879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e

Analysis

max time kernel
149s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
04/10/2024, 04:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11d9ccc96293cafec04e7a45b90f2e28_JaffaCakes118.apk
Size

636KB
MD5

11d9ccc96293cafec04e7a45b90f2e28
SHA1

721c36247df1bd3a05405920c7d18699120e19f8
SHA256

879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e
SHA512

93e42b50c76c74007bd8716bd7923bb95210e65461a10cd9c7a1ab0462f2416b318fbe3ee7584f71d6a8f89170ad9f84fa0cbbf6384bbfaa6a2b0a0626d5a21a
SSDEEP

12288:e4LUaxJLbd7qbs6FFVB9ZewNjsyllDsQzeFxAM1A94vvQe6ERylTUE:g6L5756FFXNZOOMqiydB

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5063	com.frzy.yyce.sauj

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	5063	com.frzy.yyce.sauj
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	5125	com.frzy.yyce.sauj:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.frzy.yyce.sauj

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.frzy.yyce.sauj

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
42	alog.umeng.com
8	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.frzy.yyce.sauj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.frzy.yyce.sauj

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.frzy.yyce.sauj

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.frzy.yyce.sauj

com.frzy.yyce.sauj
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5063

com.frzy.yyce.sauj:daemon
1⤵
- Loads dropped Dex/Jar
PID:5125

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.frzy.yyce.sauj/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/data/com.frzy.yyce.sauj/app_mjf/oat/dz.jar.cur.prof

Filesize
730B

MD5
dd700f22a556fcad635f2dbcd470244a

SHA1
ccef6021225a1e037cf4a402384ae62e3f936a71

SHA256
cdb870b3b79e1f5490341cfbc0a1b2cc4abf4c88e53b5597161c04aa92d2901b

SHA512
41984f251c0167335c1cb34ec2b51ff7f253abd9ee9516ebd6a247856895a40d77ef6c302107374892ab6bee18d559d92b77c7a0768031e793ff51cba887e276

Download Submit
/data/data/com.frzy.yyce.sauj/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd

Filesize
28KB

MD5
dae68dcffc3d522a79f98ebbc3b6d457

SHA1
6df5dce9a50f12044a2d20b8d1742ae47b82ee03

SHA256
56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

SHA512
23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
95250fbe9dc1617d5f5141eb7be8dd5a

SHA1
00f90ec69af184e283f51ff6fe95c6d8dd9b74f8

SHA256
eb472bc36e2a4369dbdf05167c612a2f4406f15db2ac042b7f86406ddfd81ac4

SHA512
dafe6a42dd47345cd2f3dc1521d6acff0c3f88b33a52e2059e0109adb60f215a1f528d0bd34d2f8cf27e266495aa722c67f1c61dada22eb5f7789ff529489436

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
28b9e928a00d8b4a340e9948c8a815ca

SHA1
7d61efdd32dae7f0df2756c805098c873b3d74a4

SHA256
944f15c13c272b2a5af31a1f7925797aea48856cbac466102e99e53221e7ec0d

SHA512
d228d81ccb220ba61352707c76b087e37cb8fc5e93a42d98398f3c98d5984bce77f1dc6b5847cef1e922a5089eaf69a50f8976b730deebb8413934417139c580

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
6848b9c213da4b004da6444b869771e8

SHA1
441a5086ff7e6dfec9761a24dfa74a24d70c1c7f

SHA256
9079c5b8d10d3855e2d104e8829c6b22550e3e745ac092cc90c22105c9d786bd

SHA512
6f766efecd0fe87d438eadff8464ff42dd82704e6397592622b166a06ace335a3dd876f29c8382b342bfabbe727f8837b2027353c54cf3660abc65c6145696e5

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
512B

MD5
3d5972ddc558346d4d02d39cda63e1a7

SHA1
d599ea716ced01a1d44951a2cd92cfc8a64c0338

SHA256
d8f9603c68eb08810d6bab8efa2f3700c0ceef6c4c9fe4fb343b399afa4a347e

SHA512
a973150f8d4b1081379a48f5ea076949e57c80929f6adeba77e0538d3fc0bff01ed885cd47e9db9d5b338944c526ee2080776ded0fe79be624368104fbe56d90

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
3bf75de17460b69dff4aec16ffbdc6b9

SHA1
a3855197dffcee61da7129767cba1f9fb874ac7a

SHA256
e8c2449360458696f3f27e097cba9d8c184fc1872b1c203e4404c8c108b9f980

SHA512
9508deb7b2b7a1a947a454d3270d297fa97f4fe20665359a4804951eac4f7c4fad3f016990a2d20bbdecf20d237489386118ec5468148d3cb6b1eeae60a8484f

Download Submit
/data/data/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
4KB

MD5
ebfa03796aeb465f8b52eda28216ac91

SHA1
82414a62755fe16070239414f6b8d19b26b2be4b

SHA256
6420236cdc58ee85391dc178541477df3706ec8bbaaaecf00d2185a6676fcb04

SHA512
259273b1633de227666fa87aef45c609a221db3cae55a3bd1058a460e19133ba5ad1572b355a9ec314504c6a14ea50c57c37b9c03eb09cfdb84da83038d5fc2f

Download Submit
/data/data/com.frzy.yyce.sauj/files/.um/um_cache_1728016546760.env

Filesize
660B

MD5
357a3befd5f66c1e040d0580163b2ce3

SHA1
1ed446378cf886e0b64af82b741930544d8a22a9

SHA256
17c508c14b3a63385333a4b05f52dcb56997d44d40c577821bffad4a2ec15132

SHA512
9c918ffa337e1a725e32bda1f91816c04842824a6988b786b7ef2f4dccf6c6434deedfa9e73fced29e4ee6e87a39af1b0c898d26ba98a8694953d7236b51b5f6

Download Submit
/data/data/com.frzy.yyce.sauj/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3e19ceb6217faf3364230877404b4433

SHA1
2f0cca85fc60c457ebe4869f51761926095b2f3e

SHA256
e87c2fbe0acbf4aa45a2c51209131a287d64ddc9e2534bd1041e848b0a6e1323

SHA512
6bb9c51a8110339ecce593ec58163d7f72e35145409a4d62d5de93b4a7d5f6986cbf3a197b18077bc9ea13f8a13d2aec4abd0a5cd8c56e17e64130ecc8fd1df8

Download Submit
/data/data/com.frzy.yyce.sauj/files/mobclick_agent_cached_com.frzy.yyce.sauj1

Filesize
799B

MD5
8e8764b5278c1cf9808dda1a29fc660e

SHA1
a39fa1343b8016ff8c89b91879be9c93c7458448

SHA256
acc1f94c788d9b300b74f1e514cc59a6a1d975c01fee1815b43ae2fa4f16eba6

SHA512
d5449bd2c463bc051d7369dae3d75c633f23e989ec53422bc1c4a4debf1d1a5f473a31942684172c476015eb536e00c44e829fc8fa4d83153cb0afeb7b425f50

Download Submit
/data/data/com.frzy.yyce.sauj/files/umeng_it.cache

Filesize
346B

MD5
8c336897631cfca000e303e924f78f7f

SHA1
fe38c0e6dfe064b037f7bbe9173dd730fa7468f8

SHA256
5adb283ae6460e17a494af08983799c58eb0361a3d27b30eea54d5f136a7977a

SHA512
c9b1f61219c4fde1c6caebba14ea6dbecec52227c4ac422c067b57d6b59deb47ac023d65ef068c2730e38aecf28e8ec86d2f66ab57b76f4f5d0a27d985588081

Download Submit
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads