71b44191b4c0ab99f0dee085c4931e0ecff46e7590447b38c3b49fccabdb30da

Analysis

max time kernel
18s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29/08/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c96b67b2739b888677117cc14e0c4bfa_JaffaCakes118.apk
Size

23.1MB
MD5

c96b67b2739b888677117cc14e0c4bfa
SHA1

d8c3d002cffc8ca079b0e95c46bc230b61d79801
SHA256

71b44191b4c0ab99f0dee085c4931e0ecff46e7590447b38c3b49fccabdb30da
SHA512

ceb0665d14d7250bdc8e9edabf1fa731b1dd383f45b471d4ed1f1dfe868cb268e3aff9a94ee06bc37b315c7f04a170a167df3dc8aa0dd9784014776ece5ba6b5
SSDEEP

393216:SfLPRMvZBd+WzXoWrMAfAk7/aAGw2iUEH/TuYsHdolD/WvESJzdyFkrBRmqj+cCH:UMvrjzYS5fAy72AH/TuY8QaEmhrBHj0H

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lzg.fwfz

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
12	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lzg.fwfz
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lzg.fwfz:push

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lzg.fwfz:push
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lzg.fwfz

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lzg.fwfz

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lzg.fwfz

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cyjh.gundam.service.ScriptService.p
File opened for read	/proc/cpuinfo	com.lzg.fwfz

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lzg.fwfz

com.lzg.fwfz
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5002

com.lzg.fwfz:download_server
1⤵
PID:5041

com.lzg.fwfz:jpush
1⤵
PID:5077

com.cyjh.gundam.service.ScriptService.p
1⤵
- Checks CPU information
PID:5110

com.lzg.fwfz:push
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:5413

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lzg.fwfz/databases/UmengLocalNotificationStore.db

Filesize
28KB

MD5
000875e1a2106f82b0f0ead4e052747e

SHA1
5cf90b842489c3e12c9faef7ddbdf20d009a4291

SHA256
f338cd34759dc56064be9758b8f028b0013f70bb2e14baa81de9b1085842062c

SHA512
1dfdd9f99426e7592ba7958b5f37cd95c2cecd45bbcfd8823506718e5a48b73f691f5f5755618994d8fbe7118caf6c45fadecdac26763530b405be6fc39d4eba

Download Submit
/data/data/com.lzg.fwfz/databases/UmengLocalNotificationStore.db-journal

Filesize
512B

MD5
6809988dc68b62ad92f6173b7b2b006c

SHA1
66106b06d6b4d437c869964bb60c4db24a5b70a4

SHA256
17ff022aee7da067c8873871372c595bad05ebf7a09d2c33d0a305d70fa60a83

SHA512
77ab78537d4089dea0a563db423cb6a1678c5bc99fd380cdd52af8b816eb8f1b15ce07e83bdaf3391314e3bad06ec8b864bdcd0cd69d1cfc7222852b0a6df9c0

Download Submit
/data/data/com.lzg.fwfz/databases/UmengLocalNotificationStore.db-journal

Filesize
8KB

MD5
1592e7f71b0044d5c559ebe7cc488690

SHA1
ea8446294afe91d922cf2f00578f212ffad37763

SHA256
5fbcbf7c2bf25706aa324158c90ab026e08b9c4d5686e5acf0042e2783b30404

SHA512
81b327d385a0cfe232fdb585d76572a6e400a899a540e6e1654573cb23631c1bf223466baedea4b645a5608b11869293efa25df3dbafdc9fa30dcf6ce86e1390

Download Submit
/data/data/com.lzg.fwfz/databases/UmengLocalNotificationStore.db-journal

Filesize
8KB

MD5
80d704c77f02bb76b381bef7cfda0183

SHA1
a07613f9b8610c34e4e89a93bf1182e50d7251fa

SHA256
5c65244c032a869999a729d147fb3d84d8cd214c78999e7239303caa509e1887

SHA512
95b867fb71754fbe264732f6174e03a1d1a3a88cba88cd519b19b86de4bd56b95d48b4fb79f0184e2c3b06a6c25dcf103505465b5cc45c77be2c9d3c6c1c64cd

Download Submit
/data/data/com.lzg.fwfz/databases/cyjh.sqlite

Filesize
56KB

MD5
152a71a7eef6aba10a18b6924cb6c44d

SHA1
db6dcc799fe1e15b49223e98d391746733e83f47

SHA256
52213f95034f1f366bedcbf7cdfed6572dab38e7f46bd8f690e71d2ef91fb559

SHA512
101a68119da4b53edf41845d95181fdc3a1c4e4ffa0d67d7ac3d6338ac78f9d37abc4b9131e6ef065983bf4a8b297698029fe2d7ab9509664948ec870aa4fb5f

Download Submit
/data/data/com.lzg.fwfz/databases/cyjh.sqlite-journal

Filesize
512B

MD5
448c527fdbb394234f0104990f0dde4f

SHA1
7a220c07f920fa9eec10b0d49a47253614a54585

SHA256
122dc454fea42fc2d4787aac36b3ec9e06887139ee884b1c4c9cd0871c045889

SHA512
342daad6c7f93b698630603198ccaedd408d904ad51daa2b41cac37d62a9822bea55238d7843fb561fbfa66f9b5608f099ee004c38e02b4b3fe52c7fe3999c4b

Download Submit
/data/data/com.lzg.fwfz/databases/cyjh.sqlite-journal

Filesize
8KB

MD5
4bf3d07cd882cb35cbd313805c2df78d

SHA1
306016cc3b34c52a0cd2f955408edfb756b01d35

SHA256
727f7ffdd9ea257f51436671e734ad799b5dff1a3bced431e2965c2a66f592ad

SHA512
8fe9ddc7e6d01c2e04aa0e29cd75d1ede918c5755b8d6c936750257165ba007194ca068987eb0c02aec4f538ab86d3e0cd892b0662cef43e2fba7b9987687e73

Download Submit
/data/data/com.lzg.fwfz/databases/cyjh.sqlite-journal

Filesize
8KB

MD5
51c33597e754a4608956e7de67617c62

SHA1
bd90137b443ff6c0da654932f0e7500dc1b349f5

SHA256
c7fee526ca098054b108bb45210884253e427ae25f9b6cd0be412fbc4d5354b3

SHA512
ffe457cb1b5c27b5589a8df5a3934da87ad6cab626a78ba0c07005d3cac654f226aad643c3314659150fc4286f5950a49df4d34981390644a37da9048cdd146d

Download Submit
/data/data/com.lzg.fwfz/files/elfinject

Filesize
13KB

MD5
5476a808c67a1c6b4aebf701b8d0010e

SHA1
b573d4657e9ad47a7213cf3dced681586d552bc2

SHA256
d74cd27825b6d372e0b2304ab56a9e77cd0f69963005870fd7a2d112c58f6157

SHA512
a855e0a63f21e88e7ddfae89c821038deb42f3953bfc81f96bebb53c82195e44565f48806765c592b371d8baa67de63788ca0f8bb6e4f8f521adba0ff1415896

Download Submit
/data/data/com.lzg.fwfz/files/port

Filesize
111B

MD5
8ce4dd178922ec53055edc3758ca85a6

SHA1
ff487e2cc7e8f0c4b84dd0f345f5d54c72c5a7c1

SHA256
8e2353ad0f32fd682122e57dd3f239bfec53c037488e81e8f3b5dde6b116161a

SHA512
cfa0ea73e837104f8c641a3b7898a6d3cd4481f03d045971dea10ef05828940a858b9c4fdda706042436c6d66496ed98739c697e5e3c572628a3974daad9726f

Download Submit
/data/data/com.lzg.fwfz/files/scanmem

Filesize
41KB

MD5
30c0954efb3bbcbcb2dc544c6d705bb3

SHA1
c147b95ebc29c0702a25271a2f5775a31c958581

SHA256
a9c135b7f2ba92b5cd44e7975e35171963a0f12e7132818c69a1acd0abb65cc0

SHA512
a61b8636683e25ec9c74f572be936f86b653922f494370f57d8f71a125e7f7a2d89b1cfa51f41bcfab4f025718aae06d6b08064e05fba2b4a0c67aa173778154

Download Submit
/data/data/com.lzg.fwfz/files/start_eventsrv

Filesize
260B

MD5
a0649d2a14c70a1c04f907a5270e16a7

SHA1
574119db17308e2b22933f960069113db74f5017

SHA256
3d8487cecf703a78f0d11c78f076b234a99d765ba84f315ece76a1d04c88637b

SHA512
300b1a1b601b609c9901ae9fcb9f82f8ad427b7715094e3a303da648e2d643caa22f9522fb9b566e5050dd7425c6b4f3b0a7a2098e2e4414d7a70424b14a6af6

Download Submit
/data/data/com.lzg.fwfz/files/umeng_it.cache

Filesize
245B

MD5
831d8910140d4887a101a54bd70fe19d

SHA1
431570aa144a216973eac978edc8e65005b4b0c5

SHA256
c95c65f1388076bb821c2199bf7686e4edb8edccdf09037c9095b49b182d98b5

SHA512
df37dad1f063ea8f48c122b111fad5374f53c8cafad4dd562a01d905f52df7b0f71d352c891a53d189e7c2e807189b1b2e79ef618b5a1bd5d3771b164b3061b4

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
7465cdbe9a5b3b7a8568e0a763d0b35d

SHA1
12167c1115e1c84ef425bcba3f5ddcbdce118e6b

SHA256
fb41fea625840cfcb32b18c507be62f656ddd5b4fb2cedb4266f6f769a568b28

SHA512
2ae353634dd55c371b4aa2a5551ae9f373c0799d9d565a925c90ef0e3163aeebb9bc8f664eae999a1ecb9628f388cb44ad6a49627c6c3a46d7bc125e3718dacb

Download Submit
/storage/emulated/0/QICloud/OpenBox/2024-08-29.txt

Filesize
167B

MD5
fc1202debde6f6fecf2156879984d48d

SHA1
b80edcb4f3dd5ace19cc83252362b83b7ddbd5c0

SHA256
61c19ae8574e0ce68b8eef09ada99438f8748dfdda3a7f0811f9109149234f93

SHA512
d7dd1d0132664fc00a58df07c804f2a5c3e169ca04d4a74b19f85ac869d76d0cefc68f0c780996b01ab0cdfca5c3b0bab0b13b5f2b95f6bb4d9af2057cc2bd1e

Download Submit
/storage/emulated/0/QICloud/OpenBox/2024-08-29.txt

Filesize
74B

MD5
3eb054b8744dd81f2ba4df941d09094d

SHA1
32073606bba0542970201f0cbda2d186b8061796

SHA256
d93f6370868d17e082e38db5af1865e1f91f3d77fc142f8ec173acc0f9e5409f

SHA512
6db3dd236ea6008028c785a1dfd9dcf0da636b5175dbb4e0099ced02c0fdecb0e96b54dd5597be0ab2003598e96ebbe97e27621faf89de1a05c54bd13447ebd9

Download Submit
/storage/emulated/0/fengwo/actionLog/action_rjqd_log.txt

Filesize
326B

MD5
0d52b529ba4e9fdf116de4dfccbf495b

SHA1
b2365d45521b71406f1110261834373e7e73b5cd

SHA256
e7ed913f36631faaef8bd8f609eead527b61ae1ec3cfcb4e4822d6057d820fda

SHA512
4f3f412a6325ab7921d63dfd180cc286d1bcc17f6a7f61cfefbc04f6d9fd996344edaea4288a37735a1b2254fb3d0bf11375c90f0b06c32669720f22ddccfbad

Download Submit
/storage/emulated/0/fengwo/actionLog/action_yhdl_log.txt

Filesize
299B

MD5
df902d7a01df382bc3c2b1092d6352f9

SHA1
811b558e7d9c827ad30fba1b6c9142c605dbee78

SHA256
1427029e3fa884d6508332720a0ee7c8cd4b55eebe7ce13101755cff42d412b9

SHA512
f5af0def4e685dae76b7dbe1798d07655d4170c0c0a94be08a13edd42a9220d497505665db6defb55611214dc75565ec8d714f31e0a4edd61e5ba49f326f1807

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads