879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e

Analysis

max time kernel
149s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04/10/2024, 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11d9ccc96293cafec04e7a45b90f2e28_JaffaCakes118.apk
Size

636KB
MD5

11d9ccc96293cafec04e7a45b90f2e28
SHA1

721c36247df1bd3a05405920c7d18699120e19f8
SHA256

879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e
SHA512

93e42b50c76c74007bd8716bd7923bb95210e65461a10cd9c7a1ab0462f2416b318fbe3ee7584f71d6a8f89170ad9f84fa0cbbf6384bbfaa6a2b0a0626d5a21a
SSDEEP

12288:e4LUaxJLbd7qbs6FFVB9ZewNjsyllDsQzeFxAM1A94vvQe6ERylTUE:g6L5756FFXNZOOMqiydB

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4476	com.frzy.yyce.sauj

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	4476	com.frzy.yyce.sauj
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar	4547	com.frzy.yyce.sauj:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.frzy.yyce.sauj

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.frzy.yyce.sauj

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
27	alog.umeng.com
62	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.frzy.yyce.sauj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.frzy.yyce.sauj

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.frzy.yyce.sauj

com.frzy.yyce.sauj
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4476

com.frzy.yyce.sauj:daemon
1⤵
- Loads dropped Dex/Jar
PID:4547

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.frzy.yyce.sauj/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit
/data/user/0/com.frzy.yyce.sauj/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
a22a71d360d80786d898d3aa1ffbbaea

SHA1
f76a5d4bf5ea0e61f27899adb79ba350ab5b1d89

SHA256
9d25c31b9661700d225ae4231029f602b8ea0ac21f501183658a04016e5b6d9e

SHA512
63e1c4ced8659c089d21c8714db228ac9ccc8222da0b26fe5e01f1e6d92de89f59bb7d37cd90be5914aa8fe17039d8801f2a46e767898910af0fee698d610d78

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
b648e793e1a4b194662440b9d540dc72

SHA1
ccf78dbaa922d99e003306c532d097f6d5531be4

SHA256
066e528b55efd3ffa2e40ec9736988e55b2605d439bb7f91abf3763eb06ef2f0

SHA512
90e79c8659458c482dc69938f9b3aaee8416892a9e0024458b3a4e567e675fa406f1a6bb74d0bf4d9283a1c0afc170704f10b6c68bface50477ab57ebd05eac1

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
f26debeb217d0052ab1dbff87799cba3

SHA1
b02ad6015292d2aa62ceee1a631a5c326a8479f3

SHA256
2fa44f9febee609d2f9fdd5c1e83784b5c0c2c8bdec733d5602be279a91f4865

SHA512
3c7fa2090ffce4e389fb268a2abd22650e481369458acac800c9c860c29d8bcce76d5052d26c1150c38a319e3503c26785aaa3b79a64749fc82fee8636a2bf92

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
512B

MD5
6036e9288ef81881cc814e6104d0b495

SHA1
e27d5f23baa0edb891d4874497e7dbfe143ea332

SHA256
6bd4a33050fad38853480ae9f0df6b7d535fb4f7843a93269d78c2c71aef2710

SHA512
fec355e77e998817d035dbd1c80d403bba41e43aa5ad7480458efeaf8d663bf03678b4f7a39261b92e7899eb2b65a530e072b4b3b863f3488ee74b9b35afe167

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
8KB

MD5
05ee2aa40136e0ffb6796cd457b541a8

SHA1
2fe55e186d4e0566f3a8c539f5c3d854683996c4

SHA256
a29a8553a27f7364752119ab1248f0ef01cc8d1abb491d16d5c045156be5e82f

SHA512
cb75ec48747598b3cc26a4f42e773134b7ba7674f67819de25c11fe7910ad3b3276c75f785e3f03a697c477621dc48dd231b5c14243f6ad42b2628be538c1ecc

Download Submit
/data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal

Filesize
4KB

MD5
8b05d5da49f0211d2bb5146cb0be94a6

SHA1
c62f506163f3b4cc3580fde8a24d2d844afad80d

SHA256
b8b929610ffe99b291ecc88438a815caff927d7bf04a41044a852330ed759022

SHA512
e6d7a23e48a0d7cd5da46b06761f94397405c89504398bbc79b7ea1be71ddd99ca163f06a23e6dd1be8a5cb50cb4f48acfbbb9030175372a979c72557fd03700

Download Submit
/data/user/0/com.frzy.yyce.sauj/files/.um/um_cache_1728016548025.env

Filesize
652B

MD5
85523101d33c9912a9a5fcd32536a976

SHA1
3de0f8d907c4046d8d867e30efca5df00f6322c9

SHA256
2dc35ef200522499007ab15bd73167fdec200e599d647ce7dfa986270a9a8a32

SHA512
52a49edeaaee9da64ba715338f69df8f01d34c74516477327e3788fde783f724afa16a391ebee077dcb3ba63cee1c3a4fc1b12a6b9e5bc9a400cbdedcad6993e

Download Submit
/data/user/0/com.frzy.yyce.sauj/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
bd6b53bfd2fbc71f85115d806bad993f

SHA1
c6863c7ddfb6165e81150a3adbdcb3e9af39fd2b

SHA256
cfce6a9210f6fa2b9767541a3ffafd41e7364872ab3be6950d9e417695dbdd43

SHA512
91c3a81e37c8e6649e80d926f69c900740f7ed1ee3dc2df1d4b239dc69f00faae9c88bede578910ddf4d029858a3b0a97d25381fa655cd3fb31ebdb34ee03fed

Download Submit
/data/user/0/com.frzy.yyce.sauj/files/mobclick_agent_cached_com.frzy.yyce.sauj1

Filesize
802B

MD5
99d06e9696c594c172f83f8d3a4fbd2a

SHA1
11b565a0723d5c4addfe96697a4338e967a00e8d

SHA256
93146cc076c93db17a95d84e23bc84a01bcdf6d29624680f1c54dc8780ca5c36

SHA512
f65dab96d987119cca488ce6c45b134ee49a7f6829e90e82f9e02ea36ca565c2f0e1408b174396d6d20fd0e8953b7f40d8c9190d08a0e6ba40df11dff064dd9d

Download Submit
/data/user/0/com.frzy.yyce.sauj/files/umeng_it.cache

Filesize
348B

MD5
5dc1fa34c98a443460d1f3b74be7f139

SHA1
3baca353ec20aadfde17b526a84cbe746c614b02

SHA256
70df64c1c8c8359d04eb1a29d2f7bbc20c6c7223468d3c84f10ac7e7ea6aa906

SHA512
9a59eacb919e6644ef40c0993843989521aeb24f9ff92a213250a7fb8ad2c83e169ca4742c4926dd84b8ee92cc33ca06f33a32542e2aca88761652caeb8bb647

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads