Analysis
-
max time kernel
148s -
max time network
154s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
02/11/2024, 11:18
Static task
static1
Behavioral task
behavioral1
Sample
852b214817f3033c108bbb89a8edbc3c_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
852b214817f3033c108bbb89a8edbc3c_JaffaCakes118.apk
Resource
android-x64-20240910-en
General
-
Target
852b214817f3033c108bbb89a8edbc3c_JaffaCakes118.apk
-
Size
550KB
-
MD5
852b214817f3033c108bbb89a8edbc3c
-
SHA1
a88bd5f408cb6a6fb1f14607d63c7bfb6b127ca8
-
SHA256
5ac0d9e1ab2446c160374d0c232b446edd58190729edbc872fdd888b8f0a0b7b
-
SHA512
4b455883b478f8eda2b4ac776928ba0b09b0acf4a6a64e35957c4eff082a93660657e7f5d70903c1ab5268c79149772787fae9b5b508efe4996f31af54d87ce3
-
SSDEEP
12288:S4LINCjgcNUJglRMWU3ca27KT/jhaGOenVtI4eFxSMPIX:4NytUMacKDOnwM2
Malware Config
Signatures
-
pid Process 4643 com.qxkf.ryjx.lynf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qxkf.ryjx.lynf/app_mjf/dz.jar 4643 com.qxkf.ryjx.lynf /data/user/0/com.qxkf.ryjx.lynf/app_mjf/dz.jar 4714 com.qxkf.ryjx.lynf:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.qxkf.ryjx.lynf -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qxkf.ryjx.lynf -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
flow ioc 22 alog.umeng.com 45 alog.umeng.com 57 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qxkf.ryjx.lynf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qxkf.ryjx.lynf -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qxkf.ryjx.lynf
Processes
-
com.qxkf.ryjx.lynf1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4643
-
com.qxkf.ryjx.lynf:daemon1⤵
- Loads dropped Dex/Jar
PID:4714
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD5b93bf0d4dca3edbc75b9cc6b7e84dc1f
SHA1d3db7fa4d5e770c02f09b5166c854768d9129bdc
SHA25626a0aa8f6e19bc6deb93954797fe02f65c38c0e06d10ecac18aa49b639d6ad53
SHA5128793c187f064457dee7dd17a2d2869b3894508ac0f8a7bb8f6d226d5b69f0dc72b7d7fd7e1c6795f17858b237aa11bed8d02596e376c813e19ce2c7b08660715
-
Filesize
8KB
MD583fe9d6886be93c1934e2007798a4a66
SHA1d439d1f804b33efc34124b161ef731081bc81915
SHA2564b4a929f125ac0f0eb1bc6471f862a6295012cf39ecc9e5091c44f159c12e2c0
SHA512e87f377bcf0c4d98541768d74258006e1e838f9fc52e40a69a169d0ec4eb3e4a3a508d81df3fdf31cd8d353ec8c7256669922ca1fe2738105407caf12e93838d
-
Filesize
8KB
MD51c4f4026f3b4a47db9ed49078384569c
SHA1c9b829a62eaf1cbfc60bf6bff32d3efaaeb24bbc
SHA256b38229f926d3809a6969c9c3f5e9b374dc7df2e1fa28edec291d77a41282f3a9
SHA512a7067d43df0cde37911e9c1f60b144c76c07ff92528302f9e17ccc3ab32c03d2c83ab410582169b14c9b43c0a937c783cd319334148fabe104fcf5fae91bdb76
-
Filesize
512B
MD5f5d695358ab4bba2aa6b13df93b2e885
SHA10c2d606fc141d3aedbb0f8ade370befb1a4a7474
SHA256f5cc6a0f17c5f9860a2cfa93e39e92213d5acdc882b192722cdf8c9a8f0a046a
SHA5122357a1952e11ef4cf98ded5b1653e3cb4810565d0411a5b42b89842349b13add98f669706cf5130cc0e7a3cc5187071abc9b28581c75a545bd3520809f4d3343
-
Filesize
8KB
MD507421c280b702735ebdd2ab07dd7803a
SHA1b35c5a521eb7dc009d39bc3c09ae7c26009a318e
SHA256ad897b8a358297d3bf9ce86b5829ec53b7ea45089316bcb85ed8acc6c660d6dc
SHA512f772d4bd6572e3b2eb9235e20bd28e05c8576a225c1a19b86baa72a1fce6c601d71676ef09cc9dcab50d9293b3dc71bef2251fae281db3c307cacc1c6ecf7eb1
-
Filesize
4KB
MD5a58b2f8aa0bf1c139b07cb7751b9441d
SHA1fce0b9c6e8e060c9af83d318a2961a1ea707cc52
SHA256e3978cf174ba1d48a5dbf075786dfe078a7b5f6787ed64da58968c99842e7d29
SHA51214e295e430803240c96e3794775b8c219c51027877ebda22854ca09b2149e1b7e207d560bc919f85d4c87e0749e9aced2278e4b7cde4e0c8701dd2a56d10ec18
-
Filesize
649B
MD532e1efc2911f18ad81cdf2a36fae252c
SHA1346629d0bf94693f31a3ca4485107439da4f312d
SHA2561390ac772301867bbc7bf0dd9ff2f3a853b89b27ebcf3a8908570991d2c751e0
SHA512cf82e857bd581a8c940c8f5411cd9836d9ee4ade1a8eedc5f65cc711b40022ac8b3c62d9955f1083b8d6784c93601d97c0ceee0a5633b54d534dc657659592b3
-
Filesize
162B
MD5a8b6c28a75f5fb634bdd6fd0ad1db3e5
SHA10fc6399ba17932b3b52a1ff0232fe480955105cf
SHA2569258842486ce723847a9c6084ea9fef0362205dfe11fcd315f9e5894250502aa
SHA512aa6866d5a12767e9fb375135f524b397d8d2361cb5408ad6d7254d2018a2d13e732d833b064328dda5a66f912c26bbeebe957fc70d472f7113303bdb6d4d3b41
-
Filesize
807B
MD58b3a1b093dcd2f836a64f0e23cdecc47
SHA11f488f93e90ae2f4f35778ca0d9adf9f0198609f
SHA256c7e5dd4320a72edea2e371ba832bb76027db4acbfb4f621b879d3033bb6ca28f
SHA512d378057922eb3a2c90c356a930d1b73ca2f3ee170a218c330fe945f80159855234f9720abd4361cd3147bf7f897807882b2ce92f6c7b55234366764a98356e73
-
Filesize
352B
MD5678856066e919f0944def06904ce5c12
SHA1eff54d28f2c44dba0f9a15a6011c9f1056496369
SHA25670a195b526d71b77519284193116d68aaeec82af6e908d203d65c319ab5144dd
SHA512c362492a7a9b79f7814061bb6b8fa9a54d259073707b0969653b8d5027fdebe3b4678c666e2cca3126bf52de34af1f9a9ff9a11d44e82f35138695e56350e2eb