Analysis
-
max time kernel
148s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
03/11/2024, 20:17
Static task
static1
Behavioral task
behavioral1
Sample
8d4eab297e8f4913c33932f772a0a886_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8d4eab297e8f4913c33932f772a0a886_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
8d4eab297e8f4913c33932f772a0a886_JaffaCakes118.apk
-
Size
550KB
-
MD5
8d4eab297e8f4913c33932f772a0a886
-
SHA1
38f4d8b034ddec1bf5f1c1484a2b3d2fc10bbdc1
-
SHA256
d3655fa625d728ee9ccf7ae84024897b9d1a579faa833744b8dd46ac2935cd11
-
SHA512
c1ea92688f9ecff247a7a1f32a50cb71ad7b2e8ad0a6a906be8d63de1f320394457fe374fc2367ee3b57651cdf4d67ab0498c3aa4f0f5d3fd47a0f5691acff96
-
SSDEEP
12288:Oe4LINCjgcNUJSlRMWU3ca27KT/jhaGOenVtIceFxEMBkO:OcNwtUMacKDOTGM9
Malware Config
Signatures
-
pid Process 4923 com.lzfu.syek.pbqr -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lzfu.syek.pbqr/app_mjf/dz.jar 4923 com.lzfu.syek.pbqr /data/user/0/com.lzfu.syek.pbqr/app_mjf/dz.jar 4986 com.lzfu.syek.pbqr:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.lzfu.syek.pbqr -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lzfu.syek.pbqr -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 6 alog.umeng.com 43 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lzfu.syek.pbqr -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lzfu.syek.pbqr -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.lzfu.syek.pbqr -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.lzfu.syek.pbqr
Processes
-
com.lzfu.syek.pbqr1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4923
-
com.lzfu.syek.pbqr:daemon1⤵
- Loads dropped Dex/Jar
PID:4986
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD567c00ecabe3acb4a1300a639c231e5c7
SHA1f1a493754caef9d9c94be8e4f870a970a1130f12
SHA256f352275265910fc73680f1aa5f667468824ce2a3e8a2ff62d906762ffe96db03
SHA512af818058f3e56add744ef6993b6030ada2c0525ab4866a6f628e712d162ce9c72b9f189280f09b67be004ef32d1c804df33e099c3fd55f7f87c598f2cb1f0d77
-
Filesize
8KB
MD5b7a7f55fde1ac60f954ffc26e5c42c7e
SHA1eed98a51c3c9af1a8125e143f5fb6059aec48666
SHA256a1d7d3889f9fac5059bc47f439f5422c3abbc1f956186304dd6b63685df27b4b
SHA51225df7752a3f37d97a3dc5211af92f8bdf1472621ccd77a40bdde4905cf9f87ef8f574b41a07ad0157d0e49f44022752855fe32008111de03d00b74d6176e48eb
-
Filesize
8KB
MD527dc39633d847a3cf4a7849f2bc6adbd
SHA1d6b64c85cdf3c525ff5c9dcf5b7692b8a2b29c22
SHA25607aa271ca9260ea6fbb6e9b14b323c9d310890f6159d0102463f3938e8504d9e
SHA512654fda9131eda9d76080b6f2b7493fb18f3a8b03cf7d3fbbfda6c17c56a48371944e39d2907a6bc6b2342c70f7663d91533706711d8f2c0c1980c46adfea4aa4
-
Filesize
512B
MD5efd135267d9788ffd48308a27fdb1dcb
SHA120302503bcd9255f4e73564d91cb936d824498a1
SHA256ff24a965b56288f398dd008ae88c7da6f270ecaef7e2e49c70a123881ea60d3c
SHA51247d46673d4849a6fd36b00a613af200866d7ce962783bc8f7f3890e203d6d8eb4f08a143dbe7b1514b0db21fc155e231785bcb1ec4bf15efe9d44d8d64ad32a7
-
Filesize
8KB
MD5a6fdf3f2097f5ff7ac6e931f288c9e32
SHA15c1fc063bf1fcaf3e6bfba185dca530eb82a505f
SHA256a69459aab49908b794787616ce59010e2c9a39815b5703463513b01fed41ceec
SHA512c9613b003907e9364448f6ba37a5c8544eb99a5ae32cbdee42959136f3802eb293e82382b2619931bca7136e017dc585ca96b2d80aa203559d3736166c2d414c
-
Filesize
4KB
MD5b8f4aa14fb51657de428b8764c80fbde
SHA1f7111fb66cb9bfda0318a6229283b177e2919f4f
SHA25674a16907ab36b54f1cb35dd18cf8c228768ffcef51ac003c89e131d5df6c9945
SHA51270480f1da1358b8122c89a7932f7bc39730e3a60d86478aa2d84c33e0a5d5969d6668f6bf91ad43f2ace8c14dbbe8bdd47f2665d2044efb94b4f0e60b0767df3
-
Filesize
656B
MD596d4c0f5e208eb7d4c4e2913d11d0ed1
SHA1d180954ee5dc89e818faa104c459467de024e137
SHA2569b7c73a7bbe36c9e8430d2bc5d6211e5de79daf9e281574a122e4190facc482e
SHA51291e5cd512ce1e6d65fa94c7fc314b711592696719c7bb0a23d8e85a71c574bf80e5c990f9698b5c876df9a40384c57ba2c9ad7e112b0d7604ee5d28c901ef2a3
-
Filesize
162B
MD5b2a614488c5b02983e00041091d82258
SHA12eb0116c9d71d187e7d1f9e11cf02b64f2aaf95c
SHA256f8bc39734caf43fc62695e3b36b1b4de5651617cadd0b2b283dcbe88da6bc6b8
SHA512dd728f10bb41019b863a6783e8fd5e9ff85c9a4846242b907da9450e3a2388aebfa026f5df57d20a65976beda0a37ab49ee138a05c80a6c866e03012ca84a39d
-
Filesize
806B
MD5f4093003a0d9c70c826f0b7ec134d4a7
SHA152b2bab306a725a066b618a7bbb6c147a2ad9e36
SHA25603770990a247c328b59bdbee30b995a3d1af2bf01ab54429faacec2be7a60b82
SHA512f02385be17adef91bb0a5e377e5d2d2930d01e384414443d0cfdf2e80d2ad53df75e18dbac8f9b35d864121d01a80f6b640fa1201e968978e979210f9fca5fad
-
Filesize
352B
MD5e965a5b89c9d9524fab75f26c18138a7
SHA1e193c8cfd9e35f396caaac902d24c3d0eeea9ea8
SHA256404f7d9bd4b8398a9ac26338c7d78664e5365090a0f65c6604311d4f68e08838
SHA512465fc5bcb801a5cad6273802fad85fd9166bc389d18aaa3b28b95302486d38ca195444f56e12505e41bb0b523223f365190eefca5480dcf13380e9c26b1c33ca
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a