879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e

Analysis

max time kernel
148s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04-10-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11d9ccc96293cafec04e7a45b90f2e28_JaffaCakes118.apk
Size

636KB
MD5

11d9ccc96293cafec04e7a45b90f2e28
SHA1

721c36247df1bd3a05405920c7d18699120e19f8
SHA256

879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e
SHA512

93e42b50c76c74007bd8716bd7923bb95210e65461a10cd9c7a1ab0462f2416b318fbe3ee7584f71d6a8f89170ad9f84fa0cbbf6384bbfaa6a2b0a0626d5a21a
SSDEEP

12288:e4LUaxJLbd7qbs6FFVB9ZewNjsyllDsQzeFxAM1A94vvQe6ERylTUE:g6L5756FFXNZOOMqiydB

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4325	com.frzy.yyce.sauj

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	4360	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar --output-vdex-fd=47 --oat-fd=49 --oat-location=/data/user/0/com.frzy.yyce.sauj/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	4325	com.frzy.yyce.sauj
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	4402	com.frzy.yyce.sauj:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.frzy.yyce.sauj

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.frzy.yyce.sauj

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
39	alog.umeng.com
6	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.frzy.yyce.sauj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.frzy.yyce.sauj

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.frzy.yyce.sauj

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.frzy.yyce.sauj

com.frzy.yyce.sauj
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4325
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar --output-vdex-fd=47 --oat-fd=49 --oat-location=/data/user/0/com.frzy.yyce.sauj/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4360

com.frzy.yyce.sauj:daemon
1⤵
- Loads dropped Dex/Jar
PID:4402

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.frzy.yyce.sauj/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/data/com.frzy.yyce.sauj/app_mjf/oat/dz.jar.cur.prof

Filesize
735B

MD5
5ae06d264240672f87c27a918cdcb60c

SHA1
837855c4e2ff29467ac4a6905c4e2292932c0870

SHA256
967bf417235faf05c78de5350024a2298b9ba73209bdb16394adb9325e35a713

SHA512
23ca9f413e7d486afc66eae57050123a3b665e7f9a65edc1e7ed0af17bff1c318e5452d186c409f71d4d1eb37145b88fb707a1f074c36538ec163ed036146c9a

Download Submit
/data/data/com.frzy.yyce.sauj/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
512B

MD5
bb8e617ca99be13b17350b2ea76918f7

SHA1
4bf596ff75635e2fb4e91b08c4318dc244172d24

SHA256
a79cb635faac78b27f233c558a9e24d14ec3163fab1039d640695a192ee6012a

SHA512
29ff45e9b45b0d2b6ac0c9020e5703e79d64e105bda6bb1f671b960191e8fbe20d0f54b72a21450710e1b0da6dc7f248ae24a98d8961a4817277af8766e6dbaf

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-wal

Filesize
60KB

MD5
966c0ab59bbc9de0f6b8c0009412ec82

SHA1
2d15dbb8b36abde315026c9b320661dd02676ba7

SHA256
a2a5dc4a6b51dca79561b9b2e495592d23e708265889e0521736ee5be3e352e1

SHA512
cfc200c807beb5048bf0e998bae6325b639e29d0388a25f258f8d5ffdc5c31c9efd3ea117580c96baf6534fd19613d88d8f23a3ea95d2e15e7483022dfce5790

Download Submit
/data/data/com.frzy.yyce.sauj/files/.um/um_cache_1728016545756.env

Filesize
687B

MD5
fcc42bd80b99d453817fc14589262601

SHA1
8b17eeaae75cc0e9655c7dae5f9a46ceacfb0a85

SHA256
b07404f4f4c09b51ee1a52233bfc539a9873d192c2e125afc36135a46a96b6e4

SHA512
6ec613416706a0867726ce633fd95e9598c2563703599e126081feb3efde371c331113c74b4de6d2162191d103e02bf51c0a7edba48baa3067d100fc1efb8d25

Download Submit
/data/data/com.frzy.yyce.sauj/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
0f28e87ffdaada7401794df2a3b246bd

SHA1
4c02ac20900a7bb6f28426ec2e06e809d1ec1aca

SHA256
92e662329047812cf0afbed9834f6a5b732d3802f99272d5763a07cfc9c42a05

SHA512
62fb8eb183e6dfc093334b64a0afb9a46c0b805fd65be3f5893a477733656f0dddd7fa8dbe7b80b245d3084b71eab6115f96ea43195dcca82a461a4bcde80ac9

Download Submit
/data/data/com.frzy.yyce.sauj/files/mobclick_agent_cached_com.frzy.yyce.sauj1

Filesize
869B

MD5
75d1b8596a595ee893dc889606742bcc

SHA1
117223d553058e6ddf9a0447231529779be3f939

SHA256
5457ce15d5c7a53ab834667aa2ae5d48592763f2f2da6c44a890e10a57f94ba3

SHA512
bc442cfb17e4dfe57f3255861256bde1961571e2cb45e4d0afe61fb9cb0efa99bfc36a93b4b7377a62cb2ab125aa5e7b0384b0812d39884c03720ce76fdfea07

Download Submit
/data/data/com.frzy.yyce.sauj/files/umeng_it.cache

Filesize
415B

MD5
c0391db0ea7d5d7b57534e09338ac77c

SHA1
615279e497fa7fcc3a439d0762836461762f0fbd

SHA256
19411bbbefd085c2618c9c1affafab1c334872bb76809e50f4f670b98ec1992a

SHA512
b2455daf219bf9aaa325f8af760aa85123f3c332df08f75613a2b912676edec6933a017908ba997cb94f236f49aa5e1e59880d93321928a448a13c890638e3a5

Download Submit
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar

Filesize
249KB

MD5
eb4b1f8a3354e8b5c30a253c771196ab

SHA1
5c721a6d50b607c91d6b900b4a21a09680f6149e

SHA256
dee0215de8f0bf8acfc41aa199e605f30178a969cb5821a977e865b69773b3e2

SHA512
a7ce9f9612de9c987392c28f2ded37dbe991f3b61022ac5ad797230c294606a69030182a62df3f8ce98ee50b42a4a38eda9bc297332cc4b46b3f478cae6fe1b6

Download Submit
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads