Overview

overview

7

Static

static

6

30fa04fd1a...18.apk

android-9-x86

7

30fa04fd1a...18.apk

android-10-x64

7

30fa04fd1a...18.apk

android-11-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10-10-2024 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30fa04fd1ae4504f0eb812f2f56bd0e3_JaffaCakes118.apk

  • Size

    1.5MB

  • MD5

    30fa04fd1ae4504f0eb812f2f56bd0e3

  • SHA1

    7773fd1fbba1043a13c3fa9a48612676788f7bd7

  • SHA256

    cd05f2f35bd0bea1239023dbef23aa9a42710ee66182cc289c95392215d2f014

  • SHA512

    0e1dcc71383cc7ec6bed61d73131d10b6099f1c15f10068e4f4e1b3360f5fb5f760ea332c077cd94a2473e3160fae6c06afe4adf19e183f0d3701cfbc7c607f8

  • SSDEEP

    24576:PfafHW34tckcti9be4VsAeWxx9+N9hLGuQVqgNY3Q6T+tHGgY0bk1ZfvUXbk1ZfZ:EHWIhKchs+xxm9hy1VDaZT0Bk1erk1eU

Score
7/10
collectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Checks the presence of a debugger
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.lkkl.jtxh00142394.video
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4614
  • com.lkkl.jtxh00142394.video:nk_v1
    1⤵
    • Loads dropped Dex/Jar
    PID:4846

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lkkl.jtxh00142394.video/files/mobclick_agent_cached_com.lkkl.jtxh00142394.video
    Filesize

    121B

    MD5

    1431c4b9b5104d9f5b4411372c351763

    SHA1

    a53d30f25746527bad356ed6b4ef50dc98f6d154

    SHA256

    d6a29fc019f877e8cd058a258af19c97eb6dcaf37cb071ddcc7f48096e53d670

    SHA512

    973dd1156e36d392dabc04d49c8d51962ae79c72214f1e92b4962902472880ae1cc6672ab6aa9eaf7120e0e622f013418e9f05c1d08f8c8887a020dda6c58804

    Download Submit

  • /storage/emulated/0/dm_push/com.lkkl.jtxh00142394.video/info/dmpush_lbx_local.jar
    Filesize

    48KB

    MD5

    46d1de526e2138a571a650af58554064

    SHA1

    9727bb847fb57fb748a31064cf19885a3c162b01

    SHA256

    78b6239a10c1e1532f843735ed5b4c3c27ea3252411b71d0d2fbb90afbc75333

    SHA512

    9127756eb5e894bd95de4c78a0276f4b3ac3dfabb0040512f5117fabd6ca5dd050b1f574709158150476c9e2c2c09773b98b7ebca51374f57fb623bc12c53603

    Download Submit

  • /storage/emulated/0/dm_push/com.lkkl.jtxh00142394.video/info/dmpush_lbx_local.jar
    Filesize

    108KB

    MD5

    9222af96150123d299e12740de9869e5

    SHA1

    38c6e10b3c78c75258c971966dc3964e51b60cd3

    SHA256

    6e5c94d5d1f0163f418a1a25e553c65cf5ec9e62856d937a42fcfd1f51136287

    SHA512

    e05e857a3b92119e8bd495c8916815489aae54b49496be6a53638fb281da3b7d9f695971b302a03464058cf0550ece54faf5180aea71ff81a593266a2add2689

    Download Submit