Overview

overview

8

Static

static

6

9e41171ff5...18.apk

android-9-x86

8

com.skymob...10.apk

android-9-x86

1

com.skymob...10.apk

android-10-x64

1

com.skymob...10.apk

android-11-x64

1

com.skymob...09.apk

android-9-x86

1

com.skymob...09.apk

android-10-x64

1

com.skymob...09.apk

android-11-x64

1

com.skymob...15.apk

android-9-x86

com.skymob...15.apk

android-10-x64

com.skymob...15.apk

android-11-x64

skymobi_pa...in.apk

android-9-x86

4

skymobi_pa...in.apk

android-10-x64

4

skymobi_pa...in.apk

android-11-x64

1

unicom_resource.apk

android-9-x86

1

unicom_resource.apk

android-10-x64

1

unicom_resource.apk

android-11-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    25-11-2024 22:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e41171ff555e83d3331e97ca9e98f39_JaffaCakes118.apk

  • Size

    2.3MB

  • MD5

    9e41171ff555e83d3331e97ca9e98f39

  • SHA1

    e9b79643878fde3d08a9a6262b389c57dfc77fdd

  • SHA256

    92ca24f761c7bd3bc9f15c46edcbabb94b74a7fccaec55e4c00831f4ddcff513

  • SHA512

    db37b6896a748dbd30a566a93f18d7e30e416c5fc2e23ca18f0b8f421338f611e30d5e68a2ce95e76e74e40ed73bc60e0bc1bbf5c80f5a160651c5b12712dfde

  • SSDEEP

    49152:NpVO/JpAFpZ6ghntQBQP5DWWpG9/V6kik5fj/vONCPGjP8l:NpVaaF76ghntQBQBDWWpw/V6HKLvORm

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
    collection
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.oxy.rzd
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the content of SMS inbox messages.
    • Reads the content of the SMS messages.
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4255
    • chmod 666 /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk
      2⤵
        PID:4293
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.oxy.rzd/app_workbench69704/apk.zip --output-vdex-fd=64 --oat-fd=65 --oat-location=/data/user/0/com.oxy.rzd/app_workbench69704/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4312

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.oxy.rzd/app_workbench69704/apk.zip
      Filesize

      50KB

      MD5

      84dfe99566abcdcd493fd2af012b8799

      SHA1

      f1ba796f5171057c1b3692f626a2a6e15db30791

      SHA256

      c8ec56561db7b5c8506e39c85acce17b4bc7bb4ed93e44cd044a7b4d65c4ec70

      SHA512

      9c24e4f55862936cb3c7a67b171295a2442ce8bdcbfa687112c898a2f934b5846fe29e78b791be24e6bea8935e9b724e7094af4951aba077cb80a13046afb222

      Download Submit

    • /data/data/com.oxy.rzd/databases/app_download_record
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.oxy.rzd/databases/app_download_record-journal
      Filesize

      512B

      MD5

      b0ba56f08c100fb7fbb6202726690f7f

      SHA1

      58651c46d1458d55c9ac3a78772360e1d3ea9cad

      SHA256

      6467db101a25a20e45c28a355b3521fac61da4119d11d25e3e1bd7cc6dc2a2d9

      SHA512

      4f66513a098fd5c814401c070f25100f78ba967c95cf5f6a896d83b0bad6f8fd678876c6a869b306c00a1f31be0bf0812c7e659fede3c347e6c72e2ea55d0cea

      Download Submit

    • /data/data/com.oxy.rzd/databases/app_download_record-wal
      Filesize

      44KB

      MD5

      32434f2b9d7f88081d9743216c36c798

      SHA1

      fde504ced4fda6f17de72b1774be0af3cb2e2fb7

      SHA256

      24c41574eee8060de337d274ff6f78bebab57ffb5adfbe71633611ce60dbf6e1

      SHA512

      1557f671694d53c3962ff5c29c35f6854d8025a4c85cda2b1ae7f32700b3831717ac9ec2e742ca73463f5b2e4532de6796a24dd766e280c7204517c1614451cb

      Download Submit

    • /data/data/com.oxy.rzd/databases/statistic_data_record-journal
      Filesize

      512B

      MD5

      e23d7668a9e790668cb3c547bc3d9816

      SHA1

      18a2a4cb7f1ae51359a89fddf30a4ea443a0b20c

      SHA256

      a4e2ee7c4520ce7c81af3a7b79e6d6ef4381e666990a31ce5c270ec05f6c3291

      SHA512

      ebdd603974ca60eb8e1e85f3a5b0ce369daf3f457007f5f437ecb0224ec829c8a7f0246594d3636d009d47202e0e4993e9113ca6f2fb4a2309344220a422db39

      Download Submit

    • /data/data/com.oxy.rzd/databases/statistic_data_record-wal
      Filesize

      48KB

      MD5

      c7206c63b468ae2df583e25c702c53b1

      SHA1

      dd24d5f626913e678c44b1dd2a840f151802716f

      SHA256

      8278cd4d5e2ce9914038401f17390016121408ef76a7040daf5047020d972f68

      SHA512

      c85ec8998652643dc65304b60ab6ae4fbc7e1ef04e6f28b0853a9289353679ea301a80496fb8e038b642f1e05dd0608dac921ba16f933ceb6c23fb073247935e

      Download Submit

    • /data/data/com.oxy.rzd/databases/sy_pay_record
      Filesize

      36KB

      MD5

      c64328e50f075c3eee2cd92ab6505cd4

      SHA1

      99cd00b904ff71670d8e6797a1d7215f394275a7

      SHA256

      df84ed52ea5d81cfd27b31745d364e9de5c583dacbf1f515338ccb6b97b5befb

      SHA512

      171a583537d7f72a49428098a1447c5925ae099f49367c447ad604128082b56ed5acd46804c4fe2ce80d74535aec7115bab2eca342720156c595d119396b4e1a

      Download Submit

    • /data/data/com.oxy.rzd/databases/sy_pay_record-journal
      Filesize

      512B

      MD5

      30ed62be1f04f28d320ccea4f2f554d5

      SHA1

      5d977dbc4d7d527ae971461a72cb3ae5c6236585

      SHA256

      c342820dc0233e5454301cb980c29d5326063efdceb49ac4b5c687b41c7ac4cb

      SHA512

      d9e195d0543b316982644c5e4ee40ad3a342cc4e2f5a35bd61416ac63a8a36fb6bf20e781019722daac6a081cd68b5b68dafa2c6b62c09781145066bf261adc3

      Download Submit

    • /data/data/com.oxy.rzd/databases/sy_pay_record-wal
      Filesize

      48KB

      MD5

      0ba9cb866f0106ce00187f3c2dba152b

      SHA1

      6ee4986d87f7b12247e44c3fc2fade20b40dbc41

      SHA256

      bd06b2aff24f8f62cd28a6f2327a0f6e6cb45422c03ef38ac2f0dac8141edd46

      SHA512

      5a6dbe5b1c6988a62aee68bd15e40100ad0ac86410ddad031ac662a1bd223723b27e0b795602bdbf9589c8fee605385f37edc032b16019533c0626aea3c3fc14

      Download Submit

    • /data/data/com.oxy.rzd/databases/video_record
      Filesize

      96KB

      MD5

      d8bea5f2a795fe78120c638bbe25dad7

      SHA1

      1e2859316bbcd9d45f0fd5a66de5b17c06a57b51

      SHA256

      c07978e7eeafb3eb6e0fc9606364b3528ab4449e67f410f37067fe20b694041f

      SHA512

      ebedb8876b75f95c6618d6700e5b4264e20f1162164dc25e9ceeffb27a71267dc87a27fb44fb9d2d3437da34abe0bf904d5f4609085a1941f289d8e7bcca820a

      Download Submit

    • /data/data/com.oxy.rzd/databases/video_record-journal
      Filesize

      512B

      MD5

      c8c8aca055968deecfd01f66dadde414

      SHA1

      b9140625911b67682996c6ab513838aaaf762171

      SHA256

      a1df42297e6e313b25539f1f633b55be9aed5706f683632da6f36c3a5c534107

      SHA512

      81ac675b77211e28759f7f9902c9f2a415fc8ab15d39334cda199f763201e9681f012633dc0bbe9fd9e7dcb101c7bb5e90f4daf2a0947b83355e4ad04db0be68

      Download Submit

    • /data/data/com.oxy.rzd/databases/video_record-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.oxy.rzd/databases/video_record-wal
      Filesize

      108KB

      MD5

      abb1fd02ad9ab073c22bebf759f1ae45

      SHA1

      e0559fea07fcf97595b3d6c7863af78bdb64a16d

      SHA256

      bf42d09ede594f0a270446d8358ce53a9901f2dc99322d97e4bde706b81bd963

      SHA512

      fd8662389d49f149b8e77a4b1d60991fe962f1bd301b26a895d93dfcc3c66ff537105d2160325ef073aeb7cf18c82d6479cb04c40fd406c6e160d0ae6072dd79

      Download Submit

    • /data/data/com.oxy.rzd/files/hello
      Filesize

      9KB

      MD5

      ab3aec529c0a0d751f43cf6de904809a

      SHA1

      a7ad041ad68cb887d74a4454475693d06dbc3d10

      SHA256

      3604015d5d2a3d8a7c3b06fa5c9d2302bbcd0e7ea5ccaf24dd98f99f89b0e8ba

      SHA512

      7950c3df10a8941a690e83a7e7829bf744f9a64ca7b0863af625c10a15975cfb9d8876dd9918a0cb9d852c631f811db742f0b69ef031dc7a2d093a98f4b4439c

      Download Submit

    • /data/data/com.oxy.rzd/files/umeng_it.cache
      Filesize

      310B

      MD5

      0dd9a58b93665186363f6a8c3cab96f9

      SHA1

      ac7258ed502052c85269adcba5562dc1433f758b

      SHA256

      f05c22b45daa64c9366c43be331549ec557154905d5f9f9e485b4b2e5f659fe0

      SHA512

      f7ee6c7e8ae8f9a20915f80e0581e11c16d8d32f6a3b83f618d3ee2d6876d2c68ded221cc9e16b6c0ddcd2c7361fbc5a699695a69dbe9dbf8b21d2404b2aeefe

      Download Submit

    • /data/user/0/com.oxy.rzd/app_workbench69704/apk.zip
      Filesize

      116KB

      MD5

      9045925cd2530e09acacb52a86cbb3e8

      SHA1

      4ce104ac075add0be698d3b28a83fd7a45aab0d6

      SHA256

      81268f7045a383c4f5a922afd9dc9b0bf0b52b6abc12759df9f894ff596ac730

      SHA512

      deb84cb8c4cb9801def8b8ff863d3f2cc97604fa2875f1bb9f3c302d39dfe978c3b791f277ec264a0689a7b63a216607eaf884388e9af9ddf78e0273207b2a4d

      Download Submit

    • /data/user/0/com.oxy.rzd/app_workbench69704/apk.zip
      Filesize

      116KB

      MD5

      e07d0ba749031dc06b2ec8c8be3daf76

      SHA1

      191d3b30f015c5a5f75c4e53f97d40f19b618c80

      SHA256

      9ce0496d9081164411c361d1783af1f5ba6b3bbd31001a4ca7c4df9180a79632

      SHA512

      0955d538ab2baa99118aaf714996f1cdd203b6504cb6d7e0cf87026426e95cc90ccf2ba17242ab8418a0c8968fbaabe2d3b1ecaf30212446189f2043fc3eee9c

      Download Submit

    • /storage/emulated/0/Android/data/com.oxy.rzd/cache/crash-2024-11-25.txt
      Filesize

      338B

      MD5

      4969a4d5811aed9fc1c3ae68e60cda8b

      SHA1

      25a00baa70e40076da8c09ac5e5e61e066f8dd59

      SHA256

      cbd1cc66c823114d4eb09546b720ca894472e0aab2191495c713035b5187464d

      SHA512

      25e02ebfac4e715b0df8a3ff5ebfdbf03b83ed03daa6cd91ca0834b4ffaf1b2327e8310f1325ebe8e135ce5acb97a147d50be0aa60715d42d94da35cce46c856

      Download Submit

    • /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk
      Filesize

      56KB

      MD5

      f7ac8045aed15eb38ffad345cf33389e

      SHA1

      c07acd8c9b82d029669e4befa08830df804f0d3e

      SHA256

      e6c51d15ade2eaff2ce08fc9b7826c97cf4b47db05054b22b3a8e775f21cb8a0

      SHA512

      267a0036597282cd1dbaaf8204aa5eadf82543fb0af449b9ae0a4d9eb878e29514f2332725c8ef35b74fe5e7fd23c20924b9bf53c4cdb29fa7bde53d02753c83

      Download Submit

    • /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.smspay.apk
      Filesize

      206KB

      MD5

      e5ac4347c4d13f0e3cc929ad78372f88

      SHA1

      97960a66ff300158e0b74c0122fcf9d80ed8cd93

      SHA256

      74b6542895aeef975ea0aacd8d3c29145543438f86d120ca46c6083d2a3dac1b

      SHA512

      0c20a1b348106b6582742b35a48ba703a24616e34a28b1eedc009d64d090a8157a1c167e3d6efa04fe9b3e7fbb93bb7616323c6a19e23a343c850b05892ee372

      Download Submit