Analysis
-
max time kernel
148s -
max time network
154s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
16/10/2024, 23:03
Static task
static1
Behavioral task
behavioral1
Sample
4f803c0f655f011d0a158bf56b56043b_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4f803c0f655f011d0a158bf56b56043b_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4f803c0f655f011d0a158bf56b56043b_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
4f803c0f655f011d0a158bf56b56043b
-
SHA1
19383f11238e4aa9ec1d60bdf6ee019cbfb7b9dd
-
SHA256
57334e1f8ce5938776ff5ecd89a4466f920b4fb8323579be0395f59e57c29e96
-
SHA512
44e33f9e33516192c0c431fa741171ea63c86fc05d190cf5b58579d3be2822b9f5476558eb50609ba8a147f79b038a656e0671d8f5d81ec5e48ce52d646c9207
-
SSDEEP
24576:w6ioL0otaYtXMZMac7T61VaxP5PFA1rypUFo+RYj9Q/q/13tdHbZKm51Ob83g:w6pQ7YtucX61icdyONqj9Q/q/1XHNKm4
Malware Config
Signatures
-
pid Process 4639 com.qavx.nfqi.mmuk -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qavx.nfqi.mmuk/app_mjf/dz.jar 4639 com.qavx.nfqi.mmuk /data/user/0/com.qavx.nfqi.mmuk/app_mjf/dz.jar 4702 com.qavx.nfqi.mmuk:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.qavx.nfqi.mmuk -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qavx.nfqi.mmuk -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 41 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qavx.nfqi.mmuk -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qavx.nfqi.mmuk -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qavx.nfqi.mmuk
Processes
-
com.qavx.nfqi.mmuk1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4639
-
com.qavx.nfqi.mmuk:daemon1⤵
- Loads dropped Dex/Jar
PID:4702
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD5c00a97fdf7ae806114535b119cfef247
SHA157a561c6cbcbdcef1f4caedd7a2fb7b5f8e07efb
SHA256876b7288cfac23496df8a76cabdcac696d37737dc23ae3327220815ba16f8bb3
SHA51293c5355a6cf22e3f056f6a588a10f991236ccd62f7ce72bf4fedd28d213142bba4175f2ec01461b0b976e5a5e7a6fac3d4e98d9e17eca3d068e7814b83a9bbe1
-
Filesize
512B
MD59f3431e3283f91b56c4517daa262631d
SHA142e7ec9793ba7ba92439c968f704a0af257c5f8e
SHA256e194847832d2f94b31a7ab195a177dbbabf4251318624355765022a4fc3cdbbf
SHA512bedaea4bbecdd8d4f04e1e9ef38178e08d17d8b87e855f25fdefb8db69774ee89f47e3dad7ed12ed2fc75c34fcc74fff3a98aec17ffb7d53772bc2da077b78f7
-
Filesize
8KB
MD547d8e552277d346fd4dd1311b37b8e07
SHA12805f90ee5e41db3bca56d75cfa2646626286190
SHA256c59fd25212c29ce46f77161b2bd6285094a58ae1393820e386b7863de53070c6
SHA5123e30070601cedadb3df318ef4fba83c711935990c85ebd4990b735aefa67c1a4aef24c3e2d1284567c0ff00b9dc101ea1780cef62348a3f157f271db729e5336
-
Filesize
4KB
MD58bbaa3619e7ef1b33ec684e4bcde5fa9
SHA18c31f447f3267b89c8ac4dee21588b496591c475
SHA25604b8354b4e36afb17037c92cdd79c0c78716bcff77f6a196404c48f2296cbe7c
SHA51253e7feddac2ffbbfa88d0c129fb895b843087a3580f145cc46235daafc2c176b57458c3ec6227522cc83e960fdb4fb20cf434a92b8c2a50f87e44a689b04e148
-
Filesize
8KB
MD5fd7e31e199f73beb4f8148dbec8ae153
SHA12f37ff9b7fdd3b9f60f18898da8851411745dc62
SHA256d08904cd8d07883519e6c7f7d841711d8a7ca513ecfdd7852813d66a957e63c8
SHA512f8143e8b5fd8084e68f192841a65bb513783071d6ecd5a3189689dca75d90a09b2e18bac41eb9d7f18caa43333c58ea075553f482890ad2198fe6c3b418d333c
-
Filesize
8KB
MD55ed0f927941c46f009ea9048b9db52a7
SHA162498467374a4703c8070fb53ee1b89252861551
SHA256caf6aacc2c2dadc5c0dd220167d6127be72ed5988ca086a6dcb941ead4bf24de
SHA512a7734457250d8c7547a274abeb2a0763cbde47e29c5d4f97160fe22f19604c2a9615ff3e9088c670f9138b2b7b259b7cc07684c2d8ffc31d4e89ca59a3e14ff7
-
Filesize
653B
MD5ebb84c926719ced582eed54f071efe05
SHA1a0afcffa1baa7b40edc6f34ed948d98b1fb69194
SHA25676042a8a190c02cff16f8d0ce7d11af2780ae0ea1c9ddf1486243e4eb7d5d04d
SHA51223e627f8ac7989a7fcd637c93d05e04b10157fb3231753be6374a8a27bc3ad7e70ba90328b54ce5009711d900df1c0f729100c3a317bbe185e777d258306f8ae
-
Filesize
162B
MD55db33f5b2b156a5add9973c2960559ad
SHA143a0c0db56e0b9252f87c7e22f0cbab13fe6ac4d
SHA25645b2225bfe546c65069e5582b7f2f57b4baa4a740f9a89631aefaa271f1cc60e
SHA512ddb9ce1d7ee8e96194bbf13e65f03c5198d42c30dce4d0456adb29e7a9eb8b18f538e13254772167fd7700cdce23a5a03a8ffb45143f1e218e236c6b6217647b
-
Filesize
350B
MD5c43983aae296f47e374cb46702148852
SHA1ac94e0c5d6545ad6448ccbab89f6c0c6d1850e95
SHA2569f7f7054d8aca8d7d68a2df4ee9ff16b6e4d4c02de88098729b8377e7d1b7844
SHA512753f44c947d7907a348ff262f82f8debee74aabdec67e21c12672efe9632b2bb678acb89a44a5980af9a358488cc1c8c97cf3c8d25733dca67a2a477bbcc5cae