Analysis
-
max time kernel
149s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
16/10/2024, 23:03
Static task
static1
Behavioral task
behavioral1
Sample
4f803c0f655f011d0a158bf56b56043b_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4f803c0f655f011d0a158bf56b56043b_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4f803c0f655f011d0a158bf56b56043b_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
4f803c0f655f011d0a158bf56b56043b
-
SHA1
19383f11238e4aa9ec1d60bdf6ee019cbfb7b9dd
-
SHA256
57334e1f8ce5938776ff5ecd89a4466f920b4fb8323579be0395f59e57c29e96
-
SHA512
44e33f9e33516192c0c431fa741171ea63c86fc05d190cf5b58579d3be2822b9f5476558eb50609ba8a147f79b038a656e0671d8f5d81ec5e48ce52d646c9207
-
SSDEEP
24576:w6ioL0otaYtXMZMac7T61VaxP5PFA1rypUFo+RYj9Q/q/13tdHbZKm51Ob83g:w6pQ7YtucX61icdyONqj9Q/q/1XHNKm4
Malware Config
Signatures
-
pid Process 4990 com.qavx.nfqi.mmuk -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qavx.nfqi.mmuk/app_mjf/dz.jar 4990 com.qavx.nfqi.mmuk /data/user/0/com.qavx.nfqi.mmuk/app_mjf/dz.jar 5046 com.qavx.nfqi.mmuk:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.qavx.nfqi.mmuk -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qavx.nfqi.mmuk -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 25 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qavx.nfqi.mmuk -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qavx.nfqi.mmuk -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qavx.nfqi.mmuk -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qavx.nfqi.mmuk
Processes
-
com.qavx.nfqi.mmuk1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4990
-
com.qavx.nfqi.mmuk:daemon1⤵
- Loads dropped Dex/Jar
PID:5046
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5b5a1539b5aea829be5f380a70c4714b1
SHA196299e81c1b93aec09df2ffb2d0655858450c79c
SHA256ab85a89d8ce8d791cc24e23e50eb179a194f4e89fd91ff018146f022465e38a2
SHA512933afbe98a5dc1778596379b10e39ac1000242edc487c7d0ac47ed19278ced17d91cdcf4aae38e3b05ab7ee07f5a8c7efd77f7a684beeca03dd19d302bc1cff9
-
Filesize
512B
MD5084c753c06a17442c2544f1a4be81370
SHA110d0e74838f7bb2c4672086e43b3439745066828
SHA256c3e7efb89f87ae154508ce062db1e6ea67b950c878fc98361db6441d56a65a0c
SHA5125c98f34f39939438af06ab4d763544cf0c154163e4ebbb318d7b563b60291a34b6aada51a99c215437a6caf2abed36c8a39d72e7a7ff3e766dfcaa1e158d8cc2
-
Filesize
8KB
MD5a94af3d3b7c282265cd05e738dd08e25
SHA160aa527ea0516fb6a1a5098543dda107873f7e8c
SHA256fe4e741d1bf7363df1c443e7d5ca3d066d5070d8cf6607f7d83d27f661eda069
SHA51200465bd8447032faeee9d807f6764a9671419e347c01f2f62a66641c05e51daa112060e4567cbf8f889f159074ce2a7bb83dc20053c0ac932348bd4208b62605
-
Filesize
4KB
MD54489d8a40f5cc883e77e508c3761d4a2
SHA1a38c6852e3e344f286ff356866ff0d8a1ae94770
SHA256e36342e7e94a941540b56f41fc75d1e48c852f3a75b6754e8175e358f1faad2f
SHA512bb9145cfded850c6acb698f2d3721d645c747730835c9417599d740a08d35685c6a7ac613c4b9e4603bf014c1f8b75e8b16757d969725a686600a72359c27baf
-
Filesize
8KB
MD557590d15cb9b6ab6790c66fe16b64a23
SHA144a1baf867a5e6171a9c1c4867b40fb99d5b3cac
SHA256c9e932437fcae9cd1edc7baf49555f8816a6ed3bc16a6db02afa7609f63aa6ed
SHA512ee9eb40d4e1bd07ff3ef82bf40185afe5104ed7d618c091ff1921e7fe61f0b8839e77e8e7c7edd3c403ce3b099bfba7bca6c113a3830a5f0f507cff339522fe0
-
Filesize
8KB
MD575c1bf4fe7c1b4f5c145dc3c7077b792
SHA12b7e5ef5492459f5a3dd6b608b92c4733628270e
SHA256bd16b7c47418fe72e2f9d6ed3ab0b24da30be18a1cfef2835fed5e42305a7ed4
SHA512b1897ac5788d7564c551f7e0e65df4d35fdefaa6a358a7d744d000624fcb1b02c44e026ced8fc1367e5fc76d7389b32d94a0caae5cb61799c74fba90bd543b35
-
Filesize
655B
MD545112f49a96f56ac0462fedf897264a2
SHA19f0525d32bac72314ddf93fbf61b7b3bb7b02137
SHA2560a818303f3bba39c85703eddc844c17120d9ce0f1a17ec6552b2564a26237bb0
SHA512e79d62dee795fb7f5a83417070d4c315ce9742a555ac4472beabf67cd4abb32f5aa4c4cd7384955bb687a43c6b9f514a2b7c59836dd8ceef4be554811d419354
-
Filesize
162B
MD5f238cbbf526e176e22eb7bde91948256
SHA15b9b8451ac2df0434cba62c93d8f93961851de85
SHA256be8fd0d7b9b1bdf061841928fd516c6a8a2cede9d0d3c18ccca243646d457aef
SHA5123608fd8a67cc9c9dee4b1f382d2b99e1a55aaadebb24cdd0ec0de798da87c4a6420b26810d2a699df224c55e0dc0a79f1f1944a2f45368d9117784105486831e
-
Filesize
352B
MD50b48aca5f5c67d1df59dec287aceac93
SHA1d780f99df73cebc2dc7cf733e6a50f48ef461afa
SHA25668846f70b193f203e265ac6788a77def9c3fc2813f7934a0dfefcea2232a2e08
SHA5125488f39510a3d110497396e2fc95fe565a0a2d06063b521ac8df6d8fb4268a2e3fa567ea88f73d67121fd891d54854a9080ffe2c3bc446d9ec348007575c6586
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc