882ffb9d7c981ce74ca5e5a1f24252bd1ff1a17aa77edba2bd4863b55ae8c0e6

Analysis

max time kernel
148s
max time network
153s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13-10-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e31882f3b46400ef17c92806e2767e0_JaffaCakes118.apk
Size

1.3MB
MD5

3e31882f3b46400ef17c92806e2767e0
SHA1

684b8645d2eb11fc20f1c91a05a88fd7c0d9a96e
SHA256

882ffb9d7c981ce74ca5e5a1f24252bd1ff1a17aa77edba2bd4863b55ae8c0e6
SHA512

76a69596a1f7767739e97fe3bcb8c23f1a7c3fbb9eca275f7f27cb2884a39b10d07c5472d07b92510842b5b5bb560abda477d4d9a89fe4d4c5187a05c77c1eef
SSDEEP

24576:WoL0otaYtXMPQ8x71O4NcGZcv2Kn+WFjro+TkjvCNq/13tdHbZKm51Ob83l:lQ7YtGWccGunljnYjvCNq/1XHNKmjb1

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4470	com.fjkh.wvbd.fwas

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fjkh.wvbd.fwas/app_mjf/dz.jar	4470	com.fjkh.wvbd.fwas
/data/user/0/com.fjkh.wvbd.fwas/app_mjf/dz.jar	4534	com.fjkh.wvbd.fwas:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.fjkh.wvbd.fwas

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.fjkh.wvbd.fwas

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
46	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fjkh.wvbd.fwas

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fjkh.wvbd.fwas

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fjkh.wvbd.fwas

com.fjkh.wvbd.fwas
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4470

com.fjkh.wvbd.fwas:daemon
1⤵
- Loads dropped Dex/Jar
PID:4534

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.fjkh.wvbd.fwas/app_mjf/ddz.jar

Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/app_mjf/dz.jar

Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/app_mjf/tdz.jar

Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd-journal

Filesize
8KB

MD5
89bafc28e484222aa02098eb33e6a046

SHA1
51aed67cd2bbfe613a36cf9e4bf7e60e6795158a

SHA256
3504a13df3f34b9b53b0c77f6d75b8c8afcd6b0fb120fa3c9c2d6fd4a91b73bf

SHA512
0d2f54f1cfc13841cbdef1917b8affaf121a90a0d7e9b2a9cde905e82d2f3d593074d6e58b47aaa0f2174cbced2e87ffd932340c35631c67dfbab1e5978b2de3

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd-journal

Filesize
512B

MD5
5b1daaa18be3de7be29443e69d42c725

SHA1
0ceae2699b5673befff7191ad45fc1ab71551467

SHA256
2541592a856661b6c8704849c2c1c611d94e1e0ed61dd08dd47442f55a1e6f53

SHA512
5c502e01411ffdb30ee6e8168d0a1bf7964effd04d60320defb3738fd39d9f667e6189f4dfa068deeb10b60f6796c2bfe248da0c23000a9eb25e9dae51cc40c7

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd-journal

Filesize
8KB

MD5
e4170552fd07eac8ddc29094bf717c86

SHA1
f78a92dc01761efd1c7f48f09fe2718257c28ee9

SHA256
efe551e2c35670cd2f81e88292009a918a7fc6802385d4199cb492df1f8bccb1

SHA512
ff80de9b17741387146c65dbea00eeaffa13cbff37108940776b4d36297a74f0152f80034d035f8aa8beb9575c37e25b31a8f895e010b4c0d7ffbecc645bb323

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd-journal

Filesize
4KB

MD5
f15de1b63c4625eb970acce6cd366b8c

SHA1
c49cdce94cdbcec4e19635c00156635d6489caa9

SHA256
6bcb069c9a59b83cb3e1ae97554058a13ec6dcd68e8d90abc1b87e6e68637532

SHA512
133b2d5b1f63c11eb595c65a8e80a5794040718033fc89d6c9f9ecf5e4e92153aed285c120f0c0a9f54cd467363409a7c661a6719c8ba5200a99fa1cd95a69a1

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd-journal

Filesize
8KB

MD5
e34fc9a2d2bb4f6cfa9be18a22410a58

SHA1
35c5508109ad29f2cb60321e74332e1de8edce04

SHA256
ee9a50bbda8584d765c49b828922680b60d90f412d77d116d49d8050d153b520

SHA512
0b13391ff512f65161ce4fde3c6de7f5216189d3a9c1a5981c55f833d1a2016aeed2e19e19ba7c189831d5f21c8c0bfaf37cbdd7384f9635c883c272c9c77e80

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/databases/lezzd-journal

Filesize
8KB

MD5
ed229e4af6e9451b5d6b87af6595a13d

SHA1
43cfe2c7ff16a2ebc62dbdfc9c0e1ea78a2fc837

SHA256
3dab5059b63437233b4d4daa0029a47f93a3b3ca424b9ff5dd08f1e58ba6e380

SHA512
b8350e9892bccea3784e8d64ee03293273d676dff9428861c77dc4dba84315208ccca4eef2718ca24f99996b8cf4792b970e66e8a39c7fd5746d430ba3885af9

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/files/.um/um_cache_1728799250143.env

Filesize
655B

MD5
6b1efdac7194a1a2bf47f20c0885843e

SHA1
320f2c805525711af6438dd042f47a68cf275b46

SHA256
3bbe8cd9e3e6ea1143ae915f747ca6cb6b5feee3d0f93f93d0e39c289130ff34

SHA512
1871baaa20889ae27ee1d6eebc75bdb35e8ea4ef75c89256b8cdde06dd91da1f8a96b9020bf05588361f2a5cb9267ceaf93b938fecfedd5610b8d0323f89a754

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
fd8937a021f0941fb2cdba65d00f121b

SHA1
0cc4eada2e2494702d44adab5b65bcbef17f0d10

SHA256
255df8e24eea15fbd54ada6f1e599856d87ae34df49a6b68916c94b6e86b46d2

SHA512
d0b4bd4e94587f8c231c71cc5b07ccd3fd8ed8c479c45638dc4c2b26b5cb1a4fd90705a4297029ef3dc8015ae8bac59407422f968249455ada74306007be0642

Download Submit
/data/user/0/com.fjkh.wvbd.fwas/files/umeng_it.cache

Filesize
350B

MD5
dab8b062e2373a8bfeb29a158dfd2b09

SHA1
6b52cb17a695740b479813eee7d71c4660c18867

SHA256
1b0eb3d1c9e809c3ad2731693516f97dd2d0a57cd6cb0b4c33045b95c51ae40a

SHA512
a18260b15d8f357c7103f3d708de88024d8445aef99028effa606c2a122d0a412bcfdb7c885d993bcd5465dfc0de132dc101f1631e830628682ad8e56f0e0aee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads