Overview
overview
10Static
static
10c1f5a50625...18.apk
android-9-x86
7c1f5a50625...18.apk
android-10-x64
7muzhiwanapp.apk
android-9-x86
8muzhiwanapp.apk
android-10-x64
7mzw_d.apk
android-9-x86
mzw_g.apk
android-9-x86
mzw_g.apk
android-10-x64
mzw_g.apk
android-11-x64
stasdk_core.apk
android-9-x86
7stasdk_core.apk
android-11-x64
7Analysis
-
max time kernel
94s -
max time network
181s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
26-08-2024 00:56
Behavioral task
behavioral1
Sample
c1f5a50625b0cd10266f1dc5413c810b_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c1f5a50625b0cd10266f1dc5413c810b_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
muzhiwanapp.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
muzhiwanapp.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
mzw_d.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral6
Sample
mzw_g.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral7
Sample
mzw_g.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral8
Sample
mzw_g.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral9
Sample
stasdk_core.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral10
Sample
stasdk_core.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
muzhiwanapp.apk
-
Size
6.7MB
-
MD5
f166fff17a539f053550965c87c42054
-
SHA1
8be071793576b6e324db218f02a017439fe826a3
-
SHA256
efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4
-
SHA512
26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a
-
SSDEEP
98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.muzhiwan.market/data/mzw.apk 5096 com.muzhiwan.market:mzwlogservice /data/data/com.muzhiwan.market/data/mzw.apk 6180 com.muzhiwan.market:mzwlogservice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market:mult Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market:mzwlogservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.muzhiwan.market:mzwlogservice -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.muzhiwan.market -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 87 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.muzhiwan.market Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.muzhiwan.market:mult -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.muzhiwan.market -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.muzhiwan.market:mult Framework API call javax.crypto.Cipher.doFinal com.muzhiwan.market -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.muzhiwan.market:mult
Processes
-
com.muzhiwan.market1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4999
-
com.muzhiwan.market:mult1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5042
-
com.muzhiwan.market:mzwlogservice1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:5096
-
com.muzhiwan.market:mzwlogservice1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:6180
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5e65188742e10046597a4c648d045699b
SHA137b2f1e3e89d3b0d8683737ccae2ee725e82a312
SHA256d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b
SHA5123859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481
-
Filesize
16KB
MD5d91f65c011be3ca7fe405b41fa7535fa
SHA14cc94987e541724d9c96a33c90ff8fa914843a1d
SHA256b592cb7ad9201d2a3f11a33c599902bbdc105dac38d28a25fddfab71aa15e06b
SHA512065a3a6e9b6a2b1086c01dcb3840b46292d159546fa8b5dad5db2bd84e800ca818c9ba2c153f657281cb4626106313ca5ad8c10b2fa72061fd6027353b2cc4ed
-
Filesize
16KB
MD543a745501accaf70c710926818f040a6
SHA1884e4d4c2b08b2bab4b01b25478b7ac9976ab094
SHA25625c45e26734aeb9e74d70340d764e5d304cdbbbafb4b07bf92a630ed106478b3
SHA512db37d1ab8d1b6e7bd06c68f2f71a920516289b65a96f245d18f0e49b5b738c68e5ebacc76f97c65bef7c81b278d77adca4a7670e3325e3941cb0e39257dc7fe7
-
Filesize
8KB
MD5a44cdbcf5e2b9c7e3b0eeb2c3e842b14
SHA1230591a2bb940bf1eb549c30c444597817e0415d
SHA25622d332d184b18303e05adbd91bfd958edc44d042dd4ff342d3646eba134fbf22
SHA512bf60e939d220de0909623d06b2827bfd79ab0608c78c9d2e864e33f0784400e2386954e178245467393434bb25bd1a7a83a05d7504a497dc229fe8c9752cec36
-
Filesize
20KB
MD5e840f62f20cce1ce255ee5ab95324d26
SHA179015a1f6a2b10240bd8bf0cc2282e2e8f11be33
SHA25657328860795cb73eeeed0adb52524881107cc9d1d4068f2715c590e75768c616
SHA512e2233197681fd0a721dc502ed2a391243ed35067b4a6dcad3f8ef4afa0e2c7173c7e348e1b2f5b380aeeac9e3559f63bc9c5c87b906eb81a07a25624e1d4cf1f
-
Filesize
16KB
MD52667900bf3b5ab90121d0a3ff8ade390
SHA1d82120444613139e2f4547f2872aa2c95ed9dbf5
SHA256bddb108ff2c0d509cd953c8dfb2b7c4e838d205291a4da8ab6c65cb98986416e
SHA51203db7a94d3760f47c9546e3c033647e853a984385e871d46d056509b8812422a2a3389551c30ec5a9360cebb5e1786315c6891611638c60642d3107dfd8006c3
-
Filesize
59KB
MD5e58dc40885dac40ad368f5a573a01609
SHA14a9e522d1ed75c6485b0d621f93f54191e402d8e
SHA2562bf6ae473297ac9f1a6256fe33d7ffd67ad380ef971d2e481a9b4a7f778fe119
SHA512663d2c496a5003f644a4568eaf21d27e20e882d91d0e8cf19d82e4a7ffb15d09b360effff69d25be2c521cf03c3df3783c21ccdabf8c0266a221d23f78e7fefb
-
Filesize
42KB
MD530abf308defec31d64f22ffa578c7235
SHA17ce81072b4b66fc0036b877c73d956af98d7e9e2
SHA25667cb2fc928251d360105d58e1588e6ce485afbd828159c76381a6d9fde889f69
SHA512b28a853a86a5c4ce5306738fc98473e12272931f1bc2e384ff0e2fe48dcbcb9b8ba675f728813f4f67225630d001eded5ba21b629823111e4544f235d807f43f
-
Filesize
42KB
MD5822bb47b10de8c8e2e4616ca3c39c49d
SHA14735f8e61f1128ded48c77df48ae196a7fa9dba2
SHA256737e06bdb66e6b479a03aa141ab5df48b728501c8e262dc1d1469050831285f8
SHA512cee903d34bdd211eab4c0f616e5484d8025e89c2ece295f389b81bb17e879a84713d30c4b2a15c78986aae2129ecd5af1d423ef98f09f3ca2e20189cd32c47ab
-
Filesize
8KB
MD506ed0ef1e7f57c5b22ba956361046356
SHA1649ae85c10058608f5cd460192f4c156275773c1
SHA2560984b5bc4b281e73e393839f46a0ece05832f51230fccc58076bf48e01b12ce0
SHA51208acddaaa6972afdb391f9d5414d7997320ae1aef35f28997056578187834ce26169422822661aa1fd8f241d6d2d5c3120f2a69c6ea38fa14e62d561ec42c03c
-
Filesize
12KB
MD55c007f1afab0523c221527e3c03401ef
SHA19e3f243b3ea1776ed75e568a8b8810d1c774d4b1
SHA256f70df5d30e34e3b3ebde9894023a48574a4f9fb9f97c8dec93f2cf770a723c51
SHA512e194940cd9fcf34cdd4b65da22cecab5f5af84229e53f8ee8c4df21290a635e9cb35d82259c17033db641601019a27a840faf62a69568cb54a27120f8aea6e8c
-
Filesize
5KB
MD56b59dbad0338efccf77158fabc652de4
SHA106fcce5921edcad0a029f8d25e0ea25e6df641c9
SHA256fbe218920914ccb092712d350a49a96757b092480ea2ac1cf5ae0643af3897c3
SHA51271e80a234601892e090366a95b9aff189b6b8e384a974a45986163ade9f607c44f3d21ebb059c56b87f8e202cdd4821525f2655cfa2f674201befb0be414c161
-
Filesize
8KB
MD550be52edee442a7c2b5c9f3f96fbf831
SHA1a951181d1ac5d28dbb7b5150e83ebc603fde087c
SHA2563ba0a69c45f351e6d2c42f62f60141e85e3d44c5d403127fead23bd152c7bf5b
SHA512d06c74402c5c614b17bd3985732b9b9f704417fdd6331b74a5b57896f8abca80ecf0a7aac56432f41557b93c4491aa54a4f97e55fe032b9f39e85cd25db5ff84