Analysis
-
max time kernel
150s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
19-04-2024 05:24
General
-
Target
f998894c7bb9d99e82c9d712d4cc627c_JaffaCakes118.apk
-
Size
6.7MB
-
MD5
f998894c7bb9d99e82c9d712d4cc627c
-
SHA1
5c117b1e48e91dd704132b5243681888699c8962
-
SHA256
4ac94cc0795432d349dd504020eb91e310d166474f340c36548ff422060d4f03
-
SHA512
b05c767375671f9ec31a51052c1f4b418b9a95b4edb627ca29fdd045a6a31aa73e40067b3754ea9e55a34844a5fd4287d812006df63acd166a9f5dbcf14001db
-
SSDEEP
196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSD:0Z4kLJlErI6eT3M
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 4 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device. 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 3 IoCs
Processes
-
com.qihoo.appstore1⤵
- Checks CPU information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
-
com.qihoo.daemon1⤵
- Checks CPU information
- Checks known Qemu files.
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/sh2⤵
-
/system/bin/sh /system/bin/pm list packages2⤵
-
cmd package list packages3⤵
-
cat /proc/version2⤵
-
com.qihoo.appstore:critical1⤵
-
app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon1⤵
-
com.qihoo.appstore1⤵
- Checks CPU information
- Queries information about running processes on the device.
-
com.qihoo.appstore1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/sh /system/bin/pm list packages2⤵
-
cmd package list packages3⤵
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qihoo.appstore/files/sllak/core/finalcore.jar --output-vdex-fd=64 --oat-fd=67 --oat-location=/data/user/0/com.qihoo.appstore/files/sllak/core/oat/x86/finalcore.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.qihoo.appstore/databases/_ireFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.qihoo.appstore/databases/_ire-journalFilesize
512B
MD5f00d574da0199bc22f7e5a44450d1f11
SHA1bf90d45591c6dd7d3414877db0bf8417d003ad59
SHA25649ea66bbd5b2367d60515f958ec2bc4081965822b62e0d6d9889d079a2188421
SHA51200ef8157628579965aef698c70fd6e313f4106d2a7091ec7d01f5b5279a8368557a398159917fbafcca68f226ee0ff703eeecada511680ede7e7511ed12004a5
-
/data/data/com.qihoo.appstore/databases/_ire-walFilesize
20KB
MD506bf77157e303738dbac12674d5fdb65
SHA150636500ecb1c4c699f420e931ab14e896ff4f35
SHA256733d6d1f27295adbc945c08a94e244f8243a20a5c87b04a2e462cc3794408d71
SHA512fa432cb4ba3c51e077e83cbfa49fba8c7266786e00aca73b4137e5a5d9d4acda6cb48d39207aadd5b15e5fcf8451c50db89f01b4c0d0845b09aa6fef2a11257a
-
/data/data/com.qihoo.appstore/databases/filelist.dbFilesize
4KB
MD5d5cb1c0cfcb5ed7b947b6edca6ca9c94
SHA1556a3abe97b06b87926526ef58797e4c4e26f4e8
SHA2563734aa4ef47d8050c3afecda556667313d746c3f4d26c40d60657febd1198b57
SHA51202c62564b0c4f256599e75b0489e4f3ebfd7a4a46ca56847ed87b18f3d23b19702018f49bdfc8c41e703d12ddc18d8a7e0c3b617798253cb3ddfb28532b09f66
-
/data/data/com.qihoo.appstore/databases/filelist.db-journalFilesize
32KB
MD5d11b0013f250a60c980ccc420a76b9fa
SHA116e11272dcb0cc19a45a6dd3096c86698d4d9884
SHA2569a95b808cb71ffead7393b716f054565086349e002bbe156c05fed3455b44f8e
SHA51236b484225a567a704795d6c0d4e22039f6178fa476ef803f38684472620e158c1d991058e8e6f453073e40b4511033243cd38905eac04f004e42cc04ef4dabf5
-
/data/data/com.qihoo.appstore/databases/filelist.db-shmFilesize
28KB
MD569a611066c9646099f20c9cf76a5d40b
SHA19349386ea226eb81b30305ef0bfb8485d0f98f13
SHA25605e282211b164cdbac5883b0ab4bb13519cbfa5fb5b99442e94fccf23f2b458f
SHA512cade74f775ecbf22f077108d33380225dbb86a83dfe04da9807a310441b2a11346f9a2246bf5d5bcd35c7c0a69be044f2e8ff05397c05a68df970c2f33704037
-
/data/data/com.qihoo.appstore/databases/filelist.db-walFilesize
32KB
MD58cb7d5bb791fda4d3b54f718f0703d7c
SHA125fa27a914766ce9a63c8b8dcf5325ce5b682f40
SHA2568b80b230a9eadc1451d6774df383b31b89cc073ba4d527e60e6eb5182493f1eb
SHA512fac35c0c6a7726b4faeb5d76d78f323f6fe8fbe428430ec50c6e4dba80dae33e93972355a8b7052fd50e98389c4962eb9200dfc81bc073731ac2dd7bf91314c3
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.dbFilesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.dbFilesize
20KB
MD560e4cf217e77c56efd3707b603797c5b
SHA1816247b4883d3adb30c4db39fda16d2288e27de0
SHA2568e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea
SHA51222a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journalFilesize
512B
MD5e5d1a5c43f0deda9664ac926d226053d
SHA13c125e9430c7cd5d36646ea8a7d730bcd69a170c
SHA256f5e05e18c8c3980ccdc9f268d30948b115d20340d3542c5d063e131fd2f79cbc
SHA512bb54be353887868019404b77e6dc6575bde8e3e5cd83a262779cf66ee8357a0dd37d352108907f633cd08b3ad45abd0d4ecf6def4e30ca7a9261bfb43a7feb52
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-walFilesize
16KB
MD54b3da80b6a9373a096232de9e144bd3e
SHA160a0b2edc3e1584ee0d879613c4521f4c60df884
SHA25643d3e7d5636b9e88de28e58ed7c542fa5d9fb8dfe6d7186b3cf5a65ebb14f962
SHA512a8253496eb1f21ae64be222fea044604666c32f122a1d2272ae83578205ff8244f71d18f5df29e9720bacece62d85b611f531661d7d02884d03abe7c93aeb3b7
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-walFilesize
20KB
MD5bdfab56c44b7f860b411c86c7a11083a
SHA196f81d9d9aab4e60c4e325a145974828956a9778
SHA25645170c25a3282f8612b3c1619c69256b33bc04d11e5f9048da8a9a70341fdd55
SHA512dac0ead2d09b3f516b0328b62f569573c4186a45ecbb7c784c3e73af38212514e2dc05e5ad03d005c1e6f9ed264e88981566c41c0f609ce6b56061a7a524c6b5
-
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-walFilesize
4KB
MD53a0c1063668b464f46f4f68308ee52c9
SHA1104e5d57fbabbbd373cd3d5d7f2638250798f6be
SHA25699ace6b1f6a3ca7c0761782250488dfeadb7682fd01299418e2455178f4fc5a4
SHA5120f2b49a9adcbc15bfaae1a0611d2ef63e612f8a8b9e9d9a4aa9c4e663e418dcfee67de3d9c4232e687608a37121f144e9951d5fef2c7bbc5afbbdccf5ebf6860
-
/data/data/com.qihoo.appstore/databases/update_history.dbFilesize
20KB
MD5e0ddc29dccfd6312689ea105cf0434a8
SHA159191210f5a80bc047f8155ea92544f4095c38c5
SHA2563079b5c02af6b7ddced940086bf7095b1205bf0f396b87da0d5c5f6d8b5b6143
SHA512d5ec8a2bd21928c07ada4ab4df8e72b6905872533d01afe4eb243ef06674e630a9834a03dc5fc2f8d487c3cee8aa3b3117e73379ae64e6f4dcf3f8dd0145fdb5
-
/data/data/com.qihoo.appstore/databases/update_history.db-journalFilesize
512B
MD5781ed60eea731eaea4983718e83a5402
SHA1059ead3f23c9c7d3a08e9462383b6699a5a83899
SHA25636993d373ceecdc38bfc297cb47da8ee0353585d646690db66f5901b42b3d9a2
SHA512ea1b60ff452291638acae5ed2d9c8d3b246ce0c03627ff11c2c0f418673f1625ecebbfd4d2de919591de0f90f2d4dd13ba5b3ff19704ef8e03bd60246fdcb902
-
/data/data/com.qihoo.appstore/databases/update_history.db-walFilesize
32KB
MD5b9fdc46afc56d88054dd9f4038169ae4
SHA13e694fc43c03057cee23e6d74f0060f0248c0d56
SHA2565d6a84eb4c32c5893b14d19369c597f5a694f70bd9142845b664e659b4c43956
SHA5126240b50f5bb40e429f9fe51b1fafb29160ed2067822ba1448ba4d18716d54f0cdd62ace2a7148ceec48e77768252376dcdce6d17384000fc9f70086dbfe773b5
-
/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3JlFilesize
620B
MD55a65108e1480810f213189081cacc24a
SHA1b84c9cf08b6002d8abf923e27392a324a61afbd2
SHA256281bc09de8c13839a638c665bf1d9738004649abafd8cd1f41fdf7fb5e9c8631
SHA5122bcd6fa2d80a65805333c9598ac8bf392bbd61702fa144cac6257353da12350a9c050c5d482b3e84aa8667d31158b9dadc1356a940bce4fbb060b58e1a3aebc3
-
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3JlFilesize
544B
MD51c22294b1794fd86596a4ccbd69bf8fb
SHA15f471485d796c5a3be12bd58ba09bb1babf65bd8
SHA25671c0c19c1d1c01705dad5669e0fa86726616285a90a54b4f5955c100efd57dc0
SHA512b15ef2492b045ae2bb11973419c1ed6e1d4e52c3ce98fb2428461743bcfc0bc790863d17b66093ee17f4d699fd6b8b055ebfc173849e51cdd639fbf875a6abf7
-
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3JlFilesize
584B
MD5a6dc3c6a562457704d29bae2478be3be
SHA19345071bcc88f2e91da4256190a0df5881284b67
SHA256c81022c15d994a20aaeeaea5f26e5c9e8eeeebcfe5ce0bf1b5b4711aecc2314b
SHA5127b04baae1a3416d4546f436770b04ae331e4f4a5cd56f968c241c06e48275b4813059b677edad789b4a2ed791864e69c6091de6bdabc88ade625ee51b27652c8
-
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3JlFilesize
632B
MD5864ef63d8fa8a872c35b677e52ae785a
SHA1eff75e1aa142461b6aff1e232bd3e3b748b67348
SHA256a6fd72522a57e26a5e222764b52e6da0fc94566785fcb632d5c7b4ec01a81cad
SHA5129c4b7d61970fb1865bf6f3010f0e0258c43b2032271afd014d9e9ad6679b63cc1106f661f6d0062ba314f4cb24193398ab1ec39093add2c1af1de15503d9f9d4
-
/data/data/com.qihoo.appstore/files/sllak/core/oat/finalcore.jar.cur.profFilesize
561B
MD593a2a68137304b48bccb4b3bdbfed5a7
SHA17a4bb2af2603709ec968ebace363dcd4324c0485
SHA2566be8dd6170f711ef209d281eff45d2b96d589addb56b3dc0c74f76773408bf27
SHA512366f80da1767310fbeec2becba3221414363b1154933d82a95a46257b3aae0271a4b5340860dc2c49e0281beddf9581164423951de1c5de252f1ce2452ed8918
-
/data/data/com.qihoo.appstore/files/sllak/logcache/log1713504304016Filesize
2KB
MD550002988c9d0076164c93dc26c850f93
SHA1afa6b634198c374ea85a303c06cecc4dc9dada8c
SHA256cb43444bf6ad15a733df79a64b1293a6ca670eb91f7850a47acdfbb714cdafb9
SHA512b795146b86115dc70ad65074a7f87a6071a507b9ca11dfd148ff1f6f8e6aeca8df3ed7c6225fc8fafaf5a763e83af5b743d764c1b7f424619378549a1b049fba
-
/data/data/com.qihoo.appstore/files/sllak/logcache/log1713504304155Filesize
596B
MD55dbf8830db9874dcc8a0e076e502323a
SHA18982cad3c34d144234e4be1d7b900d2587593122
SHA256b418a67f143119bfc97377397a7caadb7d4cf90ed691633105520db19c2a7600
SHA512ed9bf765dd6c0ee35e9e863cd377218ad63a1dc46efec445d5001df6d80f6af3333919d780b38075f57979385154af3dda1a18d67122367f4217c8da5150cbf0
-
/data/data/com.qihoo.appstore/files/sllak/opt/4231/finalcore.jarFilesize
77KB
MD5c14c8a2f5d3a7c47eb2ca8c1b6e69adb
SHA14e57b3c0f34427aba8a5be40c2e9b627172a89c8
SHA2567d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107
SHA5122be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4
-
/data/data/com.qihoo.appstore/files/sllak/opt/4231/finalcore.jar.tmpFilesize
77KB
MD5c8dd09974c204e3d4e25560b893a86d9
SHA1c2ee853de056b4b17f430d9ec9743ab36cb2ce7a
SHA256ab86606f1ea1b829747c648a1bcaa49eff9923ba74ee851f3a35ebf512fce546
SHA512a5bf866d3e155d2b1f1c658e3f4f98415bdf935a1a97ae1ad7f8d6a6914e3b88276ae06f6752c5ecf73425fdcb0772a5bff141054c1cc4a873c81adae6798ad1
-
/data/data/com.qihoo.appstore/localApkInfo.jsonFilesize
57KB
MD5792db959cdeed1bb942bf50c474e3013
SHA14df4e54bc127adba2d19801890149df7c5f50938
SHA2563562da461ccec98ee0aa9d15bc7fa18ab8f3d4e881961406f059a6742b06babe
SHA51204c788d0b953670a850dfa47a24db80b60e1f8b6d8fcd96e6b16fd5ba0469dbdcd14450162bf12e0aba3f27bb766f7dd366c508ff0b663319040ff7fbb34775d
-
/data/user/0/com.qihoo.appstore/files/sllak/core/finalcore.jarFilesize
176KB
MD5d6e2495b58cba2793118685936b739c8
SHA16db9391f39f1387c049b34f3a5e263d89398f05b
SHA2569c9f4344a13945a1fd17a558b6afc00edf7c5b0d30756ac9483a6f88bd82b75f
SHA51200f0ced02c9641f0309d664ae8f30d6346d0972e9b343a5bf3b65c0d27a711226c9f4ea2e304023f0d97b6a7ef1adb52a94f1ffa5f8aa99b386c09dbf3663d2b
-
/data/user/0/com.qihoo.appstore/files/sllak/core/finalcore.jarFilesize
176KB
MD5b667ca71e42bbeb899566c8834ed085e
SHA1053a3f889e326efdfa0d3ae7e5b2655f0b7376d2
SHA256536678202267f95d80480f15065e784d7ec609922a0963d935e9c5a4b0f62bef
SHA51252255d3d7066d01bd47a9da788f86c707af14e7666a918737fa5ffb4bb003e97b28dd84a7cead3439ee39e10b568c97e80174a80bf776c7dd58335b06656f8f2
-
/storage/emulated/0/.sfp/.sfpFilesize
83B
MD5df55ac509119608a9ca5800a2240952f
SHA16f968bec77e6524b8b80ef87472cb9fedda090e2
SHA2561e60b653e3e67cb17ec20fda8e4a1eeb77155add8d14f164a2b8c32c0763a370
SHA512f67501085faee601225645ffb96044eb5a287ac4b30578203830be07e3f44aeea907fdc68d453527911fd71d98124e66b5862283bce895f83cf71f546850b4f4