Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    03/11/2024, 04:43

General

  • Target

    89b00e291cd92c8c7103ae2a91c82775_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    89b00e291cd92c8c7103ae2a91c82775

  • SHA1

    5af447807a126a49b161090036beb3952775d935

  • SHA256

    9034ef006ad45b803121b5c2a50b569c5cd421842d1ac8ac5cbd9cbeaf12e779

  • SHA512

    9d441a1f41670d1f85564329d3deaeac62fb01868302dea3cf9689a5e086760222605f3fd6aaa1017d6cb4d8b7ba5ffdcc43bee5165f40bb617fa629c61a3703

  • SSDEEP

    24576:PcEoL0otaYtXMRSprkM4FqD5Bl0ZHqU+yjro+X8jfChq/13tdHbZKm51Ob83i:aQ7Yt/rkruBl0ZHvjnsjfChq/1XHNKmK

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.ebmy.hirh.ogps
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4835
  • com.ebmy.hirh.ogps:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4896

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.ebmy.hirh.ogps/app_mjf/ddz.jar

          Filesize

          105KB

          MD5

          23ba0b249042b7ba33e92c0199b0ea4a

          SHA1

          99b13ee9f7307316c2337953fceed87e9942b794

          SHA256

          1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

          SHA512

          0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

        • /data/user/0/com.ebmy.hirh.ogps/app_mjf/dz.jar

          Filesize

          248KB

          MD5

          a54a18b58c6720991c021f433dfb2a46

          SHA1

          d2ffa07919f92b6e04914e39843f08fdb2a75b68

          SHA256

          3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

          SHA512

          e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

        • /data/user/0/com.ebmy.hirh.ogps/app_mjf/tdz.jar

          Filesize

          105KB

          MD5

          293ea5f01e27975bed5179ba79d80eac

          SHA1

          c5b0806a537fd1cb753e11f1a9684933317716b8

          SHA256

          8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

          SHA512

          c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd

          Filesize

          28KB

          MD5

          fdb8a92e5060ce104e8f0faca55a47ce

          SHA1

          270d7ca30673e18cec1d2b9add71cba96dc426fe

          SHA256

          194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

          SHA512

          ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd-journal

          Filesize

          8KB

          MD5

          82cd5de212e460e3fdb84d49dc5e022a

          SHA1

          e17f20722b439169c7ddd2e7fa79bd35a7d100c6

          SHA256

          b284ef5286c02d1b64bd3477cd36cae1f56e898f0970cd8133e9698a7efcb83a

          SHA512

          73796403c09dd04cc1a1c9595936cc81c31f172f09091f2cc4bd283a1a4c437fb37aa0e1c6103688185b704b77c1beda15fea79ec61318a52b4a73f6de970402

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd-journal

          Filesize

          512B

          MD5

          0c486cc2f791b62003307a3ed2761642

          SHA1

          f1e9d58f98f02405ad8277c7e4e9cab317962908

          SHA256

          5030ec40fcafe4d95d0f0353584780d16d44a5f6c82d15f0034bcb2c6e9c3e8d

          SHA512

          b3398a336c839e9d99cd9ca57feb855e5c8d01bca4eb8b72601247ec08740ee23dd794892a88d56e788b2b5663dbea00b5c0b4fc9cf88bb58304714c5f138559

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd-journal

          Filesize

          8KB

          MD5

          4054b960a3740fab0c81ae6292be1b17

          SHA1

          375586684222ab931d2bc1494b35bef7d3295a40

          SHA256

          6a3f5e0a895652912f9d587d578a8989a513905a3bf1c7672bb47a00a6210de4

          SHA512

          652a40ffce6f56519442110f2a54a203cdac7c42f2c1ed55a2636c2695420984acc65272f12bc0e31367093bf2bd1a6b093ac76a854b6eea82e1c248653e78a6

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd-journal

          Filesize

          4KB

          MD5

          be9a26aebcb8f666ded8515fe123163e

          SHA1

          9cbd5d636b3fb27eb2a2b9051b43ca7135d7c810

          SHA256

          77976f950ef630b85fda42e0174d2c0de88158df71b243381a0d3f63f75355fa

          SHA512

          5e1066631ea75e790ea59db177968f8c379ba5935877629bd5cedcdeee59811f57ac4683e48d06334c9ed958e9174cc00bf13904132adae06017a5053f049b3d

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd-journal

          Filesize

          8KB

          MD5

          ad7907c1bcaf1fb15695ca9c962439b4

          SHA1

          9920d10cea8d83afba5948b4ca87aa21ec1e36cd

          SHA256

          ef4f84e062416cdc6ead8c00526b6b5c7f4bbaf672e7e4c582d80b07da4ed6a1

          SHA512

          1aaa5e4930d444f03df5198c8452660a27964c45b068b70399ae7e88ffcc46d45d087b0650be5078a355165f6c174bd2b4590407fc88509c0d53c2751910afaf

        • /data/user/0/com.ebmy.hirh.ogps/databases/lezzd-journal

          Filesize

          8KB

          MD5

          f129e292abd4d80a1803bebc5b760b5c

          SHA1

          bfdda856ab0f51d168317524b6366f8a059472ff

          SHA256

          321f0195d43fb4824f78f8dd0c4deae267de96142ecfab00084fd586994aaed7

          SHA512

          0d007dcd582bdb630e398b44db9f0c6956ca332e2b9e5f65d9fe85bce881065ef1cd1ba79903436c29fc04fdad63e4b4d35557b4d9da83bdd02cd66ddc8f6678

        • /data/user/0/com.ebmy.hirh.ogps/files/.um/um_cache_1730609164047.env

          Filesize

          653B

          MD5

          52cbc4edecb5769bf94d50ad7e718eeb

          SHA1

          d6e9403a212bc0b42fb60226ed3cb85b70920b61

          SHA256

          ae017ff1cb2db838ac08a4e00930873c1a583a2e6b6ddebd31703ef63bd6631d

          SHA512

          84a5e8a42e869b74321f1bff4eacc9168ffcfb4681437d69820b55349345c9ba450e9e9404b36ffd8054337b2594a05905e6690ca749d942c006b13e743a8b68

        • /data/user/0/com.ebmy.hirh.ogps/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          59807b00dcbb962b48b37d3329f81fcf

          SHA1

          23f0b495af8b443c56224f02b82656acf86948c0

          SHA256

          60b7e9c0cccb8e96f3943dee16f08771869186c0253d773163e1ecf20a19e4db

          SHA512

          651915e3096eba745e622b2baa7c43842c3690ca744d85dd4c2760cfa05743ea93bf0e539c620aa946fe0a8b84b8cf92f83bff4400b3f989ca75d8b16a69baf1

        • /data/user/0/com.ebmy.hirh.ogps/files/umeng_it.cache

          Filesize

          350B

          MD5

          339f16a0192825370d55a62650db983a

          SHA1

          8afa0112ba9a0b6b772297b752defbc4d83ea4ec

          SHA256

          c042c3d32eeb35a29c30ed0318d8b699fdbf06c19b848c5898b1741697ff71a6

          SHA512

          41a07f072b6d5b200d5a2bd7251414550b72a83b2d3dc0b85af2fbc00da6f66b1a68a0394b13ecd57d7b93e6f82f1dae5fafda85932d88226502785b4e994d26