2ae8b9266e6fd8e2a840692ffa3fb5728332660be61ee80e123605fd28922912

Analysis

max time kernel
64s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13/09/2024, 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddae921fe4c3f308b49720e0e5de5373_JaffaCakes118.apk
Size

3.6MB
MD5

ddae921fe4c3f308b49720e0e5de5373
SHA1

4d5565280fe8aafe3a8cbdb5cabfae699c3e581d
SHA256

2ae8b9266e6fd8e2a840692ffa3fb5728332660be61ee80e123605fd28922912
SHA512

48cb90790269a1fb00d3febac770b127af3c137d40f8aae661e2dcbcfbb32fe41317142f3b06059b15e9a3d59b7a39e9d09bba81010356469d59db6f4195c559
SSDEEP

98304:Q0JZyHWsnx/Qg4WjhVKn85gVNanW8tP7x9xS8062G:dZyHp4WDKNanTP7xLt062G

Score

7^/10

collection discovery

Malware Config

Signatures

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dfxw.kf
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dfxw.kf:remote

Requests cell location 1 TTPs 3 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.dfxw.kf:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dfxw.kf:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dfxw.kf

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
25	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dfxw.kf:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dfxw.kf

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dfxw.kf
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dfxw.kf:remote

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dfxw.kf

com.dfxw.kf
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4481

com.dfxw.kf:remote
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4524

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dfxw.kf/databases/work-db

Filesize
24KB

MD5
bdcde5365aa34a09020cfaca9ad8c0d8

SHA1
57a3f03a3f660587baf6539df056aa12979bcbf1

SHA256
8d496ea549217348b3db5907d6298c8a430aa4ef081299e7c7c0daf1ac91282d

SHA512
829e816d7f45ed73f72d9b12cc1042881507ebd527b593a48f6b327cbfd4daa797c233f17a68435dee184f00d4858c2c23e522eb8146c014474d1b540d488d83

Download Submit
/data/user/0/com.dfxw.kf/databases/work-db-journal

Filesize
512B

MD5
037d8a301734d5b24d8f38acc54652d5

SHA1
0ede0b1e8cd25bf5694665339ad1e3478d697102

SHA256
b2efaf03e50abb1ee171661fa5f9034717e3f1cb8a7049080e468d7b82ba1373

SHA512
6cd20c2541ad81f23eab5509a7fd89facb60ccafa0b4a7c9334a88e5954d306b07e89ead235accfa821b5de20644754189137bfd23326ca59086af45554b60b4

Download Submit
/data/user/0/com.dfxw.kf/databases/work-db-journal

Filesize
28KB

MD5
e2c58b77c8409b969743565ec4a39d38

SHA1
cf67fd7fe48b4c0d371c7038953d96ae66cee0a4

SHA256
56574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c

SHA512
768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b

Download Submit
/data/user/0/com.dfxw.kf/databases/work-db-journal

Filesize
8KB

MD5
dde41169b46c9dfb5b0b9481d2b1fa14

SHA1
581f0ccf56ea56b382558a7c5b1f67b6f7ab66d5

SHA256
79a17d5eba32b1f684d27e6a286067e99374d6b8e45c2924150871d9e8de9bad

SHA512
42eb009cd1e371eb6da86a1a1f94bab9da1285bfd6bb2076b82877707a07c770bcc905d1cc62d7f6db74a7da53385a20969898b87da25e788659692c07144e66

Download Submit
/data/user/0/com.dfxw.kf/databases/work-db-journal

Filesize
12KB

MD5
d0f0293565626762bf06ed7cef24168d

SHA1
e45920976d8dacf4738c95b41aad4647095068bb

SHA256
8973e22087e4cc11d581419924155b576ab38a15dc96b693feddb84ed8f9b94e

SHA512
40024df927f70025de41f17d931764dddce8d792bee731508f1bde87b3ed573f2e1bd491e178661177de47e27802e9c20f92ab3ea7ada781a7a66f5b242fa106

Download Submit
/data/user/0/com.dfxw.kf/files/.um/um_cache_1726202103207.env

Filesize
650B

MD5
b66ebeda90e97ddae337eba5bb0ece54

SHA1
112caad3fadcb9efee73ebd3f9a977e18db65457

SHA256
01c2b2667cb0c00aced3effd4e4138c4e1936b6adac617e90e908a26e2ddd3db

SHA512
bebf530ccbe3fa4709d76b7f48e92e44fa2f9909a7a48d25204ea310b0539b67d676fa982de1bee0bf5ee6f7aa5aeff2986bbeb81df4ba11d002315865bb0599

Download Submit
/data/user/0/com.dfxw.kf/files/.umeng/exchangeIdentity.json

Filesize
4KB

MD5
98d0877f92a8276e176eabf04070a8ed

SHA1
7c43488bd7a8eeb9a3ffcaea13fd434e6bc58ec6

SHA256
6a7f7e7137dea8a484d3459aba0ef7767dc6913b2936ce87dc65d972a9df218a

SHA512
5e477c6ff86be9c0cae72f395277a0710b0b608bbfe9265f0295c3f425d56109afcb57e4de2bc18babe6552ed577883bbafc7338ad07b81f5f6d5131b41df00a

Download Submit
/data/user/0/com.dfxw.kf/files/lldt/firll.dat

Filesize
76B

MD5
f876710e285b202407b5c4f6cc880d6b

SHA1
160e1d6986a460a6d3a41393afb56a30fea491da

SHA256
6679c86eef0cf12d3ef318c8bb769488ee599425fa9c9c9675174bc8067e6fa6

SHA512
07b293cacdbc96fb1bb773f52cc5fa7c84913675ec17209b41ec93f28a68cc5840cc0b3ef60324e44f8c59f3dc70d773d4176a249c3f2a118ff1fa1fa6a22a42

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl.config

Filesize
235B

MD5
4dfae30ff3e59193f6d7f8abb6e6bf56

SHA1
09699d54caec6aa1e0645ca75fbf5205b74d2e0c

SHA256
193ac2b508fac56efacb4377d56292e36649cf4569781d07256b0318f60b7821

SHA512
91ad7fa06ac038f1d0599ee92c46eda010443049b95680011f16d1b3881e27ae15fe2989c927ddb77d45ef0cfda268de55465f58d49ac4d62d096d8226d53ac1

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_location.db

Filesize
28KB

MD5
0f1d016b72965660817257279fe6db8a

SHA1
c6df5e5df595298450460b93783f47d41de93da6

SHA256
28c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd

SHA512
c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
7b8688259eeaa5fc0a757c0742f5554b

SHA1
5c26ffab7d4d1487535109b4caaa4114542e8bfe

SHA256
4b1bacd4495534680e39f2ecd950d1f88f405ebdb0ec87cdaaa0dddd8649257c

SHA512
00913a5584b822ccfc31d945d6b0cb10177f6d256f8f1f315d8e26bbda1b4c4618053bf80a071c80d7706fa1237e4cf22bc5c778f63b3984a30f2a85268ba767

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
e4664f9c60021e8cc2a410094fb49d9c

SHA1
6fcb2bd85ec6c33477bba96c1c4fd56a1d586979

SHA256
8846a2840247eb8641cf8c4817b7e72592a4c1605d72da5d701880a3a9c5c736

SHA512
68397ca8a7a30031820e9a73ba1413135e46215c2a34a4404f0dc5fdc8766068ca95208faa8bbc25c93d314ccc668cfaf1b5d7b1f073ed6591b5296ebf98ecd8

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
28908f51e68c404ff5dca94bff6ff4ed

SHA1
0295301f5ec0c42d0acb98286707c709c2b2de5e

SHA256
6cadbd31c4129be7ff03d00db299e26c089fd9f55cce8df22edc3858b8859dd0

SHA512
f68bf514d08231eb1f0abe61719e883a9b3e9f1c5e453424dcec1954a0cd3a3ba2a033a5345f5ab6e8f50523138d5bc39226b30acd9c7633fd88e6f13cc8ae71

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
d30f89a19e1d97de0b6c2f5a160553e1

SHA1
85bef726659a2f2ea00bc5088cde77e03598d9b8

SHA256
4a283fca454a4903106bbfe35bdb8f7294c00e80b759feff26872d7912c0b97d

SHA512
3f9b9b024db3f9957fc4a9987f060b754095ddcde020966894cf314125383955f0dfffcff2f113b9239c788f1b43ca3e7d602d187de81a7127328fe5551b047f

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db

Filesize
80KB

MD5
81a416795ad85900b4f6aaa10976fd8d

SHA1
01bfab1088f1b17a617cbde4aa68fbc71d513eff

SHA256
b6415756ec91cd098832b08baffbef01a9294312027318e92c765ffd13f0ab76

SHA512
0ada7b344840c4c3c98b063bd3d03570f14af7724301cb0abdff3a59ddea2bcb3a2e28f385a877857259c1acff34d063ff5947668588fa80d93b66897271a340

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
f3abf0e2ebb52ce0a1f5f1500afbcd9a

SHA1
d6d55d3baffb41a6569fac6ece0821ef27efebf2

SHA256
2c613dab77d38cd005c35e5ae786838d26b13d7b6f6732717d22df37edb8ae58

SHA512
12c7b7324f243e722a32064a1a95ea20a2af390ff69fed42c7f8e58ff32067931953788f9d23fd44fe050990127f9822bbde3fb6e58868c82d5f052485c2b54f

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
7696ec6caaf6a33f87c66b3e1cffdd8e

SHA1
d858f8e84e55f2990a77db6f1e90614a240bdd0b

SHA256
623e977060afc16ebaca2ad6b88bd1bebbd5a49d192c9faa86dd2df116cf8d5e

SHA512
85f67dfd2e4e0c7ad625f34306859e6f0c4cb85b2b381553fb719e97ee0243cf0453dd0eec2bfb50ee36270330d0d54fff94d0d39472205f6cd1a534533bf4b5

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
677a85728ab828b21cc07a69467ea907

SHA1
c900734c646fcb8ad034b88f7382548f42d1800a

SHA256
b37922ae71fef5de1fa6a7342f7f1ab98a515fde13d910064b6f13f7c6c68b7e

SHA512
ef72cc17a12eaf3444dbf8c3e9b9c4db2daf4a5bb53d0fdd7294f5f6d16e9871761699b675b6ad4ed414a6d6a1f677d1320ccf8b1d8f2ded45a782d567c25da6

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
a641e1dc4304d5ab7ba61ef560224c0d

SHA1
a104cf8493f1b12c3a8b3b13c189fc9ba8be498d

SHA256
d9e2123d8325c59960d569fa4d39ecf8e24103be20229748f831250f159ba9e1

SHA512
7a9636197bc4dc6bc6db1c8624f4eaa7da0adb14d26fdf0969b848f658321703a257b328bce8081de5084744321e0fef0014d1d91780e19f218df5e2de193c06

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
c32242a0378e8cdb7c96470be4529dd1

SHA1
fb9801241b886ae229aed2625a6b00587c24c775

SHA256
1d120c5d4c6122e8a39e09ee11adc130d6de3b934d838abf35e339d3373d7122

SHA512
4337b45c1a460e1ded1c3093eb4fc5bd2065c63865d0067e1d1030002110f6fcea31fc52d53bc5e8faf2412ce3b3875c24fa518d4990a3834ba27b44d1b252a8

Download Submit
/data/user/0/com.dfxw.kf/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
6458ee0b70d0aa5f3c0dcb1a03b3d963

SHA1
7e9fa9daa7202d2aba26fdd12a582e34f41a1eb3

SHA256
1d8adca700cb56eb691929e50961c07c71fdf35d862ff44496d21adfc6462332

SHA512
bbe0aa18962f990796dc0f42f97296d88194d62ddd27830bd2ca815ae2bb1ea81840545bd335ba21a99c23934509feaabe9bf02c5753a5f4abb3bbd22edce727

Download Submit
/data/user/0/com.dfxw.kf/files/umeng_it.cache

Filesize
8KB

MD5
bcfebc5b5c15a7f39cf3be3566e16f11

SHA1
a998ef281006c7c81281f65d44f52b92c1fd4968

SHA256
056ca8cf29643e5d23ab4df3d66e76edd28787c478853509b39e326b688673a3

SHA512
df0c36e5199ed5ad4fdf1d79304f795a0220cb673e01d94fc92b04dd9567add85d95bb57332d7e04957c8a8df47232404b5f430768204e9f965651945790a1b2

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/conlts.dat

Filesize
148B

MD5
abe7502b358c5871df038e8c6f347892

SHA1
9f25dc7568742778869347c1deab6af68ab4dc40

SHA256
f253c9952c0cc00bf5cffc6bb63157b2235fb5decc4f335c9610291ce457a5bc

SHA512
5a23944c35437f60565755a4642d815879891609a9e71ad5e1347fe374f3a03a1683812ca6f09835964c0535f0bae436d6d0242e3ecfbeae5f22da2a6457868b

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/llg.dat

Filesize
422B

MD5
ea347175591d86a5214fdeb374724191

SHA1
a820674c350da5a2b3434530dee12133f96a359f

SHA256
d9896a5e44b8a21350bdfd2d4a7a62d6131ab5432c7dbbc9b076154c10045397

SHA512
9450bf139a89e427cd7c9c19061d1008a6fb27b962bc401f10b3ec5f35de403e9f0f33684924884de6d9788248a03b037ddd29deb1508860062c13edd0d4e0d2

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
7bceaa562bdd905cc7b873125d726c0d

SHA1
1dd29302dc2f650da3a95a0959694703f8ca5228

SHA256
467241e67c56987e295d0e1d8725d45d9897d8d7831afe4f8372df42dc811827

SHA512
626bf212ac6d7c8524538203b877bdd00db4e18e9a1c8d5eb6c66f81ea27bad60d02954b621b7d747166ba103c5921710e69e86223572dafa1055be2acdc7c9f

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
35ebeb1d1ef0c33fd29d31b46995c957

SHA1
5b91637c60137d79a221f7a25b6639f48a88b8cc

SHA256
7c1843f4a56a3a502648db79e2fedca723fef02ca60c7c6e5f0459f16d9ed75b

SHA512
330fea79ceb6988c3a9d25571f2aa899c2f8ece6f0ca8cdee4faaf134fc4150abcb2cbbbadd0d04ffd28a0f56aa4b966c2ee700fbd37a6985ff587079d89d1b9

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
f67471ac07d689e7a4b9fc31f6c7553e

SHA1
5bc0a39c6d33a00231a648be88a43808404b6393

SHA256
ba153634ae04bc683ec7c2d8cc50cec0de4bbabfd3a40ffc79c35486048a15d3

SHA512
8d4bdc4b3e174885e01515c0989337293f62436fcb0ac7226efc40b8a288469a69e4bf280ce7750a824e61d9f608d47fc984563e4b3b12cb82eb7c8009d41465

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads