8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c

Analysis

max time kernel
148s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17/10/2024, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5219b93905b81b3b93e81265692ceea7_JaffaCakes118.apk
Size

636KB
MD5

5219b93905b81b3b93e81265692ceea7
SHA1

06a84c784890932e15d07909cd92e088ca643dbd
SHA256

8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c
SHA512

068a92de585066befc8897a9a5269d18b93c049c5ed1224342b907f970fe28d4e2f9ee09dc0e092f332325e0aa861f9aca673a3b796e9b78bf7c2b8137f7e67b
SSDEEP

12288:0J4LUaxJLbYf7cznXk4gJ6Xn0AZvIeFxfMYl94vvQe6ERylTEp:0l6LoUt0AZvZBMgiyd0

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4960	com.pntc.nyde.szij

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	4960	com.pntc.nyde.szij
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	5024	com.pntc.nyde.szij:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.pntc.nyde.szij

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pntc.nyde.szij

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
6	alog.umeng.com
31	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pntc.nyde.szij

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pntc.nyde.szij

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pntc.nyde.szij

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.pntc.nyde.szij

com.pntc.nyde.szij
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4960

com.pntc.nyde.szij:daemon
1⤵
- Loads dropped Dex/Jar
PID:5024

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pntc.nyde.szij/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/data/com.pntc.nyde.szij/app_mjf/oat/dz.jar.cur.prof

Filesize
730B

MD5
dd700f22a556fcad635f2dbcd470244a

SHA1
ccef6021225a1e037cf4a402384ae62e3f936a71

SHA256
cdb870b3b79e1f5490341cfbc0a1b2cc4abf4c88e53b5597161c04aa92d2901b

SHA512
41984f251c0167335c1cb34ec2b51ff7f253abd9ee9516ebd6a247856895a40d77ef6c302107374892ab6bee18d559d92b77c7a0768031e793ff51cba887e276

Download Submit
/data/data/com.pntc.nyde.szij/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd

Filesize
28KB

MD5
dae68dcffc3d522a79f98ebbc3b6d457

SHA1
6df5dce9a50f12044a2d20b8d1742ae47b82ee03

SHA256
56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

SHA512
23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
9bfb731f8fd80bc82bf9d692fb5aeac7

SHA1
61dcd701cc9ee772b849a70049b1bda1a329d02c

SHA256
47a6227277927c69e7f5ddd740ca434ad9d8f077b42e8c847b3b7a83a2f87418

SHA512
9a09d9e3ad0b79c4c0b42e31329ff6ca89f1f058cfda587fb96120271c9965f60617a1709b5867afaddc82c5f65c1d655265f44158f4a2a61cab2a2ceff842c5

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
5e42933da3d0de6404bddb01cf9494af

SHA1
676009fd61e8cef0105d12e20865c59a445bea69

SHA256
e48de6077542d06345c21120b4154da52446ad01b9dfd0c95a9ae697edd6b0a2

SHA512
d11fcdc791b1138d95d69080c2267c9f4205c568db78c4e5268a7d1d03d5dd3f5aa244985659f702b2023272b3eecf6051a6bfce69afb3214bdf08909e29f18d

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
673f6dce3dbd353eb405f19fbcb73565

SHA1
cce0668946e8e2b570d4e1d1933654b474596e36

SHA256
cec1ba7da9b3dc9c5a84a4070ae414434928a4b60c75f9c2e99cd05a867ec9a3

SHA512
5af69e0f690a33fcbf3288a86d8272efe9876f4f312efdff95346d77afcc0d90dc76014d2ddf8c081ad9e2d7fe67dc64b33a8359091f0b4a49ce7f8f4b431bbd

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
512B

MD5
207e3a798c822e04f0338463dccdae76

SHA1
b4a557f939d20776f9e32296cee426a6ccc01634

SHA256
e33ddd4605484d54d81a4f4c74ededb7498486ba5f13ce0b98fde337bb467694

SHA512
d762372c66c1ad899f4863dfa9744e22f42526bfa4fd49d185f2de1db033242ae30a6299567c7298b5ef9b66e65ae249624939eabe02d0cd491a85c176819421

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
6095a5fb52b20698b977ce3ced1d6406

SHA1
3add09773ef7ea497092a17c6bb66d8c95d94ed3

SHA256
ccb94c47a4f813a2a1314de675ab098dacc5232a133635ff81af86eae1e7524e

SHA512
344b35f5b9ebcd3cd269e4df1ee7ee98145f27452b448b44d5c374da6a400386eae66d562b7d0006b2b96a076c46c9247b6a5c40ca509f8dbc541e8aa5a50591

Download Submit
/data/data/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
4KB

MD5
be8616db796c1bcf386da7ce4f8c75be

SHA1
540e0eed75fc93e9d95983aad6b2be7b7bdd8f94

SHA256
de2b80a15b36a01ccee8671741d3894f60c92bb6973a76944331c01fd212eeae

SHA512
ef7d2774144627f73f01a741b7ab5434eeda44c49302cbc88322fdb3862639a48e7aaaa9a9719117eaacc850e961b39cb4c4ed1ef668db84f8bedf1b09a63680

Download Submit
/data/data/com.pntc.nyde.szij/files/.um/um_cache_1729169189432.env

Filesize
657B

MD5
7b2e17017f60af10cc884be5c7c438ff

SHA1
540d9edef319acb68eab4eec3dabcbe1fb9db306

SHA256
17acdd09ec792254c8d3a48860d0e6d3b42ad1003342ff0321a28ac6e7063289

SHA512
3823f9e4bd1f540b9a3770eecf004be8039caa7b38dbc00c36deed9e4417ec4435c7768f28db5faad506d038b7cdccb03b2eb486f1b75922649292550d3a92b0

Download Submit
/data/data/com.pntc.nyde.szij/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
be5857c8e7c3fa0467cfee69603790e3

SHA1
eb7fac00b59e28dcbadb6f7dc400827283a1669d

SHA256
346016e6c04c7ae8ee9757a66160ed07e3963527487c7aafee809805aa030d21

SHA512
0c50e207357fd14b5978677ac648e2fa7c236c2cbde0f634901dcca64192e82224ae27352ac299100efefe2926a237a6ea3cff001da36a908175407125becb64

Download Submit
/data/data/com.pntc.nyde.szij/files/mobclick_agent_cached_com.pntc.nyde.szij1

Filesize
803B

MD5
49b6d218c92bc8a6ec87f8428be0c710

SHA1
403629a2b79f2a4b37bb9c17f70d380058f755fb

SHA256
0aa2925391947e2e341178ae596a74270aa0272f01e7abc716e780ff17e65c39

SHA512
985a64c02f01b860a35a8eb7e507a2c22e1c6376add1d1cedc3437a4b90f1fbee58a24e297ad80b2c522473d1db0dc0485cb5a9c9deadd9d7c433fafd4cfcf38

Download Submit
/data/data/com.pntc.nyde.szij/files/umeng_it.cache

Filesize
350B

MD5
5d77785b1ec8e690c759d481dbdaf08f

SHA1
bac4264998b5cec271ac136e666f4d306001571f

SHA256
232b30ecaf986e3ec8743538564ca24d7cdf5914b2c073de68dfb57ad3cff6cc

SHA512
3acd4902aff2d798c72fe1c6b80a40aaaee2dd6fa902275b642d86246f62f5a8befed10928204b582134c7eeb139cada7d3e65bb9a30b1e1d6fad6c141ae9a13

Download Submit
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads