Overview

overview

8

Static

static

6

11d9ccc962...18.apk

android-9-x86

8

11d9ccc962...18.apk

android-10-x64

8

11d9ccc962...18.apk

android-11-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    04/10/2024, 04:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    11d9ccc96293cafec04e7a45b90f2e28_JaffaCakes118.apk

  • Size

    636KB

  • MD5

    11d9ccc96293cafec04e7a45b90f2e28

  • SHA1

    721c36247df1bd3a05405920c7d18699120e19f8

  • SHA256

    879c44ce2a8801a54346b559534c09dd62f1247524ca0766a160e166c155b13e

  • SHA512

    93e42b50c76c74007bd8716bd7923bb95210e65461a10cd9c7a1ab0462f2416b318fbe3ee7584f71d6a8f89170ad9f84fa0cbbf6384bbfaa6a2b0a0626d5a21a

  • SSDEEP

    12288:e4LUaxJLbd7qbs6FFVB9ZewNjsyllDsQzeFxAM1A94vvQe6ERylTUE:g6L5756FFXNZOOMqiydB

Score
8/10
bankercollectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.frzy.yyce.sauj
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4476
  • com.frzy.yyce.sauj:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4547

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.frzy.yyce.sauj/app_mjf/ddz.jar
          Filesize

          105KB

          MD5

          7f1e0fe2e6a0618b6c84d48ea0586b6d

          SHA1

          dea54fa91f9f431b85e8c4048244a1c3c4b16665

          SHA256

          4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

          SHA512

          7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/app_mjf/dz.jar
          Filesize

          249KB

          MD5

          789a4162427149dd5e519f917ead0e29

          SHA1

          d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

          SHA256

          830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

          SHA512

          b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/app_mjf/tdz.jar
          Filesize

          105KB

          MD5

          fc1eb8c18ddc0f8727b5fb5eba8ca870

          SHA1

          af6d64fe2432bece4c523066a57f35be8f175a48

          SHA256

          7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

          SHA512

          25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd
          Filesize

          28KB

          MD5

          fdb8a92e5060ce104e8f0faca55a47ce

          SHA1

          270d7ca30673e18cec1d2b9add71cba96dc426fe

          SHA256

          194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

          SHA512

          ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal
          Filesize

          8KB

          MD5

          a22a71d360d80786d898d3aa1ffbbaea

          SHA1

          f76a5d4bf5ea0e61f27899adb79ba350ab5b1d89

          SHA256

          9d25c31b9661700d225ae4231029f602b8ea0ac21f501183658a04016e5b6d9e

          SHA512

          63e1c4ced8659c089d21c8714db228ac9ccc8222da0b26fe5e01f1e6d92de89f59bb7d37cd90be5914aa8fe17039d8801f2a46e767898910af0fee698d610d78

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal
          Filesize

          8KB

          MD5

          b648e793e1a4b194662440b9d540dc72

          SHA1

          ccf78dbaa922d99e003306c532d097f6d5531be4

          SHA256

          066e528b55efd3ffa2e40ec9736988e55b2605d439bb7f91abf3763eb06ef2f0

          SHA512

          90e79c8659458c482dc69938f9b3aaee8416892a9e0024458b3a4e567e675fa406f1a6bb74d0bf4d9283a1c0afc170704f10b6c68bface50477ab57ebd05eac1

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal
          Filesize

          8KB

          MD5

          f26debeb217d0052ab1dbff87799cba3

          SHA1

          b02ad6015292d2aa62ceee1a631a5c326a8479f3

          SHA256

          2fa44f9febee609d2f9fdd5c1e83784b5c0c2c8bdec733d5602be279a91f4865

          SHA512

          3c7fa2090ffce4e389fb268a2abd22650e481369458acac800c9c860c29d8bcce76d5052d26c1150c38a319e3503c26785aaa3b79a64749fc82fee8636a2bf92

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal
          Filesize

          512B

          MD5

          6036e9288ef81881cc814e6104d0b495

          SHA1

          e27d5f23baa0edb891d4874497e7dbfe143ea332

          SHA256

          6bd4a33050fad38853480ae9f0df6b7d535fb4f7843a93269d78c2c71aef2710

          SHA512

          fec355e77e998817d035dbd1c80d403bba41e43aa5ad7480458efeaf8d663bf03678b4f7a39261b92e7899eb2b65a530e072b4b3b863f3488ee74b9b35afe167

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal
          Filesize

          8KB

          MD5

          05ee2aa40136e0ffb6796cd457b541a8

          SHA1

          2fe55e186d4e0566f3a8c539f5c3d854683996c4

          SHA256

          a29a8553a27f7364752119ab1248f0ef01cc8d1abb491d16d5c045156be5e82f

          SHA512

          cb75ec48747598b3cc26a4f42e773134b7ba7674f67819de25c11fe7910ad3b3276c75f785e3f03a697c477621dc48dd231b5c14243f6ad42b2628be538c1ecc

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/databases/lezzd-journal
          Filesize

          4KB

          MD5

          8b05d5da49f0211d2bb5146cb0be94a6

          SHA1

          c62f506163f3b4cc3580fde8a24d2d844afad80d

          SHA256

          b8b929610ffe99b291ecc88438a815caff927d7bf04a41044a852330ed759022

          SHA512

          e6d7a23e48a0d7cd5da46b06761f94397405c89504398bbc79b7ea1be71ddd99ca163f06a23e6dd1be8a5cb50cb4f48acfbbb9030175372a979c72557fd03700

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/files/.um/um_cache_1728016548025.env
          Filesize

          652B

          MD5

          85523101d33c9912a9a5fcd32536a976

          SHA1

          3de0f8d907c4046d8d867e30efca5df00f6322c9

          SHA256

          2dc35ef200522499007ab15bd73167fdec200e599d647ce7dfa986270a9a8a32

          SHA512

          52a49edeaaee9da64ba715338f69df8f01d34c74516477327e3788fde783f724afa16a391ebee077dcb3ba63cee1c3a4fc1b12a6b9e5bc9a400cbdedcad6993e

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/files/.umeng/exchangeIdentity.json
          Filesize

          162B

          MD5

          bd6b53bfd2fbc71f85115d806bad993f

          SHA1

          c6863c7ddfb6165e81150a3adbdcb3e9af39fd2b

          SHA256

          cfce6a9210f6fa2b9767541a3ffafd41e7364872ab3be6950d9e417695dbdd43

          SHA512

          91c3a81e37c8e6649e80d926f69c900740f7ed1ee3dc2df1d4b239dc69f00faae9c88bede578910ddf4d029858a3b0a97d25381fa655cd3fb31ebdb34ee03fed

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/files/mobclick_agent_cached_com.frzy.yyce.sauj1
          Filesize

          802B

          MD5

          99d06e9696c594c172f83f8d3a4fbd2a

          SHA1

          11b565a0723d5c4addfe96697a4338e967a00e8d

          SHA256

          93146cc076c93db17a95d84e23bc84a01bcdf6d29624680f1c54dc8780ca5c36

          SHA512

          f65dab96d987119cca488ce6c45b134ee49a7f6829e90e82f9e02ea36ca565c2f0e1408b174396d6d20fd0e8953b7f40d8c9190d08a0e6ba40df11dff064dd9d

          Download Submit

        • /data/user/0/com.frzy.yyce.sauj/files/umeng_it.cache
          Filesize

          348B

          MD5

          5dc1fa34c98a443460d1f3b74be7f139

          SHA1

          3baca353ec20aadfde17b526a84cbe746c614b02

          SHA256

          70df64c1c8c8359d04eb1a29d2f7bbc20c6c7223468d3c84f10ac7e7ea6aa906

          SHA512

          9a59eacb919e6644ef40c0993843989521aeb24f9ff92a213250a7fb8ad2c83e169ca4742c4926dd84b8ee92cc33ca06f33a32542e2aca88761652caeb8bb647

          Download Submit