c4c9b8429e65d9827d88a8985fd884f57921c67b26bb5ff6c98ec6925242614a

Analysis

max time kernel
156s
max time network
164s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
28-03-2024 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07601cb359287b868c3ea52ef6cc00ec_JaffaCakes118.apk
Size

19.4MB
MD5

07601cb359287b868c3ea52ef6cc00ec
SHA1

c012f56bc9990888830cb3403c198a3c2479df33
SHA256

c4c9b8429e65d9827d88a8985fd884f57921c67b26bb5ff6c98ec6925242614a
SHA512

4a41da554ab7485130107f062761df5ebaa2253a8a3d28d6e8dbea34002aeb4dabe5c844a560b1e25ae499d1c0f91fbb5f001d3eea713383c0753e418227be1e
SSDEEP

393216:nNb6MnjZNFZJJ0K91fIbRGUPagPUmW92unv05O/B9gwDLOnR0y8:NmgtNFZUKvIbRPJPUYIb9gwn8Gy8

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.com.qkltt

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/cn.com.qkltt/[email protected]	5047	cn.com.qkltt
/data/user/0/cn.com.qkltt/[email protected]	5346	cn.com.qkltt:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	cn.com.qkltt

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.com.qkltt
Framework API call	javax.crypto.Cipher.doFinal	cn.com.qkltt:channel

cn.com.qkltt
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5047

cn.com.qkltt:channel
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5346

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.com.qkltt/.cache/classes.dve

Filesize
167B

MD5
8b1ac87dd3c5cdb8ed1870e67e4cf6dc

SHA1
c3893218ccc7300f844b523e0e87666cc99f68e2

SHA256
8032b20114b255535e60add472c5756931dc9698daaa7d7ca2ed5d3f97afc43a

SHA512
36aa89b09b15a2333be58836da07e012e9cfc83144d322002d0097dbfb366bf37680299fb1cfa0ed0446db5e57e8f3aae8e8c2d9dbfc1487c771c45c02743994

Download Submit
/data/data/cn.com.qkltt/.cache/classes.jar

Filesize
3.3MB

MD5
65e6c1a23fa6875122e991db2f1c5956

SHA1
729f1b340807fd92eb5c6ab71a99a3103840ee49

SHA256
d7a0a60bdef45ec23961ed521125ffa2272e0e5dc56662b012e51106418f5e8b

SHA512
76f60acaad0768650096ee4578b0ce0ce8ebb7e46ef611bb2b6c1ac6c13b64eba7dc09c2e3f1907963df095a8ded2fdb7369a9352f0b8004d1304e638f0f1496

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db

Filesize
36KB

MD5
95f21f4868a396fade1ed98f4891e6de

SHA1
d9757ab6454d206522a78be781593b4670e5a618

SHA256
bdba32854314275a596354d5bc97348339942309a48e533d406dd4beb9deae5f

SHA512
b0ae6053eb914926f6c6cd9ffca1e792505cffcf370eee9f0294c2ed8f673cd551ace6c4b3e70cdc43a9a268bcc67d1d45196f0806b48bd4d11864cfe568006d

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db-journal

Filesize
12KB

MD5
3b14b02f50eb8089057f825437bdac43

SHA1
83775c6b317d490e2c2ebd0c226bcabdc5a86e10

SHA256
ae58116d3f96f62dc630465dfe545afb15fd2acc9a5baae4e8b7bdeea2b36574

SHA512
0273189f9e856a6d70f2169546e55a977cc37f15f1e474dff85c8cd4a80ae7df237c393b0cadbd6a92570e5f84a87123fe7213e0cf98e34895c85dca1aad7d34

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db-journal

Filesize
12KB

MD5
cef503c5ed548c7141b83b71878682d4

SHA1
79a0249475254f7ec1cc49ca259c87657841004e

SHA256
95fbe3451c0536da5aba5b3c2b023c3f017eba912fd56448ddb2e9cc86b0806f

SHA512
bf660aaf5f2bd8b3508f80d0a27431a82c8f96cdaae7db3542b7243513832cd44b58e4e8ed0f4c1d7cb16e3b841cb8f2d9ecc1efd988c846438327c567ce8e9c

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db-journal

Filesize
12KB

MD5
9915130fd04137635c5210b889113963

SHA1
d75bffe68fe4bc4243399e821ed65a65bb3bec32

SHA256
51b4a8e4006f4da45b55affc7a0013e67e294e78a54fe4828787abd63c54d53f

SHA512
02cce13dc2bf9f5170ea4f34d722dcdbc1c774139ac352e801a1be118502c7bde21391d7b5cf0bb718b587bf95ce1909e068e1607c4716eaec8f1c5cf1a4f5ad

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db-journal

Filesize
512B

MD5
5977ba25c8f2080d21c2e118219bde60

SHA1
2b351f568671662e4b95960761b4138892732f78

SHA256
df90db5fd330251eb1dbfde30b98d87c08be88aec510546efcc5211c5fdc5dce

SHA512
91e657e885ec3d136fef877352f2503a3a8c705886b1d00945270822b00756c844c04a7c7837c776152e4b0c5d7eef69f66d1ee619e1820eef6913ed684dc5b8

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db-journal

Filesize
36KB

MD5
50f3d63f4b9241e212be8ec20bf3e374

SHA1
10353f506f0aa9dfab398275482eb42da167232a

SHA256
be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

SHA512
dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

Download Submit
/data/data/cn.com.qkltt/databases/MessageStore.db-journal

Filesize
8KB

MD5
670ebb732a73307a47099b18780ef5ce

SHA1
95f49f13306335dd94952d80f5cd28a82fb1804f

SHA256
c99ff8859f10bbe9dad06b47a84295ddf055d8775038b813d2b1b7d329f2ea57

SHA512
41ebb94d7edc883fa9799e736d059564815c6ff1e08c90696a82032f8f54ac556e06739c4a203dc8b155f17a84991f904d0db131b4c98f90accc4435ac250e3d

Download Submit
/data/data/cn.com.qkltt/databases/MsgLogStore.db

Filesize
56KB

MD5
460554aa2b69cc9d0b021faaa4c1dba6

SHA1
ebed3e281d128655d399a9cf7a25d0151c8e4ca5

SHA256
8ca9b9474155c6ef2c8b97f51d0c3e14b7109d70c6c2daa9cc5b17237b05f506

SHA512
caf0a07778ddfdc65d5978da8c7990758eba3430a69c6211c718e09877056f1599f774b9fc32c244a331b839e4ea97690ea411210cbad9f1be96173774fc912d

Download Submit
/data/data/cn.com.qkltt/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
ce0647db3c237132752ae9d50f87dd10

SHA1
df3d9873a949027527317025b9062d0e5087257f

SHA256
62302bcbab106be4021257f614392002e795075544aaa09a3b713e81dd458633

SHA512
28abb778bb05fb42f9a647867ca7e57484118a6f4ce8dbabe6d3229c0a6111f9aa75c72e5a716e125db0b9cf7843996cc94c813662a6e7b7a99afc8aeb69ed45

Download Submit
/data/data/cn.com.qkltt/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
3be4ed6571783820fc413825433b5b02

SHA1
9ba34081ca441a220e852f51951cad7149bd041b

SHA256
070f5023b012ed6244b9a716a85ad763e8d6c86202d6190f553d1c1180ea4c81

SHA512
a0097bb31af89abdda8d582294deddd1b340732aa17e8b4960065665994d514347606c8ba10197cb83320d0681ff3874db000c406510902b0f0912636bc31075

Download Submit
/data/data/cn.com.qkltt/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
6331e32affcc734bad008907986b4714

SHA1
1a75e67fd235e121457d1c907109f55309065df6

SHA256
186ff09a3338c2618789e084a70af174c66c41b404c2dcaa3404b9bfe84e4959

SHA512
18b074f9cc6100e80e91faa3759e085113b9a11e4b329215ceeeb80c76382c23d85b1b8d163dee7af893742ff142b3d43cc6b3ab6c976e898142d497d466f984

Download Submit
/data/data/cn.com.qkltt/databases/accs.db

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/cn.com.qkltt/databases/accs.db-journal

Filesize
512B

MD5
eb7e13d7d142132768d60759676c257d

SHA1
c41511a11cab6eb722e9e5ad38006252ba16eae3

SHA256
81d3f0ab58d590eb7b965956a9cc923d0159b959fa5f6baead87915bde7d5f15

SHA512
65a7b54efa497d7697c08e1f18f8ec89289600c33076239785195c92b5aaac70589169438a66faa116d8adeab3c6ef4ee19c15802e16a8915fe29bcfbba35a13

Download Submit
/data/user/0/cn.com.qkltt/[email protected]

Filesize
8.1MB

MD5
10fae41f0b820e8d6199cf8f2bc5ab69

SHA1
a5c39ed770e8b89cf3dd0ec5327675e1c09982a2

SHA256
647a498407129f398708576c018dcb344a135434695d1448410fd3218bdf0799

SHA512
ae68e6a28290383a279b79107cb4998f8c42a5451c97adfc80abcd6f074b2e5f22b9c98bf0ebddecb5579c119813e8d5804a06bdb41a9acc5698ae0cdb7c22b3

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
bcf06e8fd32cf601398e59ab2a717778

SHA1
e66ffd40add542a726c8ec29b6056d36a0e99678

SHA256
f6e5252507091724c3094df0118ea4ecd43f4f5fa739c87dbc41d27ea9ac7972

SHA512
bca2fe72d9160856e4728cc2f0ebde8b10e9e57f1f5eb49bb0234fd72972fde9bf22274fca3b2abac688679800c6e26bf4431ada2d05ff82e7c6a4db8c37ad30

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
163d3c5f0b177d57c358144fe950862a

SHA1
d5fce8c18a2e5980990bd6f8989ac9f8ca9c930e

SHA256
76673a650355dbcbeb334f48eddac2dad290adbe9416864c0f5169c75fe704fd

SHA512
7ae9caf48c8880baadf112e748ef7fa24b10dcdac197a0d5e6801e9c54c318420026cef56001d339cf37a433f6a1938c97e2724fd551699048828a626f209a2f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
5c991481e38cb0491266348dec405153

SHA1
8dbf68897cae9e00efabed9f448b4399cdf11ca9

SHA256
794e5d98aba3ac130e02971de49fe8010eec58ee95cdbf70f62db2afd49340f4

SHA512
55187037fe18f5ddd6311ac1fed550730db474365783968e03620180f2d448efa35ce853512676dcfee433433f1a59ac1bc04d5be6675b8129a128d74985e9c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads