Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
16/10/2024, 01:54
Static task
static1
Behavioral task
behavioral1
Sample
4ae926450fe222ea9f2873879c78f9c2_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4ae926450fe222ea9f2873879c78f9c2_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4ae926450fe222ea9f2873879c78f9c2_JaffaCakes118.apk
-
Size
637KB
-
MD5
4ae926450fe222ea9f2873879c78f9c2
-
SHA1
8e6f2fb92016a3feed2055a3af70c253ad828a4d
-
SHA256
e616012197daa27addc0643571f348d427112dcd93b529e79680a0e77f4cd283
-
SHA512
94321a9edb3df924b91ef8dbd17d7e0f43dcd2735a18f5c20631f9f354b8e6b8905da45c6d2d4dfbf35c7d84af9aa9db9946347fd33b85bbee3575568210a6d0
-
SSDEEP
12288:L4L4oQI8Y0FotaKIUtrbMTp3zE1aaTJE5+/u9cejETeFxtMmf94vvQe6ERylTgu:LoL0otaYtXMTp3o1aKJY+/ufEW7Moiy9
Malware Config
Signatures
-
pid Process 4998 com.efos.bxzy.syka -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.efos.bxzy.syka/app_mjf/dz.jar 4998 com.efos.bxzy.syka /data/user/0/com.efos.bxzy.syka/app_mjf/dz.jar 5061 com.efos.bxzy.syka:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.efos.bxzy.syka -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.efos.bxzy.syka -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 6 alog.umeng.com 49 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.efos.bxzy.syka -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.efos.bxzy.syka -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.efos.bxzy.syka -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.efos.bxzy.syka
Processes
-
com.efos.bxzy.syka1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4998
-
com.efos.bxzy.syka:daemon1⤵
- Loads dropped Dex/Jar
PID:5061
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD593f00e9e7f054b09d2fb1c0f6d01fbdd
SHA1d9c8bfd278d17603b8a0ae2cd508c3c489b15ad6
SHA256f66f18a795b644c3f2b47f9ddf21ce61ad4b7cf7a707603af41a73a5b95ee70c
SHA5121bdebdf4ccee2e508165e3dfe761779aecb88101a855744259db978ea72d054bbf3992f3cfaa8d6ec0f11261f08aeb331cc8e7d4049cffa886f56dbc002ac1ed
-
Filesize
8KB
MD5826d36b44109f82cd7814309a2618d19
SHA10086f5db805f62080b8d895418db766c9d2d52b3
SHA256846dcc11beb2c37937c1322901cc6da386fe7d8651b1835a9e765952971aaf79
SHA5121eae302c31eec7554f958173e41fb0bb62210a74a30e85e507a409bcf5c303c5016f7d3f9eb0e972b254fa6d4b0e3547b66a2b03680906c40290ca30a43932f2
-
Filesize
8KB
MD5e18e77e6274ee11443c1bab41341fe61
SHA1d5db9dac98175e2d2ad91c70653bcad30be3325b
SHA256d5a6b9bf973d17d0c2d6911a340518d82a430f2df5ded0de740eabc949b28d8c
SHA5120c314faea45fb9ca935527eafffd0780aebad1d00387b451e12205f6a28b03edc0dd4b263f34d54501efe4991e69147a034e7e0d6d389eee0920642eea237030
-
Filesize
512B
MD527506088069c46f3590345f01229b3cb
SHA162a27eeff484d106b9a81eb0d71490b9641c11d1
SHA25635f848565ff78053c9ff947334dd6ea41ec93d2cd853adcbaacbcdb905a61ba8
SHA5123a346dd48293fe15884c3221c6d888c0606c2ffaa8e2b287a7ccef861d1f34b92c08c17fb5fb151a3316733b6425f79f559b868356ee839170a2073a55396dc2
-
Filesize
8KB
MD599c0bc19e9e2ec51d91d31d32d77b3d7
SHA1b520e6f34c282afd30d6b22b40f89c1673bd4467
SHA256bf00aa80be6a863bf59f73c2d54ce2ca7d1093d1c90fc4d1eb9d3415652f8a7d
SHA512858fb3b1d1392ce60b809f22bbaaceb773c476e2bee81ae78c7aa7efa940b1d42a66f8c6f825878413b2ed256d02eaa218f1de92bfcf4a6e7e076227e6bca083
-
Filesize
4KB
MD5af3356bca2393f7370500b2380ab642c
SHA106890e91d2d6579c00b4804b9e2846a8ee01a7f0
SHA256503d96f195f01d69020e171da0592cc19391ec394ab0407483b745ecce375973
SHA5127c4d1c70e979c396abf75c15b85109043e500d80d1601e37fcb8e69c274beeba7b4ff9dda8a0698c481b7ef04813478727e19eb737a7c3e27ba1ad17dfa86a39
-
Filesize
659B
MD50232ba07218c9beee50f662fb2db6b6a
SHA102496d45af905bb2693467bb8389ad36b4aabb3b
SHA256b5b8300a6ff98d1a2b1d1b011b19947f7502e44d2cf972c55c9b1f03588adb06
SHA512f30af1b006a7832e3eacc32346d6c8f266c6246795ebc3e301cefc6fb590d5c0330281f49f44ab3473323a03b506a639d082584e448b6a51243df51079623de0
-
Filesize
162B
MD58beb22014760cd7f0ff44112e082be3c
SHA1c8c1e302418ebc7b89384e7eb789ed741f6f47f2
SHA256c8db6825731d28e7179d5643becb87117a1fb6dac95c39c6a05523f00ce9f197
SHA512a619e1fa37d82a166961b068084dc381dd1ca5570cf658b59bbfaec3e0bff4aab3dcc251c826b2590c87d2a127aad85c58755336853f5bb965d165d57e6b5c08
-
Filesize
806B
MD569f7490f85e10cba53c6cc3106fdc6c0
SHA139a81657d0f7d54bfc54f723b8e7db65a29fd7af
SHA256c59971f1d1c5360a65bd3647047dff8d7b0130426256dbb8612e6d12b49a78ac
SHA512e323613fac379556ee4c13536d63091050b65ddcac90a4ac021d0f550cc6213114dbd134231e6b44d5fd9617df7fb9ed67564a72266fa69db7ad86c69f10d1b8
-
Filesize
352B
MD5cad7f4c5766eccf4d673ff943ff12c60
SHA1e3bbfea13107aea9db42e0e35095091fbf16454b
SHA256819d39f1bed04940932f88ee2774246c9a424bd1e07f7c841e8a10ebf368700c
SHA5129770cd3bc99e75f0fce3877d80f3cc4afc98b4f757fa509d9c853bd4418b8dd6a465ec49b14e6c94b8a595063f2a98162a577708beac4fbc47bdbcba189dde46
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc