Analysis
-
max time kernel
149s -
max time network
151s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
02/11/2024, 11:18
Static task
static1
Behavioral task
behavioral1
Sample
852b214817f3033c108bbb89a8edbc3c_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
852b214817f3033c108bbb89a8edbc3c_JaffaCakes118.apk
Resource
android-x64-20240910-en
General
-
Target
852b214817f3033c108bbb89a8edbc3c_JaffaCakes118.apk
-
Size
550KB
-
MD5
852b214817f3033c108bbb89a8edbc3c
-
SHA1
a88bd5f408cb6a6fb1f14607d63c7bfb6b127ca8
-
SHA256
5ac0d9e1ab2446c160374d0c232b446edd58190729edbc872fdd888b8f0a0b7b
-
SHA512
4b455883b478f8eda2b4ac776928ba0b09b0acf4a6a64e35957c4eff082a93660657e7f5d70903c1ab5268c79149772787fae9b5b508efe4996f31af54d87ce3
-
SSDEEP
12288:S4LINCjgcNUJglRMWU3ca27KT/jhaGOenVtI4eFxSMPIX:4NytUMacKDOnwM2
Malware Config
Signatures
-
pid Process 5240 com.qxkf.ryjx.lynf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qxkf.ryjx.lynf/app_mjf/dz.jar 5240 com.qxkf.ryjx.lynf /data/user/0/com.qxkf.ryjx.lynf/app_mjf/dz.jar 5305 com.qxkf.ryjx.lynf:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.qxkf.ryjx.lynf -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qxkf.ryjx.lynf -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 34 alog.umeng.com 14 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qxkf.ryjx.lynf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qxkf.ryjx.lynf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qxkf.ryjx.lynf -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qxkf.ryjx.lynf
Processes
-
com.qxkf.ryjx.lynf1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5240
-
com.qxkf.ryjx.lynf:daemon1⤵
- Loads dropped Dex/Jar
PID:5305
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5b2774b25d6c81a4a4a76781e895cbc3f
SHA16a06b31a9e8cadf873f4366d6670b65b2f3fb927
SHA256440f0413d8e712dece5c6ea203e0e430ba0c7f12d18c20993a088e2860ff140a
SHA512fe63190e8832a3656704c8c633dc90a9b13c67296add82dc71b5649660aec6c700f0d8eea22e94111655654c1c12d4f56aa6397790c95596ebd808eb0b97cb85
-
Filesize
8KB
MD58726543fc8f67e00c209631d62be74be
SHA13058653b7d9ced32320e47e2e14b6812dfc43341
SHA256013df42ad2b0af8ea29582bcbc607efb691b542edd9703447a464179fae48d47
SHA5120c2f47dc73c2de0eda6b4ee334d4a1f75b654f4a643d3946fb3e373f9ed52209c19ce371fe1eaff050b472d0f556b4191120078ba832f5c8f50fc48a7e351394
-
Filesize
8KB
MD5205a5eeb2adbbd102f5969ea07926d8e
SHA14b827474417ce1d13352e92840938af181076a35
SHA25620fc43908e57593438cf74e8fdf1788a778ff7697964528d0229020622e3296f
SHA51277ad9adf2eb77751fded7c1500cac04ff4bc4edb9c2ddeb2ba6e92810d06060c639b8f2422577beafd0d41a6054453fbcaff70ac38c724bac5180842ef9271d8
-
Filesize
512B
MD5f595ba9b67bed19cd485736dd3effd28
SHA1ec9cc9c94f72f5bf3ffe8a44e298068788d7e571
SHA25611889693e4e005e16707f35d333e0c185aaf5e0b33c2238a0a41256b4749e36a
SHA512e127e19f3b0b95c4e3e89ab5d491dd4ed3648dea29b0844bb225e00fff1f6c419c0c010e9a27236654083cfa353185154e613081fb090e8aea7bd43f47cf83cd
-
Filesize
8KB
MD593893e0c351af23ca03b236bb66edf0f
SHA1d90b2627012857f12ada6cbe97c942ef59474735
SHA2568598452a0bf956a18537ac6b19ed1cef0ddade3fe05e921514c1142c9e153e39
SHA512dfbead755389944e2c8c425f8b4bcfae41e636a04429eada6f694808d042e92b2906439e89342b84f0f2c20face1891d419892963592c721627a9fe29cf635f8
-
Filesize
4KB
MD556e96bfd7e8704996fa15e477360bea3
SHA1d2f8aeb1a2720d124c9e9a9f73084cbc0b108cf3
SHA256c635473d8e19a63a0aa314920c7d230db3a5f97bfd414deb2682210f0bbe4bb5
SHA512d2f02d8337b030bd87ca16c52e1987a94c1e2f23eefa1557bc5dd1b2b8d72e7749d35bb5f67742e0fc54719d201eb1adc1bd1ace4963feb3412ffc17e36f1dab
-
Filesize
655B
MD5cac35aed25d62b6cb5200431c378b6ab
SHA1d74e252828504b73ce81daa236f56de10733a055
SHA256d260731fe42b57725dac06a031d088c77051e2e6b4cfa9cfa8f1495147c93b5d
SHA512d3b0006d352f32a9a40abce57470b722028c88c3bf4e094790b9cb28c19bef0f848bcdf00ddfdc6b318e6ef7b1d0ff0f2b3256a4908f07b0c70bb39fc38a57b9
-
Filesize
162B
MD5a50693c1646f9bb7d93ec44e016b7c50
SHA10c22327705b1019c2be5c466714e206d876402f1
SHA256abacdec3eae123033af887887d13d609f26a9d2364ebd84d0866a1e297ecbe8b
SHA5125ac2801f36e917283a41a1030f847ebb6e76fc25694281366400743e3c2e445a7aeb1f378842e16f3774c962b45177d15561a4f81cfcc78a526a1f25d3d29141
-
Filesize
804B
MD506812541574578ae2685ffe2c881e811
SHA1a0f72a1bb28d75ab23ace8c54d171775f3dd6e50
SHA256506f69348718a49fb81095f6e69ef5b2b6659a81bd19cd6e5f06d087532e4aaa
SHA51230f4390eaf08acf746b58ec9b1e52c9a927ffb3f9beb992a68b4911cf03f3c503b0f0aa7fa6d6a6e0b512d218f94e4b217229ae913a147be3d11e0b2822b8a47
-
Filesize
350B
MD5d24ea190f5caac1bdc7ba6c704f6bfa2
SHA11507921b0338c80c1b18571cc44a36d154a38de2
SHA256a31784fc57615c55215f56167da53b3dc53d73850bf4bff6a5525933e75ed5ca
SHA512ffd0b7bddea8a88ebbb0d1ba3a65445e5906041eb0d3d4854f9147232f25b32192ddcc73abe94ddb3d36396b0a44700be4306090f2b0257c6813a45e555ad5dd
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a