Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
03/11/2024, 20:17
Static task
static1
Behavioral task
behavioral1
Sample
8d4eab297e8f4913c33932f772a0a886_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8d4eab297e8f4913c33932f772a0a886_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
8d4eab297e8f4913c33932f772a0a886_JaffaCakes118.apk
-
Size
550KB
-
MD5
8d4eab297e8f4913c33932f772a0a886
-
SHA1
38f4d8b034ddec1bf5f1c1484a2b3d2fc10bbdc1
-
SHA256
d3655fa625d728ee9ccf7ae84024897b9d1a579faa833744b8dd46ac2935cd11
-
SHA512
c1ea92688f9ecff247a7a1f32a50cb71ad7b2e8ad0a6a906be8d63de1f320394457fe374fc2367ee3b57651cdf4d67ab0498c3aa4f0f5d3fd47a0f5691acff96
-
SSDEEP
12288:Oe4LINCjgcNUJSlRMWU3ca27KT/jhaGOenVtIceFxEMBkO:OcNwtUMacKDOTGM9
Malware Config
Signatures
-
pid Process 4515 com.lzfu.syek.pbqr -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lzfu.syek.pbqr/app_mjf/dz.jar 4515 com.lzfu.syek.pbqr /data/user/0/com.lzfu.syek.pbqr/app_mjf/dz.jar 4588 com.lzfu.syek.pbqr:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.lzfu.syek.pbqr -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lzfu.syek.pbqr -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 25 alog.umeng.com 62 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lzfu.syek.pbqr -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lzfu.syek.pbqr -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.lzfu.syek.pbqr
Processes
-
com.lzfu.syek.pbqr1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4515
-
com.lzfu.syek.pbqr:daemon1⤵
- Loads dropped Dex/Jar
PID:4588
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD552f3ba824a66ab3493c94f74138c9fcc
SHA131fd48a70c0726209551998c5d7a7faaf61705e7
SHA256d5b7ceba9936e0a4cd26a3fe36d01d62914399f7b3b84a2a2ecf4288eca3ebdd
SHA512f7bbb1f776835250263fa6d2dfebab67354b45c4bd0f639bd010d0e612503c46377ce2f9d3f5ff403258565797dda679d557dc00dc7de7f9dc4114d974e2be77
-
Filesize
8KB
MD5096fc2139b5a65fafe6d62950370f6ae
SHA1e60c7b80decc97174bfe2cf05305b868968bea24
SHA256fdeb8b8ea934eb91bb440cb5dc8f460880308ecbcc3b6917057d5da648561fb8
SHA5120453e7c19caaa141a54b6dceadc2b1f6be9a383871b08e0fcfb771b4b0a8ed390933c16534db41879660f19cc4d270924d0f76db8c290f260fbb94f1ed8ea425
-
Filesize
8KB
MD5356d1fa6ec56cd9e4ef1a9731ec69aa2
SHA1fbc4beb3a0c6bba775000521b5b50fae8101b4f0
SHA256ddab3f6cbd9faa0838907b26d91eefc900c3985bd53b411622c4ef213a1f39d9
SHA5128748b418f6f433586a77d68296c03db1486e7c66da3700494c45c8634895410bf00a502c746dda5ed3e0bc359b345f4c9eaf3fc1a597132f40fe26ee132bfe03
-
Filesize
512B
MD513c344a10ee66cf22650be273a52f2c0
SHA117a8fe93c9dec1b6b63d1cc1ff30b0e3dc03b24d
SHA256dc4bfbbd45b8808dee72864841e1f9309946e46adee4899221ba48294ba5b1fe
SHA512e98e5c1851115190a601ddaa27378d74ff88c34c0dc158a75845776d464f6467b4a90c698eb73e140b30a294b6e9c0dc6f490ecbc1160134378b620a572e3d2c
-
Filesize
8KB
MD5c1b07ddd510db2caeaead78e755815b0
SHA1f54f3c507464b514ee443f7c0777c7ce75607640
SHA25641f75ed60f75ebe524dd7c53b7c716a0dd5a5bbfc54c7ac4bbe06ce4f45ee415
SHA5123195cbdfb8211907e99a071b382ad3a78f167298fa4e940630bc397f4bf8e3ea1a7e8ea391f48ed0f333330afc3205531f0d2e65e356d3326c76cd36b70605b8
-
Filesize
4KB
MD557be8b73f2d4886f203e8e913b8601ea
SHA1179eac413521b7a1defb1af6e4bc4372258dbca6
SHA256843a99f48de45b7821137c2d97a8dac6a18e5c3e1a0656496e572449ea0e6bc5
SHA51297256f25329ea7be58dbd0691561ad14f3d75149fff17e5e4168194b9a8b5931f44633e00a4430e2e21e45716404fb599a34d9e7536ed2b62eaac9f6f86431d2
-
Filesize
657B
MD54815d175bab4a3198357647921691972
SHA148ebb44405d8611c5afff3eba59ffdd3615a7725
SHA256634e893d518d88e3b47228f5c40da1ebc8c59fa7fb8022d64630003dca145122
SHA5127d5c1d4443a0584b97b2cfb1609797bdcc852b8dad33bb384b30e09c7d2d682162f980f2483a47b17b2c5cdd48e24dbbee8b3cf086d06f9a154dd7ed5d9b66b1
-
Filesize
162B
MD567850f72b23b7585f0b88917afd56af7
SHA1fc581ca11845d26cdbe57445a6004e4c57ec7eec
SHA25613ff070db075609298508087b0d2bdab6078d54fe31f17f2f00f20a185ac51dd
SHA512aeb42acb319d8ecfec6b3e8e032a721f66175fe2ec87dbacd93bb1a2dd62f663619588a071d10e2211e4ab1fe209652d54a8796db8df420bdbbfdcefaa592304
-
Filesize
806B
MD5082b2d83953e14e03709c867d4a5df5f
SHA1074e1a7ebdca796ebcc276bd78042fa5b4fb8606
SHA25633191475a7e279ba872eb33730b106aeb5d141747c633cec20aea9b8ca49bbd8
SHA512f640c866e11d9ca3f4562efc5b0a1edabdd5d37ae6a021ac5769ba4058e4d83506e52d67d6c17b2fc0525b0955effd85cc299077097903d3a28cc0741783b35e
-
Filesize
352B
MD557322e0e50feb28317f8dee350faad80
SHA135df229115e9fae23cb778aecab4952d30d45090
SHA256139e382e7d269ff22cb881d82aa6cb7a53346254ed11bc89b79c2fe328a3864d
SHA5120f9f9586aaf4dd5ee9fe098c03516971e6d173ba24194216ee2634e24ca5dc2ab8fe6260f8a9a65e74471bd7d97fcc929733bf4944e3120f8df9adf732716db6