Analysis
-
max time kernel
129s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
15/10/2024, 19:53
Static task
static1
Behavioral task
behavioral1
Sample
49b6a9d41ad910ac3ac75bb575a2524a_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
49b6a9d41ad910ac3ac75bb575a2524a_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
LehihiSafePay.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
LehihiSafePay.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
LehihiSafePay.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral6
Sample
ZqhySafePay.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral7
Sample
ZqhySafePay.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral8
Sample
ZqhySafePay.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
49b6a9d41ad910ac3ac75bb575a2524a_JaffaCakes118.apk
-
Size
16.8MB
-
MD5
49b6a9d41ad910ac3ac75bb575a2524a
-
SHA1
b55bca9c73f8c227659614451860d166b3959c80
-
SHA256
f790883eb84f8b1f2b6fa833fd210f3ad3ed849833f1537368b284e99f262228
-
SHA512
69fade94a8753036fb075f869870486feea7bff6305e3541f54708ca4f234a23f7d2b509e0caddbff3f338db5f08849e95b2bfc68df4c0837975cdda48176909
-
SSDEEP
393216:XOQx/2lO+TGjkb3uy2yu9j6trqxfzSisfapRwqPu5C:XOq/2lB+NlUrSaaRu5C
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.yuzhua.jjtf -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yuzhua.jjtf -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yuzhua.jjtf -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 18 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yuzhua.jjtf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yuzhua.jjtf -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yuzhua.jjtf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yuzhua.jjtf -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.yuzhua.jjtf -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.yuzhua.jjtf -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.yuzhua.jjtf
Processes
-
com.yuzhua.jjtf1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4973
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
225B
MD524628b229109484f3e2073f48085d529
SHA18cf9fd58b5114bf1c8629fdba3607753129e7ff8
SHA256813db9f066f66ec7c9e045a0773bf3233e314aa5a0f564f3f820cbf5a5998704
SHA512f13f15ef30c93cab18ee6b4010cdd3cffe86add12d179bc5657d2eb96ded311b13d82870da00bac028ca2518ab182ac1b80e9966f0f6b081d5938f4942d0b231
-
Filesize
225B
MD51a370361ee5f6a46248da4e140bf35c1
SHA1ee30c85b2fd8375bebb9a2ce9a7163e07a0af70f
SHA2566cb188cfc4517b53da75646fc0755419ddfb827e1ba744770fc2e2898ac0a72b
SHA512f6a7ce5a124931e34564c27ef50544f2769b8bddae5c8cad29523427c85e125b812c149c2c2a7c5aabdbb5130e1732fe787314cbc8618eb5d90b139452af15cd
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
52KB
MD53ff01250326ef198104eb0df82ee1652
SHA15f42735930a40e4e65bf2dd9255b890c1f01ec18
SHA2564b27f99199f97decf054e7f3f46797c41dfffd87170a18b83f95abbd62a74428
SHA51281dd29884b2e39e4b318aec0b14d2f13f4022c84f5de92515cf5a8c058ac95a42da2af3925ba87397de477f5435621f1e2bc4e672406c7708d62ca08e3cb9fc3
-
Filesize
8KB
MD50eaef12967696c06a7bf42d243f35279
SHA1ba862693be72ddd6e9de4f5c4a252455bc84cd8b
SHA2564c29f45628ba86283cf0bff6a0cab9be82421ef4f5e1af2f2c565cd6bad6f631
SHA512ded36651068e798bbd921aedb08fa912b053ac37b4743e64e0f55d6d1fe70d9bcf9c728b4636b054f48d8975b39c899d31168d2e115ab37147479aa8acf57bd3
-
Filesize
8KB
MD533b5252c02ff26493a31873870ddace8
SHA1f138e9871adc38b915342413b1f4d7aceb240eea
SHA25617ce30b650bc38724b1a4af886b641f0c8aa2840f7e7d507a650d51dfe39a232
SHA51200ae94a71fce11a5fca05b5ad4ee843d588669954a2c275c192932f4a6d5cd0c01bb120d4dabf43ed4e3a509ee083641162e80da06201548fe45b31826baa5c5
-
Filesize
8KB
MD5d0587547d9494ab36bc87efb0acf9aa1
SHA12b691ee397d2e6aee694524f00c863317efbe197
SHA256dd572fb2e965139aa440ce416f1e2c067252725cd87e373a957c5671f64a7b7a
SHA512f3468d993031d11dcb9e997270486e78b95a2c4427162bbe73b7b66d63a393ff8f5205f41377da44badb97b9bb2cbdd3be56d6836c56f5da2bb28ebfad704517
-
Filesize
512B
MD59acf80675a2b70e17bad12cf03b1849e
SHA16623136ff052e2769fdb78db8be7add1a2fd686d
SHA256bcfcecbf911ebe5a38ab5cf06869ca481c1c3001d843d7e641cd19938e761c93
SHA5121cb660e3a13facf7c2ed6591137b63c5cceb9010543ac0064acf02a666c5b87bbdf345ea622003b2ae237dd5f48eb2b6db0fcf1d043f03799ddfb5a6a8199876
-
Filesize
8KB
MD5d8aad33a81c08c7a5bb2a5fe15b6959d
SHA1b7cc73b8f7fb1d4db4746415eca539d7cbfa772f
SHA2568648554b130c164efe0c4d2c8b3e96444d56bc394288881a63fa72602ce2b037
SHA512d03d6e1e93e4941286f7f658ad2bd854d4041fad842e2ae3759050365f6958ca0fb50b61d7b5569d4fe598aed8fb080bb0dccc3f2f52b2aecbbd0a0c732f6675
-
Filesize
8KB
MD508894598a2d3eb550e3b4b393d080803
SHA12904e8641264d7e80398f059a5de90019162b802
SHA256a5041d67b60484f52797c9376786ac85e63d004a813f9b867b82a50de6969df7
SHA512a8e3f4ae47893b7525c1e0735711616d4ac3b81b8debd687ff13bc5f6eb58fd72dc93eb43503213ba29dbdfbec8bc9327e48dc74afa1e6a4ce567fdfec9a87a7
-
Filesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
Filesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
Filesize
512B
MD51697c56103d3a5d02d12d650ac20507d
SHA13722f792e0121036b8452d8310c1db46345d6d18
SHA2565b5ab9fbf6e28c1f027199b7884d5457f97dfafb07ee86dc18e8ad8dcc91f1d3
SHA512d544188e1372fed76379d2b25bb5a63f5f526008df377151ce9d57054588c338d4f8260672f484802da5457288047a66dcb051cd0458a4a64f386aa5be2379f8
-
Filesize
8KB
MD52bdb16113a07888a20c5d82d6c659cf8
SHA1df98b452d6151ac5174cb9dedc95a0e95eaff276
SHA2567ce787bf4201c8463bb3e24afc163f066d3538b87e3425340074d0e6d683aecb
SHA51224f04e45594bf56b0c8d608271179804790715b36fcd6c4829359fb223c8a2a676961857b9ccdc48e60edf216275c58711520583ec4dfc613deba0f366e8ad9e
-
Filesize
8KB
MD582e3f6784401f458cdaba9a7b541892e
SHA16830f5efc0ebce59176aa720f046249477e897fc
SHA256b30981ac4d695001221390ee040dcc321bb75499549557bc466ad6f8a7a1733d
SHA512ad337bbc638367b91822d1b7fcfaa1a437db9cc248f3d98a3e928b252fb50d6740fb62c8fe4c0aeb8b9e57bc9e7596ffe387f0e0b7ccee9cb622a28271072bc0
-
Filesize
8KB
MD57fc76492f6151b2294bbcd62aa846f98
SHA1f460bc1fe43a2435f91b23430395c15098a3514a
SHA256d6e381858dd9a54d3e6a0128e28a706c2c8c44d76988c388bc9517af24a15fb7
SHA5121838602ad023179340121ffaa29dc22db6ff1ad992fd6bc8f96a01c1dc347965f18e402a21ac02f26d94c66d01be9c83037fd8e7ae610e2c6fda40bdbbcab346
-
Filesize
8KB
MD57e23f20c1d5d145c868f53fb8ed1f973
SHA122b327a21458d0e4b0a38a1f6bfcddee90b48abf
SHA25606400319ef254da85a333686625411a019dee9d8ac19b87af30b6700497a7307
SHA512d7ffcdae4436f004d21d0fb94b8daa495ae92e938b49a39cb2a20de3a6dd8849d0d911a72987d4c82b8b6255cda882f184d4894f644c905aa29a96c3e439ad2c
-
Filesize
12KB
MD5b7f19ae12d957384f820359e42e2ce2a
SHA10c71bff80e586795d40844916187efac7c65e9f6
SHA2565f3301125e82c4abc34236ac09bf54b5815642c8f1119f5cd89cf14e7c93d720
SHA5121365b29c8b683e09e801e811ea592ec0f2cfb201aae887faaae6f95a8599432ff2b7609637eef4304d05c2c9ea19a46f644dfa59893d65b261612482813dd41f
-
Filesize
24KB
MD517ed434da73bcfcea3def1d33048aa5b
SHA13e4e44477c17647921072b58d2dd8620fb38dcc0
SHA256981024b525f8039b10d7497173e810d220a212bcdbcd5ab3aa91c318a24ad5c5
SHA5126c0289c6f57a4b59b16bb0759782f709c0007b59acf9c07feb099918c3f052ec2f3d46ef4cbdd4a99305ec0e524e53d8296718235c38dd8ed5d4e43a104794a9
-
Filesize
512B
MD517b47f67d0c278f85fee88daff106234
SHA1cbbf02aa95062c083947b7666e16d5594f8c1f4e
SHA256be65ba53bc5894660e8a269e30537895407fb6f9d60079fa7978814b2c02765f
SHA512768ea74bb664d66a5bf9ee8e64618840c120900f50751a9d981c7d42df1dd3fa3bd7a70427d5c25439ee7d4b63b01eda76415d4ff60c652074f61b4b311e7c64
-
Filesize
8KB
MD5427c34179169dbdc57f73ae98036b0e4
SHA168016f2ee386c12b4a168864498d208516ef28b0
SHA256c92f211ab04f3688b0dfb9d0e8c411338192f1753d2b94711fe42827e778ade5
SHA5125a1f9f21ce293e05d74e50176be91426f607de94813038e24735092fb03a459101fa177f222dab94a547b0c1856d432e28c5efec30fa4b927868160c44380623
-
Filesize
8KB
MD54003e051db74c3751dff462c8e6d4364
SHA139cd26401c0dfbac9d8d808d89baa20d6e351e09
SHA25618b11edf0a846b36038439112f543417739ee4771e0a314826663982199b65a2
SHA512397e6baa33ecf24c8696d4c4f5583f15bcc2777b3e608892656672f5081101af122561ac22d96baa537733eee00619de048f6bdc07c8a99d661253379456e1f5
-
Filesize
32KB
MD574266e8d313013404434eeb0da165a48
SHA15e4ce40632553bbb48e3f1a8c7bd2c7fa8a5fa9f
SHA2560853cfaa23f62ac5f2c06207fedd991e492b35eade37da45f55f4f66f28750c9
SHA512df605ac99eb83f48798aa317fceac2169dfb977a370d63f85a36781bbffeec5c20f69ab0ba0ddcfe4b2a27ef3fba557fcf7f7e920fc918c0a2e2181f753365e3
-
Filesize
32KB
MD538564ad4c73e5619bc2264b0c44997a5
SHA1e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA2561820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA51230d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d
-
Filesize
512B
MD55dbc034b6ddcce62b83a99fc4789483f
SHA124884f4cdf17e75fee2c1e601de9d159c9709bf6
SHA2566f5d6d79d9337990ba43984b43c79b98f8ed2426b714e4ebbb3bab0e2f19d642
SHA5121b75ec45afee6f626fa2535e1783144edd4cd444375d4caf7db175fd4c8cbd9a529be9e507616b37fde3dc328ac60bb3cf480594bd1791019d2850cc827ae19b
-
Filesize
8KB
MD5e7313e05f63595d035aadcade17f0131
SHA1224f405d91001a1f2492bc00aff735ad5cea366f
SHA256c122235329ef4703dc4757d20a62e3ef2431c3b8d2fbd967e7e4c68eb97eba59
SHA512d7265e7bc098529175db221af98b8af8ad51f1455d4db4977852b0ea6b552df034de03fdcaba5b467ad931c7ff175559484c88665b0da25f0556aff7c1ec915b
-
Filesize
8KB
MD5f1f4597ec12ef5751a3ff9ad13311153
SHA1496d5b60a72708ef6cf8b46ff9794ba5d7a1f03b
SHA256722484de5dc24832e339db3c0822ad112456ee95bdfb9109586ec18ece9fd6bd
SHA512b061d4b8e6757457f23621e1947cf81750ae1e87648ba64f3e041dd4de95a3ad7923944690808e1a3ec98a528735454b68954b2e5a9f8d522407f6b1a460b764
-
Filesize
16KB
MD5ec19fb2addffd07b57baf812aa1df782
SHA1fd3c63a2a67a2e064e0ab073058cc6418c0c43ea
SHA2563e8db4f8196b3faae16ea15e6641fdb4b3cf5f04ba94fbe1718e3c2f83c52486
SHA51252e6b96e57fe42a938892939c71b6fb01941d2819829f5c35a518fbabe986e1b749af6f5119c73b9151951a9f6d88393363f460cd2e8d32e011e28a386b9576e
-
Filesize
12KB
MD5e5465c3795ccc9bc5a77b9587010bcfd
SHA1b66dff0f823e6d81a987f09547c6b9f51f6ad3e2
SHA2569524b9d613ba6e90805f931b65f7b8b8fdbf35f5ca0e6117a6cac10014e677e3
SHA5129315c61c4c62eb2cbca09e3c6befd8b7d31955346c40d9cd15a4226243a28d15127d7cf0bf007bc10056a19bb4bc9c7ab933e7f9090f640419ea3c80d1637194
-
Filesize
1KB
MD5726f4a084ce9104b87d5444cc1deb935
SHA142523fe514ce1324c68f9f3a8a9096603c2a8e43
SHA2568a0332c0cd46cc82609270a2ed409108fbf9926ff281552d4f533e134ad3e842
SHA51224dbb97f81b73e26f285e51024345862ec68771b0e8817651262c6b97e17b61b46e39d37efb0e424b9596c2caab793cbb00732fed8074ab0bc828689dc6d1b41
-
Filesize
162B
MD5f1232e4c4d9d33a13b1965b1f10bc5ca
SHA1bf5e02c016ec3241aab35203a4a2f33b2d02ea1a
SHA25692b8fe1bf9fc08e46ee79785b94f9395b044253aa5e29878cc299e7a982a5cc1
SHA512445f31827f3cd14bef76323bbc0c578f7cdfa6c29b1fb378a387466a4482d5b15546b651dd7c618e00d22d7dc01c641fed1a85c3160512cc0c0b75a9443cf307
-
Filesize
1KB
MD5f526172de1566b34fdcea744710d9559
SHA1000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA2568572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d
-
Filesize
67B
MD5afc9f338760d25d591b748f65ddc4cf5
SHA138d349bc6feb4fe62d21321d9935f19aa09d4491
SHA2563dd12d8d824505fced0b6374dc6b13d9768ed6e5aed11718e6c1d6af5e27089c
SHA5125bee2a02f5ebc587fcd3024c334c8e65539ba3dc9a0f9f822ee3892ac42368680c75fe03decd87ddf13ce945321a6a8273787ed0666df5608a4c1b5bda7d8851
-
Filesize
433B
MD5ff6b212784a251f2d6d9232e53d1819f
SHA143375f0cc49e8e65953f3c1bd4716ab77f74ceb2
SHA256dd48bb3aeb892a0a3810392faed496430e6e0c7bb8db97338000b4bd7a4f0869
SHA512d96d82b062f958d8bf34a34444049e2a3c9908056de58e1abad15ed0afd62eefd19a0eb580b7bfbf6492feb607b3639a01b58f104d74581f12bed6f02402aabc
-
Filesize
111B
MD507cf3421e7846de3bcd14186cdafa53b
SHA11c4ea9422fed0eede08c2ad67c2913d016f38450
SHA256164d06bc58c1553c039658ecd7fa883d06df8b096ed85a1d11bec3bf2f58daf4
SHA512b8ad8bee1a05130714fe2630b1124b8fdcf75ccadaa8960822c782b8e7100119b84582eefab0db3dd8876c11c153be4889a7345f050f8265a5232daac11d1c9d
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD531734d3d5aee72113c6039894a23f117
SHA12b05ab4a57176d1d7d41d0c5e638eaead57f81f2
SHA256b20ef81efc2a40741fb3ab31288122ac15ba9735b03725acbdcf9e89ceab59c8
SHA512f4e3922e9b1c446cb3125edc94d7909d7b0a1c6109d93cb3900ef2346ce341b8d03b85ff1e6b5dd83dd8279ea0cf751917999c3de9e523c7ee68789d344f46dc
-
Filesize
408B
MD5da69480a4ab4dd7203f2abbd7d203eb7
SHA151f1fb06c4ded216ad86fdc5cbcfcdd61e8df7c2
SHA256b0fac268ca2bc40542e6258c6dc6992f8d002f9e6ee826d916a5613f7bf5d2c6
SHA512d55a41d6a6c568fc085870e08301eed314cbcc13d00f85a465eb7fc1a393a86c6167233b8a1b2687cb611d030e5874869982dd1fa9bfb526b2178a8219ba07ad
-
Filesize
1KB
MD51940491b59d431171496aacf37dd0a65
SHA16f279268f131e7263a26783a3f4d23d25c97fd21
SHA256439a0d45770e33ff533c13ae0e223071920a3746805f47766414ad7fbff17d3b
SHA512ca5b89558490d54bac6a0984ecb821edf443e6c61de2ec330c29357cb5bc8312981def8ec0b2f1a89692b45c2a2d7dc7c98e396f14cdfeeeede160b9f7f03e2c