ff3b2dcd3e9bbdc41e611786e6fbf6af9d10133d390d9ad8bbcf46406c6796e7

Analysis

max time kernel
148s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
02-10-2024 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09af2f25d4f395d589a5008896d38cfc_JaffaCakes118.apk
Size

1.3MB
MD5

09af2f25d4f395d589a5008896d38cfc
SHA1

10a708923e598476980a6693a96fc5e418f7091b
SHA256

ff3b2dcd3e9bbdc41e611786e6fbf6af9d10133d390d9ad8bbcf46406c6796e7
SHA512

5220be08694487cdba473acf07051e476ed663fe7c7a43f8dccbe85c8bfaffdaf1545b84f377a976beb4a2fd01e16d4907a004b0144bbdda75b25db13ae3c33e
SSDEEP

24576:nwx6LxO7Q64ECHcTnuwyDHv2mcfH6pe95o+vcj/apq/13tdHbZKm51Ob83O:oE64EbuwkQfqMp0j/apq/1XHNKmjbe

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4737	com.tssq.pira.drsn

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.tssq.pira.drsn/app_mjf/dz.jar	4737	com.tssq.pira.drsn
/data/user/0/com.tssq.pira.drsn/app_mjf/dz.jar	4797	com.tssq.pira.drsn:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.tssq.pira.drsn

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tssq.pira.drsn

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
33	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tssq.pira.drsn

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tssq.pira.drsn

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tssq.pira.drsn

com.tssq.pira.drsn
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4737

com.tssq.pira.drsn:daemon
1⤵
- Loads dropped Dex/Jar
PID:4797

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tssq.pira.drsn/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/user/0/com.tssq.pira.drsn/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit
/data/user/0/com.tssq.pira.drsn/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd-journal

Filesize
8KB

MD5
4f27315b16e0cd8432086ff762bb9bb2

SHA1
cb4a26393c308624d3acc06dbb3fa68c1d4177ee

SHA256
7f39f0119fab866d1fd5d5b0aa88714ae534492063fe37df8a202d4cb448d110

SHA512
cba36e06b19040a5810bdc4af01556260855f3047318967364ef8409789917db71fa7824c7b12f0b64612a8b453e4f3b407e906f082a26420ae9a3d09a20a73f

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd-journal

Filesize
512B

MD5
74d444e42ad20fd303e018ae55c45cbd

SHA1
c937343cf390c9b8b858f03fa854b44019ec44ba

SHA256
15335ebb050da7289785969ab0721dbde8e38cfcf1eddcb7dd8879bf61cb49ad

SHA512
09abcda5a16c25df0cb4970fd8019a62309e36fd2c99ae38d6e33175a2808160d87dd49bb87739a942b2a367297c998259c948abeb04031ac2bd132b4cd2c4df

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd-journal

Filesize
8KB

MD5
29271f279256f097017815d63837a9d7

SHA1
326fe83ed5ccbfd8b095a6917f520b49fd2d5b8c

SHA256
f94d426843da25618531b49ec7311223b7a07590ebbffd8af01b12b5d92f8e55

SHA512
6ddcd79d252c8cb243fb5ec055bb4918367a3f259976f3ad1ad8ec2b2d92bfef14fc5588d6dd00b0cb0946e51553fc5cf7023b54d91a7ba1b341b3b31bf417c2

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd-journal

Filesize
4KB

MD5
42e07744794b3f4dac28139b0381ddd6

SHA1
c0fee598500e574ed1593ea4e3c0195ae6d202be

SHA256
dd2208cada02cf61736d9d90dd521af82301a0cc26ba435a34a2d4b00290e3e7

SHA512
3bce130979bcffa08ba18f7991f81e8fb22ad7dcc8a244e3eacc9819aa7246a62fcc16537dd684e38e44c77d94e225fae98f4c36563cf953eb1e4f5b44ea1176

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd-journal

Filesize
8KB

MD5
f0dcab4732f28383f1353e9000673198

SHA1
c72a215d2370d37e775db56ac21d09baad9f0b1f

SHA256
ed6513f5047f210a84b080ba09f41ffcac0f6d9360acb39eff9949c2246073b5

SHA512
05ccb91c5aff96abdf27fc61c151be9dbe0e01576ef383f5abf5d7ab9e52d5fa309a478e4a8081bacc38f6f0fec9c2a5a1c3777701229d1e682cbbde690311c1

Download Submit
/data/user/0/com.tssq.pira.drsn/databases/lezzd-journal

Filesize
8KB

MD5
a5314d646722b739042a6dd7608bb648

SHA1
234cbfc7938f4304ae4b4cd8fbefeb09ff9ae375

SHA256
6f82e6b4e11d26b9aa41fdf16389d42219bd87fad86779112d7bc041c5fffc78

SHA512
6a296d33c209019298e849b60c28f69112daea6b760eb9cc883bd09b90b7b6b5c798e852e98494613fb7d8df978884d694e8e085a7af61d32b5e51f4d2f39c56

Download Submit
/data/user/0/com.tssq.pira.drsn/files/.um/um_cache_1727856456546.env

Filesize
653B

MD5
38fea5b9972c0dcb4ed2d4087f8ac5a7

SHA1
e6ff119dc380e4a5ea5c649b12ef385b7a75e3c2

SHA256
2b110e29aba36cbbcc2d17ffe13f7a288203a82666ff9491fdeb460a3f1e9bcc

SHA512
2a4fc54a59973c2682a6bbbe11d66f7c5f231107bab2b70f533fb2d267c54f117d4d53b0ffc136bf2494d5e1800682dac07abf9de85866a63c298016ebc71d18

Download Submit
/data/user/0/com.tssq.pira.drsn/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
009909a832b0599ea1d7bf00c3532446

SHA1
8632d1e0b8bd57ef05aed71799335ddb9bc9a9cf

SHA256
70ff640ce478290cbeb113e5f976d14ded14d81b1b3db69660dd60cd54d0ca95

SHA512
52379d39304cfbfcf8e9ef4726357335cb0b509b627fe6b29ad72e4b86dc280c7babd783b73f1674c27c230dc4c0b6187b5a6dbd2dc92a545f13da8a3c235bd1

Download Submit
/data/user/0/com.tssq.pira.drsn/files/umeng_it.cache

Filesize
348B

MD5
16b25bca4b411af03b6cb7a1469df9cc

SHA1
30e6a5ce412bddba34df4e96b94083e3f4314b5b

SHA256
c945dc143fde53093f889d2532a1414ef4410c8dbf8f27861716357e6a71f1b0

SHA512
58a72c3681978507544d89c308c7d152c8db39d301ec78ed8e638d24b8c24ba141b9cf8db2e14f5e9da4b01c332982642643a06ce17bf42538e276be51087db4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads