Overview

overview

6

Static

static

6

e21b7d9256...18.apk

android-9-x86

6

e21b7d9256...18.apk

android-10-x64

6

Analysis

  • max time kernel
    33s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    15-09-2024 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e21b7d9256c7bd957f0fe24314b699ae_JaffaCakes118.apk

  • Size

    16.4MB

  • MD5

    e21b7d9256c7bd957f0fe24314b699ae

  • SHA1

    848e14313b6e5916acc0c4a2e8a1849e610ca878

  • SHA256

    bb839179e60bb9eff9d6a95e180c796c09e85a42fb803c44017221b0750eda0c

  • SHA512

    6de1544c5925a5b1975fa267387306c7079d3ee60f88ebac3ebc97be9a917ceee1a994c1886082ac0f2d3a76018ee96e333f0f9142612cabcc8250689851b646

  • SSDEEP

    393216:nQ/ve2T5OhKLxTPbWkwu/p0tG+lDT6896v2zqbhZfuEEVF+DgbQSBFm4ijm:W9k8LxJwV1lDT689DI2EOFCc9Ftijm

Score
6/10
discoveryimpact

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.zs.fang
    1⤵
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4253
    • chmod 755 /data/user/0/com.zs.fang/.jiagu/libjiagu.so
      2⤵
        PID:4280
      • chmod 755 /data/user/0/com.zs.fang/.jiagu/libjiagu.so
        2⤵
          PID:4336
        • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.zs.fang/.jiagu/classes.dex --dex-file=/data/data/com.zs.fang/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.zs.fang/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
          2⤵
            PID:4356

        Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.zs.fang/.jiagu/classes.dex
          Filesize

          4.4MB

          MD5

          69ce5d653a0389554b11da145e9747a0

          SHA1

          63a9fd05415f24c001a351e28f756b0ffeae4492

          SHA256

          b25ce895a6b26582668d4eceb1db7fde0de922c3cd0795159c62df74bafedb32

          SHA512

          9e5322de2acded47d9795b73bfa62ec16e9391418dafc77c2339ac052ee0b89e07e5d4f590ea03c583e6b7c147ac25fa4824b541fbbfdfb4fca4711987c61005

          Download Submit

        • /data/data/com.zs.fang/.jiagu/libjiagu.so
          Filesize

          363KB

          MD5

          acd3a64e22c56dc0628edd7615a74ab4

          SHA1

          ec22ef7fa9dca4b475af2724d483bda140370ca7

          SHA256

          c57cffd4175fcd618f29d48eeba1b8b30e2bfd4ce9e05c6c5b0bc4378914d008

          SHA512

          ec93027efd827742d3f9db70c4d4aba51e817191ff888aa2337939f2ce518b98f1c1f7ed3d49d25d3bff47738f68ead6348b1b309c54a17e18c4460cc2142e3e

          Download Submit