775603c8dce73634d44a4e4acc4c4d713e70e8243c72eb184cf016fa0b5880b3

Analysis

max time kernel
148s
max time network
154s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04/10/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

148b18725c4847f02f7acbfd3638032e_JaffaCakes118.apk
Size

1.3MB
MD5

148b18725c4847f02f7acbfd3638032e
SHA1

b3a474b01ae3bd2fb3aaa95ea7224cd77e20bab9
SHA256

775603c8dce73634d44a4e4acc4c4d713e70e8243c72eb184cf016fa0b5880b3
SHA512

bf2659edd7f05d2f80f3ed67e52afdc2b3d6b328fbb534737b80368cd8403c4856fe6d3241ef28d761605045c20e56891714693db006ce89b7d805a81206b5d4
SSDEEP

24576:DfoL0otaYtXMPQFx71O4NcGZcv2Kn+WUjTo+4Qj8XUq/13tdHbZKm51Ob83V:sQ7YtDWccGun0j/9j8XUq/1XHNKmjbF

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4489	com.wuhu.ffon.dafg

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wuhu.ffon.dafg/app_mjf/dz.jar	4489	com.wuhu.ffon.dafg
/data/user/0/com.wuhu.ffon.dafg/app_mjf/dz.jar	4553	com.wuhu.ffon.dafg:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.wuhu.ffon.dafg

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wuhu.ffon.dafg

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
48	alog.umeng.com
61	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wuhu.ffon.dafg

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wuhu.ffon.dafg

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wuhu.ffon.dafg

com.wuhu.ffon.dafg
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4489

com.wuhu.ffon.dafg:daemon
1⤵
- Loads dropped Dex/Jar
PID:4553

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wuhu.ffon.dafg/app_mjf/ddz.jar

Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.wuhu.ffon.dafg/app_mjf/dz.jar

Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.wuhu.ffon.dafg/app_mjf/tdz.jar

Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal

Filesize
8KB

MD5
04955daf9f9eb9a508ee1d37381668b7

SHA1
67b2cb619d406a372a83265dcfce3d8b73dd4d5d

SHA256
3c3669f5530072df0f15f29057d2b0bc204409521aac71d364e9d136974cfae0

SHA512
713e1f8d9bccbd33a0af6f1cdf73d19b453d6a7b7c7f78dfbf4b4df9b9c8f95579914e4438ab643569ff0befea2ad9ed93edfbdfe02ea311ac255e82f54a5f3e

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal

Filesize
512B

MD5
1b1973c310c384d09e8fc4241c07c088

SHA1
292096b98308af2a8d54c60884eee94e79ae8fac

SHA256
8fedc6015f78cdcba587fbf66134818d9f4a399b0deb88fc076c6f25814fc4f4

SHA512
2a20a12febee50168b69884aef95a2f740dd237f32d673d7f8eff6d84c510d0d1ab910e5c631df84d6a266d3b0fc6dac255dc76e2caf4a919d7c9962eb09bad0

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal

Filesize
8KB

MD5
9ad3cbad1a0be38f3259ff5d5f7c250e

SHA1
e4bbed1580548f11122a326c2838477af7c2e186

SHA256
0a8f82faef8160f32b1ea26218d8b2634dcf5876ff99638dfdad0da932f59eaa

SHA512
26b9ac99d32bd058538100d770fd0a35960e9b04c6c92cde0b07a037909e912b9063b1d5aca64e201bede7db86aca606d98b097d4e51a34c3f65d64407a38077

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal

Filesize
4KB

MD5
3f8ba5fe80c901db44442eff4d13f809

SHA1
a9ca563edbedeb6e2b3e64c15a6beb480a324a09

SHA256
a32f547b20d76e165963656dd1e99663f78f6efa22067d7da118abe51c4b9b07

SHA512
224e288656417c821e2915ceac076252b8cbbcb254bdee9dc2d8bd9e760c87151ed481ef5c34b77eb8bf15a7ecb6097f04c18d1141f5a676966e0a10b7a3b08b

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal

Filesize
8KB

MD5
f4bbb2273c9a452d1cc056b8a239c42f

SHA1
4813f8cd1b2cd112c51fd15626cfd711437f3731

SHA256
7b7b8f00817dc357c2d84b898d0cfd3eba75895b4f96ea468b2225c18bf3708e

SHA512
4624523bd2d82d85e91bc11d23959065daef365ad5c74be00cd5fc57cdbb30b38efc0ce1c993750694d980ce7017dcb11a012c2ad6884720477854d0864978a7

Download Submit
/data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal

Filesize
8KB

MD5
536ffebec862a29f1b83603a71ddebce

SHA1
70f9fe1a662fa7c2ea949404ec70df86bc5517a5

SHA256
879f8b944725430227beb880a2cc8960ef9e0e13051995754c8138347e98c71f

SHA512
3744eb64f255c7d9411ad84308ef69e4ab01b633090c4a05d2861ccb86a73ac63adb6458626c39c6d2976889381cded6f71d760e414d57248acacc8e6fcd131d

Download Submit
/data/user/0/com.wuhu.ffon.dafg/files/.um/um_cache_1728067982467.env

Filesize
646B

MD5
97da7efb28b7a5b9bb80053a62aa1cb9

SHA1
144a58bdb14d44898c87244113577a4acf04e955

SHA256
acb900eac9398e84ea7f181c88806050151840f8fd1e051e05c3ae53b348961a

SHA512
499d98b04733f698f8db9df181f6430f87820edbb4cdfd3fd2e7063364810606b575b93ae7d20f70fb1415b9e03608eb103d66a1631467db7086bd501e057b7c

Download Submit
/data/user/0/com.wuhu.ffon.dafg/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
c6d8a59961b19ee46601769157cef848

SHA1
7495e2440c8f549096bf9cd303f6a70a958eccf4

SHA256
b065f41dee43a54acc248e856798bd84bb21ac32ef392b0878576f711d1ca79e

SHA512
2990b69fcf4e1b8556184d6512992fd442a8f7ecacc1468eb1cfe7c0e81c4939f43deaa46a5aa10a9d8f67bbd4845ac6b292c292aec02e98abaf8dda36a25c4b

Download Submit
/data/user/0/com.wuhu.ffon.dafg/files/umeng_it.cache

Filesize
348B

MD5
f71bda0b9c2bcd30e08856e8ca7c790d

SHA1
0d42e0cb407554b3cf44802951550b0ee4818700

SHA256
37c69dc910ffd4d40f3b624ae883de8a76cf52e6f6cf4ce2a78b387d07825591

SHA512
cc2818ccc49e1282926dbfe9d1ffc65a544ad6fce183b85d41c2fe882e230e001a47431f29925b042b8ec6fbe3a3bda4d92a6b2cff8243780268334f74e95d68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads