8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c

Analysis

max time kernel
149s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17/10/2024, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5219b93905b81b3b93e81265692ceea7_JaffaCakes118.apk
Size

636KB
MD5

5219b93905b81b3b93e81265692ceea7
SHA1

06a84c784890932e15d07909cd92e088ca643dbd
SHA256

8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c
SHA512

068a92de585066befc8897a9a5269d18b93c049c5ed1224342b907f970fe28d4e2f9ee09dc0e092f332325e0aa861f9aca673a3b796e9b78bf7c2b8137f7e67b
SSDEEP

12288:0J4LUaxJLbYf7cznXk4gJ6Xn0AZvIeFxfMYl94vvQe6ERylTEp:0l6LoUt0AZvZBMgiyd0

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4258	com.pntc.nyde.szij

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	4291	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.pntc.nyde.szij/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	4258	com.pntc.nyde.szij
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	4332	com.pntc.nyde.szij:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.pntc.nyde.szij

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pntc.nyde.szij

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
6	alog.umeng.com
39	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pntc.nyde.szij

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pntc.nyde.szij

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pntc.nyde.szij

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.pntc.nyde.szij

com.pntc.nyde.szij
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4258
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.pntc.nyde.szij/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4291

com.pntc.nyde.szij:daemon
1⤵
- Loads dropped Dex/Jar
PID:4332

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pntc.nyde.szij/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/data/com.pntc.nyde.szij/app_mjf/oat/dz.jar.cur.prof

Filesize
638B

MD5
ef55d76f5245586cf9e5708773455f22

SHA1
a4bba9c94c76808260b71e61b73529fd2f8592de

SHA256
23b3879a6214fc2b3103695d59df51457b9863b81b961613fe1765de285d67aa

SHA512
b2a46490d07188a2f1cc4e38a36dfe94ced0f73eeea0818abd8de3625bcc3126d5973ae42fb7b02667f6e6a16495f3312c90ba9030abf1a0b725f562988e5f9b

Download Submit
/data/data/com.pntc.nyde.szij/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
512B

MD5
8e94b5bc5c4fd8880d778062953721ac

SHA1
0ac7d8e716333f2cd79e443eedafb639c05adaa5

SHA256
2ecaef78410d3fdb65ca5725d98ef674cd627fb72a5e71353c9f3cd44de192b1

SHA512
af51a054b5eaf9e0dabb09aecdd408b547a9a12e697b6fdffae7e7c13f836ec4952b203fb16a87f748ef8e2eb6a5e9aecb70bc825a250a4a3bd7f6447050c834

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-wal

Filesize
60KB

MD5
8dc57c50abbb6c046debc3515a8fd7dc

SHA1
2d2f05c70bf6d5e7f171f17b51061f22ad7c4e24

SHA256
d906e6f354d92daac0f537585262958fc2f004e9946a28ba7decf29fcd89927d

SHA512
d1c887d978448f3c1cff2cf7b83c12dea686d3ce1cf2bce2f65d03a0d9f70839ed09bcf82f5ed26836000aa1ad683e3ccddc2122d8aea382d9aa7165175763e7

Download Submit
/data/data/com.pntc.nyde.szij/files/.um/um_cache_1729169190479.env

Filesize
683B

MD5
e6d46008ba30ac9b4c62fb9835773031

SHA1
02a791b36b7c545357f739c660d03bfe83024d76

SHA256
cc45ad82bb392c1dfaa80402a21282b5a5593de2b4f293bae7dd1d5f7bfcbb17

SHA512
45250c7158635d045bed4d54039303097e39ab4d58c17eacc76a16319d6b3a9cd1ed1837b5313170bad9a5d0f8808819cf37f997b9bd46942fd7a9e2ba846b73

Download Submit
/data/data/com.pntc.nyde.szij/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
664f81b76b244f49d19e5a2ff80d394c

SHA1
030bbf3bcb971ebeda58eef1b459d353713d8d00

SHA256
fcc4fee7c24ca845407f961bfd7c47f3ceb918dd1d7cd7709ee52f291e51c60a

SHA512
e3053c4a9ce95ed215587c3dbb93d0ca188e173ede3789bf224e9025866eb1c72ea296d77b65831e4ca17633c6cb5477a8b86220badd398dee047c0f0f2ebf34

Download Submit
/data/data/com.pntc.nyde.szij/files/mobclick_agent_cached_com.pntc.nyde.szij1

Filesize
867B

MD5
8df17591314345c9a555e5dd53942f02

SHA1
cbee32f703f4382e22e0eb788889ac2bd5ef93e4

SHA256
7019af38cb7d6f15ddd3e9f576a32afc267d3168e632758620b3b9543df8d0bb

SHA512
4011b173f69f4cf67d4715a6e154c0ea66b62eb53bca340d2a84079b0b8a89395cd7aea95caa5435ed50c3d7dfdf55ebd32c5576a977596e671a360c8173d320

Download Submit
/data/data/com.pntc.nyde.szij/files/umeng_it.cache

Filesize
415B

MD5
46b234689677ff29e2be06df57b4ed48

SHA1
aa314bba2739d57a4043314eb3a19b37c5e29cd5

SHA256
859ae020a65a03682d8b57f1043ecca1240ce6284ecfc64a9f22caa162805aa3

SHA512
60b3b82ec94d7cc2150cd09906e96a235d0132fabf4d76374ab688ee6795de672ed050e4f80213d31ba6a0af9963602992448f1d50a58aebcd3bf29ddbe88131

Download Submit
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar

Filesize
249KB

MD5
eb4b1f8a3354e8b5c30a253c771196ab

SHA1
5c721a6d50b607c91d6b900b4a21a09680f6149e

SHA256
dee0215de8f0bf8acfc41aa199e605f30178a969cb5821a977e865b69773b3e2

SHA512
a7ce9f9612de9c987392c28f2ded37dbe991f3b61022ac5ad797230c294606a69030182a62df3f8ce98ee50b42a4a38eda9bc297332cc4b46b3f478cae6fe1b6

Download Submit
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads