8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c

Analysis

max time kernel
147s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
17/10/2024, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5219b93905b81b3b93e81265692ceea7_JaffaCakes118.apk
Size

636KB
MD5

5219b93905b81b3b93e81265692ceea7
SHA1

06a84c784890932e15d07909cd92e088ca643dbd
SHA256

8295a67a73b1c94b4260b202a273a79cab55c4b8a8156dc9f64edd815b18f71c
SHA512

068a92de585066befc8897a9a5269d18b93c049c5ed1224342b907f970fe28d4e2f9ee09dc0e092f332325e0aa861f9aca673a3b796e9b78bf7c2b8137f7e67b
SSDEEP

12288:0J4LUaxJLbYf7cznXk4gJ6Xn0AZvIeFxfMYl94vvQe6ERylTEp:0l6LoUt0AZvZBMgiyd0

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4491	com.pntc.nyde.szij

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	4491	com.pntc.nyde.szij
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar	4561	com.pntc.nyde.szij:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.pntc.nyde.szij

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pntc.nyde.szij

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
27	alog.umeng.com
61	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pntc.nyde.szij

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pntc.nyde.szij

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.pntc.nyde.szij

com.pntc.nyde.szij
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4491

com.pntc.nyde.szij:daemon
1⤵
- Loads dropped Dex/Jar
PID:4561

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.pntc.nyde.szij/app_mjf/ddz.jar

Filesize
105KB

MD5
7f1e0fe2e6a0618b6c84d48ea0586b6d

SHA1
dea54fa91f9f431b85e8c4048244a1c3c4b16665

SHA256
4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

SHA512
7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

Download Submit
/data/user/0/com.pntc.nyde.szij/app_mjf/dz.jar

Filesize
249KB

MD5
789a4162427149dd5e519f917ead0e29

SHA1
d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

SHA256
830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

SHA512
b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37

Download Submit
/data/user/0/com.pntc.nyde.szij/app_mjf/tdz.jar

Filesize
105KB

MD5
fc1eb8c18ddc0f8727b5fb5eba8ca870

SHA1
af6d64fe2432bece4c523066a57f35be8f175a48

SHA256
7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

SHA512
25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
e68ae609425f786f1c9a3ff9feb7ad21

SHA1
949675643780ece34b08b4651fee59777577a164

SHA256
e18635ff884ab8a4e11d6a76d25af398e94170daeb4afba4aa12da3f556d4953

SHA512
e99becf91fd5ab6f446ed674ffd99151acc6ee31a42638f4a18b8237a49f75eefbbde95a07852344b844f7bc00c9c9f05626ee090de697de6eb81340e17f0b2d

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
ff4ecc4da70c634322b0c285c61cbe36

SHA1
3816893f03c69fd36870842872e69690f888a9c5

SHA256
684ba18258fd0b9be3c44a0d2c63f7b443bcfb05bd34021b7a3a6c53ea9f723b

SHA512
b26e9aefcaa3578c20cfb78e014d294e3ef8af2cb47ce62e3f7eb3ea684f7532877012d8d3001092f7626605917a3a370d69b14a5cb485ccd36aaf08d7946782

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
97ca3acb253acb8e6806fafee8bb95ea

SHA1
15a8a5dea81ff7b09d17d009809dfd74a000c45c

SHA256
220b47ef78159b4c3d1380c06d1b43e0a875ad5b6310bce3f47f366c5a475a74

SHA512
6c542648b2a46575e524763a46793e18df9d845b04c7fb98937286cadee9a633f595f7cd21de308552633c02be84c76113f461b492808d1b5bc138fd8378044c

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
512B

MD5
31201cefe8501bc94d944b4a15d8fe6f

SHA1
b7c529ddf11239b18e81bb80e3455d53e3cc6048

SHA256
cf7069f0fa406144966aafb4beb1d93fcfa31c7a8becbda236bf117d295c99e6

SHA512
d0420a4bc1383391ca12d09c4646bf8895923a05e3178286407fcb98891c918f6eb619de89b6096165854767d7ebc03035f7230265b3fab1e865933fbbefbfac

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
8KB

MD5
2c16337bc3babae7e2cd4d62b448053b

SHA1
16b70bdb8db18bdd84e5d6e34d2c18edebc5b43b

SHA256
aab98d0ea16055c2d77eec74ad08c7a077f3d53de6e57f55cf1c2a3cce19fe5c

SHA512
a52bec97c8e93b3385c7dac403449644e9b9366cd8856b756285be125e3c0a2f07925a30e446f4920e860be23e9f89c8549f0bb6532f5dc97086d6aa8a5b36ee

Download Submit
/data/user/0/com.pntc.nyde.szij/databases/lezzd-journal

Filesize
4KB

MD5
d083ebb195ba9a99787088e470e1bc4d

SHA1
ea4f6829ebab519a467f7cd2acd66f83772536f7

SHA256
d3dd23c312ee46b46cd7099e859831fb4558601c8af17d57d2a3a2220b380e67

SHA512
c36b4f2f626e2aa6a403a24eb19d1d97976648e8bbbb8374d8c54fe44692171076314995f53f34386d0d8004b464cf92e32200c67b3cbaf3c29bad0ef40cace5

Download Submit
/data/user/0/com.pntc.nyde.szij/files/.um/um_cache_1729169190258.env

Filesize
656B

MD5
582efeff9e4e2434f7ee1dcb1ca090bf

SHA1
e8acffe872fff816640867fcaa457fcc2e3e9a00

SHA256
fba38dc61d15ea3e49f93642f0507674c8e5ecb3f8f1ee447312241273bdfdd8

SHA512
f1fe17d549e899ca4adab23d4d56e2f31be01107997c7b309879c48937ed8cc6495d1123ee57d67e961188b514b71fb0421234c80aeaca159de7b110c3bfaa7c

Download Submit
/data/user/0/com.pntc.nyde.szij/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
a0850e935c099a182a076f13d7c2805c

SHA1
c021b0e633ee32881aee277336187a99c4c854bd

SHA256
7e16c6b3224a870c1235b54771903ef98e26f6d8b0c7cb0dc64420d6437d7780

SHA512
9914b26c3559e4b07238898e93de2b459645dc8127f92b59ef27ffdbc11d6eea1903996205b125f201f99c09c0e7d428d1eb29b40fe307777b3eee4956c60e72

Download Submit
/data/user/0/com.pntc.nyde.szij/files/mobclick_agent_cached_com.pntc.nyde.szij1

Filesize
806B

MD5
ce3f2b8ef2065f84bf59860a8b0de726

SHA1
4f8a6981036ecc78763e56f4c3b2ce30c87deb70

SHA256
6a68d37544f30d48bfcca8293354c139a02e99d366262d97c452b03ada709600

SHA512
d8fc666135bf097f556f91f206a974a73f4851272fdf930c5bdc8d2737014e57e069daefc77b8c087edb6a6b22f4c87235bae7c3fa6c57c53823c4f99c254bbd

Download Submit
/data/user/0/com.pntc.nyde.szij/files/umeng_it.cache

Filesize
352B

MD5
e5bdbfe3dbb527aa85fefedcd345cfcd

SHA1
02ff5dc6589c442b03855361bffe25c4c9104998

SHA256
b5b7c8055365f8adb7e14f69917fb2d795776c0ea73eec3de1547e25b22ac230

SHA512
68ece2a1399e2d008239fbfb9a9313ee57d1c411a1b3edea37ed464e37cfaaa4c3ca8175432b1bdb068a75a9a40b3767036d77adec0b2c60d7666750f39779c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads