Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    04/11/2024, 00:53

General

  • Target

    8e57f90d48211fad3d21b9e34f68406e_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    8e57f90d48211fad3d21b9e34f68406e

  • SHA1

    634cd3c01fdc89615e74ce772e3f9b2b69ad7cb1

  • SHA256

    f2f1d992d187bd2d03bfddaa1d6365d6f38298348d25d8dc5dfb3ec8e083a779

  • SHA512

    9ee20eb61f3c023ad916000c54f82549791d4f76dabcd28e9c6be56a93c22f3593a5da5b3683eae8a8c97ec8d95ec102b45eabc11451f46272eca0fb0383152f

  • SSDEEP

    24576:5oL0otaYtXMj84OIIhKm5ZsG8jro+uojmVmq/13tdHbZKm51Ob83+:yQ7YtahIhKqGpjnbjmVmq/1XHNKmjbO

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.qfry.tguu.iaxg
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4472
  • com.qfry.tguu.iaxg:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4541

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.qfry.tguu.iaxg/app_mjf/ddz.jar

    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

  • /data/user/0/com.qfry.tguu.iaxg/app_mjf/dz.jar

    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

  • /data/user/0/com.qfry.tguu.iaxg/app_mjf/tdz.jar

    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd

    Filesize

    28KB

    MD5

    fdb8a92e5060ce104e8f0faca55a47ce

    SHA1

    270d7ca30673e18cec1d2b9add71cba96dc426fe

    SHA256

    194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

    SHA512

    ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd-journal

    Filesize

    8KB

    MD5

    4dd8b86b6fe08959ba37b1f8385ef9df

    SHA1

    d3729c718a78b893dbf42df433e1eab5b7835d8e

    SHA256

    673d4ac258083becef23b46311f16d61765ce5c1a37ad289b95fc430cfe3064c

    SHA512

    eca74093e8786c497731a19b800e2f57538efafb7f795bc733a52eda3edeea15ffc46282e1b3f5be90bd567f26a2de592f153e0087971560744bea171fd4ae6b

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd-journal

    Filesize

    512B

    MD5

    26caf50708e252444e147ae0ca4ac669

    SHA1

    2e4ca14b1d42af4d0ccc2271f6591897e3238fb8

    SHA256

    32611f72101576308118470181a5fc83710a98f16d82c7658bf031c6d2586ce4

    SHA512

    f3923f5225e95eb7edb75cde366f2f431d8a913b2eabcddc8c080ead07e95f1f1aeaeead4b4a0575a7cf7292ef9a8209020d39715feab51dfd31a833e1508a62

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd-journal

    Filesize

    8KB

    MD5

    868c7767f43888b4e39caaaf656123a2

    SHA1

    fa6e708e219ea436c86a70f8c6b80bcdb7555036

    SHA256

    10882b8be7a9d5fb5f788142d0c99a189ee4827c394b82fdea57bdb0226d8dc1

    SHA512

    23bc71d37a02573ff895838955424723ebbdefa2f88fdf173d2f9f8cb0ecbe8a524780a28e418bedc6855c309d0bcc7a48e8098bd235cea885a205e4e0dd6b8f

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd-journal

    Filesize

    4KB

    MD5

    1d96bf1e2c535045b47253d709d8d2da

    SHA1

    5fc6c0cbe95ddb665734bdc82bec59e355b5ee73

    SHA256

    361cf17ffec4527a8dbdde2ccc801db65568c27a2cc5aae96d12b97b6075daf2

    SHA512

    bf47e0001503a540e45ea8e8007ac7ae7ad2235f8d22060d9f5947d06607df27a11982db9129630cc18270f4a8008e908a5debcaae47b41cdab1da337722c0bf

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd-journal

    Filesize

    8KB

    MD5

    6fc6f5a606b6ced42b56538385f9bf12

    SHA1

    686cb6233e6944985d0653c1307579b589818630

    SHA256

    562cb254b7fb03307260f10c8bbcc6262f5f3bf64bde036ec1a1019510222009

    SHA512

    1cd0354e63086235a57bc2565b949397ffd1ddef2391bb15e52228a8e4ed5e03b246bece9139475879cccc9486653ca5127dd342412ff9f817ae2ea683f821ed

  • /data/user/0/com.qfry.tguu.iaxg/databases/lezzd-journal

    Filesize

    8KB

    MD5

    530402830c9ad253bff09ef329ba82d4

    SHA1

    fe3b56d22666cc6ff6f244247d7443914c97466a

    SHA256

    a97aa9398ae5184ea0e39eb4eed8422a594b3bda13875c452c65b19a6a65721c

    SHA512

    91494a5c68def12e72d0b903b4912502291f1d6ea1aaff560862cb3bc499e2b72a04e2188fe27c4aac6a0c08acadbda59ae8426ccddbe2ca0ce22084b2fa0e19

  • /data/user/0/com.qfry.tguu.iaxg/files/.um/um_cache_1730681735033.env

    Filesize

    656B

    MD5

    73af28e83f0cce2d5ff45b48e140c534

    SHA1

    1c677c66064dd9ea88a03041a5eda86f6bfa4b6e

    SHA256

    10ea9885c1b7d4e795b013e4820de4f6079416d06f4c643e7c448459bd21950e

    SHA512

    1b8717d72785f7be530b1ae0257a690c89253f7163a227c9f19f41b24cdddc69f93dd6cde72539b1ece0ef7ddc2315024eeaa3880f212bd41e743fdad2d1eb17

  • /data/user/0/com.qfry.tguu.iaxg/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    9e842c080bdfbd1f3c6b87bc3559c679

    SHA1

    00362a2a398445d05fb6d7050e8636b76387b848

    SHA256

    d728877bc84700ce51ae91bcd50a1bb3441b78aa20521da6bd683d278826ab62

    SHA512

    f72de9c493657deb22085f6172923b88d93a6319333f0c4766fef191ad5695d277d9186007248d1453a53e916d7caecb7b6306ac701122d112173a97196d7c0f

  • /data/user/0/com.qfry.tguu.iaxg/files/umeng_it.cache

    Filesize

    346B

    MD5

    6eca2e10826c3581c68335052f671c04

    SHA1

    fe97ec2a7720019ad48857cc44ece6bb0c1488b2

    SHA256

    8252d1911bee65dcb8cf9e56893b12de18fe105f430f2f8e585e0501193b7ced

    SHA512

    944795921ef33992dd25ac04fc08835a2804e5c3c5c265f22f14522d81956a0ff7ea6e862ee0ec24462d034a8f4d6b836c61c87aa89ddb62db715937d77c6b07