Analysis
-
max time kernel
149s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16/10/2024, 03:25
Static task
static1
Behavioral task
behavioral1
Sample
4b355c6f124e5f6454109c2d58d21ae3_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4b355c6f124e5f6454109c2d58d21ae3_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4b355c6f124e5f6454109c2d58d21ae3_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
4b355c6f124e5f6454109c2d58d21ae3
-
SHA1
cfcbf10f2f8169ec0092ef005108abab401d2555
-
SHA256
c6ee0d569566c76f6b7e11c615e51a5056e07ae618eb930b82923738614fc5ba
-
SHA512
9efe79db5075173cad4fab61bfabc28f91682eeaa1cdc2611d89d9753eaeb78e838f53b1d4344b683fa9bf5d7190a16938c18e2f91904629dfd88904516007ff
-
SSDEEP
24576:eWQXoL0otaYtXMRCnEOn8wB7PvQ4jTo+j0jT+lq/13tdHbZKm51Ob83z:eSQ7Yt6CnEQfB7PvQ4j/YjT+lq/1XHNF
Malware Config
Signatures
-
pid Process 4254 com.clul.ifoe.zzhm -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.clul.ifoe.zzhm/app_mjf/dz.jar 4287 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.clul.ifoe.zzhm/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.clul.ifoe.zzhm/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.clul.ifoe.zzhm/app_mjf/dz.jar 4254 com.clul.ifoe.zzhm /data/user/0/com.clul.ifoe.zzhm/app_mjf/dz.jar 4325 com.clul.ifoe.zzhm:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.clul.ifoe.zzhm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.clul.ifoe.zzhm -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 22 alog.umeng.com 33 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.clul.ifoe.zzhm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.clul.ifoe.zzhm -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.clul.ifoe.zzhm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.clul.ifoe.zzhm
Processes
-
com.clul.ifoe.zzhm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4254 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.clul.ifoe.zzhm/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.clul.ifoe.zzhm/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4287
-
-
com.clul.ifoe.zzhm:daemon1⤵
- Loads dropped Dex/Jar
PID:4325
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
620B
MD533834f64a4eed6154c0b6f34b9f99d4f
SHA14bb3fb9abd4f9bdc2c87a494a1ae659a92d97b24
SHA256070daa997f56545956cfa5ebaa857a03244e4d43d8550b34c74126266888d28a
SHA512e603e1c3d4a731f43ff5b8482b5b130e27f2ea3257f54eedda4e20c68b14dea4f836a11779d0deaf3540594e4c8e62c3a8be4ee338579da1437b381d499c5bdb
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53a5be57cb69b4768bd5432b0b3c24b69
SHA1b1fc6e80b424b0a0a921ce70b93e511dc41f40bd
SHA256f02bce3936ee33cc6b02016c59037143660f5297e38d8c3d1cabd57fa0d76e64
SHA51273fdb889d29e60ce0b7f23fdfb434597d9fd4bed2920691e8c89d8a52996fca7fcf1598f0a5ad639a8e6673ba4ab51953b506e039e216a2da701fa43c721af8b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
60KB
MD50af5fa09d1c1d4b07144c5eaa59fec07
SHA12af0ffaa8fd20c73ee11a18006845d30ac68b2bb
SHA25601dc7e1407b540e44d07bb2a251d462d9e605b6d461e70652d688e3867f6b4e1
SHA5125e029964d253f68520e5355ab649b459e0d53724c4998265dc57b30f89db3a0693e229ec217f5c10e561a34b5b39bdeca3a908c63ed0b44755539896fc7cff58
-
Filesize
1015B
MD51cf833ad0c5f50b93d57e0d0c031cbb9
SHA121b134f24ca7ebf1d8cf7a77bbf2cc6cbc89e23a
SHA25692f0a0317a43e0fdd60a00825f6ad08a958daa4dbdff99f655f23f9d9e9d4e2a
SHA512776a2f28d32541300f41a345f5bd7a52d70a51b8d0300198bb41fb3b3daf8ba6db6a1024388d40ea206ef2ba516464dde9627d9f992fa49f3e3ea0919827fca8
-
Filesize
682B
MD5dc95f395a3aa2be0fa9bdc3de2d97e30
SHA1ba354196c3446468d2166026e395045b488c95a9
SHA256d67bd8cd681bdfb71991418891945b746b060db40c01ae04ba355b9207e3b085
SHA512fe69ee2db551a7b72f134774d8863bc5431b3712d93c8d488a44b907dfce1a17a2de24b82fb87d41f91bf5096459fc1bf307902677e37fea729222ab5251a586
-
Filesize
162B
MD5878de65f9e54d04a762d036ba7df8b3e
SHA1a392a0236f85c2e7aeae0d9b15aa8eafb4e6d6be
SHA2561115be7d040059ca6fe97c06f9995711d5ab6c1bdf1f165242a42eea9f11bafa
SHA512b467fc76e38bac7f3a58103a703d44aa70f91b9c5f920333b7eaa29ba266c1b91514184511e11883e70998081a1ea404b7d8a89b84ff9bae1428f570901b03e2
-
Filesize
1KB
MD506b20b6b92ef24d5fda384d7677901b4
SHA1340e31f93bacec41c2698e0ecea87706be18346f
SHA2569181a39660485b69e581ca0acdf8713fcfab2f3fecb27c94a09752f31dbb51e7
SHA512572b16ce08d7bff47d7c96b4934dc2bb659cb9711418a789ace631a49fdb22df798d1a2fa8501204812ee3ef963b41543afec4a373bde5b86acc115eb246c9f0
-
Filesize
415B
MD580e5559afcf0b4f6afc6f90a7eedd085
SHA12c290f39fccc7b4297272e05d76f729abe009840
SHA256c1f197660121a8862bd7d0aef792eccbd0783c131cd35af3a9259175bd52ff26
SHA512ff2e8a8276cf322df5d36e9cd46b337919cc5da311cf6f2fffd93275cb09c94b12d413bd44bd49490d3d8ed7a71cc9e4ab88aaac78768c3427dd59ff6b677540
-
Filesize
248KB
MD59b47e78a6ff90cce5755ce4742047627
SHA1831b24aa9e116eb8d7065efd430088d419dfd6c7
SHA25630d7699b73fd7f276945415c405c12bff69c5958d12f56265a768443f6fd8cae
SHA5124587a5b26f13cbd0524eade71ed29203fc55029fe150fce850016aa7d9c578623cdc4b6a551bed3dec9e31a39563f8927cfcc9d21e2d83c2c781808b958446fc
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc