Analysis
-
max time kernel
149s -
max time network
155s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
16/10/2024, 01:54
Static task
static1
Behavioral task
behavioral1
Sample
4ae926450fe222ea9f2873879c78f9c2_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4ae926450fe222ea9f2873879c78f9c2_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4ae926450fe222ea9f2873879c78f9c2_JaffaCakes118.apk
-
Size
637KB
-
MD5
4ae926450fe222ea9f2873879c78f9c2
-
SHA1
8e6f2fb92016a3feed2055a3af70c253ad828a4d
-
SHA256
e616012197daa27addc0643571f348d427112dcd93b529e79680a0e77f4cd283
-
SHA512
94321a9edb3df924b91ef8dbd17d7e0f43dcd2735a18f5c20631f9f354b8e6b8905da45c6d2d4dfbf35c7d84af9aa9db9946347fd33b85bbee3575568210a6d0
-
SSDEEP
12288:L4L4oQI8Y0FotaKIUtrbMTp3zE1aaTJE5+/u9cejETeFxtMmf94vvQe6ERylTgu:LoL0otaYtXMTp3o1aKJY+/ufEW7Moiy9
Malware Config
Signatures
-
pid Process 4635 com.efos.bxzy.syka -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.efos.bxzy.syka/app_mjf/dz.jar 4635 com.efos.bxzy.syka /data/user/0/com.efos.bxzy.syka/app_mjf/dz.jar 4706 com.efos.bxzy.syka:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.efos.bxzy.syka -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.efos.bxzy.syka -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 25 alog.umeng.com 63 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.efos.bxzy.syka -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.efos.bxzy.syka -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.efos.bxzy.syka
Processes
-
com.efos.bxzy.syka1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4635
-
com.efos.bxzy.syka:daemon1⤵
- Loads dropped Dex/Jar
PID:4706
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD51b36a10b1ad50cc24654beb126947b0c
SHA1a5150bd24a191e471484c178f95f6dc1d8b89b70
SHA256e3d60d471732d5b26c5097828883dcddc017dc0a9485a943a932cba69bf1c011
SHA512b744921cf04cf9f87a8cad43fb2da4fc5820857a93e8b6189402f1426386615922428e6b9587590dd38d7914b2410204edeb7d6e779aa5d2123e1a2686b997d0
-
Filesize
8KB
MD5f4e43a2b3161ad56793de04ead61c9ae
SHA1418365200a553423937d4692c080617c8c37d1bf
SHA256138b38a69b22017544d192906f475f93c2cfed48f9c91f8ab5c511ae23cd1d86
SHA512fff391c04273af67a94ed0ece3032b327f5849e6f08ec29b9711a1269794c07cd2a318ff65f4d1f92967ea6cefc30bb32f74e1d8230f3af5685eea6035cd133f
-
Filesize
8KB
MD50a224df2d941fedf93d6aeb68eeaf49f
SHA1c2c507740d7f97e1a08c612c62b7ea3200644618
SHA2564fefa5a04752199614e7fd06f233a60c9f46ffc4f5f4116ab6dbc3fdb417eb21
SHA512379e9bfe69a9e9e606eb27797b9739632fc7e49bcce2f10656fb81df4c0c4352718cf532e63de8d1840bdc371374761991867dcf28a6deded1b46ac6c8152499
-
Filesize
512B
MD5f41b551bda024ac85f7a857b994bb8d7
SHA10c2943455a6f3d40ebc6473abf5bc2ed1df08b4d
SHA256ade9327bebe4697bf3c73af937e84a485edb5318d5f20d64fd6135480607bef2
SHA5124304cf60f5f0d2795d8bfb210349bc8fd5ba3c0fa201007d617d15541502d3b94fbbbf0e966741d938cbf5bbd400cb020dd41929c97acc08be92fdfb0518e93d
-
Filesize
8KB
MD57029b37a33e9037116411cdd19f9a796
SHA1479dc2b954bd1727e3767ceba16eff4d2a793b87
SHA2569a18bd75155c7454e10f869322f1b777d9133a9b90c3a18f6839326ee728e223
SHA51284a58e95d838e93c28f001434ecc770932acd41caed92c9c7d69fef5f7385131b6e4a9387c0ac3c1ce342edb4b3d5a6062575f11f463d79b9cc25269d4411201
-
Filesize
4KB
MD51d34dd7828cc6c84a5f2d7e0b11729fa
SHA16d9dd1e181911d9edd9e0ee27c29be58718ec92b
SHA256a9b8ba5a4c3d6a32ae7a1e5d8dc01aefe7eeb4f314920c01aeb0e84807e5921e
SHA512abe059344a85c520900c037b8245f417595982e317454316d92e982b9d12830a8221c677121ac91e58f8e96e49e9b96912055296385ca23ee407710f3cf590a8
-
Filesize
654B
MD5871391079acc5c50cffdb4d198b0a159
SHA1db06172d31e644deeb80607f398dc007ae704959
SHA2568b60078cc2af1a0059ba2af6f9f7b3d111003aab7dc9a1b0f58a7a9f011ab1cd
SHA512655ba8521131eb4bbde151fdcd96bca739d24a4092f632755181ce159fc32e7e115f44ba8f2b1f234a887426d2d2d1ba00c3e0a8babf929326072640d959967b
-
Filesize
162B
MD5cbb0fb38520d7ea61ee8e0c6442ed80c
SHA16aee219e96c31cacca57e0016181fdab9ba3f115
SHA25690ce8621cb8c700309f04aaf994622a93f1054b283cd3ddaf99171fd27dff6ce
SHA5129472fc314dcf0d2d89a08e9138b1f874141fe21d41d0080bc9b2e67997b8e057b60ed0f3c867171a25618a414ac8cf78cf4f232117fa9819a2b719610882a947
-
Filesize
806B
MD5ad66cde79762fb815774b132330df84e
SHA115e724452a926243119ac74943448b1b8e355563
SHA2567b4dd0198bdbfcf68d65c830f5d0d95fbebc9b2a8ed9440ce953e658628e0323
SHA512cbcc87e4f1172dcfbb5f48d787c01f9c2eb8498a6600607ed774f4da6e96efa082533ef5f1e3a6975e1660d2839f16d5772136ed42a5278346b712512bf29dac
-
Filesize
352B
MD58d0ea9f34013415aec36f35e97ee4898
SHA1b823827d9b3c374abfd1ecb3a8e4ac725be82576
SHA25637788b8154c691d83ac15eb2d6cf81f7eb4eca3c55a967fb77635e159d3f0685
SHA512eb5c6b539c54677a808d01adcaa7ec42d45b0dc496e6b5965c80ac2105a034606c43730dae0fb36b873f6bcbf3708e4989c6254ca5520c662c99ce6290b3ed5e