5a1bb0075d82f03714725edce910ec2f15274ac06de8867c09fe32d5a4448cdc

Analysis

max time kernel
149s
max time network
153s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02/10/2024, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c4c36aba19ff1859a4bce7a907d5184_JaffaCakes118.apk
Size

1.3MB
MD5

0c4c36aba19ff1859a4bce7a907d5184
SHA1

3069811b1b56ab699f840c003453d3adaa350073
SHA256

5a1bb0075d82f03714725edce910ec2f15274ac06de8867c09fe32d5a4448cdc
SHA512

92df9916bccc08dcb4785598f42066f0ba327373c36f8883e676875361d4bc648232e8bcad6a5e5a5457008508f66765968025a9050257afd843097706dae069
SSDEEP

24576:noL0otaYtXMhep8X3lUKfcfIkuovSp0ijDo+9UjNUDq/13tdHbZKm51Ob83B:oQ7YtoX1wvTvSpVjPyjNUDq/1XHNKmj9

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4635	com.juls.iewy.hqyk

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.juls.iewy.hqyk/app_mjf/dz.jar	4635	com.juls.iewy.hqyk
/data/user/0/com.juls.iewy.hqyk/app_mjf/dz.jar	4704	com.juls.iewy.hqyk:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.juls.iewy.hqyk

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juls.iewy.hqyk

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
43	alog.umeng.com
56	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juls.iewy.hqyk

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.juls.iewy.hqyk

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.juls.iewy.hqyk

com.juls.iewy.hqyk
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4635

com.juls.iewy.hqyk:daemon
1⤵
- Loads dropped Dex/Jar
PID:4704

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.juls.iewy.hqyk/app_mjf/ddz.jar

Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.juls.iewy.hqyk/app_mjf/dz.jar

Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.juls.iewy.hqyk/app_mjf/tdz.jar

Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd-journal

Filesize
8KB

MD5
c64d5fe511c67b65d9f16bef7a9bf5ce

SHA1
46b1ede985dd9828bc95ffa7f5e8195b54f5aa48

SHA256
d7da3199e628bf2f4172d74216c5d81dd77a8fdaa8f0f4b1f696224c9ade5267

SHA512
033afe76059ba7c4411c460c6c21a3ab441e787e6fd142dccae332ce0bcc3f622720edb68d8cc8e9e7ed2b9e211f20ba244a44c100515ce841f7ac4ca71cc207

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd-journal

Filesize
512B

MD5
df48c1fc22acc763ccbab536e13566eb

SHA1
0922640395d7227c8a06d7aad12ac39ea27048de

SHA256
4b16d1444f946f191d74874cd3f8cb20bd6ad28c1040596eb50fdb5a132a2441

SHA512
367c114d7bb4b395c4ff293df39f82d63c8c83409848911101895e4bd4df437ae9fd463e7d90b4ee2a72062ecf5b0eb9f1bedade3f09efbaa27301e58a1534ee

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd-journal

Filesize
8KB

MD5
d5ce41d44f02e7a9fe3c52c02ae7158d

SHA1
2d748c2b1f90e0f99b7e584900878f18291c6976

SHA256
30d3b98e5da54ce6e75f102816918fcb7145199f417b3a0f8db41b2875780ca6

SHA512
a5ff02af2a0b74a823a650f01f9d228722bb26b1f1ef14d96b89b39006dbddddfabb78bcfb44ab5b03635769798311deaa665681eaa48aa9c869358d85ad9ccc

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd-journal

Filesize
4KB

MD5
746704c321267409ec966a89a847743b

SHA1
03197db4a97f2bca03b0a231982c43e2a301ff23

SHA256
66279d154e7d2178ca23ca376ce869f1f70e76d8c00792cb533776d84be5b86e

SHA512
d6e35159e59e19fddab116da70aac3ac9a83872376392476b9070c2f653a9ed700f0af22ae35c52cb420c75fe71f481781eca2247e2a46e5cf507c18da7745b1

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd-journal

Filesize
8KB

MD5
02c6f982ac07d073a44178f7d1ad8119

SHA1
9c5fe680193c1cd93b845d88055407376046ed8b

SHA256
46a2399cccba9c78a9dfb28374969cfde9d8214a285011bad868ee7df0d0dd67

SHA512
21978d9f40885278e522ca8cb4767b8e83a8367104355d57477c6c4e575c8e475e8a74e4c0e0d2f48abf924113eacd2f78c21dba17f1091cc02ee90447ae4228

Download Submit
/data/user/0/com.juls.iewy.hqyk/databases/lezzd-journal

Filesize
8KB

MD5
ffaeea945c523c3d82c1e72fd59eca47

SHA1
c49bfd8d57a2e3b4b7d9dd31a192aabc93ebab27

SHA256
e11a96ab92247a3f04a02ab493abfeb0b29b8da553f9716242060f7143499792

SHA512
92e87d0dccef89505f6367c61d9fda6937d01b636d39056e4fa9f78067c1d8bc457abacb15a622d1079d715213303becc753bb3ee776b3e89d28b83d4014131b

Download Submit
/data/user/0/com.juls.iewy.hqyk/files/.um/um_cache_1727900009744.env

Filesize
655B

MD5
485e21e5a115c2661f591d7b1e281566

SHA1
a4f31733f91f406c2453aaaafa23458290980c75

SHA256
4e008c93837ab656fb3a5ca1b9b790b8f6e39f7bcf711af40e743762a9bef4ce

SHA512
e7a17b3848ed1171da71105bfc4c8fb0e5cb07d6d186967d24328d1bc905fda461d4d79fe667c8ee690bd349a19ea015c8295edd2cc3e4c97f21d5d5a7a87a53

Download Submit
/data/user/0/com.juls.iewy.hqyk/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
4d8694bc50e93dbc2b7e0ec7efcf1f4e

SHA1
0c10884c9f298af0027284fb797a56a4f2e243f9

SHA256
ab35effdc38cce7b06366508fa7e28fd14b95a74e39b91e2ebced9c88d5dc238

SHA512
b4cb978825f48abf1bb01225c3f2f4606163584fa7323c62fe894f5e40cce21fc454f5b68b3934366b84f141cdc48b8e46bf7861f250248dedfb8934c560142f

Download Submit
/data/user/0/com.juls.iewy.hqyk/files/umeng_it.cache

Filesize
348B

MD5
697fef160f41696817222e2e1d5d5d41

SHA1
077ee72b33cbe0eef7f488da1a6261effcb83fb9

SHA256
a13cb4701060d65c741d51e0bd7c8123e5f2e1d054efc887aee5adf5e76d1a6d

SHA512
ede7f6a1497443a2b28ce79587009970748b10b403449ccfa993ec9d23ad02701a341c521db79c12a4c965b186e87b9c83ad6f61a32a5a26fbbc5398a9e5275c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads