b1fd06019b
SHA180a6ca0f92cc8dee2084babc76dedcb02a7a994b
SHA256ed603d22d74fe6bfcfcd2211f2fbe78ca7bee009d309198fc3686ff18e47a4c9
SHA512b8bd412635e4a7257576c600056a6a41a087f46fcd4d121fedaf6f0e1824bf5fbe68f33c17f20c8f80f4d895a050ef9df845c95215db701445ca8145dba0ba20
-
Filesize
8KB
MD5bdda744fb1fe634559a13056eb6c76b3
SHA1c789ab25f61833e911fad1d00780be1aec616c61
SHA2567afbe488efa312ab270c1a6f900a80d2c1b27cb7699c836d1f27d90046069664
SHA512b3c0b90b5dc5db823119e197db3aa61a00376f3f44aba511579089a02c723c47a7803fe6304993ad3361b289dcad673e4244d192e5ded11b58ab159749e4c71c
-
Filesize
944B
MD5e95d0a09a5575cf6bb541c26c7143c35
SHA160d406a85815ab2acc1b47a8d25d6417bd644e9e
SHA256159943802cc77cec05c00cc314f66fc79186c950231dc72bb9185b409266f45c
SHA512870bbdc4413290eb4d4de8aba3249320175177f529ec5d159cc8c604f0d9ed7306b68a6042988367c3d902bc45f967a77214d80c6dd3054f175fd68a74d920c0
-
Filesize
944B
MD529252ee85c0e289f3159d6dabc638cc8
SHA139866006dc8639d8cc1d2eebc8341a217d742500
SHA256fc956a42579c574b25b7a1041d3e7fbca59b4c5bebe4ae311f17b5b63a76cbeb
SHA51239223c01c8c0268974a31c03720a8bd726a6257377ae80364223b10371fa5fb7eae9e329d610f1a2a406a784fe99f5127a2c6ab5d151aea77bbb5681c8075bb9
-
Filesize
162B
MD5fcb26291eccdd3bcec5b87848bbcf74a
SHA10ca2bf9d3005b9c31344e164caf3ec81ad0ea7ac
SHA2565c1d7e606ffc0589cdbff173a4ef2052612944846421c5193b183f65e8db113c
SHA512fb95571c5b49261265aa4c62c8a6f683be07eea562ec0ce9fd36b8a510b28d8140cec76a8f2a724c389a471278b4e7d4e6980ca8a8bfa8737782a302ded7846c
-
Filesize
204B
MD518822c9b12b9ec6baa6717df5d41621a
SHA1a063d4ddac14031f8714766b7021aa532dcdc75c
SHA2564e7285c485a395607a8a44ae54b1c4d3423e1ca5dc0970ac271268be33ae3957
SHA512a72c3d8a25c32ac3000d0980e819c2e503d429d5c3acb9b5ecc0fcfbfea74b3d66c4cfd1703a6fec32c7993348dd5266785d98f743e19b5913b9690bbdaffe1f
-
Filesize
352B
MD5eb0424631db5d9128b54b21efd1ad046
SHA19f3f3976d2aba2cde1a3b0ce2e145de308e5eed0
SHA25686106e2ec3aa5328b7fd15ba184ec6eb41e7c723ec8b8a2adcc902dd95b7d81f
SHA512f67b5cbe4dc987ac341268392edf18bc5605c6595572cfc0c1fa4fa28653314737a3c959d941c244ae68cdb311d812b2b1a48d88b9f280016240cdc8ae944b76
-
Filesize
179B
MD5820ef0cb92ddd4d050e8635f96829e93
SHA1d2d49d15e2439025afe193e2ae524d05c31f5732
SHA2567045e0811f3ad176708f0f2aefd2199e5400c22e011cbc9f978fbae674827a83
SHA5127fd9d7c335a8e802663c700a76fdc4c377ca15adb3bdf0829a94d483496d30c4190743111fad82cc1181e40024a0c374a83776c83589c90040010ab946103788