98b10afd0ef90111aa941620e7e65bb478070fee33e651c0ebad9eced86370cd

Analysis

max time kernel
91s
max time network
163s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10/05/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

313f3da6f75224f451475378e19b65ae_JaffaCakes118.apk
Size

31.6MB
MD5

313f3da6f75224f451475378e19b65ae
SHA1

9b4608c955e8338ba2fddb20638b181fa80fbb4d
SHA256

98b10afd0ef90111aa941620e7e65bb478070fee33e651c0ebad9eced86370cd
SHA512

750e3dc1547d21276899c6d35f69123332e2e310da6dded7acebcffb70bf10c535becab54365939186e4531da667265dec9f7412df56d42493ef39e4d996f78b
SSDEEP

786432:49abChcM+RAIDdRoDICBtLwPgMXY785g+N0Gh58ogY4ID/Mv5IJO3Q1u4:499rIDfoJLh9g5P2WIU

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cat /proc/cpuinfo

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qq.reader
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qq.reader:game_process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qq.reader:game_process

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qq.reader

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.qq.reader

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qq.reader:game_process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qq.reader:game_process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qq.reader

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qq.reader

com.qq.reader
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4282
- cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4450
- cat /proc/version
  2⤵
  PID:4470
- getprop init.svc.vbox86-setup
  2⤵
  PID:4495
- getprop init.svc.droid4x
  2⤵
  PID:4514
- getprop init.svc.qemud
  2⤵
  PID:4532
- getprop init.svc.su_kpbs_daemon
  2⤵
  PID:4551
- getprop init.svc.noxd
  2⤵
  PID:4569

com.qq.reader:game_process
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4362

com.qq.reader:game_process
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4728

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qq.reader/databases/beacon_db

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.qq.reader/databases/beacon_db-journal

Filesize
512B

MD5
2daf3b1641c5e0ede52c16a9cd1f7c3f

SHA1
5754fcd0cc831926f83952e1cab4daef9d6ce8fc

SHA256
d0ca3f0af049120c11373ae513921595a10079122ce77147ece7583a01f905e9

SHA512
b8fc6d81548c049a814902a4b279dc015b192170a5a41ebf381ebddaf74285f4421fa091a2ebba966c525cf5ab3827689caf04e5649542e32e8b3f44f3fc059a

Download Submit
/data/data/com.qq.reader/databases/beacon_db-shm

Filesize
32KB

MD5
d4707fb08b94ac98baa1f282611d2dcf

SHA1
533ced1eb00f874f8e9b66a6493994df9d88c479

SHA256
2a0530ae34c20835de5256a18c3450e2027c56a0d941dc10ac22838140710cee

SHA512
ba7b3a8426be6175a3c46a453603f3131070d5499d8f3b5888eb32123ceba31d495f5838a9ca5f02f8c7110267366a614a13153af8c3602647a1ad1370cf358a

Download Submit
/data/data/com.qq.reader/databases/beacon_db-wal

Filesize
124KB

MD5
ab697bc4cc7f4b8185fedb0d44a7f65c

SHA1
da96e70d8ff4827da582e2d0bd6c7f03f85d4c19

SHA256
7575f0b5a0775beca32d92f2fc19f00cd1ede30216823b3da9247ce9de7a4a40

SHA512
23da594bf5414318c5e01ce1e5e24f6c922ab2a837bbf4c9fc0bdebdfac35565474bf0c4cb0bcf312c13834ee24401cb125d368dcf93186030bb67b677187e7d

Download Submit
/data/data/com.qq.reader/databases/eup_db

Filesize
44KB

MD5
ea25a44c5f7c3d2763b0cec8ea033906

SHA1
d4fd1e205f7ea89a879d8ac5bd8b0251da78f8a3

SHA256
f0319d89aea03a0cc6295b5a43c784cc4f91954e141c520c2b9e8070f9171837

SHA512
8f13640208499d841e6c0007909d2bab4f14e33ba20cc6e6440c429a7245bf352cc3fe9bd0538033668348415fbc20c9807fcee7201dba48e1070f56ab859cdd

Download Submit
/data/data/com.qq.reader/databases/eup_db

Filesize
36KB

MD5
a68dc7df234e33304abd4c86539b262b

SHA1
e8eb0ab2c315674c7a511f836aa44020bebf58ae

SHA256
dbf9edfe9863f0f1cb6f9740343de26048495acbf75be1d9ad4c4ac7974e731d

SHA512
3bc5d0c28782ca8ea36c0c476776bc55f55249df200346e20d3f37a4d8b8d2bbadc95a0e2b9f4a7c550c6d1ccc85d562043d2847f58d7447a15216668a95b4d6

Download Submit
/data/data/com.qq.reader/databases/eup_db-journal

Filesize
512B

MD5
a4f2d004ffc04d127a297dfafe435594

SHA1
29d6294d336e304e638fc02b56616a2df0f88cbe

SHA256
72d9723bc495619e0015c08f1839e8d30ade39bc0ab81a0a36f7ba0c8a40071c

SHA512
fa389e778e392c86b59708153a17e4ccccba5b5518a18ca2dc1c556a31b8b877d796e035fe0ce25a392456ac458354561835286bc5a7bdd9cbbefa5f9b200c3a

Download Submit
/data/data/com.qq.reader/databases/eup_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qq.reader/databases/eup_db-wal

Filesize
16KB

MD5
03c8b7506f90b98e7ec3c61448cb0bb5

SHA1
33954c06145479c9da9ca45f2fb426d6106696b3

SHA256
d8e3ba6e5d5713e7124ebe73cf03cbc52f7116a9d4443c08123f22bd48443c43

SHA512
4582a6c1a02e909c117a31cd2a2f6d492b2aa1db7947845af83e151fa5ccdcff8b09b2fc90c9df92a6e0f3d3dd888a00dca7dec9cd20707d892bf37cbc8f4d1a

Download Submit
/data/data/com.qq.reader/databases/eup_db-wal

Filesize
8KB

MD5
4f53c3960ffa17b1c88bd3756749694e

SHA1
b94ca3efd70db56c74e7770ca4cfd304174aba20

SHA256
1cec7ebe762883b7054e30db0d38c9de64fd7d8b3aba8c8960ac525670d391d5

SHA512
1e4024a2c1104150fa14452f1bce1fe93287ff3de2fa566c1079ea65f6a4e2393aa7edd02a561f12b4e90951c25eb96d88751b668c00f75c8894ebbd61007db4

Download Submit
/data/data/com.qq.reader/databases/eup_db-wal

Filesize
56KB

MD5
77bbd7bb36ce7e3abd953da663c7b1f0

SHA1
0eba93d468dadeba2987b0a49141efe6fbcab432

SHA256
8305e0da72dac4d6ea0227856e38588b516cd67cf948301635a7956582c81347

SHA512
8dcd22815e4b6235d9ca31d7079404023ff0efdd6333f082428f156ce26852ba50b1e9cb203847f6dac928440a58d1f87fd957a9949c4ed47069f813058a668b

Download Submit
/data/data/com.qq.reader/files/com.tencent.open.config.json.100686853

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/com.qq.reader/files/com.tencent.open.config.json.100686853

Filesize
8KB

MD5
596a7d7d32e90b1a4d7636027744b245

SHA1
43a675f056be10263ecd6072ccddf519e5262140

SHA256
99e1d8dd814d4b89562e1f59402d75194c0a2a4458dc49a6991a860f7562a243

SHA512
e603dca55d6c7ece2ae077dc64b80411f28248690f31236b964a5bfe1c3cd50e2953ae210d19565ca62fb2d303ca58f536509aec49b103b9d9ef3b2e8f780d91

Download Submit
/storage/emulated/0/Android/data/com.qq.reader/cache/failedtaskdata/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/QQReader/adv.db

Filesize
16KB

MD5
d147599ecf538a50c94fbadd15cd92f7

SHA1
62a70090a18610e9aa912c5aa6f05cdb527254e5

SHA256
044475b83e243ab5f5c024ef6d9e840a2a3a608185f73911a73b4bc36bb501d9

SHA512
42dfb09a214d0c2f253c6d66d8e26384299729425c49b977ddcea5fc207a58f1a7b0512804c202a1113b2486f8a34b43b82ab60a69570b1cc2cfe06cc57644b1

Download Submit
/storage/emulated/0/QQReader/adv.db-journal

Filesize
512B

MD5
93bc6f03db2b3d0349852ca610e52eed

SHA1
2fdd0c362bd13a2c70b943c3ff7e5e320a823f6a

SHA256
3c790050ff795392ce7d19573e238f3c332912612c71ed330c21e2f886255dc7

SHA512
bdbd82499a23462b6dfb5b8ef3ec0ca281b52dae1fb06734e4bcdb661f4e9490ff26eee867cb151f28a961b1d3d725990015863a2ad7b9417c4b56f6f7364063

Download Submit
/storage/emulated/0/QQReader/adv.db-wal

Filesize
16KB

MD5
3010ef0b28f32c560c60f73a3e6c0989

SHA1
f5c2b6e3e5c44fc3b8a653cd5205482d8cc15e21

SHA256
48b2d1b82bb0511a46160809fa4157a65805a0a97c588bca59f4bd1cb82ae9eb

SHA512
930b10ce6488e7adfe315353f08d5290e0f3580ded0a02f5d1682755c8b6635a8ca427c693d9d252f16115c3d738ee8b6a572d2e287d374d342773938561e116

Download Submit
/storage/emulated/0/QQReader/skin/skinlist.db

Filesize
16KB

MD5
f8788d655c0adf89d9a53630dc88022f

SHA1
d0a2faac6fcd0eb625901cf6893b12299c1df4ea

SHA256
e20cc4343bd0e44da80f40eed48e895a374a7c8d2718e39dbcf6355759c4104b

SHA512
6631ba9afabfd155f006e0030980cc4811980fcd60ae1b019d4d2ec9a7a17b873b85cef93f6dc5f805cb9a127344917cd523543ed5844d48cd9ab641798c4b5b

Download Submit
/storage/emulated/0/QQReader/skin/skinlist.db-journal

Filesize
512B

MD5
fc44676b7f93c1bc09c043139c052d26

SHA1
ac0da6319d5ae0b5ce7359d45fee30194f7264b9

SHA256
8d2a419d6b401bb27e761325e31c86a30ed2a2fd255782219a50fc48d4bb82b6

SHA512
767b3dcd0fd04d48149200c4c2ba2a69fa1acbdaddf61fd59626c92e25f5915ed4f370a3eba616b10515841d391d27a0ab4d54ab227a107b4ec06fec03d2e703

Download Submit
/storage/emulated/0/QQReader/skin/skinlist.db-wal

Filesize
16KB

MD5
cfc96139b3920d2ab7c1c72fa6b3da2b

SHA1
9f31eaaffb20736f9436d9b8a8010278f9b2c6a9

SHA256
50dbca4b894e92fd8baf220d731d3be04d5b57fd4877a919f5770e2b0d904cab

SHA512
49d2710e6ac4060757677ffd79b8c1b1480270b82a6d05dea544e9b37812322bc88d919e774abb5b97dcfefef94bf1acc969b2664335be3e65e6481dd94b2e2f

Download Submit
/storage/emulated/0/sitemp/uuid

Filesize
78B

MD5
e244d2c765d81871c9f22efe36e0b91a

SHA1
53696ef2fdd1763547db22de1ddebf297836de2b

SHA256
b014fef3d289de6d73b2a00cfef83ae30c0b587a406901591c0318bcd3a45a5c

SHA512
1d8bbe79a3d5057db00f9721c85962e25673edcf7c181144abafd19490e8bd0dd2368347c2664c0ac45b79b214ec2c2bd373402db108f749ecb15b70672921d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads